fixup! ERP5Security: make ERP5AccessTokenExtractionPlugin work with user ids

Review protocol: script must return a user object ( with a getUserId()
method )

bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/AccessToken_getUserId.xml → bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/AccessToken_getUserValue.xml

@@ -54,7 +54,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>AccessToken_getUserId</string> </value>
+            <value> <string>AccessToken_getUserValue</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/OneTimeRestrictedAccessToken_getUserId.py → bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/OneTimeRestrictedAccessToken_getUserValue.py

@@ -14,7 +14,7 @@ if access_token_document.getValidationState() == 'validated':
 
     agent_document = access_token_document.getAgentValue()
     if agent_document is not None:
-      result = agent_document.Person_getUserId()
+      result = agent_document
       comment = "Token usage accepted"
 
   access_token_document.invalidate(comment=comment)

bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/OneTimeRestrictedAccessToken_getUserId.xml → bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/OneTimeRestrictedAccessToken_getUserValue.xml

@@ -54,7 +54,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>OneTimeRestrictedAccessToken_getUserId</string> </value>
+            <value> <string>OneTimeRestrictedAccessToken_getUserValue</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/RestrictedAccessToken_getUserId.py → bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/RestrictedAccessToken_getUserValue.py

@@ -44,6 +44,6 @@ if access_token_document.getValidationState() == 'validated':
             break
         else:
           return None
-      result = agent_document.Person_getUserId()
+      result = agent_document
 
 return result

bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/RestrictedAccessToken_getUserId.xml → bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/RestrictedAccessToken_getUserValue.xml

@@ -54,7 +54,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>RestrictedAccessToken_getUserId</string> </value>
+            <value> <string>RestrictedAccessToken_getUserValue</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_access_token/TestTemplateItem/portal_components/test.erp5.testERP5AccessToken.py

@@ -180,7 +180,7 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
     result = self._getTokenCredential(self.portal.REQUEST)
     self.assertFalse(result)
 
-  def test_RestrictedAccessToken_getUserId(self):
+  def test_RestrictedAccessToken_getUserValue(self):
     person = self._createPerson(self.new_id)
     access_url = "http://exemple.com/foo"
     access_method = "GET"
@@ -195,12 +195,12 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
     self.portal.REQUEST["ACTUAL_URL"] = access_url
     self.portal.REQUEST.form["access_token_secret"] = access_token.getReference()
 
-    result = access_token.RestrictedAccessToken_getUserId()
+    result = access_token.RestrictedAccessToken_getUserValue()
 
-    self.assertEqual(result, person.Person_getUserId())
+    self.assertEqual(result, person)
     self.assertEqual(access_token.getValidationState(), 'validated')
 
-  def test_RestrictedAccessToken_getUserId_access_token_secret(self):
+  def test_RestrictedAccessToken_getUserValue_access_token_secret(self):
     person = self._createPerson(self.new_id)
     access_url = "http://exemple.com/foo"
     access_method = "GET"
@@ -214,7 +214,7 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
     self.portal.REQUEST["REQUEST_METHOD"] = access_method
     self.portal.REQUEST["ACTUAL_URL"] = access_url
 
-    result = access_token.RestrictedAccessToken_getUserId()
+    result = access_token.RestrictedAccessToken_getUserValue()
     self.assertEqual(result, None)
 
     self.portal.REQUEST.form["access_token_secret"] = "XYXYXYXY"
@@ -222,12 +222,12 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
 
     self.portal.REQUEST.form["access_token_secret"] = access_token.getReference()
 
-    result = access_token.RestrictedAccessToken_getUserId()
+    result = access_token.RestrictedAccessToken_getUserValue()
 
-    self.assertEqual(result, person.Person_getUserId())
+    self.assertEqual(result, person)
     self.assertEqual(access_token.getValidationState(), 'validated')
 
-  def test_RestrictedAccessToken_getUserId_no_agent(self):
+  def test_RestrictedAccessToken_getUserValue_no_agent(self):
     access_url = "http://exemple.com/foo"
     access_method = "GET"
     access_token = self._createRestrictedAccessToken(self.new_id,
@@ -241,10 +241,10 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
     self.portal.REQUEST["ACTUAL_URL"] = access_url
     self.portal.REQUEST.form["access_token_secret"] = access_token.getReference()
 
