Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
138
Merge Requests
138
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
nexedi
erp5
Commits
6e709293
Commit
6e709293
authored
Feb 26, 2019
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
access_token: post upgrade constraint to enable PAS plugins
parent
cdce67b5
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
288 additions
and
19 deletions
+288
-19
bt5/erp5_access_token/PortalTypePropertySheetTemplateItem/property_sheet_list.xml
...rtalTypePropertySheetTemplateItem/property_sheet_list.xml
+3
-0
bt5/erp5_access_token/PropertySheetTemplateItem/portal_property_sheets/TemplateToolERP5AccessTokenExtractionPluginConstraint.xml
...TemplateToolERP5AccessTokenExtractionPluginConstraint.xml
+66
-0
bt5/erp5_access_token/PropertySheetTemplateItem/portal_property_sheets/TemplateToolERP5AccessTokenExtractionPluginConstraint/ERP5AccessTokenExtractionPlugin_existence_constraint.xml
.../ERP5AccessTokenExtractionPlugin_existence_constraint.xml
+80
-0
bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency.py
...eckERP5AccessTokenExtractionPluginExistenceConsistency.py
+46
-0
bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency.xml
...ckERP5AccessTokenExtractionPluginExistenceConsistency.xml
+62
-0
bt5/erp5_access_token/TestTemplateItem/portal_components/test.erp5.testERP5AccessToken.py
...teItem/portal_components/test.erp5.testERP5AccessToken.py
+28
-18
bt5/erp5_access_token/bt/template_portal_type_property_sheet_list
..._access_token/bt/template_portal_type_property_sheet_list
+2
-1
bt5/erp5_access_token/bt/template_property_sheet_id_list
bt5/erp5_access_token/bt/template_property_sheet_id_list
+1
-0
No files found.
bt5/erp5_access_token/PortalTypePropertySheetTemplateItem/property_sheet_list.xml
View file @
6e709293
...
...
@@ -6,4 +6,7 @@
<item>
Reference
</item>
<item>
Url
</item>
</portal_type>
<portal_type
id=
"Template Tool"
>
<item>
TemplateToolERP5AccessTokenExtractionPluginConstraint
</item>
</portal_type>
</property_sheet_list>
\ No newline at end of file
bt5/erp5_access_token/PropertySheetTemplateItem/portal_property_sheets/TemplateToolERP5AccessTokenExtractionPluginConstraint.xml
0 → 100644
View file @
6e709293
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"Property Sheet"
module=
"erp5.portal_type"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
_count
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAI=
</string>
</persistent>
</value>
</item>
<item>
<key>
<string>
_mt_index
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAM=
</string>
</persistent>
</value>
</item>
<item>
<key>
<string>
_tree
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAQ=
</string>
</persistent>
</value>
</item>
<item>
<key>
<string>
description
</string>
</key>
<value>
<none/>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
TemplateToolERP5AccessTokenExtractionPluginConstraint
</string>
</value>
</item>
<item>
<key>
<string>
portal_type
</string>
</key>
<value>
<string>
Property Sheet
</string>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"2"
aka=
"AAAAAAAAAAI="
>
<pickle>
<global
name=
"Length"
module=
"BTrees.Length"
/>
</pickle>
<pickle>
<int>
0
</int>
</pickle>
</record>
<record
id=
"3"
aka=
"AAAAAAAAAAM="
>
<pickle>
<global
name=
"OOBTree"
module=
"BTrees.OOBTree"
/>
</pickle>
<pickle>
<none/>
</pickle>
</record>
<record
id=
"4"
aka=
"AAAAAAAAAAQ="
>
<pickle>
<global
name=
"OOBTree"
module=
"BTrees.OOBTree"
/>
</pickle>
<pickle>
<none/>
</pickle>
</record>
</ZopeData>
bt5/erp5_access_token/PropertySheetTemplateItem/portal_property_sheets/TemplateToolERP5AccessTokenExtractionPluginConstraint/ERP5AccessTokenExtractionPlugin_existence_constraint.xml
0 → 100644
View file @
6e709293
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"Script Constraint"
module=
"erp5.portal_type"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
_identity_criterion
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAI=
</string>
</persistent>
</value>
</item>
<item>
<key>
<string>
_range_criterion
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAM=
</string>
</persistent>
</value>
</item>
<item>
<key>
<string>
categories
</string>
</key>
<value>
<tuple>
<string>
constraint_type/post_upgrade
</string>
</tuple>
</value>
</item>
<item>
<key>
<string>
description
</string>
</key>
<value>
<none/>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
ERP5AccessTokenExtractionPlugin_existence_constraint
</string>
</value>
</item>
<item>
<key>
<string>
portal_type
</string>
</key>
<value>
<string>
Script Constraint
</string>
</value>
</item>
<item>
<key>
<string>
script_id
</string>
</key>
<value>
<string>
TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency
</string>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"2"
aka=
"AAAAAAAAAAI="
>
<pickle>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
data
</string>
</key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"3"
aka=
"AAAAAAAAAAM="
>
<pickle>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
data
</string>
</key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency.py
0 → 100644
View file @
6e709293
acl_users
=
context
.
getPortalObject
().
acl_users
token_extraction_id
=
"erp5_access_token_plugin"
access_token_plugin_list
=
[
plugin
for
plugin
in
acl_users
.
objectValues
()
if
plugin
.
meta_type
==
'ERP5 Access Token Extraction Plugin'
]
if
len
(
access_token_plugin_list
)
>
1
:
return
[
"More than one plugin found: %s"
%
access_token_plugin_list
]
error_list
=
[]
if
not
access_token_plugin_list
:
# A dumb http extraction plugin is required as fallback if we use an access token
# since https://github.com/Nexedi/erp5/commit/0bee523da0075c6efe3c06296dddd01d9dd5045a
# we enable it automatically at site creation, but for compatibility with old instances
# make sure it is created if needed
if
'erp5_dumb_http_extraction'
not
in
acl_users
.
objectIds
():
error_list
.
append
(
"erp5_dumb_http_extraction is missing"
)
if
fixit
:
dispacher
=
acl_users
.
manage_addProduct
[
'ERP5Security'
]
dispacher
.
addERP5DumbHTTPExtractionPlugin
(
'erp5_dumb_http_extraction'
)
acl_users
.
erp5_dumb_http_extraction
.
manage_activateInterfaces
((
'IExtractionPlugin'
,
))
error_list
.
append
(
"erp5_access_token_plugin is missing"
)
if
fixit
:
dispacher
=
acl_users
.
manage_addProduct
[
'ERP5Security'
]
dispacher
.
addERP5AccessTokenExtractionPlugin
(
token_extraction_id
)
access_token_plugin_list
=
[
getattr
(
acl_users
,
token_extraction_id
)]
if
access_token_plugin_list
:
access_token_plugin
,
=
access_token_plugin_list
# We only check that our plugin is enabled for IAuthenticationPlugin, this covers both
# cases where plugin was not enabled at all or was enabled only for IExtractionPlugin
IAuthenticationPlugin
=
[
# Products.PluggableAuthService.interfaces.plugins.IAuthenticationPlugin cannot
# be imported in restricted python but we can get it this way.
x
for
x
in
acl_users
.
plugins
.
listPluginTypeInfo
()
if
x
[
'id'
]
==
'IAuthenticationPlugin'
][
0
][
'interface'
]
if
(
access_token_plugin
.
getId
()
not
in
acl_users
.
plugins
.
listPluginIds
(
IAuthenticationPlugin
)):
error_list
.
append
(
"erp5_access_token_plugin is not activated"
)
if
fixit
:
access_token_plugin
.
manage_activateInterfaces
((
'IExtractionPlugin'
,
'IAuthenticationPlugin'
,))
return
error_list
bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency.xml
0 → 100644
View file @
6e709293
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"PythonScript"
module=
"Products.PythonScripts.PythonScript"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
Script_magic
</string>
</key>
<value>
<int>
3
</int>
</value>
</item>
<item>
<key>
<string>
_bind_names
</string>
</key>
<value>
<object>
<klass>
<global
name=
"NameAssignments"
module=
"Shared.DC.Scripts.Bindings"
/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key>
<string>
_asgns
</string>
</key>
<value>
<dictionary>
<item>
<key>
<string>
name_container
</string>
</key>
<value>
<string>
container
</string>
</value>
</item>
<item>
<key>
<string>
name_context
</string>
</key>
<value>
<string>
context
</string>
</value>
</item>
<item>
<key>
<string>
name_m_self
</string>
</key>
<value>
<string>
script
</string>
</value>
</item>
<item>
<key>
<string>
name_subpath
</string>
</key>
<value>
<string>
traverse_subpath
</string>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
fixit=False
</string>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency
</string>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
bt5/erp5_access_token/TestTemplateItem/portal_components/test.erp5.testERP5AccessToken.py
View file @
6e709293
...
...
@@ -29,6 +29,7 @@
from
ZPublisher.HTTPRequest
import
HTTPRequest
from
ZPublisher.HTTPResponse
import
HTTPResponse
from
Products.PluggableAuthService.interfaces.plugins
import
IAuthenticationPlugin
from
DateTime
import
DateTime
import
base64
import
StringIO
...
...
@@ -55,7 +56,6 @@ class AccessTokenTestCase(ERP5TypeTestCase):
class
TestERP5AccessTokenSkins
(
AccessTokenTestCase
):
test_token_extraction_id
=
'test_erp5_access_token_extraction'
def
generateNewId
(
self
):
return
str
(
self
.
portal
.
portal_ids
.
generateNewId
(
...
...
@@ -66,27 +66,13 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
This is ran before anything, used to set the environment
"""
self
.
new_id
=
self
.
generateNewId
()
self
.
_setupAccessTokenExtraction
()
self
.
portal
.
portal_templates
.
TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency
(
fixit
=
True
)
self
.
tic
()
def
_setupAccessTokenExtraction
(
self
):
pas
=
self
.
portal
.
acl_users
access_extraction_list
=
[
q
for
q
in
pas
.
objectValues
()
\
if
q
.
meta_type
==
'ERP5 Access Token Extraction Plugin'
]
if
len
(
access_extraction_list
)
==
0
:
dispacher
=
pas
.
manage_addProduct
[
'ERP5Security'
]
dispacher
.
addERP5AccessTokenExtractionPlugin
(
self
.
test_token_extraction_id
)
getattr
(
pas
,
self
.
test_token_extraction_id
).
manage_activateInterfaces
(
(
'IExtractionPlugin'
,
'IAuthenticationPlugin'
))
elif
len
(
access_extraction_list
)
==
1
:
self
.
test_token_extraction_id
=
access_extraction_list
[
0
].
getId
()
elif
len
(
access_extraction_list
)
>
1
:
raise
ValueError
self
.
commit
()
def
_getTokenCredential
(
self
,
request
):
"""Authenticate the request and return (user_id, login) or None if not authorized."""
plugin
=
getattr
(
self
.
portal
.
acl_users
,
self
.
test_token_extraction_id
)
plugin
=
self
.
portal
.
acl_users
.
erp5_access_token_plugin
return
plugin
.
authenticateCredentials
(
plugin
.
extractCredentials
(
request
))
def
_createRestrictedAccessToken
(
self
,
new_id
,
person
,
method
,
url_string
):
...
...
@@ -412,3 +398,27 @@ class TestERP5DumbHTTPExtractionPlugin(AccessTokenTestCase):
request
=
self
.
do_fake_request
(
"GET"
,
{
"HTTP_AUTHORIZATION"
:
"Basic "
+
base64
.
b64encode
(
"%s:test"
%
self
.
new_id
)})
ret
=
ERP5DumbHTTPExtractionPlugin
(
"default_extraction"
).
extractCredentials
(
request
)
self
.
assertEqual
(
ret
,
{
'login'
:
self
.
new_id
,
'password'
:
'test'
,
'remote_host'
:
'bobo.remote.host'
,
'remote_address'
:
'204.183.226.81 '
})
class
TestERP5AccessTokenUpgraderEnablePlugin
(
AccessTokenTestCase
):
def
afterSetUp
(
self
):
# disable plugin if it had been enabled by another test.
acl_users
=
self
.
portal
.
acl_users
acl_users
.
manage_delObjects
(
ids
=
[
x
.
getId
()
for
x
in
acl_users
.
objectValues
(
spec
=
(
'ERP5 Access Token Extraction Plugin'
,))])
self
.
commit
()
def
test_post_upgrade_constraint_enable_plugin
(
self
):
consistency_list
=
self
.
portal
.
portal_templates
.
checkConsistency
(
filter
=
{
"constraint_type"
:
"post_upgrade"
})
self
.
assertIn
(
'erp5_access_token_plugin is missing'
,
[
x
.
message
for
x
in
consistency_list
])
self
.
portal
.
portal_templates
.
checkConsistency
(
fixit
=
True
,
filter
=
{
"constraint_type"
:
"post_upgrade"
})
self
.
commit
()
self
.
assertIn
(
'erp5_access_token_plugin'
,
self
.
portal
.
acl_users
.
plugins
.
listPluginIds
(
IAuthenticationPlugin
))
\ No newline at end of file
bt5/erp5_access_token/bt/template_portal_type_property_sheet_list
View file @
6e709293
One Time Restricted Access Token | Url
Restricted Access Token | Reference
Restricted Access Token | Url
\ No newline at end of file
Restricted Access Token | Url
Template Tool | TemplateToolERP5AccessTokenExtractionPluginConstraint
\ No newline at end of file
bt5/erp5_access_token/bt/template_property_sheet_id_list
0 → 100644
View file @
6e709293
TemplateToolERP5AccessTokenExtractionPluginConstraint
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment