[Zope-CMF] change_password doesn't (because MemberData makes invalid assumptions)

Stefan H. Holek stefan at epy.co.at
Wed Aug 13 16:20:21 EDT 2003


Hi All!

I am suffering from confusion wrt the change_password skin script in CMF 
(and Plone, incidently), which does not change the password when used with 
anything but the default user folder.

The change_password script calls portal_membership.setPassword() which in 
turn calls member.setSecurityProfile(). And - Gasp! - setSecurityProfile() 
*assigns to the attributes of the user object*!

While this *does* work for the default user folder (allthough it is 
abhorrent), it naturally fails for user folders with non-ZODB data sources 
where one *must* call the userFolderEditUser() API to change user 
credentials. It also seems to expect user objects to be

	a) persistent in the ZODB
	b) modifyable after creation

which both are somewhat invalid assumptions IMO.

Nevertheless, while trying to work around these issues, I came accross 
portal_membership.credentialsChanged() which seemed like a good place to 
call the userFolderEditUser() API. However, there is a comment saying: 
"Note that this call should *not* cause any change at all to user 
databases."

Now what? Given that setSecurityProfile() doesn't and credentialsChanged() 
mustn't, how is one supposed to actually enable a user to change his 
password when using, say, LDAPUserFolder (short of bypassing the entire 
machinery)?

Thanks,
Stefan


--
The time has come to start talking about whether the emperor is as well
dressed as we are supposed to think he is.               /Pete McBreen/



More information about the Zope-CMF mailing list