Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Mukul
erp5
Commits
4848edce
Commit
4848edce
authored
Oct 20, 2016
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fixup! ERP5Security: Use a dedicated Login document to handle authentication.
parent
7ac3444a
Changes
10
Show whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
135 additions
and
25 deletions
+135
-25
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Base_getValidatedLoginReferenceList.py
...ns/erp5_credential/Base_getValidatedLoginReferenceList.py
+5
-0
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Base_getValidatedLoginReferenceList.xml
...s/erp5_credential/Base_getValidatedLoginReferenceList.xml
+62
-0
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendPasswordResetLink.py
...p5_credential/CredentialRecovery_sendPasswordResetLink.py
+2
-2
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendUsernameRecoveryMessage.py
...dential/CredentialRecovery_sendUsernameRecoveryMessage.py
+5
-4
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRequest_createUser.py
...tal_skins/erp5_credential/CredentialRequest_createUser.py
+23
-12
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Credential_updatePersonPassword.py
..._skins/erp5_credential/Credential_updatePersonPassword.py
+19
-1
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newCredentialRecovery.py
...l_skins/erp5_credential/ERP5Site_newCredentialRecovery.py
+6
-3
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newCredentialRequest.py
...al_skins/erp5_credential/ERP5Site_newCredentialRequest.py
+2
-1
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newPersonCredentialUpdate.py
...ins/erp5_credential/ERP5Site_newPersonCredentialUpdate.py
+8
-2
product/ERP5/bootstrap/erp5_core/bt/template_action_path_list
...uct/ERP5/bootstrap/erp5_core/bt/template_action_path_list
+3
-0
No files found.
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Base_getValidatedLoginReferenceList.py
0 → 100644
View file @
4848edce
person
=
context
.
ERP5Site_getAuthenticatedMemberPersonValue
()
if
person
is
not
None
:
return
[
login
for
login
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
)]
else
:
return
[]
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Base_getValidatedLoginReferenceList.xml
0 → 100644
View file @
4848edce
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"PythonScript"
module=
"Products.PythonScripts.PythonScript"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
Script_magic
</string>
</key>
<value>
<int>
3
</int>
</value>
</item>
<item>
<key>
<string>
_bind_names
</string>
</key>
<value>
<object>
<klass>
<global
name=
"NameAssignments"
module=
"Shared.DC.Scripts.Bindings"
/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key>
<string>
_asgns
</string>
</key>
<value>
<dictionary>
<item>
<key>
<string>
name_container
</string>
</key>
<value>
<string>
container
</string>
</value>
</item>
<item>
<key>
<string>
name_context
</string>
</key>
<value>
<string>
context
</string>
</value>
</item>
<item>
<key>
<string>
name_m_self
</string>
</key>
<value>
<string>
script
</string>
</value>
</item>
<item>
<key>
<string>
name_subpath
</string>
</key>
<value>
<string>
traverse_subpath
</string>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string></string>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
Base_getValidatedLoginReferenceList
</string>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendPasswordResetLink.py
View file @
4848edce
...
...
@@ -4,7 +4,7 @@ send the password reset link by mail
portal
=
context
.
getPortalObject
()
person
=
context
.
getDestinationDecisionValue
(
portal_type
=
"Person"
)
reference
=
person
.
getReference
()
reference
=
context
.
getReference
()
if
context
.
hasDocumentReference
():
message_reference
=
context
.
getDocumentReference
()
else
:
...
...
@@ -14,7 +14,7 @@ if message_reference is None:
notification_message
=
portal
.
NotificationTool_getDocumentValue
(
message_reference
,
context
.
getLanguage
())
context
.
REQUEST
.
set
(
'came_from'
,
context
.
getUrlString
())
context
.
REQUEST
.
set
(
'came_from'
,
portal
.
absolute_url
())
if
context
.
hasStopDate
():
kw
=
{
'expiration_date'
:
context
.
getStopDate
()}
...
...
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendUsernameRecoveryMessage.py
View file @
4848edce
...
...
@@ -4,13 +4,14 @@ send the username mail
portal
=
context
.
getPortalObject
()
person_list
=
context
.
getDestinationDecisionValueList
(
portal_type
=
"Person"
)
usernames
=
[]
login_list
=
[]
for
person
in
person_list
:
usernames
.
append
(
"%s"
%
person
.
getReference
())
for
login
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
):
if
login
.
getValidationState
()
==
'validated'
:
login_list
.
append
(
login
)
usernames
=
" "
.
join
(
usernames
)
usernames
=
' '
.
join
(
login
.
getReference
()
for
login
in
login_list
)
reference_list
=
[
x
.
getReference
()
for
x
in
person_list
]
if
context
.
hasDocumentReference
():
message_reference
=
context
.
getDocumentReference
()
else
:
...
