Fixed documentation about HIDE_INVALID_LOGINS

This commit is contained in:
Éloi Rivard 2022-04-06 17:32:11 +02:00
parent 6ef0766acf
commit f496617f81
7 changed files with 33 additions and 24 deletions

View file

@ -11,6 +11,9 @@ Added
- ``DISABLE_PASSWORD_RESET`` configuration option to disable password recovery. :pr:`46`
Fixed
*****
- ``HIDE_INVALID_LOGIN`` behavior and default value.
[0.0.8] - 2022-03-15
====================

View file

@ -33,12 +33,14 @@ OIDC_METADATA_FILE = "canaille/conf/openid-configuration.json"
# If you have a sentry instance, you can set its dsn here:
# SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
# If HIDE_INVALID_LOGINS is set to true, when a user tries to sign in with
# an invalid login, a message is shown saying that the login does not
# exist. If HIDE_INVALID_LOGINS is set to false (the default) a message is
# shown saying that the password is wrong, but does not give a clue
# wether the login exists or not.
# HIDE_INVALID_LOGINS = false
# If HIDE_INVALID_LOGINS is set to true (the default), when an user
# tries to sign in with an invalid login, a message is shown indicating
# that the password is wrong, but does not give a clue wether the login
# exists or not.
# If HIDE_INVALID_LOGINS is set to false, when an user tries to sign in with
# an invalid login, a message is shown indicating that the login does not
# exist.
# HIDE_INVALID_LOGINS = true
# If ENABLE_PASSWORD_RECOVERY is false, then users cannot ask for a password
# recovery link by email. This option is true by default.

View file

@ -31,7 +31,7 @@ def unique_group(form, field):
def existing_login(form, field):
if current_app.config.get("HIDE_INVALID_LOGINS", False) and not User.get(
if not current_app.config.get("HIDE_INVALID_LOGINS", True) and not User.get(
field.data
):
raise wtforms.ValidationError(

View file

@ -33,12 +33,14 @@ OIDC_METADATA_FILE = "conf/openid-configuration.json"
# If you have a sentry instance, you can set its dsn here:
# SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
# If HIDE_INVALID_LOGINS is set to true, when a user tries to sign in with
# an invalid login, a message is shown saying that the login does not
# exist. If HIDE_INVALID_LOGINS is set to false (the default) a message is
# shown saying that the password is wrong, but does not give a clue
# wether the login exists or not.
# HIDE_INVALID_LOGINS = false
# If HIDE_INVALID_LOGINS is set to true (the default), when an user
# tries to sign in with an invalid login, a message is shown indicating
# that the password is wrong, but does not give a clue wether the login
# exists or not.
# If HIDE_INVALID_LOGINS is set to false, when an user tries to sign in with
# an invalid login, a message is shown indicating that the login does not
# exist.
# HIDE_INVALID_LOGINS = true
# If ENABLE_PASSWORD_RECOVERY is false, then users cannot ask for a password
# recovery link by email. This option is true by default.

View file

@ -33,12 +33,14 @@ OIDC_METADATA_FILE = "conf/openid-configuration.json"
# If you have a sentry instance, you can set its dsn here:
# SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
# If HIDE_INVALID_LOGINS is set to true, when a user tries to sign in with
# an invalid login, a message is shown saying that the login does not
# exist. If HIDE_INVALID_LOGINS is set to false (the default) a message is
# shown saying that the password is wrong, but does not give a clue
# wether the login exists or not.
# HIDE_INVALID_LOGINS = false
# If HIDE_INVALID_LOGINS is set to true (the default), when an user
# tries to sign in with an invalid login, a message is shown indicating
# that the password is wrong, but does not give a clue wether the login
# exists or not.
# If HIDE_INVALID_LOGINS is set to false, when an user tries to sign in with
# an invalid login, a message is shown indicating that the login does not
# exist.
# HIDE_INVALID_LOGINS = true
# If ENABLE_PASSWORD_RECOVERY is false, then users cannot ask for a password
# recovery link by email. This option is true by default.

View file

@ -123,7 +123,7 @@ def test_impersonate(testclient, slapd_connection, logged_admin, user):
def test_wrong_login(testclient, slapd_connection, user):
testclient.app.config["HIDE_INVALID_LOGINS"] = False
testclient.app.config["HIDE_INVALID_LOGINS"] = True
res = testclient.get("/login", status=200)
res.form["login"] = "invalid"
@ -134,12 +134,12 @@ def test_wrong_login(testclient, slapd_connection, user):
res = res.form.submit(status=200)
assert "The login 'invalid' does not exist" not in res.text
testclient.app.config["HIDE_INVALID_LOGINS"] = True
testclient.app.config["HIDE_INVALID_LOGINS"] = False
res = testclient.get("/login", status=200)
res.form["login"] = "invalid"
res = res.form.submit(status=200)
assert "The login 'invalid' does not exist" in res.text, res.text
assert "The login 'invalid' does not exist" in res.text
def test_admin_self_deletion(testclient, slapd_connection):

View file

@ -30,7 +30,7 @@ def test_password_forgotten_invalid_form(smtpd, testclient, slapd_connection, us
def test_password_forgotten_invalid(smtpd, testclient, slapd_connection, user):
testclient.app.config["HIDE_INVALID_LOGINS"] = False
testclient.app.config["HIDE_INVALID_LOGINS"] = True
res = testclient.get("/reset", status=200)
res.form["login"] = "i-dont-really-exist"
@ -38,7 +38,7 @@ def test_password_forgotten_invalid(smtpd, testclient, slapd_connection, user):
assert "A password reset link has been sent at your email address." in res.text
assert "The login 'i-dont-really-exist' does not exist" not in res.text
testclient.app.config["HIDE_INVALID_LOGINS"] = True
testclient.app.config["HIDE_INVALID_LOGINS"] = False
res = testclient.get("/reset", status=200)
res.form["login"] = "i-dont-really-exist"