Last modified: 2011-03-12 15:39:31 UTC
Writing an authentication extension for Shibboleth (http://shibboleth.internet2.edu) and found that there doesn't seem to be a great way to hide the password change field on the preferences page from an extension... this remedies that. Fix consists of two patches: *First patch is against the AuthPlugin class to add another function call (canSetPassword) that returns whether or not a the passwords can be changed in the external database. *Second patch is for the preferences page to check this nd if it finds that it can't change a password in the external database, not display the password change form on that page.
Created attachment 1768 [details] Patch against trunk/phase3/includes/AuthPlugin.php
Created attachment 1769 [details] Patch against trunk/phase3/includes/SpecialPreferences.php
I know there was some IRC discussion on the bug, but can someone comment here on what exactly they'd like to see changed?
The patch hides the form controls, but doesn't filter the POST values when the request is submitted, so there's still scope for the input to be processed.
Except for the fact that the input is _already_ filtered out. This just updates the form controls to reflect that the input is going to be rejected.
Fixed in SVN trunk, r15139.
Verified, removed keywords. Thanks!