erp5_credential: migrate to ERP5 Login authentication.

67271e05 · Kazuhiko Shiozaki · 3e4709b9 · 67271e05 · 67271e05 · 67271e05
Commit 67271e05 authored Oct 27, 2016 by Kazuhiko Shiozaki
13 changed files
--- a/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Base_getValidatedLoginReferenceList.py
+++ b/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Base_getValidatedLoginReferenceList.py
+person = context.ERP5Site_getAuthenticatedMemberPersonValue()
+if person is not None:
+  return [login for login in person.objectValues(portal_type='ERP5 Login')]
+else:
+  return []
--- a/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Base_getValidatedLoginReferenceList.xml
+++ b/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Base_getValidatedLoginReferenceList.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Base_getValidatedLoginReferenceList</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendPasswordResetLink.py
+++ b/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendPasswordResetLink.py
@@ -4,7 +4,7 @@ send the password reset link by mail
 portal = context.getPortalObject()

 person = context.getDestinationDecisionValue(portal_type="Person")
-reference = person.getReference()
+reference = context.getReference()
 if context.hasDocumentReference():
  message_reference = context.getDocumentReference()
 else:

--- a/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendUsernameRecoveryMessage.py
+++ b/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendUsernameRecoveryMessage.py
@@ -4,13 +4,14 @@ send the username mail
 portal = context.getPortalObject()

 person_list = context.getDestinationDecisionValueList(portal_type="Person")
-usernames = []
+login_list = []
 for person in person_list:
-  usernames.append("%s" %person.getReference())
+  for login in person.objectValues(portal_type='ERP5 Login'):
+    if login.getValidationState() == 'validated':
+      login_list.append(login)

-usernames = " ".join(usernames)
+usernames = ' '.join(login.getReference() for login in login_list)

-reference_list = [x.getReference() for x in person_list]
 if context.hasDocumentReference():
  message_reference = context.getDocumentReference()
 else:

--- a/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRequest_createUser.py
+++ b/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRequest_createUser.py
@@ -12,26 +12,34 @@ portal = context.getPortalObject()
 portal_preferences = context.portal_preferences
 person = context.getDestinationDecisionValue(portal_type="Person")

+login_list = [x for x in person.objectValues(portal_type='ERP5 Login') \
+              if x.getValidationState() == 'validated']
+if len(login_list):
+  login = login_list[0]
+else:
+  login = person.newContent(portal_type='ERP5 Login')
 # Create user of the person only if not exist
-if person.hasReference() and person.getPassword():
+if person.hasReference() and login.hasPassword():
  return person.getReference(), None

 # Set login
-login = context.getReference()
-if not person.hasReference():
-  if not login:
+reference = context.getReference()
+if not login.hasReference():
+  if not reference:
    raise ValueError, "Impossible to create an account without login"
-  person.setReference(login)
+  login.setReference(reference)
+  if not person.hasReference():
+    person.setReference(reference)
 else:
-  login = person.getReference()
+  reference = person.getReference()

 password = None
-# Set password if no password on the person
-if not person.getPassword():
+# Set password if no password on the Login
+if not login.hasPassword():
  if context.getPassword():
    #User has fill a password
    password = context.getPassword()
-    person.setEncodedPassword(password)
+    login.setEncodedPassword(password)
  else:
    if not portal_preferences.isPreferredSystemGeneratePassword():
      # user will set it trough a credential recovery process
@@ -39,24 +47,27 @@ if not person.getPassword():
      module = portal.getDefaultModule(portal_type='Credential Recovery')
      credential_recovery = module.newContent(
                                     portal_type="Credential Recovery",
-                                     reference=login,
+                                     reference=reference,
                                     destination_decision=person.getRelativeUrl(),
                                     language=portal.Localizer.get_selected_language())
      credential_recovery.submit()
    else:
      # system should generate a password
      password = context.Person_generatePassword(alpha=5, numeric=3)
-      person.setPassword(password)
+      login.setPassword(password)

  # create a global account
  if context.ERP5Site_isSingleSignOnEnable():
    #The master manage encoded password and clear password
    person.Person_createNewGlobalUserAccount(password=password)
    person.Person_validateGlobalUserAccount()
+
+  if login.getValidationState() == 'draft':
+    login.validate()
 else:
  #Person has an already an account
  if context.ERP5Site_isSingleSignOnEnable():
    #Check assignment for the current instance
    person.Person_validateGlobalUserAccount()

