Commit f55c9148 authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Rafael Monnerat

Improve "interface".

Return token on addition.
Use proxied scripts to access whole system in order to allow unprivileged user
to manage own tokens.
Update roles immediately in order to give unprivileged user access to
validated token.
parent 66dce3b4
No related merge requests found
...@@ -68,11 +68,14 @@ token = context.newContent(portal_type=\'Bearer Token\',\n ...@@ -68,11 +68,14 @@ token = context.newContent(portal_type=\'Bearer Token\',\n
expiration_date=DateTime() + (1./24) # 1 hour of validity\n expiration_date=DateTime() + (1./24) # 1 hour of validity\n
)\n )\n
\n \n
# update roles fast in order to allow restricted users immediate access\n
token.BearerToken_updateLocalRolesOnSecurityGroups()\n
\n
hmac = None\n hmac = None\n
for i in range(10):\n for i in range(10):\n
fuzzy = context.Base_generateRandomString()\n fuzzy = context.Base_generateRandomString()\n
possible_hmac = token.BearerToken_getHMAC(key, fuzzy)\n possible_hmac = token.BearerToken_getHMAC(key, fuzzy)\n
if len(context.searchFolder(portal_type=\'Bearer Token\', reference=possible_hmac)) == 0 \\\n if not context.BearerTokenModule_isTokenPresent(possible_hmac) \\\n
and context.getPortalObject().portal_activities.countMessageWithTag(possible_hmac) == 0:\n and context.getPortalObject().portal_activities.countMessageWithTag(possible_hmac) == 0:\n
hmac = possible_hmac\n hmac = possible_hmac\n
break\n break\n
...@@ -86,6 +89,8 @@ token.edit(\n ...@@ -86,6 +89,8 @@ token.edit(\n
)\n )\n
token.validate()\n token.validate()\n
token.reindexObject(activate_kw={\'tag\': hmac})\n token.reindexObject(activate_kw={\'tag\': hmac})\n
\n
return token\n
</string> </value> </string> </value>
</item> </item>
<item> <item>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>if context.getPortalType() != \'Bearer Token Module\':\n
raise TypeError(\'Shall be called in Bearer Token Module\')\n
if REQUEST is not None:\n
# "protection" against being called in URL\n
raise ValueError\n
\n
if len(context.searchFolder(portal_type=\'Bearer Token\', reference=reference)) == 0:\n
return False\n
return True\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>reference, REQUEST=None</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>BearerTokenModule_isTokenPresent</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>if REQUEST is not None:\n
raise ValueError\n
context.updateLocalRolesOnSecurityGroups()\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>REQUEST=None</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>BearerToken_updateLocalRolesOnSecurityGroups</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
2 3
\ No newline at end of file \ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment