From df7f145b529fe80a3ac1211705c88f8f55f7068c Mon Sep 17 00:00:00 2001
From: richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
Date: Tue, 8 Oct 2002 04:11:17 +0000
Subject: [PATCH] allow blank passwords again (sf bug 619714)

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1325 57a73879-2fb5-44c3-a270-3262357dd7e2
---
 CHANGES.txt                      |  1 +
 doc/customizing.txt              |  6 +++++-
 roundup/backends/back_anydbm.py  |  6 +++---
 roundup/backends/back_sqlite.py  |  4 ++--
 roundup/backends/rdbms_common.py |  6 +++---
 roundup/cgi/client.py            | 12 +++++++++---
 roundup/roundupdb.py             |  4 ++--
 7 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 665dd35..5d2c2fb 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -13,6 +13,7 @@ are given with the most recent entry first.
 - https URLs from config now recognised as valid (sf bug 619829)
 - nicer display of tracker list in roundup-server (sf bug 619769)
 - fixed some missed renaming instance -> tracker (sf bug 619769)
+- allow blank passwords again (sf bug 619714)
 
 
 2002-10-02 0.5.0
diff --git a/doc/customizing.txt b/doc/customizing.txt
index 4caa99a..fec578b 100644
--- a/doc/customizing.txt
+++ b/doc/customizing.txt
@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.52 $
+:Version: $Revision: 1.53 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -580,6 +580,10 @@ Example Scenarios
    <option tal:condition="python:request.user.hasPermission('Closer')"
            value="resolved">Resolved</option>
  
+**don't give users who register through email web access**
+ Create a new Role called "Email User" which has all the Permissions of the
+ normal "User" Role minus the "Web Access" Permission. This will allow users
+ to send in emails to the tracker, but not access the web interface.
 
 
 Web Interface
diff --git a/roundup/backends/back_anydbm.py b/roundup/backends/back_anydbm.py
index d99094f..755dab3 100644
--- a/roundup/backends/back_anydbm.py
+++ b/roundup/backends/back_anydbm.py
@@ -15,7 +15,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-#$Id: back_anydbm.py,v 1.88 2002-10-07 00:52:51 richard Exp $
+#$Id: back_anydbm.py,v 1.89 2002-10-08 04:11:14 richard Exp $
 '''
 This module defines a backend that saves the hyperdatabase in a database
 chosen by anydbm. It is guaranteed to always be available in python
@@ -366,7 +366,7 @@ class Database(FileStorage, hyperdb.Database, roundupdb.Database):
             # get the property spec
             prop = properties[k]
 
-            if isinstance(prop, Password):
+            if isinstance(prop, Password) and v is not None:
                 d[k] = str(v)
             elif isinstance(prop, Date) and v is not None:
                 d[k] = v.serialise()
@@ -397,7 +397,7 @@ class Database(FileStorage, hyperdb.Database, roundupdb.Database):
                 d[k] = date.Date(v)
             elif isinstance(prop, Interval) and v is not None:
                 d[k] = date.Interval(v)
-            elif isinstance(prop, Password):
+            elif isinstance(prop, Password) and v is not None:
                 p = password.Password()
                 p.unpack(v)
                 d[k] = p
diff --git a/roundup/backends/back_sqlite.py b/roundup/backends/back_sqlite.py
index cbd6d6e..53be129 100644
--- a/roundup/backends/back_sqlite.py
+++ b/roundup/backends/back_sqlite.py
@@ -1,4 +1,4 @@
-# $Id: back_sqlite.py,v 1.6 2002-09-27 01:04:38 richard Exp $
+# $Id: back_sqlite.py,v 1.7 2002-10-08 04:11:16 richard Exp $
 __doc__ = '''
 See https://pysqlite.sourceforge.net/ for pysqlite info
 '''
@@ -155,7 +155,7 @@ class Database(Database):
                 d[k] = date.Date(v)
             elif isinstance(prop, Interval) and v is not None:
                 d[k] = date.Interval(v)
-            elif isinstance(prop, Password):
+            elif isinstance(prop, Password) and v is not None:
                 p = password.Password()
                 p.unpack(v)
                 d[k] = p
diff --git a/roundup/backends/rdbms_common.py b/roundup/backends/rdbms_common.py
index 8839273..a60c79d 100644
--- a/roundup/backends/rdbms_common.py
+++ b/roundup/backends/rdbms_common.py
@@ -1,4 +1,4 @@
-# $Id: rdbms_common.py,v 1.21 2002-10-07 00:52:51 richard Exp $
+# $Id: rdbms_common.py,v 1.22 2002-10-08 04:11:16 richard Exp $
 ''' Relational database (SQL) backend common code.
 
 Basics:
@@ -699,7 +699,7 @@ class Database(FileStorage, hyperdb.Database, roundupdb.Database):
             # get the property spec
             prop = properties[k]
 
-            if isinstance(prop, Password):
+            if isinstance(prop, Password) and v is not None:
                 d[k] = str(v)
             elif isinstance(prop, Date) and v is not None:
                 d[k] = v.serialise()
@@ -730,7 +730,7 @@ class Database(FileStorage, hyperdb.Database, roundupdb.Database):
                 d[k] = date.Date(v)
             elif isinstance(prop, Interval) and v is not None:
                 d[k] = date.Interval(v)
-            elif isinstance(prop, Password):
+            elif isinstance(prop, Password) and v is not None:
                 p = password.Password()
                 p.unpack(v)
                 d[k] = p
diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
index 46167eb..635cf72 100644
--- a/roundup/cgi/client.py
+++ b/roundup/cgi/client.py
@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.50 2002-10-07 00:52:51 richard Exp $
+# $Id: client.py,v 1.51 2002-10-08 04:11:17 richard Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -525,7 +525,8 @@ class Client:
         # make sure we're allowed to be here
         if not self.loginPermission():
             self.make_user_anonymous()
-            raise Unauthorised, _("You do not have permission to login")
+            self.error_message.append(_("You do not have permission to login"))
+            return
 
         # now we're OK, re-open the database for real, using the user
         self.opendb(self.user)
@@ -536,7 +537,12 @@ class Client:
     def verifyPassword(self, userid, password):
         ''' Verify the password that the user has supplied
         '''
-        return password == self.db.user.get(self.userid, 'password')
+        stored = self.db.user.get(self.userid, 'password')
+        if password == stored:
+            return 1
+        if not password and not stored:
+            return 1
+        return 0
 
     def loginPermission(self):
         ''' Determine whether the user has permission to log in.
diff --git a/roundup/roundupdb.py b/roundup/roundupdb.py
index eb62444..65739b0 100644
--- a/roundup/roundupdb.py
+++ b/roundup/roundupdb.py
@@ -15,7 +15,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-# $Id: roundupdb.py,v 1.70 2002-10-08 03:27:24 richard Exp $
+# $Id: roundupdb.py,v 1.71 2002-10-08 04:11:13 richard Exp $
 
 __doc__ = """
 Extending hyperdb with types specific to issue-tracking.
@@ -291,7 +291,7 @@ class IssueClass:
         # then append a trailing slash if it is missing
         base = self.db.config.TRACKER_WEB 
         if (not isinstance(base , type('')) or
-            not base.startswith('http://'):
+            not base.startswith('http://') or
             not base.startswith('https://')):
             base = "Configuration Error: TRACKER_WEB isn't a " \
                 "fully-qualified URL"
-- 
2.30.2