-    result = access_token.RestrictedAccessToken_getUserId()
+    result = access_token.RestrictedAccessToken_getUserValue()
     self.assertEqual(result, None)
 
-  def test_RestrictedAccessToken_getUserId_wrong_values(self):
+  def test_RestrictedAccessToken_getUserValue_wrong_values(self):
     person = self._createPerson(self.new_id)
     access_url = "http://exemple.com/foo"
     access_method = "GET"
@@ -253,7 +253,7 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
                         access_method,
                         access_url)
     self.tic()
-    result = access_token.RestrictedAccessToken_getUserId()
+    result = access_token.RestrictedAccessToken_getUserValue()
     self.assertEqual(result, None)
 
     access_token.validate()
@@ -263,22 +263,22 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
     self.portal.REQUEST["ACTUAL_URL"] = access_url
     self.portal.REQUEST.form["access_token_secret"] = access_token.getReference()
 
-    result = access_token.RestrictedAccessToken_getUserId()
+    result = access_token.RestrictedAccessToken_getUserValue()
     self.assertEqual(result, None)
 
     self.portal.REQUEST["ACTUAL_URL"] = "http://exemple.com/foo.bar"
 
-    result = access_token.RestrictedAccessToken_getUserId()
+    result = access_token.RestrictedAccessToken_getUserValue()
     self.assertEqual(result, None)
 
     access_token.invalidate()
     self.tic()
 
-    result = access_token.RestrictedAccessToken_getUserId()
+    result = access_token.RestrictedAccessToken_getUserValue()
     self.assertEqual(result, None)
 
 
-  def test_OneTimeRestrictedAccessToken_getUserId(self):
+  def test_OneTimeRestrictedAccessToken_getUserValue(self):
     person = self._createPerson(self.new_id)
     access_url = "http://exemple.com/foo"
     access_method = "GET"
@@ -292,12 +292,12 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
     self.portal.REQUEST["REQUEST_METHOD"] = access_method
     self.portal.REQUEST["ACTUAL_URL"] = access_url
 
-    result = access_token.OneTimeRestrictedAccessToken_getUserId()
+    result = access_token.OneTimeRestrictedAccessToken_getUserValue()
 
-    self.assertEqual(result, person.Person_getUserId())
+    self.assertEqual(result, person)
     self.assertEqual(access_token.getValidationState(), 'invalidated')
 
-  def test_OneTimeRestrictedAccessToken_getUserId_wrong_values(self):
+  def test_OneTimeRestrictedAccessToken_getUserValue_wrong_values(self):
     person = self._createPerson(self.new_id)
     access_url = "http://exemple.com/foo"
     access_method = "POST"
@@ -306,7 +306,7 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
                         access_method,
                         access_url)
     self.tic()
-    result = access_token.OneTimeRestrictedAccessToken_getUserId()
+    result = access_token.OneTimeRestrictedAccessToken_getUserValue()
     self.assertEqual(result, None)
 
     access_token.validate()
@@ -315,12 +315,12 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
     self.portal.REQUEST["REQUEST_METHOD"] = "GET"
     self.portal.REQUEST["ACTUAL_URL"] = access_url
 
-    result = access_token.OneTimeRestrictedAccessToken_getUserId()
+    result = access_token.OneTimeRestrictedAccessToken_getUserValue()
     self.assertEqual(result, None)
 
     self.portal.REQUEST["ACTUAL_URL"] = "http://exemple.com/foo.bar"
 
-    result = access_token.OneTimeRestrictedAccessToken_getUserId()
+    result = access_token.OneTimeRestrictedAccessToken_getUserValue()
     self.assertEqual(result, None)
 
 

product/ERP5Security/ERP5AccessTokenExtractionPlugin.py

@@ -82,14 +82,11 @@ class ERP5AccessTokenExtractionPlugin(BasePlugin):
       token_document = self.getPortalObject().access_token_module.\
                      _getOb(erp5_access_token_id, None)
       if token_document is not None:
-        user_id = None
-        method = token_document._getTypeBasedMethod('getUserId')
+        method = token_document._getTypeBasedMethod('getUserValue')
         if method is not None:
-          user_id = method()
-
-        if user_id is not None:
-          # Return token relative URL as login, for traceability.
-          return (user_id, token_document.getRelativeUrl())
+          user_value = method()
+          if user_value is not None:
+            return (user_value.getUserId(), token_document.getRelativeUrl())
 
 
 #Form for new plugin in ZMI