Merge 825cf7f into e639554

collective · Nov 7, 2018 · 5f2d664 · 5f2d664
2 parents e639554 + 825cf7f
commit 5f2d664
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 16 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -7,8 +7,8 @@ Changelog
 - Deprecate Plone 4.1, Plone 4.2 and Python 2.6.
   [hvelarde]
 
-- Avoids ``TypeError`` on ``InvalidPasswordEntered`` subscriber when the list of whitelisted users has not being set.
-  [csanahuja]
+- Avoid ``TypeError`` on Password Expiry plugin and ``InvalidPasswordEntered`` subscriber when the list of whitelisted users has not being set.
+  [csanahuja, hvelarde]
 
 - Restore compatibility with Plone 4.3.
   [hvelarde]

diff --git a/collective/pwexpiry/logger.py b/collective/pwexpiry/logger.py
@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+from collective.pwexpiry.config import PROJECTNAME
+
+import logging
+
+
+logger = logging.getLogger(PROJECTNAME)
diff --git a/collective/pwexpiry/patches.py b/collective/pwexpiry/patches.py
@@ -4,17 +4,14 @@
 from collective.pwexpiry.events import InvalidPasswordEntered
 from collective.pwexpiry.events import ValidPasswordEntered
 from collective.pwexpiry.interfaces import ICustomPasswordValidator
+from collective.pwexpiry.logger import logger
 from plone import api
 from Products.CMFPlone.RegistrationTool import RegistrationTool
 from Products.PluggableAuthService.plugins.ZODBUserManager import ZODBUserManager  # noqa: E501
 from zope.component import getAdapters
 from zope.event import notify
 
 import hashlib
-import logging
-
-
-logger = logging.getLogger(__file__)
 
 
 original_testPasswordValidity = RegistrationTool.testPasswordValidity

diff --git a/collective/pwexpiry/pwexpiry_plugin.py b/collective/pwexpiry/pwexpiry_plugin.py
@@ -79,7 +79,7 @@ def authenticateCredentials(self, credentials):
         whitelisted = api.portal.get_registry_record(
             'collective.pwexpiry.whitelisted_users'
         )
-        if user.getId() in whitelisted:
+        if whitelisted and user.getId() in whitelisted:
             return None
 
         password_date = user.getProperty('password_date', '2000/01/01')

diff --git a/collective/pwexpiry/setuphandlers.py b/collective/pwexpiry/setuphandlers.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 from collective.pwexpiry.config import IS_PLONE_5
+from collective.pwexpiry.logger import logger
 from collective.pwexpiry.pwdisable_plugin import addPwDisablePlugin
 from collective.pwexpiry.pwexpiry_plugin import addPwExpiryPlugin
 from Products.CMFCore.utils import getToolByName
@@ -8,11 +9,6 @@
 from Products.PluggableAuthService.interfaces.plugins import IChallengePlugin
 from zope.interface import implementer
 
-import logging
-
-
-logger = logging.getLogger('collective.pwexpiry')
-
 
 @implementer(INonInstallable)
 class HiddenProfiles(object):  # pragma: no cover

diff --git a/collective/pwexpiry/subscriber.py b/collective/pwexpiry/subscriber.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 from AccessControl import Unauthorized
+from collective.pwexpiry.logger import logger
 from plone import api
 from plone.registry.interfaces import IRegistry
 from zope.component import queryUtility
@@ -25,11 +26,14 @@ def ValidPasswordEntered(user, event):
             # Enough time has elapsed
             user.setMemberProperties({'account_locked': False,
                                       'password_tries': 0})
+            msg = 'User {0} logged in after lock time; account is now unlocked'
+            logger.info(msg.format(user))
         else:
+            user_disabled_time = disable_time - (delta.seconds / 3600)
             user.REQUEST.RESPONSE.setHeader('user_disabled', user.getId())
-            user.REQUEST.RESPONSE.setHeader(
-                'user_disabled_time', (disable_time - (delta.seconds / 3600))
-            )
+            user.REQUEST.RESPONSE.setHeader('user_disabled_time', user_disabled_time)
+            msg = 'User {0} tried to log in but account is locked for {1} hours'
+            logger.warn(msg.format(user, user_disabled_time))
             raise Unauthorized
 
     else:
@@ -54,7 +58,6 @@ def InvalidPasswordEntered(user, event):
     if whitelisted and user.getId() in whitelisted:
         return
 
-
     allowed_tries = registry['collective.pwexpiry.allowed_tries']
     current_tries = user.getProperty('password_tries', 0)
 
@@ -67,3 +70,5 @@ def InvalidPasswordEntered(user, event):
         current_time = portal.ZopeTime()
         user.setMemberProperties({'account_locked_date': current_time,
                                   'account_locked': True})
+        msg = 'User {0} has tried to access {1} times with an invalid password; account is locked'  # noqa: E501
+        logger.warn(msg.format(user, current_tries))