Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Mukul
erp5
Commits
4848edce
Commit
4848edce
authored
Oct 20, 2016
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fixup! ERP5Security: Use a dedicated Login document to handle authentication.
parent
7ac3444a
Changes
10
Show whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
135 additions
and
25 deletions
+135
-25
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Base_getValidatedLoginReferenceList.py
...ns/erp5_credential/Base_getValidatedLoginReferenceList.py
+5
-0
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Base_getValidatedLoginReferenceList.xml
...s/erp5_credential/Base_getValidatedLoginReferenceList.xml
+62
-0
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendPasswordResetLink.py
...p5_credential/CredentialRecovery_sendPasswordResetLink.py
+2
-2
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendUsernameRecoveryMessage.py
...dential/CredentialRecovery_sendUsernameRecoveryMessage.py
+5
-4
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRequest_createUser.py
...tal_skins/erp5_credential/CredentialRequest_createUser.py
+23
-12
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Credential_updatePersonPassword.py
..._skins/erp5_credential/Credential_updatePersonPassword.py
+19
-1
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newCredentialRecovery.py
...l_skins/erp5_credential/ERP5Site_newCredentialRecovery.py
+6
-3
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newCredentialRequest.py
...al_skins/erp5_credential/ERP5Site_newCredentialRequest.py
+2
-1
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newPersonCredentialUpdate.py
...ins/erp5_credential/ERP5Site_newPersonCredentialUpdate.py
+8
-2
product/ERP5/bootstrap/erp5_core/bt/template_action_path_list
...uct/ERP5/bootstrap/erp5_core/bt/template_action_path_list
+3
-0
No files found.
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Base_getValidatedLoginReferenceList.py
0 → 100644
View file @
4848edce
person
=
context
.
ERP5Site_getAuthenticatedMemberPersonValue
()
if
person
is
not
None
:
return
[
login
for
login
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
)]
else
:
return
[]
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Base_getValidatedLoginReferenceList.xml
0 → 100644
View file @
4848edce
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"PythonScript"
module=
"Products.PythonScripts.PythonScript"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
Script_magic
</string>
</key>
<value>
<int>
3
</int>
</value>
</item>
<item>
<key>
<string>
_bind_names
</string>
</key>
<value>
<object>
<klass>
<global
name=
"NameAssignments"
module=
"Shared.DC.Scripts.Bindings"
/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key>
<string>
_asgns
</string>
</key>
<value>
<dictionary>
<item>
<key>
<string>
name_container
</string>
</key>
<value>
<string>
container
</string>
</value>
</item>
<item>
<key>
<string>
name_context
</string>
</key>
<value>
<string>
context
</string>
</value>
</item>
<item>
<key>
<string>
name_m_self
</string>
</key>
<value>
<string>
script
</string>
</value>
</item>
<item>
<key>
<string>
name_subpath
</string>
</key>
<value>
<string>
traverse_subpath
</string>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string></string>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
Base_getValidatedLoginReferenceList
</string>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendPasswordResetLink.py
View file @
4848edce
...
@@ -4,7 +4,7 @@ send the password reset link by mail
...
@@ -4,7 +4,7 @@ send the password reset link by mail
portal
=
context
.
getPortalObject
()
portal
=
context
.
getPortalObject
()
person
=
context
.
getDestinationDecisionValue
(
portal_type
=
"Person"
)
person
=
context
.
getDestinationDecisionValue
(
portal_type
=
"Person"
)
reference
=
person
.
getReference
()
reference
=
context
.
getReference
()
if
context
.
hasDocumentReference
():
if
context
.
hasDocumentReference
():
message_reference
=
context
.
getDocumentReference
()
message_reference
=
context
.
getDocumentReference
()
else
:
else
:
...
@@ -14,7 +14,7 @@ if message_reference is None:
...
@@ -14,7 +14,7 @@ if message_reference is None:
notification_message
=
portal
.
NotificationTool_getDocumentValue
(
message_reference
,
notification_message
=
portal
.
NotificationTool_getDocumentValue
(
message_reference
,
context
.
getLanguage
())
context
.
getLanguage
())
context
.
REQUEST
.
set
(
'came_from'
,
context
.
getUrlString
())
context
.
REQUEST
.
set
(
'came_from'
,
portal
.
absolute_url
())
if
context
.
hasStopDate
():
if
context
.
hasStopDate
():
kw
=
{
'expiration_date'
:
context
.
getStopDate
()}
kw
=
{
'expiration_date'
:
context
.
getStopDate
()}
...
...
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendUsernameRecoveryMessage.py
View file @
4848edce
...
@@ -4,13 +4,14 @@ send the username mail
...
