Commit 4848edce authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

fixup! ERP5Security: Use a dedicated Login document to handle authentication.

parent 7ac3444a
person = context.ERP5Site_getAuthenticatedMemberPersonValue()
if person is not None:
return [login for login in person.objectValues(portal_type='ERP5 Login')]
else:
return []
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Base_getValidatedLoginReferenceList</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -4,7 +4,7 @@ send the password reset link by mail
portal = context.getPortalObject()
person = context.getDestinationDecisionValue(portal_type="Person")
reference = person.getReference()
reference = context.getReference()
if context.hasDocumentReference():
message_reference = context.getDocumentReference()
else:
......@@ -14,7 +14,7 @@ if message_reference is None:
notification_message = portal.NotificationTool_getDocumentValue(message_reference,
context.getLanguage())
context.REQUEST.set('came_from', context.getUrlString())
context.REQUEST.set('came_from', portal.absolute_url())
  • Is this intentional ?

  • Hmm... I don't remember why I wanted to modify here, but anyway it should be in another commit.

  • Yes. This is out topic, but I also had problems with this, for an ERP5 instance is accessed through multiple URLS. It is supposed to be set in credential interaction workflow when credential request is created, but if credential requests are created in activities, I think you must set REQUEST['came_from'] before calling newContent.

  • this part is now reverted. feel free to improve it on master.

Please register or sign in to reply
if context.hasStopDate():
kw = {'expiration_date':context.getStopDate()}
......
......@@ -4,13 +4,14 @@ send the username mail
portal = context.getPortalObject()
person_list = context.getDestinationDecisionValueList(portal_type="Person")
usernames = []
login_list = []
for person in person_list:
usernames.append("%s" %person.getReference())
for login in person.objectValues(portal_type='ERP5 Login'):
if login.getValidationState() == 'validated':
login_list.append(login)
usernames = " ".join(usernames)
usernames = ' '.join(login.getReference() for login in login_list)
reference_list = [x.getReference() for x in person_list]
if context.hasDocumentReference():
message_reference = context.getDocumentReference()
else:
......
......@@ -12,26 +12,34 @@ portal = context.getPortalObject()
portal_preferences = context.portal_preferences
person = context.getDestinationDecisionValue(portal_type="Person")
login_list = [x for x in person.objectValues(portal_type='ERP5 Login') \
if x.getValidationState() == 'validated']
if len(login_list):
login = login_list[0]
else:
login = person.newContent(portal_type='ERP5 Login')
# Create user of the person only if not exist
if person.hasReference() and person.getPassword():
if person.hasReference() and login.hasPassword():
return person.getReference(), None
# Set login
login = context.getReference()
if not person.hasReference():
if not login:
reference = context.getReference()
if not login.hasReference():
if not reference:
raise ValueError, "Impossible to create an account without login"
person.setReference(login)
login.setReference(reference)
if not person.hasReference():
person.setReference(reference)
else:
login = person.getReference()
reference = person.getReference()
password = None
# Set password if no password on the person
if not person.getPassword():
# Set password if no password on the Login
if not login.hasPassword():
if context.getPassword():
#User has fill a password
password = context.getPassword()
person.setEncodedPassword(password)
login.setEncodedPassword(password)
else:
if not portal_preferences.isPreferredSystemGeneratePassword():
# user will set it trough a credential recovery process
......@@ -39,24 +47,27 @@ if not person.getPassword():
module = portal.getDefaultModule(portal_type='Credential Recovery')
credential_recovery = module.newContent(
portal_type="Credential Recovery",
reference=login,
reference=reference,
destination_decision=person.getRelativeUrl(),
language=portal.Localizer.get_selected_language())
credential_recovery.submit()
else:
# system should generate a password
password = context.Person_generatePassword(alpha=5, numeric=3)
person.setPassword(password)
login.setPassword(password)
# create a global account
if context.ERP5Site_isSingleSignOnEnable():
#The master manage encoded password and clear password
person.Person_createNewGlobalUserAccount(password=password)
person.Person_validateGlobalUserAccount()
if login.getValidationState() == 'draft':
login.validate()
else:
#Person has an already an account
if context.ERP5Site_isSingleSignOnEnable():
#Check assignment for the current instance
person.Person_validateGlobalUserAccount()
return login, password
return reference, password
......@@ -4,5 +4,23 @@ Clear 'erp5_content_short' cache too."""
person = context.getDestinationDecisionValue(portal_type="Person")
if context.getPassword():
person.setEncodedPassword(context.getPassword())
login_list = [login for login in person.objectValues(portal_type='ERP5 Login') \
if login.getValidationState() == 'validated']
reference = context.getReference()
if reference:
for login in login_list:
if login.getReference() == reference:
break
else:
raise RuntimeError, 'Person %s does not have a validated Login with reference %r' % \
(person.getRelativeUrl(), reference)
else: # BBB when login reference is not set in Credential Update document.
if login_list:
login = sorted(login_list,
key=lambda x:x.getReference() == person.getReference(), reverse=True)[0]
else:
raise RuntimeError, 'Person %s does not have a validated Login with reference %r' % \
(person.getRelativeUrl(), reference)
login.setEncodedPassword(context.getPassword())
context.portal_caches.clearCache(('erp5_content_short',))
return login.getReference()
......@@ -40,15 +40,18 @@ if default_email_text is not None:
else:
# Case for recovery of password
if person_list is None:
person_module = portal.getDefaultModule('Person')
result = person_module.searchFolder(reference={'query':reference, 'key':'ExactMatch'})
result = portal.portal_catalog(
portal_type=("ERP5 Login"),
parent_portal_type="Person",
reference={'query':reference, 'key':'ExactMatch'},
)
if len(result) != 1:
portal_status_message = portal.Base_translateString("Can't find corresponding person, it's not possible to recover your credentials.")
if web_site is not None:
return web_site.Base_redirect('', keep_items = dict(portal_status_message=portal_status_message ))
return portal.Base_redirect('', keep_items = dict(portal_status_message=portal_status_message ))
person_list = [result[0].getObject(),]
person_list = [result[0].getObject().getParentValue(),]
# Check the response
person = person_list[0]
......
......@@ -45,7 +45,8 @@ credential_request.reindexObject(activate_kw=dict(tag='Person_setReference_%s' %
if not context.portal_membership.isAnonymousUser():
person = context.ERP5Site_getAuthenticatedMemberPersonValue()
destination_decision = []
if person.getReference() == reference:
if reference in [x.getReference() for x in person.objectValues(portal_type='ERP5 Login')
if x.getValidationState() == 'validated']:
destination_decision.append(person.getRelativeUrl())
if person.getDefaultCareerSubordinationTitle() == corporate_name:
destination_decision.append(person.getDefaultCareerSubordination())
......
......@@ -9,6 +9,7 @@ else:
module = portal.getDefaultModule(portal_type='Credential Update')
credential_update = module.newContent(
portal_type="Credential Update",
reference=reference,
first_name=first_name,
last_name=last_name,
gender=gender,
......@@ -44,9 +45,14 @@ else:
# within same transaction and update client side credentials cookie
username = person.getReference()
if password and username == str(portal.portal_membership.getAuthenticatedMember()):
credential_update.accept()
portal.cookie_authentication.credentialsChanged(username, username, password)
# The password is updated synchronously and the the rest of the credential Update is done later
login_reference = credential_update.Credential_updatePersonPassword()
portal_status_message = "Password changed."
context.getPortalObject().cookie_authentication.credentialsChanged(
username,
login_reference,
password,
)
portal_status_message = context.Base_translateString(portal_status_message)
return portal.Base_redirect(keep_items = {'portal_status_message': portal_status_message})
......@@ -23,6 +23,7 @@ Attribute Unicity Constraint | view
Base Category | view
Base Domain | view
Base Type | action_view
Base Type | jump_property_sheets
Base Type | role_view
Base Type | translation_view
Base Type | update_local_roles
......@@ -79,10 +80,12 @@ Id Tool | view
Memcached Plugin | view
Memcached Tool | view
Predicate | view
Preference Tool Type | jump_property_sheets
Preference Tool Type | view
Preference Tool | advanced
Preference Tool | view
Preference Type | action_view
Preference Type | jump_property_sheets
Preference Type | role_view
Preference Type | translation_view
Preference Type | update_local_roles
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment