Opened 3 years ago
Closed 3 years ago
#1486704 closed Feature Patches (fixed)
password plugin: extend driver API to allow for error strings to be returned
| Reported by: | Philippe23 | Owned by: | alec |
|---|---|---|---|
| Priority: | 5 | Milestone: | 0.5-beta |
| Component: | Plugins | Version: | 0.3.1 |
| Severity: | normal | Keywords: | |
| Cc: |
Description
It would be nice if the password plugin's driver API would allow for error strings to be returned.
For instance poppassd has the ability to inform the user *why* their password was rejected ("500 it's WAY too short" or "500 it is based on a dictionary word" for example). It would be nice if users could see these reasons instead of just "password change failed" (which leads them to think the machine is set up wrong, not that their simple password wasn't strong enough for the system's liking).
Attachments (2)
Change History (8)
Changed 3 years ago by Philippe23
comment:1 Changed 3 years ago by Philippe23
I just attached "rc-passwd-ext-results-0001.patch" which could possible way of modifying the API so extended reason errors could be returned.
It basically says that if a driver's function returns an array instead of just an integer, that array is expected to have a 'code' entry which is the same as the original integer, and a 'reason' entry which is the reason for the failure. Returning an integer is still valid, and probably expected when (a) the driver doesn't have any more detail than the integer error code would provide, or (b) when SUCCESS occurs.
The patch makes this happen in password.php and implements extended returns in the poppassd driver.
The patch is against the latest trunk rev of subversion (rev 3580), not 0.3.1.
NOTE: I'm not a PHP programmer, I'm more of a C/C++/Python desktop-application programmer, so you should make sure I didn't do anything stupid. ;)
comment:2 Changed 3 years ago by Philippe23
Um... I guess there's nothing in my patch to protect against external programs returning '&', '<', '>', or any other special character that might screw things up. I don't know if htmlspecialchars() is the function to use or if another one would be more appropriate. I also don't know if it's better in the drivers or if it's better in the main password.php file when it gets the extended results.
Feel free to give guidance, and I'll update the patch.
comment:3 Changed 3 years ago by Philippe23
- Type changed from Feature Requests to Patches
comment:4 Changed 3 years ago by alec
- Milestone changed from later to 0.5-beta
- Owner set to alec
Changed 3 years ago by Philippe23
An updated possible modification to allow extended reasons on errors (patch agains svn rev 3905)
comment:5 Changed 3 years ago by Philippe23
I just updated my own install to 0.4 and noticed the poppassd driver changed just a tad so I've attached an updated patch (0002) that goes against the HEAD of trunk/plugins/password/ (current HEAD = rev 3905).
All previous warnings about me being a web/PHP novice still apply. ;)
comment:6 Changed 3 years ago by alec
- Resolution set to fixed
- Status changed from new to closed
Applied in r4016/svn.
A possibly modification to allow extended reasons on errors (patch agains svn rev 3580)