@@ -4,13 +4,14 @@ send the username mail
portal
=
context
.
getPortalObject
()
portal
=
context
.
getPortalObject
()
person_list
=
context
.
getDestinationDecisionValueList
(
portal_type
=
"Person"
)
person_list
=
context
.
getDestinationDecisionValueList
(
portal_type
=
"Person"
)
usernames
=
[]
login_list
=
[]
for
person
in
person_list
:
for
person
in
person_list
:
usernames
.
append
(
"%s"
%
person
.
getReference
())
for
login
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
):
if
login
.
getValidationState
()
==
'validated'
:
login_list
.
append
(
login
)
usernames
=
" "
.
join
(
usernames
)
usernames
=
' '
.
join
(
login
.
getReference
()
for
login
in
login_list
)
reference_list
=
[
x
.
getReference
()
for
x
in
person_list
]
if
context
.
hasDocumentReference
():
if
context
.
hasDocumentReference
():
message_reference
=
context
.
getDocumentReference
()
message_reference
=
context
.
getDocumentReference
()
else
:
else
:
...
...
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRequest_createUser.py
View file @
4848edce
...
@@ -12,26 +12,34 @@ portal = context.getPortalObject()
...
@@ -12,26 +12,34 @@ portal = context.getPortalObject()
portal_preferences
=
context
.
portal_preferences
portal_preferences
=
context
.
portal_preferences
person
=
context
.
getDestinationDecisionValue
(
portal_type
=
"Person"
)
person
=
context
.
getDestinationDecisionValue
(
portal_type
=
"Person"
)
login_list
=
[
x
for
x
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
)
\
if
x
.
getValidationState
()
==
'validated'
]
if
len
(
login_list
):
login
=
login_list
[
0
]
else
:
login
=
person
.
newContent
(
portal_type
=
'ERP5 Login'
)
# Create user of the person only if not exist
# Create user of the person only if not exist
if
person
.
hasReference
()
and
person
.
get
Password
():
if
person
.
hasReference
()
and
login
.
has
Password
():
return
person
.
getReference
(),
None
return
person
.
getReference
(),
None
# Set login
# Set login
login
=
context
.
getReference
()
reference
=
context
.
getReference
()
if
not
perso
n
.
hasReference
():
if
not
logi
n
.
hasReference
():
if
not
login
:
if
not
reference
:
raise
ValueError
,
"Impossible to create an account without login"
raise
ValueError
,
"Impossible to create an account without login"
person
.
setReference
(
login
)
login
.
setReference
(
reference
)
if
not
person
.
hasReference
():
person
.
setReference
(
reference
)
else
:
else
:
login
=
person
.
getReference
()
reference
=
person
.
getReference
()
password
=
None
password
=
None
# Set password if no password on the
perso
n
# Set password if no password on the
Logi
n
if
not
person
.
get
Password
():
if
not
login
.
has
Password
():
if
context
.
getPassword
():
if
context
.
getPassword
():
#User has fill a password
#User has fill a password
password
=
context
.
getPassword
()
password
=
context
.
getPassword
()
perso
n
.
setEncodedPassword
(
password
)
logi
n
.
setEncodedPassword
(
password
)
else
:
else
:
if
not
portal_preferences
.
isPreferredSystemGeneratePassword
():
if
not
portal_preferences
.
isPreferredSystemGeneratePassword
():
# user will set it trough a credential recovery process
# user will set it trough a credential recovery process
...
@@ -39,24 +47,27 @@ if not person.getPassword():
...
@@ -39,24 +47,27 @@ if not person.getPassword():
module
=
portal
.
getDefaultModule
(
portal_type
=
'Credential Recovery'
)
module
=
portal
.
getDefaultModule
(
portal_type
=
'Credential Recovery'
)
credential_recovery
=
module
.
newContent
(
credential_recovery
=
module
.
newContent
(
portal_type
=
"Credential Recovery"
,
portal_type
=
"Credential Recovery"
,
reference
=
login
,
reference
=
reference
,
destination_decision
=
person
.
getRelativeUrl
(),
destination_decision
=
person
.
getRelativeUrl
(),
language
=
portal
.
Localizer
.
get_selected_language
())
language
=
portal
.
Localizer
.
get_selected_language
())
credential_recovery
.
submit
()
credential_recovery
.
submit
()
else
:
else
:
# system should generate a password
# system should generate a password
password
=
context
.
Person_generatePassword
(
alpha
=
5
,
numeric
=
3
)
password
=
context
.
Person_generatePassword
(
alpha
=
5
,
numeric
=
3
)
perso
n
.
setPassword
(
password
)
logi
n
.
setPassword
(
password
)
# create a global account
# create a global account
if
context
.
ERP5Site_isSingleSignOnEnable
():
if
context
.
ERP5Site_isSingleSignOnEnable
():
#The master manage encoded password and clear password
#The master manage encoded password and clear password
person
.
Person_createNewGlobalUserAccount
(
password
=
password
)
person
.
Person_createNewGlobalUserAccount
(
password
=
password
)
person
.
Person_validateGlobalUserAccount
()
person
.
Person_validateGlobalUserAccount
()
if
login
.
getValidationState
()
==
'draft'
:
login
.
validate
()
else
:
else
:
#Person has an already an account
#Person has an already an account
if
context
.
ERP5Site_isSingleSignOnEnable
():
if
context
.
ERP5Site_isSingleSignOnEnable
():
#Check assignment for the current instance
#Check assignment for the current instance
person
.
Person_validateGlobalUserAccount
()
person
.
Person_validateGlobalUserAccount
()
return
login
,
password
return
reference
,
password
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Credential_updatePersonPassword.py
View file @
4848edce
...
@@ -4,5 +4,23 @@ Clear 'erp5_content_short' cache too."""
...
@@ -4,5 +4,23 @@ Clear 'erp5_content_short' cache too."""
person
=
context
.
getDestinationDecisionValue
(
portal_type
=
"Person"
)
person
=
context
.
getDestinationDecisionValue
(
portal_type
=
"Person"
)
if
context
.
getPassword
():
if
context
.
getPassword
():
person
.
setEncodedPassword
(
context
.
getPassword
())
login_list
=
[
login
for
login
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
)
\
if
login
.
getValidationState
()
==
'validated'
]
reference
=
context
.
getReference
()
if
reference
:
for
login
in
login_list
:
if
login
.
getReference
()
==
reference
:
break
else
:
raise
RuntimeError
,
'Person %s does not have a validated Login with reference %r'
%
\
(
person
.
getRelativeUrl
(),
reference
)
else
:
# BBB when login reference is not set in Credential Update document.
if
login_list
:
login
=
sorted
(
login_list
,
key
=
lambda
x
:
x
.
getReference
()
==
person
.
getReference
(),
reverse
=
True
)[
0
]
else
:
raise
RuntimeError
,
'Person %s does not have a validated Login with reference %r'
%
\
(
person
.
getRelativeUrl
(),
reference
)
login
.
setEncodedPassword
(
context
.
getPassword
())
context
.
portal_caches
.
clearCache
((
'erp5_content_short'
,))
context
.
portal_caches
.
clearCache
((
'erp5_content_short'
,))
return
login
.
getReference
()
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newCredentialRecovery.py
View file @
4848edce
...
@@ -40,15 +40,18 @@ if default_email_text is not None:
...
@@ -40,15 +40,18 @@ if default_email_text is not None:
else
:
else
:
# Case for recovery of password
# Case for recovery of password
if
person_list
is
None
:
if
person_list
is
None
:
person_module
=
portal
.
getDefaultModule
(
'Person'
)
result
=
portal
.
portal_catalog
(
result
=
person_module
.
searchFolder
(
reference
=
{
'query'
:
reference
,
'key'
:
'ExactMatch'
})
portal_type
=
(
"ERP5 Login"
),
parent_portal_type
=
"Person"
,
reference
=
{
'query'
:
reference
,
'key'
:
'ExactMatch'
},
)
if
len
(
result
)
!=
1
:
if
len
(
result
)
!=
1
:
portal_status_message
=
portal
.
Base_translateString
(
"Can't find corresponding person, it's not possible to recover your credentials."
)
portal_status_message
=
portal
.
Base_translateString
(
"Can't find corresponding person, it's not possible to recover your credentials."
)
if
web_site
is
not
None
:
if
web_site
is
not
None
:
return
web_site
.
Base_redirect
(
''
,
keep_items
=
dict
(
portal_status_message
=
portal_status_message
))
return
web_site
.
Base_redirect
(
''
,
keep_items
=
dict
(
portal_status_message
=
portal_status_message
))
return
portal
.
Base_redirect
(
''
,
keep_items
=
dict
(
portal_status_message
=
portal_status_message
))
return
portal
.
Base_redirect
(
''
,
keep_items
=
dict
(
portal_status_message
=
portal_status_message
))
person_list
=
[
result
[
0
].
getObject
(),]
person_list
=
[
result
[
0
].
getObject
()
.
getParentValue
()
,]
# Check the response
# Check the response
person
=
person_list
[
0
]
person
=
person_list
[
0
]
...
...
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newCredentialRequest.py
View file @
4848edce
...
