[Mailman-Users] Modify options-login page

Michele Federle mikecesure at gmail.com
Fri Jan 27 22:06:14 CET 2012


Thank you Mark, it works marvellously !!!
Thousand thanks again!!

2012/1/27 Mark Sapiro <mark at msapiro.net>

> Michele Federle wrote:
>
> >I've done it, but now there is a problem!!! In the options-page appears an
> >error:
> >
> >Bug in Mailman version 2.1.13
> >We're sorry, we hit a bug!
>
>
> You have made a mistake in modifying options.py. There will be an entry
> in Mailman's 'error' log from the above including a traceback and a
> Python error.
>
> If you can't figure out your mistake, post the traceback and error and
> your modified code.
>
> I suggest you copy/paste the code fragment directly from
> <http://mail.python.org/pipermail/mailman-users/2012-January/072811.html>.
>
>
> >2012/1/27 Mark Sapiro <mark at msapiro.net>
> >>
> >> If you really mean you would like an authentication failure from the
> >> options login page to return the list's listinfo page with an error
> >> message, that would be difficult to do because the listinfo page
> >> doesn't have a mechanism for reporting errors when invoked with an
> >> HTTP GET. And why would you want to take the user away from the login
> >> page just because of a simple typo in email address or password?
> >
> >
> >Just because I modified the html and I have both email and password inputs
> >for login in the listinfo page :)
> >So it would be better if users don't see the login form on the
> options-page,
> >it doesn't suit with the rest!!
>
>
> OK, but the web UI wasn't designed to work that way, so it's not easy
> to do.
>
>
> >>If you just want to replace the "Authentication failed." error message
> >> with something more specific, you could do that, but you would have to
> >> modify the code to first validate the member address, because the
> >> existing code calls the SecurityManager WebAuthenticate() method to
> >> authenticate the entry and it's context (list member, list owner, site
> >> owner) and receives onle a True or False return.
> >
> >
> >Oh, such a shame!! And make a simple redirect in case of login-error??
>
>
> If you want to have an options login failure go back to the listinfo
> page, you can make a similar modification to this code:
>
>        if cgidata.has_key('password'):
>            doc.addError(_('Authentication failed.'))
>            # So as not to allow membership leakage, prompt for the
> email
>            # address and the password here.
>            if mlist.private_roster <> 0:
>                syslog('mischief',
>                       'Login failure with private rosters: %s',
>                       user)
>                user = None
>            # give an HTTP 401 for authentication failure
>            print 'Status: 401 Unauthorized'
>         loginpage(mlist, doc, user, language)
>        print doc.Format()
>        return
>
> changing it to something like:
>
>        if cgidata.has_key('password'):
>            doc.addError(_('Authentication failed.'))
>            # So as not to allow membership leakage, prompt for the
> email
>            # address and the password here.
>            if mlist.private_roster <> 0:
>                syslog('mischief',
>                       'Login failure with private rosters: %s',
>                       user)
>                user = None
>         listinfo_url = '%slistinfo%s/%s' % (mlist.web_page_url,
>                                            mm_cfg.CGIEXT,
>                                            mlist.internal_name(),
>                                           )
>        print """Status: 303 See Other
> Location: %s
>
> If you see this, <a href=%s>Click to redirect</a>.
> """ % (listinfo_url, listinfo_url)
>        return
>
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>


-- 
:: Michele Federle
:: Twitter: @mikecesure
:: Skype: mikecesure


More information about the Mailman-Users mailing list