Collective.emaillogin

Latest version: v1.3

Safety actively analyzes 613734 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 3

1.4

----------------

- Nothing changed yet.

1.3

----------------

- Avoid possible circular import for the PloneMembershipTool in
PlonePAS and CMFPlone.
[maurits]

- Moved to https://github.com/collective/collective.emaillogin
[maurits]

1.2

----------------

- Patch RegistrationTool.isMemberIdAllowed. When the id that is
passed in is already in use as login name, we do not accept it as
user id either. Also, in various spots where isMemberIdAllowed is
called, the id is really meant as login name.
Possibly this fix is only needed for Plone 3.1 and earlier, as I am
sure I have tested this before on Plone 3.3.6.
[maurits]

- Patch the login method from
Products.PlonePAS.plugins.cookie_handler.ExtendedCookieAuthHelper.
This is the code from Plone 3.3.6; it is included because Plone 3.1.7
does the wrong thing for us here.
[maurits]

1.1

----------------

- Patch CMFPlone.MembershipTool.testCurrentPassword to authenticate
with the login name. The code in Plone 3.3.5 itself already works
(and is simply copied here), but Plone 3.1.7 has an error that is
triggered for us as the user id is not always the same as the login
name.
[maurits]

1.0

----------------

- In the mailPassword method explicitly disallow looking for a member
with the given forgotten user id when this is an e-mail address. We
only search for users with that e-mail address as login name. This
only has an effect when you have changed your e-mail address to
something really different (instead of just a change in the case).
Without this change, you could reset your password with your old
address, but could not login with that address.
[maurits]

- Refactored authenticateCredentials. This avoids getting a message
stating you are logged in when in fact you are not logged in.
[maurits]

- Added upgrade step to migrate all existing users to have a lowercase
login name (when their e-mail address is used as login name).
[maurits]

- Patch PloneTool.setMemberProperties to always set the e-mail address
to lower case and to update the login name when the e-mail address
changes.
[maurits]

- In validate_personalize.vpy turn the e-mail address to lowercase.
[maurits]

- Patch Products.PlonePAS.tools.membership.MembershipTool.addMember to
always add the member as lowercase, also when not called from
registered.cpy
[maurits]

- In join_form_validate.vpy turn the e-mail address to lowercase.
[maurits]

- Changed getMemberByLoginName and ZODBUserManager.authenticateCredentials
to explicitly search for the lower case login name if the initial
literal search does not work.
[maurits]

- Added classifiers for Plone 3.2 and 3.3 in setup.py.
[maurits]

0.8

----------------

- Removed mail_me functionality from join_form as this claimed to be
sending the password, which Plone has not been doing for a long
time, if ever. The backend handling for this was already removed
from Plone itself.
[maurits]

- Fixed wrong condition and double definition where allowEnterPassword
meant you were actually *not* allowed to enter a password. It
worked fine but was confusingly stated the wrong way around.
[maurits]

Page 1 of 3

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.