Re: Mechanics of changing passwords using regular validation system
Re: Mechanics of changing passwords using regular validation system
- Subject: Re: Mechanics of changing passwords using regular validation system
- From: OC <email@hidden>
- Date: Wed, 25 Feb 2015 11:29:07 +0100
Paul,
> 1. Changing the password. A method User.changePassword(String oldPassword, String newPassword, String confirmPassword) would take those form values and do the obvious: change the password if oldPassword hashes correctly and newPassword == confirmPassword.
>
> 2. Validate the plaintext password (say, is it long enough). This could be done in setPlaintextPassword().
That's wrong. If the user wants to use short (or weak) password, the application should allow him to do that -- after issuing a warning.
Given that, I can't see any better solution here than an independent validator method used at the GUI level, not integrated to saveChanges; essentially something remotely similar to
===
String password // bound to the secure text field for pwd (skipped the check field etc. for legibility)
boolean showWarning=false // bound to "your pwd is short, weak, whatever" warning in GUI (in practice would be a string with reason)
WOComponent setPassword {
if (MyPassword.passwordIsTooWeak(password) && !showWarning) {
showWarning=true
return null
}
currentEC.saveChanges()
}
===
> So I'm stumped. Does this sound possible, or should I give up and continue to handle this kind of thing outside the regular validation system?
Absolutely. Even if it was possible and easy, it would still be wrong.
All the best,
OC
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden