Commit cd7114f4 authored by Rafael Monnerat's avatar Rafael Monnerat

ERP5Security: External Auhentication Plugin accepts Login portal type list

   This allow the administrator define which Login portal types are searched.
parent 97da8c13
...@@ -41,11 +41,11 @@ manage_addERP5ExternalAuthenticationPluginForm = PageTemplateFile( ...@@ -41,11 +41,11 @@ manage_addERP5ExternalAuthenticationPluginForm = PageTemplateFile(
'www/ERP5Security_addERP5ExternalAuthenticationPlugin', globals(), 'www/ERP5Security_addERP5ExternalAuthenticationPlugin', globals(),
__name__='manage_addERP5ExternalAuthenticationPluginForm') __name__='manage_addERP5ExternalAuthenticationPluginForm')
def addERP5ExternalAuthenticationPlugin(dispatcher, id, title=None, user_id_key='', def addERP5ExternalAuthenticationPlugin(dispatcher, id, title=None, user_id_key='',
REQUEST=None): login_portal_type_list='ERP5 Login', REQUEST=None):
""" Add a ERP5ExternalAuthenticationPlugin to a Pluggable Auth Service. """ """ Add a ERP5ExternalAuthenticationPlugin to a Pluggable Auth Service. """
plugin = ERP5ExternalAuthenticationPlugin(id, title, user_id_key) plugin = ERP5ExternalAuthenticationPlugin(id, title, user_id_key, login_portal_type_list)
dispatcher._setObject(plugin.getId(), plugin) dispatcher._setObject(plugin.getId(), plugin)
if REQUEST is not None: if REQUEST is not None:
...@@ -76,15 +76,22 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin): ...@@ -76,15 +76,22 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin):
'mode':'w', 'mode':'w',
'label':'HTTP request header key where the user_id is stored' 'label':'HTTP request header key where the user_id is stored'
}, },
{'id': 'login_portal_type_list',
'type':'string',
'mode':'w',
'label': 'List of Login Portal Types to search'
},
) )
+ BasePlugin._properties[:] + BasePlugin._properties[:]
) )
def __init__(self, id, title=None, user_id_key=''): def __init__(self, id, title=None, user_id_key='', login_portal_type_list="ERP5 Login"):
#Register value #Register value
self._setId(id) self._setId(id)
self.title = title self.title = title
self.user_id_key = user_id_key self.user_id_key = user_id_key
self.login_portal_type_list = login_portal_type_list
#################################### ####################################
#ILoginPasswordHostExtractionPlugin# #ILoginPasswordHostExtractionPlugin#
...@@ -97,9 +104,10 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin): ...@@ -97,9 +104,10 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin):
if getHeader is None: if getHeader is None:
# use get_header instead for Zope-2.8 # use get_header instead for Zope-2.8
getHeader = request.get_header getHeader = request.get_header
user_id = getHeader(self.user_id_key) external_login = getHeader(self.user_id_key)
if user_id is not None: if external_login is not None:
creds['external_login'] = user_id creds['external_login'] = external_login
creds['login_portal_type'] = self.login_portal_type_list.split()
else: else:
# fallback to default way # fallback to default way
return DumbHTTPExtractor().extractCredentials(request) return DumbHTTPExtractor().extractCredentials(request)
...@@ -125,7 +133,7 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin): ...@@ -125,7 +133,7 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin):
__name__='manage_editERP5ExternalAuthenticationPluginForm') __name__='manage_editERP5ExternalAuthenticationPluginForm')
security.declareProtected(ManageUsers, 'manage_editERP5ExternalAuthenticationPlugin') security.declareProtected(ManageUsers, 'manage_editERP5ExternalAuthenticationPlugin')
def manage_editERP5ExternalAuthenticationPlugin(self, user_id_key, RESPONSE=None): def manage_editERP5ExternalAuthenticationPlugin(self, user_id_key, login_portal_type_list, RESPONSE=None):
"""Edit the object""" """Edit the object"""
error_message = '' error_message = ''
...@@ -135,6 +143,12 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin): ...@@ -135,6 +143,12 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin):
else: else:
self.user_id_key = user_id_key self.user_id_key = user_id_key
#Save user_id_key
if login_portal_type_list == '' or login_portal_type_list is None:
error_message += 'Invalid key value '
else:
self.login_portal_type_list = login_portal_type_list
#Redirect #Redirect
if RESPONSE is not None: if RESPONSE is not None:
if error_message != '': if error_message != '':
......
...@@ -36,6 +36,16 @@ ...@@ -36,6 +36,16 @@
<input type="text" name="user_id_key" size="40" /> <input type="text" name="user_id_key" size="40" />
</td> </td>
</tr> </tr>
<tr>
<td align="left" valign="top">
<div class="form-label">
List of Login Portal Types (separated by commas)
</div>
</td>
<td align="left" valign="top">
<input type="text" name="login_portal_type_list" size="40" />
</td>
</tr>
<tr> <tr>
<td colspan="2"> <input type="submit" value="add plugin"/> <td colspan="2"> <input type="submit" value="add plugin"/>
</td> </td>
......
...@@ -7,7 +7,8 @@ ...@@ -7,7 +7,8 @@
<form action="manage_editERP5ExternalAuthenticationPlugin" method="POST"> <form action="manage_editERP5ExternalAuthenticationPlugin" method="POST">
<table tal:define="user_id_key request/user_id_key|context/user_id_key|string:;"> <table tal:define="user_id_key request/user_id_key|context/user_id_key|string:;
login_portal_type_list request/login_portal_type_list|context/login_portal_type_list|string:">
<tr> <tr>
<td>HTTP request header key where the user_id is stored</td> <td>HTTP request header key where the user_id is stored</td>
...@@ -16,6 +17,13 @@ ...@@ -16,6 +17,13 @@
tal:attributes="value user_id_key;" /> tal:attributes="value user_id_key;" />
</td> </td>
</tr> </tr>
<tr>
<td>List of Login Portal Types (separated by commas)</td>
<td>
<input type="text" name="login_portal_type_list" value=""
tal:attributes="value login_portal_type_list" size="40" />
</td>
</tr>
<tr> <tr>
<td colspan="2"> <td colspan="2">
<input type="submit" value="save"/> <input type="submit" value="save"/>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment