forked from Github-Mirrors/canaille
Fixed documentation about HIDE_INVALID_LOGINS
This commit is contained in:
parent
6ef0766acf
commit
f496617f81
7 changed files with 33 additions and 24 deletions
|
@ -11,6 +11,9 @@ Added
|
|||
|
||||
- ``DISABLE_PASSWORD_RESET`` configuration option to disable password recovery. :pr:`46`
|
||||
|
||||
Fixed
|
||||
*****
|
||||
- ``HIDE_INVALID_LOGIN`` behavior and default value.
|
||||
|
||||
[0.0.8] - 2022-03-15
|
||||
====================
|
||||
|
|
|
@ -33,12 +33,14 @@ OIDC_METADATA_FILE = "canaille/conf/openid-configuration.json"
|
|||
# If you have a sentry instance, you can set its dsn here:
|
||||
# SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
|
||||
|
||||
# If HIDE_INVALID_LOGINS is set to true, when a user tries to sign in with
|
||||
# an invalid login, a message is shown saying that the login does not
|
||||
# exist. If HIDE_INVALID_LOGINS is set to false (the default) a message is
|
||||
# shown saying that the password is wrong, but does not give a clue
|
||||
# wether the login exists or not.
|
||||
# HIDE_INVALID_LOGINS = false
|
||||
# If HIDE_INVALID_LOGINS is set to true (the default), when an user
|
||||
# tries to sign in with an invalid login, a message is shown indicating
|
||||
# that the password is wrong, but does not give a clue wether the login
|
||||
# exists or not.
|
||||
# If HIDE_INVALID_LOGINS is set to false, when an user tries to sign in with
|
||||
# an invalid login, a message is shown indicating that the login does not
|
||||
# exist.
|
||||
# HIDE_INVALID_LOGINS = true
|
||||
|
||||
# If ENABLE_PASSWORD_RECOVERY is false, then users cannot ask for a password
|
||||
# recovery link by email. This option is true by default.
|
||||
|
|
|
@ -31,7 +31,7 @@ def unique_group(form, field):
|
|||
|
||||
|
||||
def existing_login(form, field):
|
||||
if current_app.config.get("HIDE_INVALID_LOGINS", False) and not User.get(
|
||||
if not current_app.config.get("HIDE_INVALID_LOGINS", True) and not User.get(
|
||||
field.data
|
||||
):
|
||||
raise wtforms.ValidationError(
|
||||
|
|
|
@ -33,12 +33,14 @@ OIDC_METADATA_FILE = "conf/openid-configuration.json"
|
|||
# If you have a sentry instance, you can set its dsn here:
|
||||
# SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
|
||||
|
||||
# If HIDE_INVALID_LOGINS is set to true, when a user tries to sign in with
|
||||
# an invalid login, a message is shown saying that the login does not
|
||||
# exist. If HIDE_INVALID_LOGINS is set to false (the default) a message is
|
||||
# shown saying that the password is wrong, but does not give a clue
|
||||
# wether the login exists or not.
|
||||
# HIDE_INVALID_LOGINS = false
|
||||
# If HIDE_INVALID_LOGINS is set to true (the default), when an user
|
||||
# tries to sign in with an invalid login, a message is shown indicating
|
||||
# that the password is wrong, but does not give a clue wether the login
|
||||
# exists or not.
|
||||
# If HIDE_INVALID_LOGINS is set to false, when an user tries to sign in with
|
||||
# an invalid login, a message is shown indicating that the login does not
|
||||
# exist.
|
||||
# HIDE_INVALID_LOGINS = true
|
||||
|
||||
# If ENABLE_PASSWORD_RECOVERY is false, then users cannot ask for a password
|
||||
# recovery link by email. This option is true by default.
|
||||
|
|
|
@ -33,12 +33,14 @@ OIDC_METADATA_FILE = "conf/openid-configuration.json"
|
|||
# If you have a sentry instance, you can set its dsn here:
|
||||
# SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
|
||||
|
||||
# If HIDE_INVALID_LOGINS is set to true, when a user tries to sign in with
|
||||
# an invalid login, a message is shown saying that the login does not
|
||||
# exist. If HIDE_INVALID_LOGINS is set to false (the default) a message is
|
||||
# shown saying that the password is wrong, but does not give a clue
|
||||
# wether the login exists or not.
|
||||
# HIDE_INVALID_LOGINS = false
|
||||
# If HIDE_INVALID_LOGINS is set to true (the default), when an user
|
||||
# tries to sign in with an invalid login, a message is shown indicating
|
||||
# that the password is wrong, but does not give a clue wether the login
|
||||
# exists or not.
|
||||
# If HIDE_INVALID_LOGINS is set to false, when an user tries to sign in with
|
||||
# an invalid login, a message is shown indicating that the login does not
|
||||
# exist.
|
||||
# HIDE_INVALID_LOGINS = true
|
||||
|
||||
# If ENABLE_PASSWORD_RECOVERY is false, then users cannot ask for a password
|
||||
# recovery link by email. This option is true by default.
|
||||
|
|
|
@ -123,7 +123,7 @@ def test_impersonate(testclient, slapd_connection, logged_admin, user):
|
|||
|
||||
|
||||
def test_wrong_login(testclient, slapd_connection, user):
|
||||
testclient.app.config["HIDE_INVALID_LOGINS"] = False
|
||||
testclient.app.config["HIDE_INVALID_LOGINS"] = True
|
||||
|
||||
res = testclient.get("/login", status=200)
|
||||
res.form["login"] = "invalid"
|
||||
|
@ -134,12 +134,12 @@ def test_wrong_login(testclient, slapd_connection, user):
|
|||
res = res.form.submit(status=200)
|
||||
assert "The login 'invalid' does not exist" not in res.text
|
||||
|
||||
testclient.app.config["HIDE_INVALID_LOGINS"] = True
|
||||
testclient.app.config["HIDE_INVALID_LOGINS"] = False
|
||||
|
||||
res = testclient.get("/login", status=200)
|
||||
res.form["login"] = "invalid"
|
||||
res = res.form.submit(status=200)
|
||||
assert "The login 'invalid' does not exist" in res.text, res.text
|
||||
assert "The login 'invalid' does not exist" in res.text
|
||||
|
||||
|
||||
def test_admin_self_deletion(testclient, slapd_connection):
|
||||
|
|
|
@ -30,7 +30,7 @@ def test_password_forgotten_invalid_form(smtpd, testclient, slapd_connection, us
|
|||
|
||||
|
||||
def test_password_forgotten_invalid(smtpd, testclient, slapd_connection, user):
|
||||
testclient.app.config["HIDE_INVALID_LOGINS"] = False
|
||||
testclient.app.config["HIDE_INVALID_LOGINS"] = True
|
||||
res = testclient.get("/reset", status=200)
|
||||
|
||||
res.form["login"] = "i-dont-really-exist"
|
||||
|
@ -38,7 +38,7 @@ def test_password_forgotten_invalid(smtpd, testclient, slapd_connection, user):
|
|||
assert "A password reset link has been sent at your email address." in res.text
|
||||
assert "The login 'i-dont-really-exist' does not exist" not in res.text
|
||||
|
||||
testclient.app.config["HIDE_INVALID_LOGINS"] = True
|
||||
testclient.app.config["HIDE_INVALID_LOGINS"] = False
|
||||
res = testclient.get("/reset", status=200)
|
||||
|
||||
res.form["login"] = "i-dont-really-exist"
|
||||
|
|
Loading…
Reference in a new issue