Delegate token validation.

By requiring token_validation_method extraction plugin is only responsible for low level implementation.

Delegate token validation.
By requiring token_validation_method extraction plugin is only responsible for low level implementation.
66dce3b4 · Łukasz Nowak · Rafael Monnerat · 8ea51d93 · 66dce3b4 · 66dce3b4
Commit 66dce3b4 authored Apr 26, 2012 by Łukasz Nowak Committed by Rafael Monnerat Sep 17, 2012
3 changed files
--- a/product/ERP5Security/ERP5BearerExtractionPlugin.py
+++ b/product/ERP5Security/ERP5BearerExtractionPlugin.py
@@ -40,6 +40,7 @@ from AccessControl.SecurityManagement import getSecurityManager,\
    setSecurityManager, newSecurityManager
 from DateTime import DateTime
 from Products.ZSQLCatalog.SQLCatalog import SimpleQuery
+from zLOG import LOG, INFO
 #Form for new plugin in ZMI
 manage_addERP5BearerExtractionPluginForm = PageTemplateFile(
@@ -47,10 +48,11 @@ manage_addERP5BearerExtractionPluginForm = PageTemplateFile(
  __name__='manage_addERP5BearerExtractionPluginForm')
 def addERP5BearerExtractionPlugin(dispatcher, id, token_portal_type,
-  title=None, REQUEST=None):
+  token_validation_method, title=None, REQUEST=None):
  """ Add a ERP5BearerExtractionPlugin to a Pluggable Auth Service. """
-  plugin = ERP5BearerExtractionPlugin(id, token_portal_type, title)
+  plugin = ERP5BearerExtractionPlugin(id, token_portal_type,
+    token_validation_method, title)
  dispatcher._setObject(plugin.getId(), plugin)
  if REQUEST is not None:
@@ -68,6 +70,7 @@ class ERP5BearerExtractionPlugin(BasePlugin):
  meta_type = "ERP5 Bearer Extraction Plugin"
  security = ClassSecurityInfo()
  token_portal_type = ''
+  token_validation_method = ''
  manage_options = (({'label': 'Edit',
                      'action': 'manage_editERP5BearerExtractionPluginForm',},
@@ -80,15 +83,20 @@ class ERP5BearerExtractionPlugin(BasePlugin):
                   'mode':'w',
                   'label':'Portal Type with tokens'
                   },
-                  )
+                  {'id':'token_validation_method',
+                   'type':'string',
+                   'mode':'w',
+                   'label':'Method to validate found token'
+                   },                  )
                 + BasePlugin._properties[:]
                 )
-  def __init__(self, id, token_portal_type, title=None):
+  def __init__(self, id, token_portal_type, token_validation_method, title=None):
    #Register value
    self._setId(id)
    self.title = title
    self.token_portal_type = token_portal_type
+    self.token_validation_method = token_validation_method
  ####################################
  #ILoginPasswordHostExtractionPlugin#
@@ -116,25 +124,31 @@ class ERP5BearerExtractionPlugin(BasePlugin):
      #   Not implemented as considered as unsecure.
      pass
-    if token is not None:
+    if token is not None and self.token_portal_type \
+        and self.token_validation_method:
      sm = getSecurityManager()
      if sm.getUser().getId() != SUPER_USER:
        newSecurityManager(self, self.getUser(SUPER_USER))
      try:
-        now = DateTime()
        token_document = self.portal_catalog.getResultValue(
          portal_type=self.token_portal_type,
          reference=token,
-          query=SimpleQuery(comparison_operator='>=', expiration_date=now),
+          query=SimpleQuery(
+            comparison_operator='>=', expiration_date=DateTime()
+          ),
          validation_state='validated'
        )
        if token_document is not None:
-          if token_document.getReference() == token and \
+          result = False
-            token_document.getExpirationDate() >= now and \
+          try:
-            token_document.getValidationState() == 'validated' and \
+            result = getattr(token_document,
-            token_document.getDestinationReference() is not None:
+            self.token_validation_method)()
-              creds['external_login'] = \
+          except Exception:
-                token_document.getDestinationReference()
+            LOG('BearerExtractionPlugin', INFO, 'Problem while calling token '
+              'validation method %r on %r:' % (self.token_validation_method,
+              token_document.getPath()), error=True)
+          if result is True:
+            creds['external_login'] = token_document.getDestinationReference()
      finally:
        setSecurityManager(sm)
      if 'external_login' in  creds:
@@ -153,15 +167,19 @@ class ERP5BearerExtractionPlugin(BasePlugin):
      globals(),
      __name__='manage_editERP5BearerExtractionPluginForm')
-  security.declareProtected(ManageUsers, 'manage_editERP5BearerExtractionPlugin')
+  security.declareProtected(ManageUsers,
-  def manage_editERP5BearerExtractionPlugin(self, token_portal_type, RESPONSE=None):
+    'manage_editERP5BearerExtractionPlugin')
+  def manage_editERP5BearerExtractionPlugin(self, token_portal_type,
+      token_validation_method, RESPONSE=None):
    """Edit the object"""
    error_message = ''
-    if token_portal_type == '' or token_portal_type is None:
+    if token_portal_type == '' or token_portal_type is None or \
+      token_validation_method == '' or token_validation_method is None:
      error_message += 'Token Portal Type is missing '
    else:
      self.token_portal_type = token_portal_type
+      self.token_validation_method = token_validation_method
    #Redirect
    if RESPONSE is not None:

--- a/product/ERP5Security/www/ERP5Security_addERP5BearerExtractionPlugin.zpt
+++ b/product/ERP5Security/www/ERP5Security_addERP5BearerExtractionPlugin.zpt
@@ -36,6 +36,12 @@
    <input type="text" name="token_portal_type" size="40" />
    </td>
  </tr>
+<tr>
+   <td>Method to validate found token</td>
+   <td>
+     <input type="text" name="token_validation_method" value=""/>
+   </td>
+</tr>
  <tr>
    <td colspan="2"> <input type="submit" value="add plugin"/>
    </td>

--- a/product/ERP5Security/www/ERP5Security_editERP5BearerExtractionPlugin.zpt
+++ b/product/ERP5Security/www/ERP5Security_editERP5BearerExtractionPlugin.zpt
@@ -7,7 +7,7 @@
 <form action="manage_editERP5BearerExtractionPlugin" method="POST">
-<table tal:define="token_portal_type request/token_portal_type|context/token_portal_type|string:;">
+<table tal:define="token_portal_type request/token_portal_type|context/token_portal_type|string:; token_validation_method request/token_validation_method|context/token_validation_method|string:;">
 <tr>
   <td>Portal Type with tokens</td>
@@ -16,6 +16,13 @@
            tal:attributes="value token_portal_type;" />
   </td>
 </tr>
+<tr>
+   <td>Method to validate found token</td>
+   <td>
+     <input type="text" name="token_validation_method" value=""
+            tal:attributes="value token_validation_method;" />
+   </td>
+</tr>
 <tr>
   <td colspan="2"> 
    <input type="submit" value="save"/>