[Zope-CMF] More browser views

yuppie y.2010 at wcm-solutions.de
Mon Apr 12 07:43:43 EDT 2010


Hi!


Charlie Clark wrote:
> Am 07.04.2010, 14:27 Uhr, schrieb yuppie<y.2010 at wcm-solutions.de>:
>> Maybe I should add them to CMFDefault? I guess they need just a few
>> changes to be ready for checkin.
>
> Sounds great. As Tres has noted with ursine_globals - Views can have their
> own tests. Oops, more work! ;-)

At least I have some functional doctests. I hope that's sufficient.

LoginFormView and MailPasswordFormView are now checked in on the trunk. 
But so far they are not hooked up by a profile.

http://svn.zope.org/?rev=110737&view=rev


These issues still need to be resolved:

- Someone has to modify CookieCrumber to make it work with views.

- Maybe the "Constraint not satisfied" error for invalid member IDs or 
email addresses gives too much information: Anonymous users can check 
that way if a user with a specific email address or member ID exists. 
What do others think? Is that a security hole big enough to care about?

- Maybe the code makes some implicit assumptions about the 
authentication process that are not always correct. Would be nice if 
some people could test the views in their customized context. Right now 
you have to call "path/to/siteroot/login.html" directly for testing.


Cheers,

	Yuppie


More information about the Zope-CMF mailing list