Remove remote user plugin, as external one is good enough.

It is possible to configure external authentication plugin to use REMOTE_USER variable.

Remove remote user plugin, as external one is good enough.
It is possible to configure external authentication plugin to use REMOTE_USER variable.
6ddfc3ad · Łukasz Nowak · 6c4b8912 · 6c4b8912 · 6ddfc3ad · 6ddfc3ad
Commit 6ddfc3ad authored Aug 29, 2011 by Łukasz Nowak
4 changed files
--- a/product/ERP5Security/ERP5RemoteUserAuthenticationPlugin.py
+++ b/product/ERP5Security/ERP5RemoteUserAuthenticationPlugin.py
-# -*- coding: utf-8 -*-
-##############################################################################
-#
-# Copyright (c) 2011 Nexedi SA and Contributors. All Rights Reserved.
-#
-# WARNING: This program as such is intended to be used by professional
-# programmers who take the whole responsibility of assessing all potential
-# consequences resulting from its eventual inadequacies and bugs
-# End users who are looking for a ready-to-use solution with commercial
-# guarantees and support are strongly adviced to contract a Free Software
-# Service Company
-#
-# This program is Free Software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-#
-##############################################################################
-from zLOG import LOG, PROBLEM, WARNING
-from Products.ERP5Type.Globals import InitializeClass
-from AccessControl import ClassSecurityInfo
-import sys
-from AccessControl.SecurityManagement import newSecurityManager,\
-    getSecurityManager, setSecurityManager
-from Products.PageTemplates.PageTemplateFile import PageTemplateFile
-from Products.PluggableAuthService.PluggableAuthService import \
-    _SWALLOWABLE_PLUGIN_EXCEPTIONS
-from Products.PluggableAuthService.interfaces import plugins
-from Products.PluggableAuthService.utils import classImplements
-from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
-from Products.ERP5Type.Cache import transactional_cached
-from Products.ERP5Security.ERP5UserManager import ERP5UserManager, SUPER_USER
-from ZODB.POSException import ConflictError
-from Products.PluggableAuthService.PluggableAuthService import DumbHTTPExtractor
-from Products.ERP5Security.ERP5GroupManager import ConsistencyError, NO_CACHE_MODE
-from Products.ERP5Type.ERP5Type \
-  import ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
-from Products.ERP5Type.Cache import CachingMethod
-from Products.ZSQLCatalog.SQLCatalog import Query, ComplexQuery
-#Form for new plugin in ZMI
-manage_addERP5RemoteUserAuthenticationPluginForm = PageTemplateFile(
-  'www/ERP5Security_addERP5RemoteUserAuthenticationPlugin', globals(),
-  __name__='manage_addERP5RemoteUserAuthenticationPluginForm')
-def addERP5RemoteUserAuthenticationPlugin(dispatcher, id, title=None, REQUEST=None):
-  """ Add a ERP5RemoteUserAuthenticationPlugin to a Pluggable Auth Service. """
-  plugin = ERP5RemoteUserAuthenticationPlugin(id, title)
-  dispatcher._setObject(plugin.getId(), plugin)
-  if REQUEST is not None:
-      REQUEST['RESPONSE'].redirect(
-          '%s/manage_workspace'
-          '?manage_tabs_message='
-          'ERP5RemoteUserAuthenticationPlugin+added.'
-          % dispatcher.absolute_url())
-class ERP5RemoteUserAuthenticationPlugin(ERP5UserManager):
-  """
-  Plugin to authenicate as machines.
-  """
-  meta_type = "ERP5 Remote User Authentication Plugin"
-  security = ClassSecurityInfo()
-  def __init__(self, id, title=None):
-    #Register value
-    self._setId(id)
-    self.title = title
-  ####################################
-  #ILoginPasswordHostExtractionPlugin#
-  ####################################
-  security.declarePrivate('extractCredentials')
-  def extractCredentials(self, request):
-    """ Extract credentials from the request header. """
-    creds = {}
-    getHeader = getattr(request, 'getHeader', None)
-    if getHeader is None:
-      # use get_header instead for Zope-2.8
-      getHeader = request.get_header
-    user_id = getHeader('REMOTE_USER')
-    if user_id is not None:
-      creds['login'] = user_id
-      creds['remote_host'] = request.get('REMOTE_HOST', '')
-      try:
-        creds['remote_address'] = request.getClientAddr()
-      except AttributeError:
-        creds['remote_address'] = request.get('REMOTE_ADDR', '')
-      return creds
-    else:
-      # fallback to default way
-      return DumbHTTPExtractor().extractCredentials(request)
-  ################################
-  #     IAuthenticationPlugin    #
-  ################################
-  security.declarePrivate('authenticateCredentials')
-  def authenticateCredentials(self, credentials):
-    """Authentificate with credentials"""
-    login = credentials.get('login', None)
-    # Forbidden the usage of the super user.
-    if login == SUPER_USER:
-      return None
-    #Search the user by his login
-    user_list = self.getUserByLogin(login)
-    if len(user_list) != 1:
-      return None
-    return (login, login)
-#List implementation of class
-classImplements(ERP5RemoteUserAuthenticationPlugin,
-                plugins.IAuthenticationPlugin)
-classImplements( ERP5RemoteUserAuthenticationPlugin,
-                plugins.ILoginPasswordHostExtractionPlugin
-               )
-InitializeClass(ERP5RemoteUserAuthenticationPlugin)
--- a/product/ERP5Security/__init__.py
+++ b/product/ERP5Security/__init__.py
@@ -27,7 +27,6 @@ import ERP5RoleManager
 import ERP5UserFactory
 import ERP5KeyAuthPlugin
 import ERP5ExternalAuthenticationPlugin
-import ERP5RemoteUserAuthenticationPlugin
 def mergedLocalRoles(object):
  """Returns a merging of object and its ancestors'
@@ -63,7 +62,6 @@ registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type)
 registerMultiPlugin(ERP5UserFactory.ERP5UserFactory.meta_type)
 registerMultiPlugin(ERP5KeyAuthPlugin.ERP5KeyAuthPlugin.meta_type)
 registerMultiPlugin(ERP5ExternalAuthenticationPlugin.ERP5ExternalAuthenticationPlugin.meta_type)
-registerMultiPlugin(ERP5RemoteUserAuthenticationPlugin.ERP5RemoteUserAuthenticationPlugin.meta_type)
 def initialize(context):
@@ -121,16 +119,6 @@ def initialize(context):
                         , icon='www/portal.gif'
                         )
-    context.registerClass( ERP5RemoteUserAuthenticationPlugin.ERP5RemoteUserAuthenticationPlugin
-                         , permission=ManageUsers
-                         , constructors=(
-                            ERP5RemoteUserAuthenticationPlugin.manage_addERP5RemoteUserAuthenticationPluginForm,
-                            ERP5RemoteUserAuthenticationPlugin.addERP5RemoteUserAuthenticationPlugin, )
-                         , visibility=None
-                         , icon='www/portal.gif'
-                         )
 from AccessControl.SecurityInfo import ModuleSecurityInfo
 ModuleSecurityInfo('Products.ERP5Security.ERP5UserManager').declarePublic(
  'getUserByLogin')
--- a/product/ERP5Security/tests/testERP5Security.py
+++ b/product/ERP5Security/tests/testERP5Security.py
@@ -409,42 +409,6 @@ class TestUserManagement(ERP5TypeTestCase):
    self.tic()
    self.assertEqual(None, person.getReference())
-  def testERP5RemoteUserAuthenticationPlugin(self):
-    """
-     Make sure that we can grant security using a
-     ERP5 Remote User Authentication Plugin.
-    """
-    portal = self.portal
-    uf = portal.acl_users
-    plugin_id = 'erp5_remote_user_authentication_plugin'
-    uf.manage_addProduct['ERP5Security'].\
-        addERP5RemoteUserAuthenticationPlugin(
-          id=plugin_id,
-          title='ERP5 Remote User Authentication Plugin',)
-    plugin = getattr(uf, plugin_id)
-    plugin.manage_activateInterfaces(interfaces=['IExtractionPlugin',
-                                                 'IAuthenticationPlugin'])
-    self.stepTic()
-    reference = 'external_auth_person'
-    loginable_person = self.getPersonModule().newContent(portal_type='Person',
-                                                         reference=reference,
-                                                         password='guest')
-    assignment = loginable_person.newContent(portal_type='Assignment',
-                                             function='another_subcat')
-    assignment.open()
-    self.stepTic()
-    base_url = portal.absolute_url(relative=1)
-    response = self.publish(base_url)
-    self.assertEqual(response.getStatus(), 302)
-    response = self.publish(base_url, env={"REMOTE_USER": reference})
-    self.assertEqual(response.getStatus(), 200)
-    self.assertTrue(reference in response.getBody())
 class TestUserManagementExternalAuthentication(TestUserManagement):
  def afterSetUp(self):
    self.user_id_key = 'openAMid'
@@ -458,8 +422,7 @@ class TestUserManagementExternalAuthentication(TestUserManagement):
        user_id_key=self.user_id_key,)
      getattr(uf, plugin_id).manage_activateInterfaces(
-        interfaces=['IExtractionPlugin',
+        interfaces=['IExtractionPlugin'])
-                    'IAuthenticationPlugin'])
      self.stepTic()
  def testERP5ExternalAuthenticationPlugin(self):

