a89df96132
1) Remove mongo limitations (no 'or' when querying for either username
or email).
2) Lost password function revealed if an user name or email address
is registered, which can be considered a data leak.
Leaking user names is OK, they are public anyway, but don't reveal
lookup success in case the lookup happened by email address.
Simply respond: "If you have an account here, we have send you
your email"?
3) username and email search was case sensitive. Made username search
case insensitive (they are always stored lowercase in the db).
Keep email-address search case sensitive for now. This might need
further discussion
4) Remove a whole bunch of indention in the style of:
if no error:
...
if no error:
...
if no error:
actually do something in the regular case
by restructuring the function.
5) Outsource the sanity checking for username and email fields into the
validator function. This way, we get automatic case sanity checking
and sanitizing for all required fields.
6) Require 5-char password and fix tests
Originally, the Change password form required a password between 6-30
chars while the registration and login form did not require anything
special. This commit introduces a common minimum limit for all forms
which breaks the test suite which uses a 5 char password by
default. :-). As 5 chars seem sensible enough to enforce (people
should be picking much longer ones anyway), just reduce the limit to
5 chars, thereby making all tests pass.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
======== README ======== What is GNU MediaGoblin? ======================== * Initially, a place to store all your photos that’s as awesome as, if not more awesome than, existing network services (Flickr, SmugMug, Picasa, etc) * Customizable! * A place for people to collaborate and show off original and derived creations. Free, as in freedom. We’re a GNU project after all. * Later, a place for all sorts of media, such as video, music, etc hosting. * Later, federated with OStatus! Is it ready for me to use? ========================== Yes! But with caveats. The software is usable and there are instances running, but it's still in its early stages. Can I help/hang out/participate/whisper sweet nothings in your ear? =================================================================== Yes! Please join us and hang out! For more information on where we hang out, see `our Join page <http://mediagoblin.org/join/>`_ Where is the documentation? =========================== The beginnings of a site administration manual is located in the ``docs/`` directory in HTML, Texinfo, and source (Restructured Text) forms. It's also available online at http://docs.mediagoblin.org/ in HTML form. Contributor/developer documentation as well as documentation on the project processes and infrastructure is located on `the wiki <http://wiki.mediagoblin.org/>`_.