[FIX] res_user.change_password: warn about empty passwords (needs context for transla...

author Olivier Dony <odo@openerp.com>

Fri, 7 Jan 2011 09:39:29 +0000 (10:39 +0100)

committer Olivier Dony <odo@openerp.com>

Fri, 7 Jan 2011 09:39:29 +0000 (10:39 +0100)
author Olivier Dony <odo@openerp.com>
Fri, 7 Jan 2011 09:39:29 +0000 (10:39 +0100)
committer Olivier Dony <odo@openerp.com>
Fri, 7 Jan 2011 09:39:29 +0000 (10:39 +0100)
diff --git a/bin/addons/base/res/res_user.py b/bin/addons/base/res/res_user.py

index a201f0f..6d2c6c0 100644 (file)
--- a/bin/addons/base/res/res_user.py
+++ b/bin/addons/base/res/res_user.py
@@ -490,7 +490,7 @@ class users(osv.osv):
          finally:
              cr.close()
  
-    def change_password(self, cr, uid, old_passwd, new_passwd):
+    def change_password(self, cr, uid, old_passwd, new_passwd, context=None):
          """Change current user password. Old password must be provided explicitly
          to prevent hijacking an existing user session, or for cases where the cleartext
          password is not used to authenticate requests.
@@ -498,9 +498,9 @@ class users(osv.osv):
          :return: True
          :raise: security.ExceptionNoTb when old password is wrong
          """
-        if self.check(cr.dbname, uid, old_passwd):
-            self.write(cr, uid, uid, {'password': new_passwd})
-        return True
+        if new_passwd and self.check(cr.dbname, uid, old_passwd):
+            return self.write(cr, uid, uid, {'password': new_passwd})
+        raise osv.except_osv(_('Warning!'), _("Setting empty passwords is not allowed for security reasons!"))
  
  users()
author	Olivier Dony <odo@openerp.com>
	Fri, 7 Jan 2011 09:39:29 +0000 (10:39 +0100)
committer	Olivier Dony <odo@openerp.com>
	Fri, 7 Jan 2011 09:39:29 +0000 (10:39 +0100)