--- a/product/ERP5Security/www/ERP5Security_addERP5RemoteUserAuthenticationPlugin.zpt
+++ b/product/ERP5Security/www/ERP5Security_addERP5RemoteUserAuthenticationPlugin.zpt
-<h1 tal:replace="structure here/manage_page_header">Header</h1>
-<h2 tal:define="form_title string:Add ERP5 Remote Authentication Plugin"
-    tal:replace="structure here/manage_form_title">Form Title</h2>
-<p class="form-help">
-ERP5 RemoteUser Authentication Plugin allows to login with remote
-user.
-</p>
-<form action="addERP5RemoteUserAuthenticationPlugin" method="post">
-<table cellspacing="0" cellpadding="2" border="0">
-  <tr>
-    <td align="left" valign="top">
-    <div class="form-label">
-    Id
-    </div>
-    </td>
-    <td align="left" valign="top">
-    <input type="text" name="id" size="40" />
-    </td>
-  </tr>
-  <tr>
-    <td align="left" valign="top">
-    <div class="form-optional">
-    Title
-    </div>
-    </td>
-    <td align="left" valign="top">
-    <input type="text" name="title" size="40" />
-    </td>
-  </tr>
-  <tr>
-    <td align="left" valign="top">
-    </td>
-    <td align="left" valign="top">
-    <div class="form-element">
-    <input class="form-element" type="submit" name="submit" 
-     value=" Add " /> 
-    </div>
-    </td>
-  </tr>
-</table>
-</form>
-<h1 tal:replace="structure here/manage_page_footer">Footer</h1>