Support external_login in authenticateCredentials

Thanks to this no need of code duplication is required, and ERP5ExternalAuthenticationPlugin can be responsible for only one thing: extraction of credentials passed by external service.

Support external_login in authenticateCredentials
Thanks to this no need of code duplication is required, and ERP5ExternalAuthenticationPlugin can be responsible for only one thing: extraction of credentials passed by external service.
6c4b8912 · Łukasz Nowak · f51bd472 · 6c4b8912 · 6c4b8912
Commit 6c4b8912 authored Aug 29, 2011 by Łukasz Nowak
Showing with 13 additions and 71 deletions

product/ERP5Security/ERP5ExternalAuthenticationPlugin.py product/ERP5Security/ERP5ExternalAuthenticationPlugin.py +0 -65

product/ERP5Security/ERP5UserManager.py product/ERP5Security/ERP5UserManager.py +13 -6

No files found.
--- a/product/ERP5Security/ERP5ExternalAuthenticationPlugin.py
+++ b/product/ERP5Security/ERP5ExternalAuthenticationPlugin.py
@@ -120,70 +120,6 @@ class ERP5ExternalAuthenticationPlugin(ERP5UserManager):

    return creds

-  ################################
-  #     IAuthenticationPlugin    #
-  ################################
-  security.declarePrivate('authenticateCredentials')
-  def authenticateCredentials(self, credentials):
-    """Authentificate with credentials"""
-    login = credentials.get('external_login', None)
-    # Forbidden the usage of the super user.
-    if login == SUPER_USER:
-      return None
-
-    #Function to allow cache
-    def _authenticateCredentials(login):
-      if not login:
-        return None
-
-      #Search the user by his login
-      user_list = self.getUserByLogin(login)
-      if len(user_list) != 1:
-        raise _AuthenticationFailure()
-      user = user_list[0]
-
-      #We need to be super_user
-      sm = getSecurityManager()
-      if sm.getUser().getId() != SUPER_USER:
-        newSecurityManager(self, self.getUser(SUPER_USER))
-        try:
-          # get assignment list
-          assignment_list = [x for x in user.objectValues(portal_type="Assignment") \
-                             if x.getValidationState() == "open"]
-          valid_assignment_list = []
-          # check dates if exist
-          login_date = DateTime()
-          for assignment in assignment_list:
-            if assignment.getStartDate() is not None and \
-                   assignment.getStartDate() > login_date:
-              continue
-            if assignment.getStopDate() is not None and \
-                   assignment.getStopDate() < login_date:
-              continue
-            valid_assignment_list.append(assignment)
-
-          # validate
-          if len(valid_assignment_list) > 0:
-            return (login,login)
-        finally:
-          setSecurityManager(sm)
-
-        raise _AuthenticationFailure()
-
-    #Cache Method for best performance
-    _authenticateCredentials = CachingMethod(
-      _authenticateCredentials,
-      id='ERP5ExternalAuthenticationPlugin_authenticateCredentials',
-      cache_factory='erp5_content_short')
-    try:
-      return _authenticateCredentials(login=login)
-    except _AuthenticationFailure:
-      return None
-    except StandardError,e:
-      #Log standard error
-      LOG('ERP5ExternalAuthenticationPlugin.authenticateCredentials', PROBLEM, str(e))
-      return None
-
  ################################
  # Properties for ZMI managment #
  ################################
@@ -219,7 +155,6 @@ class ERP5ExternalAuthenticationPlugin(ERP5UserManager):

 #List implementation of class
 classImplements(ERP5ExternalAuthenticationPlugin,
-                plugins.IAuthenticationPlugin,
                plugins.ILoginPasswordHostExtractionPlugin)

 InitializeClass(ERP5ExternalAuthenticationPlugin)
--- a/product/ERP5Security/ERP5UserManager.py
+++ b/product/ERP5Security/ERP5UserManager.py
@@ -118,12 +118,18 @@ class ERP5UserManager(BasePlugin):
        o We expect the credentials to be those returned by
            ILoginPasswordExtractionPlugin.
        """
+        login = credentials.get('login')
+        ignore_password = False
+        if not login:
+          login = credentials.get('external_login')
+          ignore_password = True
        # Forbidden the usage of the super user.
-        if credentials.get('login') == SUPER_USER:
+        if login == SUPER_USER:
          return None

-        def _authenticateCredentials(login, password, path):
-            if not login or not password:
+        def _authenticateCredentials(login, password, path,
+          ignore_password=False):
+            if not login or not (password or ignore_password):
                return None

            user_list = self.getUserByLogin(login)
@@ -151,7 +157,7 @@ class ERP5UserManager(BasePlugin):
                  continue
                valid_assignment_list.append(assignment)

-              if pw_validate(user.getPassword(), password) and \
+              if (ignore_password or pw_validate(user.getPassword(), password)) and \
                     len(valid_assignment_list) and user \
                     .getValidationState() != 'deleted': #user.getCareerRole() == 'internal':
                return login, login # use same for user_id and login
@@ -164,9 +170,10 @@ class ERP5UserManager(BasePlugin):
                                                 cache_factory='erp5_content_short')
        try:
          authentication_result = _authenticateCredentials(
-                                    login=credentials.get('login'),
+                                    login=login,
                                    password=credentials.get('password'),
-                                    path=self.getPhysicalPath())
+                                    path=self.getPhysicalPath(),
+                                    ignore_password=ignore_password)
                           
        except _AuthenticationFailure:
          authentication_result = None