[Mailman-Users] Re: [Mailman-Developers] password a MUST?!
Harald Meland
Harald.Meland@usit.uio.no
15 Jun 2000 11:14:22 +0200
[Mentor Cana]
> On Wed, 14 Jun 2000, at 21:28, Chuq Von Rospach wrote:
> > > What I'm saying is not to eliminate the password option all
> > >together, just suggestion that password should not be required if not
> > >supplied and mailman generates the password instead.
> >
> > Could be done. At this point, I don't think I'd consider it a high
> > priority for 2.0. But it'd be nice to have down the road.
>
> The following patch was posted on this list few days ago. Isn't this doing
> the trick?
Not quite, I think. I, for one, don't want to allow my users to
subscribe with random passwords -- explaining the Mailman
password-and-user stuff we have in place here is confusing enough as
it is.
Here's a revised version of the patch (please use "diff -u" or "diff
-c" when posting patches -- I believe Barry prefers the latter, while
I myself prefer the former):
Index: Mailman/Defaults.py.in
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Defaults.py.in,v
retrieving revision 1.101
diff -u -r1.101 Defaults.py.in
--- Mailman/Defaults.py.in 2000/05/04 22:44:28 1.101
+++ Mailman/Defaults.py.in 2000/06/15 08:32:49
@@ -222,6 +222,10 @@
DEFAULT_SUBSCRIBE_POLICY = 1
# does this site allow completely unchecked subscriptions?
ALLOW_OPEN_SUBSCRIBE = 0
+# does this site allow user to subscribe without specifying what their
+# member password should be? If set to true, Mailman will generate
+# random passwords for such users.
+ALLOW_RANDOMPWD_SUBSCRIBE = 0
# Private_roster == 0: anyone can see, 1: members only, 2: admin only.
DEFAULT_PRIVATE_ROSTER = 0
Index: Mailman/Cgi/subscribe.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Cgi/subscribe.py,v
retrieving revision 1.24
diff -u -r1.24 subscribe.py
--- Mailman/Cgi/subscribe.py 2000/04/04 23:38:25 1.24
+++ Mailman/Cgi/subscribe.py 2000/06/15 09:13:14
@@ -135,9 +135,20 @@
results = results + "You must not subscribe a list to itself!<br>"
if not form.has_key("pw") or not form.has_key("pw-conf"):
- error = 1
- results = (results +
- "You must supply a valid password, and confirm it.<br>")
+ if mm_cfg.ALLOW_RANDOMPWD_SUBSCRIBE:
+ # If the user has supplied a password, but not confirmed it,
+ # we use the supplied password anyway.
+ if form.has_key("pw"):
+ pw = form["pw"].value
+ # Otherwise generate a random password.
+ else:
+ pw = Utils.MakeRandomPassword()
+ # Auto-confirm this password
+ pwc = pw
+ else:
+ error = 1
+ results = (results +
+ "You must supply a valid password, and confirm it.<br>")
else:
pw = form["pw"].value
pwc = form["pw-conf"].value
The patch has not (yet) been tested, please report back any failures
or successes.
If it works out OK, and no-one objects strongly, I'll consider
committing this before 2.0 (I'll be away next week (attending USENIX
2000), which should leave ample time to voice any objections :).
--
Harald