Skip to content

Extract new password in passwd_s (#246) #299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jun 5, 2020

Conversation

mistotebe
Copy link
Contributor

Care has been taken to preserve backwards compatibility for the regular case of no password being requested too.

@codecov
Copy link

codecov bot commented Aug 20, 2019

Codecov Report

Merging #299 into master will increase coverage by 2.09%.
The diff coverage is 90.90%.

@@            Coverage Diff             @@
##           master     #299      +/-   ##
==========================================
+ Coverage   71.46%   73.55%   +2.09%     
==========================================
  Files          49       40       -9     
  Lines        4714     3192    -1522     
  Branches      785      486     -299     
==========================================
- Hits         3369     2348    -1021     
+ Misses       1025      715     -310     
+ Partials      320      129     -191     
Impacted Files Coverage Δ
Lib/ldap/ldapobject.py 80.07% <77.77%> (+1.77%) ⬆️
Lib/ldap/extop/__init__.py 68.42% <100.00%> (+12.86%) ⬆️
Lib/ldap/extop/passwd.py 100.00% <100.00%> (ø)
Lib/ldap/cidict.py 69.23% <0.00%> (-30.77%) ⬇️
Lib/ldap/schema/tokenizer.py 97.87% <0.00%> (-0.05%) ⬇️
Modules/common.c
Modules/constants.c
Modules/ldapcontrol.c
Modules/functions.c
Modules/constants_generated.h
... and 8 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c803bfc...2550717. Read the comment docs.

tiran
tiran previously requested changes Aug 20, 2019
Copy link
Member

@tiran tiran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change modifies the return value of passwd_s for newpw=None. This could break existing software that relies on the return value. I would prefer a solution that keeps the existing semantic. For example you could introduce a new method or a marker object like passwd_s(dn, oldpw, newpw=ldap.PASSWORD_NEW).

@@ -658,7 +658,12 @@ def passwd(self,user,oldpw,newpw,serverctrls=None,clientctrls=None):

def passwd_s(self,user,oldpw,newpw,serverctrls=None,clientctrls=None):
msgid = self.passwd(user,oldpw,newpw,serverctrls,clientctrls)
return self.extop_result(msgid,all=1,timeout=self.timeout)
respoid, respvalue = self.extop_result(msgid, all=1, timeout=self.timeout)
if respoid != PasswordModifyResponse.responseName:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PasswordModifyResponse.responseName is set to None. Does the password control always return no OID?

@mistotebe
Copy link
Contributor Author

So you want me to add a PASSWD_NEW = object() into ldap.py?

Yes, RFC 3062 says so. Also, there is some confusion on the OPTIONAL status of genPasswd in the ASN.1 spec vs. text spec but I replicated the more permissive version for better interoperability.

@mistotebe
Copy link
Contributor Author

@tiran Updated merge request, just the new_pw handling to resolve then?

@mistotebe
Copy link
Contributor Author

Wouldn't your suggestion make it impossible to ever deprecate the old behaviour?

@mistotebe
Copy link
Contributor Author

@tiran Ok, this might be better? If it is, feel free to squash the relevant commits before merging.

@encukou
Copy link
Member

encukou commented Jan 29, 2020

@tiran, do you want to finish the review?

@encukou
Copy link
Member

encukou commented Apr 29, 2020

My review will be sub-par, but it looks like I'll need to do it to move this forward. I'll dedicate a day next week to python-ldap.

@encukou
Copy link
Member

encukou commented May 6, 2020

@mistotebe Overall, this looks good to me!
I've rebased so tests can pass, and made a few nitpicks directly in your branch. Does that look OK?

The extract_newpw flag is not ideal API, but it should work for now. When #61 is implemented, it can be deprecated.

@mistotebe
Copy link
Contributor Author

Thanks for the changes. I agree the result API needs a complete overhaul, couldn't do that here and frankly, the exception work is a prerequisite to that anyway.

encukou
encukou previously approved these changes May 6, 2020
tiran
tiran previously requested changes May 26, 2020
Copy link
Member

@tiran tiran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor style nit picks.

encukou
encukou previously approved these changes Jun 5, 2020
Copy link
Member

@encukou encukou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me.

Copy link
Member

@encukou encukou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I rebased to solve a trivial conflict with newly added tests.

For some reason, Travis CI is not reporting results. But the build for 2550717 passed: https://travis-ci.org/github/python-ldap/python-ldap/builds/695146612

@encukou encukou merged commit 9a91bbd into python-ldap:master Jun 5, 2020
@quanah
Copy link
Contributor

quanah commented Jun 5, 2020

For some reason, Travis CI is not reporting results.

You may wish to see if the discussion here is of help: https://mta.openssl.org/pipermail/openssl-project/2020-June/002033.html

@tiran tiran added this to the 3.3 milestone Jun 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy