Commit 7862ea47 authored by Rafael Monnerat's avatar Rafael Monnerat

Master: Include authentification Policy BT5

  slapos_erp5: Add erp5_authentication_policy as project dependency
  slapos_cloud: Define standard configuration for authentication policy
  Update tests on various bt5.
parent e95da4ac
...@@ -264,6 +264,18 @@ It\'s the lowest priority one; ie. managers can create higher priority preferenc ...@@ -264,6 +264,18 @@ It\'s the lowest priority one; ie. managers can create higher priority preferenc
<key> <string>preferred_date_order</string> </key> <key> <string>preferred_date_order</string> </key>
<value> <string>ymd</string> </value> <value> <string>ymd</string> </value>
</item> </item>
<item>
<key> <string>preferred_diff_filter_script_id</string> </key>
<value>
<tuple>
<string>TemplateTool_filterClassTupleDiff</string>
<string>TemplateTool_filterTemplateUnicodeDiff</string>
<string>TemplateTool_filterPortalTypeClassDiff</string>
<string>TemplateTool_filterOOBTreeClassDiff</string>
<string>TemplateTool_filterEmptyContentTranslation</string>
</tuple>
</value>
</item>
<item> <item>
<key> <string>preferred_document_file_name_regular_expression</string> </key> <key> <string>preferred_document_file_name_regular_expression</string> </key>
<value> <string encoding="cdata"><![CDATA[ <value> <string encoding="cdata"><![CDATA[
......
...@@ -93,6 +93,18 @@ ...@@ -93,6 +93,18 @@
<key> <string>preferred_aggregated_subscription_sale_trade_condition</string> </key> <key> <string>preferred_aggregated_subscription_sale_trade_condition</string> </key>
<value> <string>sale_trade_condition_module/slapos_aggregated_subscription_trade_condition</string> </value> <value> <string>sale_trade_condition_module/slapos_aggregated_subscription_trade_condition</string> </value>
</item> </item>
<item>
<key> <string>preferred_authentication_failure_block_duration</string> </key>
<value> <int>1800</int> </value>
</item>
<item>
<key> <string>preferred_authentication_failure_check_duration</string> </key>
<value> <int>5400</int> </value>
</item>
<item>
<key> <string>preferred_authentication_policy_enabled</string> </key>
<value> <int>0</int> </value>
</item>
<item> <item>
<key> <string>preferred_campaign_use</string> </key> <key> <string>preferred_campaign_use</string> </key>
<value> <value>
...@@ -165,6 +177,14 @@ ...@@ -165,6 +177,14 @@
<key> <string>preferred_instance_update_movement_template</string> </key> <key> <string>preferred_instance_update_movement_template</string> </key>
<value> <string>sale_packing_list_module/slapos_accounting_instance_delivery_line_template/update</string> </value> <value> <string>sale_packing_list_module/slapos_accounting_instance_delivery_line_template/update</string> </value>
</item> </item>
<item>
<key> <string>preferred_max_authentication_failure</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>preferred_max_password_lifetime_duration</string> </key>
<value> <int>1008</int> </value>
</item>
<item> <item>
<key> <string>preferred_maximum_balance</string> </key> <key> <string>preferred_maximum_balance</string> </key>
<value> <float>-50.0</float> </value> <value> <float>-50.0</float> </value>
...@@ -273,6 +293,10 @@ ...@@ -273,6 +293,10 @@
</tuple> </tuple>
</value> </value>
</item> </item>
<item>
<key> <string>preferred_system_recover_expired_password</string> </key>
<value> <int>1</int> </value>
</item>
<item> <item>
<key> <string>preferred_time_zone</string> </key> <key> <string>preferred_time_zone</string> </key>
<value> <string>Europe/Paris</string> </value> <value> <string>Europe/Paris</string> </value>
...@@ -289,6 +313,10 @@ ...@@ -289,6 +313,10 @@
<key> <string>preferred_wechat_payment_service_reference</string> </key> <key> <string>preferred_wechat_payment_service_reference</string> </key>
<value> <string>PSERV-Wechat-Test</string> </value> <value> <string>PSERV-Wechat-Test</string> </value>
</item> </item>
<item>
<key> <string>preffered_force_username_check_in_password</string> </key>
<value> <int>1</int> </value>
</item>
<item> <item>
<key> <string>priority</string> </key> <key> <string>priority</string> </key>
<value> <int>1</int> </value> <value> <int>1</int> </value>
......
...@@ -118,10 +118,13 @@ class SlapOSTestCaseMixin(testSlapOSMixin): ...@@ -118,10 +118,13 @@ class SlapOSTestCaseMixin(testSlapOSMixin):
return person_user return person_user
def _addERP5Login(self, document): def _addERP5Login(self, document, **kw):
if document.getPortalType() == "Person":
kw["password"] = "%s-aA$1" % self.generateNewId()
login = document.newContent( login = document.newContent(
portal_type="ERP5 Login", portal_type="ERP5 Login",
reference=document.getReference()) reference=document.getReference(),
**kw)
login.validate() login.validate()
return login return login
......
