authentication policy: Fix Credential Recovery creation

`erp5_authentication_policy` can be configured to automatically create `Credential Recovery` for user once login expire. This was no longer working since we switched to `ERP5 Login`, `Credential Recovery` ticket was created with a relation to `ERP5 Login`, but it should be related to the `Person`. See merge request !1096

authentication policy: Fix Credential Recovery creation
`erp5_authentication_policy` can be configured to automatically create `Credential Recovery` for user once login expire. This was no longer working since we switched to `ERP5 Login`, `Credential Recovery` ticket was created with a relation to `ERP5 Login`, but it should be related to the `Person`. See merge request !1096
0d078bd1 · Jérome Perrin · 9b4f14a6 · 68e67160 · 0d078bd1 · 0d078bd1
Commit 0d078bd1 authored Apr 13, 2020 by Jérome Perrin
2 changed files
--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_notifyPasswordExpire.py
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_notifyPasswordExpire.py
@@ -9,25 +9,28 @@ portal = context.getPortalObject()
 portal_preferences = portal.portal_preferences

 if not portal_preferences.isAuthenticationPolicyEnabled() or \
-   not portal.portal_preferences.isPreferredSystemRecoverExpiredPassword():
+   not portal_preferences.isPreferredSystemRecoverExpiredPassword():
  # no policy, no sense to file expire at all or symply system do not configured to
-  return 0
+  return
+
+user = context.getParentValue()
+username = context.getReference()

 # Prevent creating new recovery if one was recently created
 recovery_list = portal.portal_catalog(
  portal_type="Credential Recovery",
-  reference=context.getReference(),
-  default_destination_decision_uid=context.getUid(),
+  reference=username,
+  default_destination_decision_uid=user.getUid(),
  creation_date=Query(range="min", creation_date=addToDate(DateTime(), {'day': -1})),
  limit=1)
-if (len(recovery_list) > 0):
-  return 0
+if recovery_list:
+  return

 module = portal.getDefaultModule(portal_type='Credential Recovery')
 credential_recovery = module.newContent(
-                               portal_type="Credential Recovery",
-                               reference=context.getReference(),
-                               destination_decision_value=context,
-                               language=portal.Localizer.get_selected_language())
+    portal_type="Credential Recovery",
+    reference=username,
+    destination_decision_value=user,
+    language=portal.Localizer.get_selected_language())
 context.serialize()
 credential_recovery.submit()
--- a/product/ERP5/tests/testAuthenticationPolicy.py
+++ b/product/ERP5/tests/testAuthenticationPolicy.py
@@ -66,8 +66,9 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
    uf = portal.acl_users
    uf._doAddUser(self.manager_username, self.manager_password, ['Manager'], [])
    self.loginByUserName(self.manager_username)
-    kw = dict(portal_type='Person',
-              reference = 'test')
+
+    kw = dict(portal_type='ERP5 Login',
+              reference='test')
    if portal.portal_catalog.getResultValue(**kw) is None:
      # add a loggable Person
      person = self.createUser(
@@ -80,7 +81,6 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
      assignment = person.newContent(portal_type = 'Assignment')
      assignment.open()

-
    # Reset and Setup auth policy
    old_preference = portal.portal_catalog.getResultValue(
      portal_type='System Preference',
@@ -114,19 +114,21 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
    self.portal.system_event_module.manage_delObjects([x.getId() for x in self._getPasswordEventList(login)])


-  def createUser(self, reference, password=None, person_kw=None):
+  def createUser(self, username, password=None, person_kw=None):
    """
-      Modified version from ERP5TypeTestCase, that does set reference as
-      password when password is None.
+      Modified version from ERP5TypeTestCase, that does not set reference as
+      password when password is None and does not set the same reference on
+      person, so that we can reveal problems with code assuming that person's
+      reference is same as login, which use to be true before ERP5 Login were
+      introduced.
    """
    if person_kw is None:
      person_kw = {}
-
-    person = self.portal.person_module.newContent(portal_type='Person',
-                                                  reference=reference,
-                                                  **person_kw)
+    self.createUser
+    person = self.portal.person_module.newContent(
+        portal_type='Person', **person_kw)
    login = person.newContent(portal_type='ERP5 Login',
-                              reference=reference,
+                              reference=username,
                              password=password)
    login.validate()
    return person
@@ -138,9 +140,10 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
    portal = self.getPortal()
    self.assertTrue(portal.portal_preferences.isAuthenticationPolicyEnabled())

-    person = portal.portal_catalog.getResultValue(portal_type = 'Person',
-                                                  reference = 'test')
-    login = person.objectValues(portal_type='ERP5 Login')[0]
+    login = portal.portal_catalog.getResultValue(
+        portal_type='ERP5 Login',
+        reference='test')
+    self.assertIsNotNone(login)
    preference = portal.portal_catalog.getResultValue(portal_type = 'System Preference',
                                                      title = 'Authentication',)
    # login should be allowed
@@ -595,7 +598,8 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
    self.tic()

    person = self.createUser(self.id(), password='password')
-    assignment = person.newContent(portal_type = 'Assignment')
+    person.setDefaultEmailCoordinateText('user@example.com')
+    assignment = person.newContent(portal_type='Assignment')
    assignment.open()
    login = person.objectValues(portal_type='ERP5 Login')[0]

@@ -615,15 +619,22 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
    self.tic()

    # and a credential recovery is created automatically
-    credential_recovery, = login.getDestinationDecisionRelatedValueList(
+    credential_recovery, = person.getDestinationDecisionRelatedValueList(
        portal_type='Credential Recovery')

    # trying to login again does not create a new credential recovery
    response = publish()
+    self.assertTrue(response.getHeader("Location").endswith("login_form"))
    self.tic()
-    credential_recovery, = login.getDestinationDecisionRelatedValueList(
+    credential_recovery, = person.getDestinationDecisionRelatedValueList(
        portal_type='Credential Recovery')

+    credential_recovery.accept()
+    self.tic()
+    _, (to,), message = self.portal.MailHost._last_message
+    self.assertEqual(to, 'user@example.com')
+    self.assertIn('Password Recovery', message)
+
  def test_HttpRequest(self):
    """
      Check HTTP responses