Douglas Mayle <doug...@mayle.org> added the comment: Chris, I actually wrote a mock (using import hooks) that would allow me to simulate not being able to import a module, even if it's really available. This should allow us to get a higher coverage. Unfortunately, without bcrypt installed, we couldn't get full coverage...
As to backwards compatibility, the current implementation remains 100% backwards compatibility, including an existing bug when using cleartext passwords. (Using cleartext passwords, it is possible for a user to enter a password that has the same format as a hashed password, making it impossible to login). Using cleartext passwords is almost always a bad idea, and if you're doing so and you absolutely insist on keeping them that way, this code won't try to prevent you from doing so, and even offers an alternative to fix this bug... (Prefixing all cleartext passwords with {clear} will prevent the bug from occurring) The other possibility, not mentioned here is to hash all passwords in the database, or as the users log in (since that gives you access to the cleartext password, it is easy to change the hashes). Ok, so that only covers the first half of your comments... I'll look at my code for the rest... Doug __________________________________ Repoze Bugs <b...@bugs.repoze.org> <http://bugs.repoze.org/issue85> __________________________________ _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev