[Mailman-Users] Re: [Mailman-Developers] password a MUST?!

Harald Meland Harald.Meland@usit.uio.no
15 Jun 2000 11:14:22 +0200 

[Mentor Cana]

> On Wed, 14 Jun 2000, at 21:28, Chuq Von Rospach wrote:
> > >  What I'm saying is not to eliminate the password option all
> > >together, just suggestion that password should not be required if not
> > >supplied and mailman generates the password instead.
> > 
> > Could be done. At this point, I don't think I'd consider it a high 
> > priority for 2.0. But it'd be nice to have down the road.
> 
> The following patch was posted on this list few days ago. Isn't this doing
> the trick?

Not quite, I think.  I, for one, don't want to allow my users to
subscribe with random passwords -- explaining the Mailman
password-and-user stuff we have in place here is confusing enough as
it is.

Here's a revised version of the patch (please use "diff -u" or "diff
-c" when posting patches -- I believe Barry prefers the latter, while
I myself prefer the former):

Index: Mailman/Defaults.py.in
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Defaults.py.in,v
retrieving revision 1.101
diff -u -r1.101 Defaults.py.in
--- Mailman/Defaults.py.in      2000/05/04 22:44:28     1.101
+++ Mailman/Defaults.py.in      2000/06/15 08:32:49
@@ -222,6 +222,10 @@
 DEFAULT_SUBSCRIBE_POLICY = 1
 # does this site allow completely unchecked subscriptions?
 ALLOW_OPEN_SUBSCRIBE = 0
+# does this site allow user to subscribe without specifying what their
+# member password should be?  If set to true, Mailman will generate
+# random passwords for such users.
+ALLOW_RANDOMPWD_SUBSCRIBE = 0
 
 # Private_roster == 0: anyone can see, 1: members only, 2: admin only.
 DEFAULT_PRIVATE_ROSTER = 0
Index: Mailman/Cgi/subscribe.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Cgi/subscribe.py,v
retrieving revision 1.24
diff -u -r1.24 subscribe.py
--- Mailman/Cgi/subscribe.py    2000/04/04 23:38:25     1.24
+++ Mailman/Cgi/subscribe.py    2000/06/15 09:13:14
@@ -135,9 +135,20 @@
         results = results + "You must not subscribe a list to itself!<br>"
 
     if not form.has_key("pw") or not form.has_key("pw-conf"):
-        error = 1
-        results = (results +
-                   "You must supply a valid password, and confirm it.<br>")
+        if mm_cfg.ALLOW_RANDOMPWD_SUBSCRIBE:
+            # If the user has supplied a password, but not confirmed it,
+            # we use the supplied password anyway.
+            if form.has_key("pw"):
+                pw = form["pw"].value
+            # Otherwise generate a random password.
+            else:
+                pw = Utils.MakeRandomPassword()
+            # Auto-confirm this password
+            pwc = pw
+        else:
+            error = 1
+            results = (results +
+                       "You must supply a valid password, and confirm it.<br>")
     else:
         pw  = form["pw"].value
         pwc = form["pw-conf"].value


The patch has not (yet) been tested, please report back any failures
or successes.

If it works out OK, and no-one objects strongly, I'll consider
committing this before 2.0 (I'll be away next week (attending USENIX
2000), which should leave ample time to voice any objections :).
-- 
Harald