...
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRequest_createUser.py
View file @
4848edce
...
...
@@ -12,26 +12,34 @@ portal = context.getPortalObject()
portal_preferences
=
context
.
portal_preferences
person
=
context
.
getDestinationDecisionValue
(
portal_type
=
"Person"
)
login_list
=
[
x
for
x
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
)
\
if
x
.
getValidationState
()
==
'validated'
]
if
len
(
login_list
):
login
=
login_list
[
0
]
else
:
login
=
person
.
newContent
(
portal_type
=
'ERP5 Login'
)
# Create user of the person only if not exist
if
person
.
hasReference
()
and
person
.
get
Password
():
if
person
.
hasReference
()
and
login
.
has
Password
():
return
person
.
getReference
(),
None
# Set login
login
=
context
.
getReference
()
if
not
perso
n
.
hasReference
():
if
not
login
:
reference
=
context
.
getReference
()
if
not
logi
n
.
hasReference
():
if
not
reference
:
raise
ValueError
,
"Impossible to create an account without login"
person
.
setReference
(
login
)
login
.
setReference
(
reference
)
if
not
person
.
hasReference
():
person
.
setReference
(
reference
)
else
:
login
=
person
.
getReference
()
reference
=
person
.
getReference
()
password
=
None
# Set password if no password on the
perso
n
if
not
person
.
get
Password
():
# Set password if no password on the
Logi
n
if
not
login
.
has
Password
():
if
context
.
getPassword
():
#User has fill a password
password
=
context
.
getPassword
()
perso
n
.
setEncodedPassword
(
password
)
logi
n
.
setEncodedPassword
(
password
)
else
:
if
not
portal_preferences
.
isPreferredSystemGeneratePassword
():
# user will set it trough a credential recovery process
...
...
@@ -39,24 +47,27 @@ if not person.getPassword():
module
=
portal
.
getDefaultModule
(
portal_type
=
'Credential Recovery'
)
credential_recovery
=
module
.
newContent
(
portal_type
=
"Credential Recovery"
,
reference
=
login
,
reference
=
reference
,
destination_decision
=
person
.
getRelativeUrl
(),
language
=
portal
.
Localizer
.
get_selected_language
())
credential_recovery
.
submit
()
else
:
# system should generate a password
password
=
context
.
Person_generatePassword
(
alpha
=
5
,
numeric
=
3
)
perso
n
.
setPassword
(
password
)
logi
n
.
setPassword
(
password
)
# create a global account
if
context
.
ERP5Site_isSingleSignOnEnable
():
#The master manage encoded password and clear password
person
.
Person_createNewGlobalUserAccount
(
password
=
password
)
person
.
Person_validateGlobalUserAccount
()
if
login
.
getValidationState
()
==
'draft'
:
login
.
validate
()
else
:
#Person has an already an account
if
context
.
ERP5Site_isSingleSignOnEnable
():
#Check assignment for the current instance
person
.
Person_validateGlobalUserAccount
()
return
login
,
password
return
reference
,
password
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Credential_updatePersonPassword.py
View file @
4848edce
...
...
@@ -4,5 +4,23 @@ Clear 'erp5_content_short' cache too."""
person
=
context
.
getDestinationDecisionValue
(
portal_type
=
"Person"
)
if
context
.
getPassword
():
person
.
setEncodedPassword
(
context
.
getPassword
())
login_list
=
[
login
for
login
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
)
\
if
login
.
getValidationState
()
==
'validated'
]
reference
=
context
.
getReference
()
if
reference
:
for
login
in
login_list
:
if
login
.
getReference
()
==
reference
:
break
else
:
raise
RuntimeError
,
'Person %s does not have a validated Login with reference %r'
%
\
(
person
.
getRelativeUrl
(),
reference
)
else
:
# BBB when login reference is not set in Credential Update document.
if
login_list
:
login
=
sorted
(
login_list
,
key
=
lambda
x
:
x
.
getReference
()
==
person
.
getReference
(),
reverse
=
True
)[
0
]
else
:
raise
RuntimeError
,
'Person %s does not have a validated Login with reference %r'
%
\
(
person
.
getRelativeUrl
(),
reference
)
login
.
setEncodedPassword
(
context
.
getPassword
())
context
.
portal_caches
.
clearCache
((
'erp5_content_short'
,))
return
login
.
getReference
()
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newCredentialRecovery.py
View file @
4848edce
...
