Commit 3e962887 authored by Vincent Pelletier's avatar Vincent Pelletier

Change Person's password into a PersistentMapping. This allows storing...

Change Person's password into a PersistentMapping. This allows storing multiple representations of the same password. This is required to interface with foreign applications without storing the password in plaintext.
Update PasswordTool to not encode the password at its level.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@25609 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 992f2968
...@@ -31,6 +31,8 @@ from AccessControl import ClassSecurityInfo ...@@ -31,6 +31,8 @@ from AccessControl import ClassSecurityInfo
from Products.CMFCore.utils import getToolByName from Products.CMFCore.utils import getToolByName
from Products.CMFCore.utils import _checkPermission from Products.CMFCore.utils import _checkPermission
from Products.CMFCore.exceptions import AccessControl_Unauthorized from Products.CMFCore.exceptions import AccessControl_Unauthorized
from Globals import PersistentMapping
from Acquisition import aq_base
#from Products.ERP5.Core.Node import Node #from Products.ERP5.Core.Node import Node
...@@ -185,6 +187,26 @@ class Person(XMLObject): ...@@ -185,6 +187,26 @@ class Person(XMLObject):
return pw_validate(self.getPassword(), value) return pw_validate(self.getPassword(), value)
return False return False
def _setEncodedPassword(self, value, format='default'):
password = getattr(aq_base(self), 'password', None)
if password is None:
password = self.password = PersistentMapping()
self.password[format] = value
security.declarePublic('setPassword')
def setEncodedPassword(self, value, format='default'):
"""
Set an already encoded password.
"""
if not _checkPermission(Permissions.SetOwnPassword, self):
raise AccessControl_Unauthorized('setEncodedPassword')
self._setEncodedPassword(value, format=format)
self.reindexObject()
def _setPassword(self, value):
self.password = PersistentMapping()
self._setEncodedPassword(pw_encrypt(value))
security.declarePublic('setPassword') security.declarePublic('setPassword')
def setPassword(self, value) : def setPassword(self, value) :
""" """
...@@ -193,9 +215,40 @@ class Person(XMLObject): ...@@ -193,9 +215,40 @@ class Person(XMLObject):
if value is not None: if value is not None:
if not _checkPermission(Permissions.SetOwnPassword, self): if not _checkPermission(Permissions.SetOwnPassword, self):
raise AccessControl_Unauthorized('setPassword') raise AccessControl_Unauthorized('setPassword')
self._setPassword(pw_encrypt(value)) self._setPassword(value)
self.reindexObject() self.reindexObject()
security.declareProtected(Permissions.AccessContentsInformation, 'getPassword')
def getPassword(self, *args, **kw):
"""
Retrieve password in desired format.
getPassword([default], [format='default'])
default (anything)
Value to return if no passord is set on context.
Default: no default, raises AttributeError if property is not set.
format (string)
String defining the format in which the password is expected.
If passowrd is not available in that format, KeyError will be
raised.
Default: 'default'
"""
password = getattr(aq_base(self), 'password', *args)
format = kw.get('format', 'default')
try:
# Backward compatibility: if it's not a PersistentMapping instance,
# assume it's a monovalued string, which corresponds to default
# password encoding.
if isinstance(password, PersistentMapping):
password = password[format]
else:
if format != 'default':
raise KeyError
except KeyError:
raise KeyError, 'Password is not available in %r format.' % (format, )
return password
# Time management # Time management
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
'getAvailableTime') 'getAvailableTime')
......
...@@ -39,7 +39,6 @@ from DateTime import DateTime ...@@ -39,7 +39,6 @@ from DateTime import DateTime
from Products.ERP5Type.Message import translateString from Products.ERP5Type.Message import translateString
from Acquisition import aq_base from Acquisition import aq_base
from BTrees.OOBTree import OOBTree from BTrees.OOBTree import OOBTree
from Products.ERP5.Document.Person import pw_encrypt
class PasswordTool(BaseTool): class PasswordTool(BaseTool):
""" """
...@@ -190,7 +189,7 @@ class PasswordTool(BaseTool): ...@@ -190,7 +189,7 @@ class PasswordTool(BaseTool):
self.password_request_dict.pop(password_key) self.password_request_dict.pop(password_key)
persons = self.acl_users.erp5_users.getUserByLogin(user_login) persons = self.acl_users.erp5_users.getUserByLogin(user_login)
person = persons[0] person = persons[0]
person._setPassword(pw_encrypt(password)) person._setPassword(password)
person.reindexObject() person.reindexObject()
if REQUEST is not None: if REQUEST is not None:
msg = translateString("Password changed.") msg = translateString("Password changed.")
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment