#831: Add form validation for identity_from_login
--------------------------------+-------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone: 1.0b1
Component: Identity | Version: 0.9a5
Severity: normal | Resolution:
Keywords: |
--------------------------------+-------------------------------------------
Comment (by alberto):
I think the easiest (and most appropiate) way to perform this kind of
validation would be by overriding
[http://trac.turbogears.org/turbogears/browser/branches/1.0/turbogears/identity/soprovider.py#L208
validate_identity] in a custom id provider. Just do your checks before
hitting the DB (before {{{user= user_class.by_user_name( user_name )}}})
You won't be able to send helpful messages to the user informing her why
the credential checks failed, but this is good IMO as you don't need/want
to leak this info to a potential malicious user.
Should we close this?
--
Ticket URL: <http://trac.turbogears.org/turbogears/ticket/831>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Tickets" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets
-~----------~----~----~----~------~----~------~--~---