...@@ -60,7 +60,8 @@ class TestSlapOSSecurityMixin(SlapOSTestCaseMixin): ...@@ -60,7 +60,8 @@ class TestSlapOSSecurityMixin(SlapOSTestCaseMixin):
for _, plugin in uf._getOb('plugins').listPlugins( for _, plugin in uf._getOb('plugins').listPlugins(
IAuthenticationPlugin ): IAuthenticationPlugin ):
if plugin.authenticateCredentials( if plugin.authenticateCredentials(
{'login_portal_type': ('ERP5 Login', 'Certificate Login'), {'login_portal_type': ('ERP5 Login', 'Certificate Login',
'Facebook Login', 'Google Login'),
'external_login': login}) is not None: 'external_login': login}) is not None:
break break
else: else:
...@@ -182,18 +183,23 @@ class TestSlapOSSoftwareInstanceSecurity(TestSlapOSSecurityMixin): ...@@ -182,18 +183,23 @@ class TestSlapOSSoftwareInstanceSecurity(TestSlapOSSecurityMixin):
class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin): class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin):
def test_active(self, login_portal_type="Certificate Login"): def test_active(self, login_portal_type="Certificate Login"):
password = str(random.random()) password = '%s-aA1$' % str(random.random())
reference = self._generateRandomUniqueReference('Person') reference = self._generateRandomUniqueReference('Person')
user_id = self._generateRandomUniqueUserId('Person') user_id = self._generateRandomUniqueUserId('Person')
person = self.portal.person_module.newContent( person = self.portal.person_module.newContent(
portal_type='Person', portal_type='Person',
reference=reference, password=password) reference=reference)
person.setUserId(user_id) person.setUserId(user_id)
person.newContent(portal_type='Assignment').open() person.newContent(portal_type='Assignment').open()
person.newContent(portal_type=login_portal_type, if login_portal_type == "ERP5 Login":
reference=reference, password=password).validate() person.newContent(portal_type=login_portal_type,
reference=reference,
password=password).validate()
else:
person.newContent(portal_type=login_portal_type,
reference=reference).validate()
self.tic() self.tic()
...@@ -229,20 +235,24 @@ class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin): ...@@ -229,20 +235,24 @@ class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin):
self.assertSameSet(['R-MEMBER', 'G-COMPANY'], user.getGroups()) self.assertSameSet(['R-MEMBER', 'G-COMPANY'], user.getGroups())
def test_inactive(self, login_portal_type="Certificate Login"): def test_inactive(self, login_portal_type="Certificate Login"):
password = str(random.random()) password = '%s-aA1$' % str(random.random())
reference = self._generateRandomUniqueReference('Person') reference = self._generateRandomUniqueReference('Person')
user_id = self._generateRandomUniqueReference('Person') user_id = self._generateRandomUniqueReference('Person')
person = self.portal.person_module.newContent(portal_type='Person', person = self.portal.person_module.newContent(portal_type='Person',
reference=reference, password=password) reference=reference)
self.tic() self.tic()
self._assertUserDoesNotExists(user_id, reference, password) self._assertUserDoesNotExists(user_id, reference, password)
person.newContent(portal_type=login_portal_type, if login_portal_type == "ERP5 Login":
person.newContent(portal_type=login_portal_type,
reference=reference,
password=password).validate()
else:
person.newContent(portal_type=login_portal_type,
reference=reference).validate() reference=reference).validate()
self.tic() self.tic()
self._assertUserDoesNotExists(user_id, reference, password) self._assertUserDoesNotExists(user_id, reference, password)
...@@ -253,7 +263,17 @@ class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin): ...@@ -253,7 +263,17 @@ class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin):
def test_inactive_erp5_login(self): def test_inactive_erp5_login(self):
self.test_inactive(login_portal_type="ERP5 Login") self.test_inactive(login_portal_type="ERP5 Login")
def test_active_facebook_login(self):
self.test_active(login_portal_type="Facebook Login")
def test_inactive_facebook_login(self):
self.test_inactive(login_portal_type="Facebook Login")
def test_active_google_login(self):
self.test_active(login_portal_type="Google Login")
def test_inactive_google_login(self):
self.test_inactive(login_portal_type="Google Login")
def test_suite(): def test_suite():
......
...@@ -27,6 +27,7 @@ import os ...@@ -27,6 +27,7 @@ import os
class TestSlapOSConfigurator(SlapOSTestCaseMixin): class TestSlapOSConfigurator(SlapOSTestCaseMixin):
maxDiff = None
def bootstrapSite(self): def bootstrapSite(self):
SlapOSTestCaseMixin.bootstrapSite(self) SlapOSTestCaseMixin.bootstrapSite(self)
self.getBusinessConfiguration().BusinessConfiguration_invokeSlapOSMasterPromiseAlarmList() self.getBusinessConfiguration().BusinessConfiguration_invokeSlapOSMasterPromiseAlarmList()
...@@ -338,6 +339,7 @@ class TestSlapOSConfigurator(SlapOSTestCaseMixin): ...@@ -338,6 +339,7 @@ class TestSlapOSConfigurator(SlapOSTestCaseMixin):
'erp5_slapos_tutorial', 'erp5_slapos_tutorial',
'erp5_slapos_tutorial_data', 'erp5_slapos_tutorial_data',
'erp5_slideshow_style', 'erp5_slideshow_style',
'erp5_authentication_policy',
'slapos_cloud', 'slapos_cloud',
'slapos_slap_tool', 'slapos_slap_tool',
'slapos_category', 'slapos_category',
......
