-
Notifications
You must be signed in to change notification settings - Fork 127
Extract new password in passwd_s (#246) #299
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Codecov Report
@@ Coverage Diff @@
## master #299 +/- ##
==========================================
+ Coverage 71.46% 73.55% +2.09%
==========================================
Files 49 40 -9
Lines 4714 3192 -1522
Branches 785 486 -299
==========================================
- Hits 3369 2348 -1021
+ Misses 1025 715 -310
+ Partials 320 129 -191
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change modifies the return value of passwd_s
for newpw=None
. This could break existing software that relies on the return value. I would prefer a solution that keeps the existing semantic. For example you could introduce a new method or a marker object like passwd_s(dn, oldpw, newpw=ldap.PASSWORD_NEW)
.
@@ -658,7 +658,12 @@ def passwd(self,user,oldpw,newpw,serverctrls=None,clientctrls=None): | |||
|
|||
def passwd_s(self,user,oldpw,newpw,serverctrls=None,clientctrls=None): | |||
msgid = self.passwd(user,oldpw,newpw,serverctrls,clientctrls) | |||
return self.extop_result(msgid,all=1,timeout=self.timeout) | |||
respoid, respvalue = self.extop_result(msgid, all=1, timeout=self.timeout) | |||
if respoid != PasswordModifyResponse.responseName: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PasswordModifyResponse.responseName
is set to None. Does the password control always return no OID?
So you want me to add a Yes, RFC 3062 says so. Also, there is some confusion on the OPTIONAL status of genPasswd in the ASN.1 spec vs. text spec but I replicated the more permissive version for better interoperability. |
@tiran Updated merge request, just the new_pw handling to resolve then? |
Wouldn't your suggestion make it impossible to ever deprecate the old behaviour? |
@tiran Ok, this might be better? If it is, feel free to squash the relevant commits before merging. |
@tiran, do you want to finish the review? |
My review will be sub-par, but it looks like I'll need to do it to move this forward. I'll dedicate a day next week to python-ldap. |
@mistotebe Overall, this looks good to me! The |
Thanks for the changes. I agree the result API needs a complete overhaul, couldn't do that here and frankly, the exception work is a prerequisite to that anyway. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some minor style nit picks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I rebased to solve a trivial conflict with newly added tests.
For some reason, Travis CI is not reporting results. But the build for 2550717 passed: https://travis-ci.org/github/python-ldap/python-ldap/builds/695146612
You may wish to see if the discussion here is of help: https://mta.openssl.org/pipermail/openssl-project/2020-June/002033.html |
Care has been taken to preserve backwards compatibility for the regular case of no password being requested too.