Merge branch 'tmp' into tag-editor

3 files changed, 19 insertions, 4 deletions

diff --git a/askbot/deps/django_authopenid/backends.py b/askbot/deps/django_authopenid/backends.py
index 5ff49c1b..48fcc45e 100644
--- a/askbot/deps/django_authopenid/backends.py
+++ b/askbot/deps/django_authopenid/backends.py
@@ -127,10 +127,12 @@ def ldap_authenticate(username, password):
                 common_name = user_information[common_name_field][0]
                 first_name, last_name = split_name(common_name, common_name_format)
             
+            #here we have an opportunity to copy password in the auth_user table
+            #but we don't do it for security reasons
             try:
                 user = User.objects.get(username__exact=exact_username)
                 # always update user profile to synchronize with ldap server
-                user.set_password(password)
+                user.set_unusable_password()
                 #user.first_name = first_name
                 #user.last_name = last_name
                 user.email = email
@@ -139,7 +141,7 @@ def ldap_authenticate(username, password):
                 # create new user in local db
                 user = User()
                 user.username = exact_username
-                user.set_password(password)#copy password from LDAP locally
+                user.set_unusable_password()
                 #user.first_name = first_name
                 #user.last_name = last_name
                 user.email = email
diff --git a/askbot/deps/django_authopenid/views.py b/askbot/deps/django_authopenid/views.py
index a3ecbbab..e63988fb 100644
--- a/askbot/deps/django_authopenid/views.py
+++ b/askbot/deps/django_authopenid/views.py
@@ -322,7 +322,7 @@ def signin(request):
                         login(request, user)
                         return HttpResponseRedirect(next_url)
                     else:
-                        user.message_set.create(_('incorrect user name or password'))
+                        request.user.message_set.create(_('Incorrect user name or password'))
                         return HttpResponseRedirect(request.path)
                 else:
                     if password_action == 'login':
diff --git a/askbot/doc/source/optional-modules.rst b/askbot/doc/source/optional-modules.rst
index 54043c1e..d56cbe42 100644
--- a/askbot/doc/source/optional-modules.rst
+++ b/askbot/doc/source/optional-modules.rst
@@ -103,7 +103,16 @@ The parameters are (note that some have pre-set defaults that might work for you
 * user id field name (``LDAP_USERID_FIELD``)
 * email field name (``LDAP_EMAIL_FIELD``)
 * user name filter template (``LDAP_USERNAME_FILTER_TEMPLATE``)
-* user name filter template - must have two string placeholders.
+  must have two string placeholders.
+* given (first) name field (``LDAP_GIVEN_NAME_FIELD``)
+* surname (last name) field (``LDAP_SURNAME_FIELD``)
+* common name field (``LDAP_COMMON_NAME_FIELD``)
+  either given and surname should be used or common name.
+  All three are not necessary - either first two or common.
+  These fields are used to extract users first and last names.
+* Format of common name (``LDAP_COMMON_NAME_FIELD_FORMAT``)
+  values can be only 'first,last' or 'last,first' - used to 
+  extract last and first names from common name
 
 There are three more optional parameters that must go to the ``settings.py`` file::
 
@@ -124,6 +133,10 @@ you might need to :ref:`debug <debugging>` the settings.
 The function to look at is `askbot.deps.django_authopenid.backends.ldap_authenticate`.
 If you have problems with LDAP please contact us at support@askbot.com.
 
+The easiest way to debug - insert ``import pdb; pdb.set_trace()`` line into function
+`askbot.deps.django_authopenid.backends.ldap_authenticate`,
+start the ``runserver`` and step through.
+
 Uploaded avatars
 ================