...@@ -28,7 +28,12 @@ class TestSlaposSkinSelection(SlapOSTestCaseMixin): ...@@ -28,7 +28,12 @@ class TestSlaposSkinSelection(SlapOSTestCaseMixin):
# Ignore these bt5 as they might be present on development instances # Ignore these bt5 as they might be present on development instances
# but not present on the test. # but not present on the test.
ignore_list = ["slapos_ui_test"] ignore_list = [
# UI testing folders not deployed by Configurator
"slapos_ui_test", "slapos_zh_ui_test",
# Legacy and/or custom bt5 folders
"slapos_vifib", "rapid_space", "rapid_space_ui_test"]
def getTitle(self): def getTitle(self):
return "Slapos Skin Selection" return "Slapos Skin Selection"
...@@ -150,6 +155,7 @@ erp5_access_tab ...@@ -150,6 +155,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
...@@ -266,6 +272,7 @@ erp5_access_tab ...@@ -266,6 +272,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
...@@ -383,6 +390,7 @@ erp5_access_tab ...@@ -383,6 +390,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
...@@ -496,6 +504,7 @@ erp5_access_tab ...@@ -496,6 +504,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
...@@ -613,6 +622,7 @@ erp5_access_tab ...@@ -613,6 +622,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
...@@ -730,6 +740,7 @@ erp5_access_tab ...@@ -730,6 +740,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
...@@ -844,6 +855,7 @@ erp5_access_tab ...@@ -844,6 +855,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
...@@ -959,6 +971,7 @@ erp5_access_tab ...@@ -959,6 +971,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
...@@ -1073,6 +1086,7 @@ erp5_access_tab ...@@ -1073,6 +1086,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
...@@ -1188,6 +1202,7 @@ erp5_access_tab ...@@ -1188,6 +1202,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
...@@ -1303,6 +1318,7 @@ erp5_access_tab ...@@ -1303,6 +1318,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
...@@ -1419,6 +1435,7 @@ erp5_access_tab ...@@ -1419,6 +1435,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
...@@ -1535,6 +1552,7 @@ erp5_access_tab ...@@ -1535,6 +1552,7 @@ erp5_access_tab
erp5_access_token erp5_access_token
erp5_accounting erp5_accounting
erp5_administration erp5_administration
erp5_authentication_policy
erp5_auto_logout erp5_auto_logout
erp5_base erp5_base
erp5_bearer_token erp5_bearer_token
......
erp5_authentication_policy
erp5_administration erp5_administration
erp5_credential erp5_credential
erp5_project erp5_project
......
...@@ -2249,13 +2249,14 @@ class TestSlapOSSlapToolInstanceAccess(TestSlapOSSlapToolMixin): ...@@ -2249,13 +2249,14 @@ class TestSlapOSSlapToolInstanceAccess(TestSlapOSSlapToolMixin):
class TestSlapOSSlapToolPersonAccess(TestSlapOSSlapToolMixin): class TestSlapOSSlapToolPersonAccess(TestSlapOSSlapToolMixin):
def afterSetUp(self): def afterSetUp(self):
password = self.generateNewId() password = "%s-1Aa$" % self.generateNewId()
reference = 'test_%s' % self.generateNewId() reference = 'test_%s' % self.generateNewId()
person = self.portal.person_module.newContent(portal_type='Person', person = self.portal.person_module.newContent(portal_type='Person',
title=reference, title=reference,
reference=reference, password=password) reference=reference)
person.newContent(portal_type='Assignment', role='member').open() person.newContent(portal_type='Assignment', role='member').open()
person.newContent(portal_type='ERP5 Login', reference=reference).validate() person.newContent(portal_type='ERP5 Login',
reference=reference, password=password).validate()
self.commit() self.commit()
self.person = person self.person = person
......
...@@ -226,6 +226,7 @@ class testSlapOSMixin(ERP5TypeTestCase): ...@@ -226,6 +226,7 @@ class testSlapOSMixin(ERP5TypeTestCase):
def bootstrapSite(self): def bootstrapSite(self):
self.logMessage('SlapOS bootstrapSite') self.logMessage('SlapOS bootstrapSite')
self.getDefaultSystemPreference().setPreferredHateoasUrl("http://dummy/") self.getDefaultSystemPreference().setPreferredHateoasUrl("http://dummy/")
self.getDefaultSystemPreference().setPreferredAuthenticationPolicyEnabled(True)
self.clearCache() self.clearCache()
self.tic() self.tic()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment