Change Person's password into a PersistentMapping. This allows storing...

Change Person's password into a PersistentMapping. This allows storing multiple representations of the same password. This is required to interface with foreign applications without storing the password in plaintext. Update PasswordTool to not encode the password at its level. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@25609 20353a03-c40f-0410-a6d1-a30d3c3de9de

Change Person's password into a PersistentMapping. This allows storing...
Change Person's password into a PersistentMapping. This allows storing multiple representations of the same password. This is required to interface with foreign applications without storing the password in plaintext. Update PasswordTool to not encode the password at its level. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@25609 20353a03-c40f-0410-a6d1-a30d3c3de9de
3e962887 · Vincent Pelletier · 992f2968 · 3e962887 · 3e962887
Commit 3e962887 authored Feb 18, 2009 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 55 additions and 3 deletions

product/ERP5/Document/Person.py product/ERP5/Document/Person.py +54 -1

product/ERP5/Tool/PasswordTool.py product/ERP5/Tool/PasswordTool.py +1 -2

No files found.
--- a/product/ERP5/Document/Person.py
+++ b/product/ERP5/Document/Person.py
@@ -31,6 +31,8 @@ from AccessControl import ClassSecurityInfo
 from Products.CMFCore.utils import getToolByName
 from Products.CMFCore.utils import _checkPermission
 from Products.CMFCore.exceptions import AccessControl_Unauthorized
+from Globals import PersistentMapping
+from Acquisition import aq_base

 #from Products.ERP5.Core.Node import Node

@@ -185,6 +187,26 @@ class Person(XMLObject):
        return pw_validate(self.getPassword(), value)
      return False

+    def _setEncodedPassword(self, value, format='default'):
+      password = getattr(aq_base(self), 'password', None)
+      if password is None:
+        password = self.password = PersistentMapping()
+      self.password[format] = value
+
+    security.declarePublic('setPassword')
+    def setEncodedPassword(self, value, format='default'):
+      """
+        Set an already encoded password.
+      """
+      if not _checkPermission(Permissions.SetOwnPassword, self):
+        raise AccessControl_Unauthorized('setEncodedPassword')
+      self._setEncodedPassword(value, format=format)
+      self.reindexObject()
+
+    def _setPassword(self, value):
+      self.password = PersistentMapping()
+      self._setEncodedPassword(pw_encrypt(value))
+
    security.declarePublic('setPassword')
    def setPassword(self, value) :
      """
@@ -193,9 +215,40 @@ class Person(XMLObject):
      if value is not None:
        if not _checkPermission(Permissions.SetOwnPassword, self):
          raise AccessControl_Unauthorized('setPassword')
-        self._setPassword(pw_encrypt(value))
+        self._setPassword(value)
        self.reindexObject()

+    security.declareProtected(Permissions.AccessContentsInformation, 'getPassword')
+    def getPassword(self, *args, **kw):
+      """
+        Retrieve password in desired format.
+
+        getPassword([default], [format='default'])
+
+        default (anything)
+          Value to return if no passord is set on context.
+          Default: no default, raises AttributeError if property is not set.
+        format (string)
+          String defining the format in which the password is expected.
+          If passowrd is not available in that format, KeyError will be
+          raised.
+          Default: 'default'
+      """
+      password = getattr(aq_base(self), 'password', *args)
+      format = kw.get('format', 'default')
+      try:
+        # Backward compatibility: if it's not a PersistentMapping instance,
+        # assume it's a monovalued string, which corresponds to default
+        # password encoding.
+        if isinstance(password, PersistentMapping):
+          password = password[format]
+        else:
+          if format != 'default':
+            raise KeyError
+      except KeyError:
+        raise KeyError, 'Password is not available in %r format.' % (format, )
+      return password
+
    # Time management
    security.declareProtected(Permissions.AccessContentsInformation, 
                              'getAvailableTime')

--- a/product/ERP5/Tool/PasswordTool.py
+++ b/product/ERP5/Tool/PasswordTool.py
@@ -39,7 +39,6 @@ from DateTime import DateTime
 from Products.ERP5Type.Message import translateString
 from Acquisition import aq_base
 from BTrees.OOBTree import OOBTree
-from Products.ERP5.Document.Person import pw_encrypt

 class PasswordTool(BaseTool):
  """
@@ -190,7 +189,7 @@ class PasswordTool(BaseTool):
    self.password_request_dict.pop(password_key)
    persons = self.acl_users.erp5_users.getUserByLogin(user_login)              
    person = persons[0]
-    person._setPassword(pw_encrypt(password))
+    person._setPassword(password)
    person.reindexObject()
    if REQUEST is not None:
      msg = translateString("Password changed.")