New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow only OpenRosa endpoints with not-validated passwords #887
Allow only OpenRosa endpoints with not-validated passwords #887
Conversation
…box/kpi#4475-validate-password-flag
…box/kpi#4475-validate-password-flag
…box/kpi#4475-validate-password-flag
99ac7c5
to
c0b2afd
Compare
…box/kpi#4475-validate-password-flag
a14a6b3
to
8224fd2
Compare
…box/kpi#4475-validate-password-flag
…box/kpi#4475-validate-password-flag
@@ -41,4 +41,4 @@ def process_view(self, request, view, args, kwargs): | |||
if not is_logged_in and (view_name in REDIRECT_IF_NOT_LOGGED_IN): | |||
return HttpResponseRedirect(login_url) | |||
|
|||
pass | |||
return |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@noliveleger not that it's a blocker or anything, but is this explicitly needed for some reason?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TBH, I really don't remember what I did that 😅 .
No it is absolutely not needed. Python does it for us behind the scene.
content_type, *_ = response.accepted_media_type.split(';') | ||
except AttributeError: | ||
pass | ||
else: | ||
*_, format_ = content_type.split('/') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I learned something new! 🎓
I think this way of considering only the first accepted_media_type
isn't totally kosher, but it's fine for this purpose 👌
Description
Superusers can flag accounts as not-validated password (i.e. password which don't respect password security rules).
These users can still collect data only until they reset their password and comply to password rules.
Related issues
Related to kobotoolbox/kpi#4475 and kobotoolbox/kpi#4473
Blocked by #886
Closes #881