@@ -45,7 +45,8 @@ credential_request.reindexObject(activate_kw=dict(tag='Person_setReference_%s' %
...
@@ -45,7 +45,8 @@ credential_request.reindexObject(activate_kw=dict(tag='Person_setReference_%s' %
if
not
context
.
portal_membership
.
isAnonymousUser
():
if
not
context
.
portal_membership
.
isAnonymousUser
():
person
=
context
.
ERP5Site_getAuthenticatedMemberPersonValue
()
person
=
context
.
ERP5Site_getAuthenticatedMemberPersonValue
()
destination_decision
=
[]
destination_decision
=
[]
if
person
.
getReference
()
==
reference
:
if
reference
in
[
x
.
getReference
()
for
x
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
)
if
x
.
getValidationState
()
==
'validated'
]:
destination_decision
.
append
(
person
.
getRelativeUrl
())
destination_decision
.
append
(
person
.
getRelativeUrl
())
if
person
.
getDefaultCareerSubordinationTitle
()
==
corporate_name
:
if
person
.
getDefaultCareerSubordinationTitle
()
==
corporate_name
:
destination_decision
.
append
(
person
.
getDefaultCareerSubordination
())
destination_decision
.
append
(
person
.
getDefaultCareerSubordination
())
...
...
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newPersonCredentialUpdate.py
View file @
4848edce
...
@@ -9,6 +9,7 @@ else:
...
@@ -9,6 +9,7 @@ else:
module
=
portal
.
getDefaultModule
(
portal_type
=
'Credential Update'
)
module
=
portal
.
getDefaultModule
(
portal_type
=
'Credential Update'
)
credential_update
=
module
.
newContent
(
credential_update
=
module
.
newContent
(
portal_type
=
"Credential Update"
,
portal_type
=
"Credential Update"
,
reference
=
reference
,
first_name
=
first_name
,
first_name
=
first_name
,
last_name
=
last_name
,
last_name
=
last_name
,
gender
=
gender
,
gender
=
gender
,
...
@@ -44,9 +45,14 @@ else:
...
@@ -44,9 +45,14 @@ else:
# within same transaction and update client side credentials cookie
# within same transaction and update client side credentials cookie
username
=
person
.
getReference
()
username
=
person
.
getReference
()
if
password
and
username
==
str
(
portal
.
portal_membership
.
getAuthenticatedMember
()):
if
password
and
username
==
str
(
portal
.
portal_membership
.
getAuthenticatedMember
()):
credential_update
.
accept
()
# The password is updated synchronously and the the rest of the credential Update is done later
portal
.
cookie_authentication
.
credentialsChanged
(
username
,
username
,
password
)
login_reference
=
credential_update
.
Credential_updatePersonPassword
(
)
portal_status_message
=
"Password changed."
portal_status_message
=
"Password changed."
context
.
getPortalObject
().
cookie_authentication
.
credentialsChanged
(
username
,
login_reference
,
password
,
)
portal_status_message
=
context
.
Base_translateString
(
portal_status_message
)
portal_status_message
=
context
.
Base_translateString
(
portal_status_message
)
return
portal
.
Base_redirect
(
keep_items
=
{
'portal_status_message'
:
portal_status_message
})
return
portal
.
Base_redirect
(
keep_items
=
{
'portal_status_message'
:
portal_status_message
})
product/ERP5/bootstrap/erp5_core/bt/template_action_path_list
View file @
4848edce
...
@@ -23,6 +23,7 @@ Attribute Unicity Constraint | view
...
@@ -23,6 +23,7 @@ Attribute Unicity Constraint | view
Base Category | view
Base Category | view
Base Domain | view
Base Domain | view
Base Type | action_view
Base Type | action_view
Base Type | jump_property_sheets
Base Type | role_view
Base Type | role_view
Base Type | translation_view
Base Type | translation_view
Base Type | update_local_roles
Base Type | update_local_roles
...
@@ -79,10 +80,12 @@ Id Tool | view
...
@@ -79,10 +80,12 @@ Id Tool | view
Memcached Plugin | view
Memcached Plugin | view
Memcached Tool | view
Memcached Tool | view
Predicate | view
Predicate | view
Preference Tool Type | jump_property_sheets
Preference Tool Type | view
Preference Tool Type | view
Preference Tool | advanced
Preference Tool | advanced
Preference Tool | view
Preference Tool | view
Preference Type | action_view
Preference Type | action_view
Preference Type | jump_property_sheets
Preference Type | role_view
Preference Type | role_view
Preference Type | translation_view
Preference Type | translation_view
Preference Type | update_local_roles
Preference Type | update_local_roles
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment