Hi, A while ago I asked some questions and made some suggestions for improving how to track failed login attempts in z3c.password. Most likely these suggestions got buried in now a out-of-sight thread and were never noticed.
My suggestion was that making a request for for example a resource could still trigger the account locked errors, where in my opinion only the login attempts themselves should do that. I created a branch of z3c.password..: http://svn.zope.org/z3c.password/branches/jw-noraise-for-irrelevant-requests/ ..that will check for request relevancy as early as possible. All tests pass without modification, but with this change after an account has been locked out requests for for example resources will still work. Additionally I think the code is a tad more readible now. I added a test to demonstrate the specific behaviour. Would any of the z3c.password users/developers object to having this branch merged to the trunk? regards, jw _______________________________________________ Zope-Dev maillist - [email protected] https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