...
@@ -40,15 +40,18 @@ if default_email_text is not None:
else
:
# Case for recovery of password
if
person_list
is
None
:
person_module
=
portal
.
getDefaultModule
(
'Person'
)
result
=
person_module
.
searchFolder
(
reference
=
{
'query'
:
reference
,
'key'
:
'ExactMatch'
})
result
=
portal
.
portal_catalog
(
portal_type
=
(
"ERP5 Login"
),
parent_portal_type
=
"Person"
,
reference
=
{
'query'
:
reference
,
'key'
:
'ExactMatch'
},
)
if
len
(
result
)
!=
1
:
portal_status_message
=
portal
.
Base_translateString
(
"Can't find corresponding person, it's not possible to recover your credentials."
)
if
web_site
is
not
None
:
return
web_site
.
Base_redirect
(
''
,
keep_items
=
dict
(
portal_status_message
=
portal_status_message
))
return
portal
.
Base_redirect
(
''
,
keep_items
=
dict
(
portal_status_message
=
portal_status_message
))
person_list
=
[
result
[
0
].
getObject
(),]
person_list
=
[
result
[
0
].
getObject
()
.
getParentValue
()
,]
# Check the response
person
=
person_list
[
0
]
...
...
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newCredentialRequest.py
View file @
4848edce
...
...
@@ -45,7 +45,8 @@ credential_request.reindexObject(activate_kw=dict(tag='Person_setReference_%s' %
if
not
context
.
portal_membership
.
isAnonymousUser
():
person
=
context
.
ERP5Site_getAuthenticatedMemberPersonValue
()
destination_decision
=
[]
if
person
.
getReference
()
==
reference
:
if
reference
in
[
x
.
getReference
()
for
x
in
person
.
objectValues
(
portal_type
=
'ERP5 Login'
)
if
x
.
getValidationState
()
==
'validated'
]:
destination_decision
.
append
(
person
.
getRelativeUrl
())
if
person
.
getDefaultCareerSubordinationTitle
()
==
corporate_name
:
destination_decision
.
append
(
person
.
getDefaultCareerSubordination
())
...
...
bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newPersonCredentialUpdate.py
View file @
4848edce
...
...
@@ -9,6 +9,7 @@ else:
module
=
portal
.
getDefaultModule
(
portal_type
=
'Credential Update'
)
credential_update
=
module
.
newContent
(
portal_type
=
"Credential Update"
,
reference
=
reference
,
first_name
=
first_name
,
last_name
=
last_name
,
gender
=
gender
,
...
...
@@ -44,9 +45,14 @@ else:
# within same transaction and update client side credentials cookie
username
=
person
.
getReference
()
if
password
and
username
==
str
(
portal
.
portal_membership
.
getAuthenticatedMember
()):
credential_update
.
accept
()
portal
.
cookie_authentication
.
credentialsChanged
(
username
,
username
,
password
)
# The password is updated synchronously and the the rest of the credential Update is done later
login_reference
=
credential_update
.
Credential_updatePersonPassword
(
)
portal_status_message
=
"Password changed."
context
.
getPortalObject
().
cookie_authentication
.
credentialsChanged
(
username
,
login_reference
,
password
,
)
portal_status_message
=
context
.
Base_translateString
(
portal_status_message
)
return
portal
.
Base_redirect
(
keep_items
=
{
'portal_status_message'
:
portal_status_message
})
product/ERP5/bootstrap/erp5_core/bt/template_action_path_list
View file @
4848edce
...
...
@@ -23,6 +23,7 @@ Attribute Unicity Constraint | view
Base Category | view
Base Domain | view
Base Type | action_view
Base Type | jump_property_sheets
Base Type | role_view
Base Type | translation_view
Base Type | update_local_roles
...
...
@@ -79,10 +80,12 @@ Id Tool | view
Memcached Plugin | view
Memcached Tool | view
Predicate | view
Preference Tool Type | jump_property_sheets
Preference Tool Type | view
Preference Tool | advanced
Preference Tool | view
Preference Type | action_view
Preference Type | jump_property_sheets
Preference Type | role_view
Preference Type | translation_view
Preference Type | update_local_roles
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment