ERP5Security: External Auhentication Plugin accepts Login portal type list

   This allow the administrator define which Login portal types are searched.

product/ERP5Security/ERP5ExternalAuthenticationPlugin.py

@@ -41,11 +41,11 @@ manage_addERP5ExternalAuthenticationPluginForm = PageTemplateFile(
   'www/ERP5Security_addERP5ExternalAuthenticationPlugin', globals(),
   __name__='manage_addERP5ExternalAuthenticationPluginForm')
 
-def addERP5ExternalAuthenticationPlugin(dispatcher, id, title=None, user_id_key='',
-                              REQUEST=None):
+def addERP5ExternalAuthenticationPlugin(dispatcher, id, title=None, user_id_key='', 
+                 login_portal_type_list='ERP5 Login', REQUEST=None):
   """ Add a ERP5ExternalAuthenticationPlugin to a Pluggable Auth Service. """
 
-  plugin = ERP5ExternalAuthenticationPlugin(id, title, user_id_key)
+  plugin = ERP5ExternalAuthenticationPlugin(id, title, user_id_key, login_portal_type_list)
   dispatcher._setObject(plugin.getId(), plugin)
 
   if REQUEST is not None:
@@ -76,15 +76,22 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin):
                    'mode':'w',
                    'label':'HTTP request header key where the user_id is stored'
                    },
+                  {'id': 'login_portal_type_list',
+                   'type':'string',
+                   'mode':'w',
+                   'label': 'List of Login Portal Types to search'
+                   },
+                  
                   )
                  + BasePlugin._properties[:]
                  )
 
-  def __init__(self, id, title=None, user_id_key=''):
+  def __init__(self, id, title=None, user_id_key='', login_portal_type_list="ERP5 Login"):
     #Register value
     self._setId(id)
     self.title = title
     self.user_id_key = user_id_key
+    self.login_portal_type_list = login_portal_type_list
 
   ####################################
   #ILoginPasswordHostExtractionPlugin#
@@ -97,9 +104,10 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin):
     if getHeader is None:
       # use get_header instead for Zope-2.8
       getHeader = request.get_header
-    user_id = getHeader(self.user_id_key)
-    if user_id is not None:
-      creds['external_login'] = user_id
+    external_login = getHeader(self.user_id_key)
+    if external_login is not None:
+      creds['external_login'] = external_login
+      creds['login_portal_type'] = self.login_portal_type_list.split()
     else:
       # fallback to default way
       return DumbHTTPExtractor().extractCredentials(request)
@@ -125,7 +133,7 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin):
       __name__='manage_editERP5ExternalAuthenticationPluginForm')
 
   security.declareProtected(ManageUsers, 'manage_editERP5ExternalAuthenticationPlugin')
-  def manage_editERP5ExternalAuthenticationPlugin(self, user_id_key, RESPONSE=None):
+  def manage_editERP5ExternalAuthenticationPlugin(self, user_id_key, login_portal_type_list, RESPONSE=None):
     """Edit the object"""
     error_message = ''
 
@@ -135,6 +143,12 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin):
     else:
       self.user_id_key = user_id_key
 
+    #Save user_id_key
+    if login_portal_type_list == '' or login_portal_type_list is None:
+      error_message += 'Invalid key value '
+    else:
+      self.login_portal_type_list = login_portal_type_list
+
     #Redirect
     if RESPONSE is not None:
       if error_message != '':

product/ERP5Security/www/ERP5Security_addERP5ExternalAuthenticationPlugin.zpt

@@ -36,6 +36,16 @@
     <input type="text" name="user_id_key" size="40" />
     </td>
   </tr>
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-label">
+    List of Login Portal Types (separated by commas)
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="login_portal_type_list" size="40" />
+    </td>
+  </tr>
   <tr>
     <td colspan="2"> <input type="submit" value="add plugin"/>
     </td>

product/ERP5Security/www/ERP5Security_editERP5ExternalAuthenticationPlugin.zpt

@@ -7,7 +7,8 @@
 
 <form action="manage_editERP5ExternalAuthenticationPlugin" method="POST">
 
-<table tal:define="user_id_key request/user_id_key|context/user_id_key|string:;">
+<table tal:define="user_id_key request/user_id_key|context/user_id_key|string:;
+                   login_portal_type_list request/login_portal_type_list|context/login_portal_type_list|string:">
 
 <tr>
    <td>HTTP request header key where the user_id is stored</td>
@@ -16,6 +17,13 @@
             tal:attributes="value user_id_key;" />
    </td>
 </tr>
+  <tr>
+    <td>List of Login Portal Types (separated by commas)</td>
+    <td>
+    <input type="text" name="login_portal_type_list" value=""
+           tal:attributes="value login_portal_type_list" size="40" />
+    </td>
+  </tr>
 <tr>
    <td colspan="2"> 
     <input type="submit" value="save"/>

[Jérome Perrin]

shouldn't External Auhentication Plugin work by user_id ?

[Jérome Perrin]

( maybe this comment does not make sense ... I don't know well how this external authentication plugin work )

[Rafael Monnerat]

external_login must be a reference from a login document, not the user_id of the document. (to comply with the API)

Some Login document (not necessary ERP5 Login) should be included to act as a Login reference, else erp5 cannot control how can remote login or not.

In general, ERP5 Login (or the Login Document) was introduced to allow the user to have multiple logins, specific for each platform. Nothing prevents create a Dummy Login Portal type and make getReference == getParentValue().getUserId

(Not sure I was totally clear)

[Jérome Perrin]

Ah yes, thanks. Maybe what confused me is the property is named user_id_key and docstring says " External authentification PAS plugin which extracts the user id from HTTP request header". But if this is what we receive from user, yes, it's a definitely a kind of "login" and not "user id".