From 476203d0bbf5f6587b99b888021f8bea5d72b13a Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 9 Jul 2013 12:57:34 +0200 Subject: [PATCH] Prevent Persona users from setting a password --- src/lib/Hydra/Controller/User.pm | 7 +++++-- src/root/user.tt | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/lib/Hydra/Controller/User.pm b/src/lib/Hydra/Controller/User.pm index 773faf4a..bcfe0685 100644 --- a/src/lib/Hydra/Controller/User.pm +++ b/src/lib/Hydra/Controller/User.pm @@ -10,6 +10,7 @@ use Hydra::Helper::Nix; use Hydra::Helper::CatalystUtils; use LWP::UserAgent; use JSON; +use HTML::Entities; __PACKAGE__->config->{namespace} = ''; @@ -106,7 +107,7 @@ sub persona_login :Path('/persona-login') Args(0) { $c->set_authenticated($user); $c->stash->{json}->{result} = "ok"; - $c->flash->{successMsg} = "You are now signed in as " . $email . ""; + $c->flash->{successMsg} = "You are now signed in as " . encode_entities($email) . ""; } @@ -266,6 +267,7 @@ sub edit_POST { } if (($c->stash->{params}->{submit} // "") eq "reset-password") { + error($c, "This user's password cannot be reset.") if $user->password eq "!"; $c->stash->{json} = {}; error($c, "No email address is set for this user.") unless $user->emailaddress; @@ -294,7 +296,7 @@ sub edit_POST { }); my $password = $c->stash->{params}->{password} // ""; - if ($password ne "") { + if ($user->password ne "!" && $password ne "") { error($c, "You must specify a password of at least 6 characters.") unless isValidPassword($password); error($c, "The passwords you specified did not match.") @@ -311,6 +313,7 @@ sub edit_POST { }); if ($c->request->looks_like_browser) { + $c->flash->{successMsg} = "Your preferences have been updated."; backToReferer($c); } else { $self->status_no_content($c); diff --git a/src/root/user.tt b/src/root/user.tt index 9a54e9b4..25a2b727 100644 --- a/src/root/user.tt +++ b/src/root/user.tt @@ -34,6 +34,7 @@ + [% IF !create && user.password != '!' %]
@@ -47,6 +48,7 @@
+ [% END %]