-return login, password
+return reference, password
--- a/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Credential_updatePersonPassword.py
+++ b/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/Credential_updatePersonPassword.py
@@ -4,5 +4,23 @@ Clear 'erp5_content_short' cache too."""
 person = context.getDestinationDecisionValue(portal_type="Person")

 if context.getPassword():
-  person.setEncodedPassword(context.getPassword())
+  login_list = [login for login in person.objectValues(portal_type='ERP5 Login') \
+                if login.getValidationState() == 'validated']
+  reference = context.getReference()
+  if reference:
+    for login in login_list:
+      if login.getReference() == reference:
+        break
+    else:
+      raise RuntimeError, 'Person %s does not have a validated Login with reference %r' % \
+          (person.getRelativeUrl(), reference)
+  else: # BBB when login reference is not set in Credential Update document.
+    if login_list:
+      login = sorted(login_list,
+                     key=lambda x:x.getReference() == person.getReference(), reverse=True)[0]
+    else:
+      raise RuntimeError, 'Person %s does not have a validated Login with reference %r' % \
+          (person.getRelativeUrl(), reference)
+  login.setEncodedPassword(context.getPassword())
  context.portal_caches.clearCache(('erp5_content_short',))
+  return login.getReference()
--- a/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newCredentialRecovery.py
+++ b/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newCredentialRecovery.py
@@ -40,15 +40,18 @@ if default_email_text is not None:
 else:
  # Case for recovery of password
  if person_list is None:
-    person_module = portal.getDefaultModule('Person')
-    result = person_module.searchFolder(reference={'query':reference, 'key':'ExactMatch'})
+    result = portal.portal_catalog(
+      portal_type=("ERP5 Login"),
+      parent_portal_type="Person",
+      reference={'query':reference, 'key':'ExactMatch'},
+      )
    if len(result) != 1:
      portal_status_message = portal.Base_translateString("Can't find corresponding person, it's not possible to recover your credentials.")
      if web_site is not None:
        return web_site.Base_redirect('', keep_items = dict(portal_status_message=portal_status_message ))
      return portal.Base_redirect('', keep_items = dict(portal_status_message=portal_status_message ))

-    person_list = [result[0].getObject(),]
+    person_list = [result[0].getObject().getParentValue(),]

  # Check the response
  person = person_list[0]

--- a/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newCredentialRequest.py
+++ b/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newCredentialRequest.py
@@ -45,7 +45,8 @@ credential_request.reindexObject(activate_kw=dict(tag='Person_setReference_%s' %
 if not context.portal_membership.isAnonymousUser():
  person = context.ERP5Site_getAuthenticatedMemberPersonValue()
  destination_decision = []
-  if person.getReference() == reference:
+  if reference in [x.getReference() for x in person.objectValues(portal_type='ERP5 Login')
+                   if x.getValidationState() == 'validated']:
    destination_decision.append(person.getRelativeUrl())
  if person.getDefaultCareerSubordinationTitle() == corporate_name:
    destination_decision.append(person.getDefaultCareerSubordination())

--- a/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newPersonCredentialUpdate.py
+++ b/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newPersonCredentialUpdate.py
@@ -9,6 +9,7 @@ else:
  module = portal.getDefaultModule(portal_type='Credential Update')
  credential_update = module.newContent(
    portal_type="Credential Update",
+    reference=reference,
    first_name=first_name,
    last_name=last_name,
    gender=gender,
@@ -44,9 +45,14 @@ else:
  # within same transaction and update client side credentials cookie 
  username = person.getReference()
  if password and username == str(portal.portal_membership.getAuthenticatedMember()):
-    credential_update.accept()
-    portal.cookie_authentication.credentialsChanged(username, username, password)
+    # The password is updated synchronously and the the rest of the credential Update is done later
+    login_reference = credential_update.Credential_updatePersonPassword()
    portal_status_message = "Password changed."
+    context.getPortalObject().cookie_authentication.credentialsChanged(
+      username,
+      login_reference,
+      password,
+      )

 portal_status_message = context.Base_translateString(portal_status_message)
 return portal.Base_redirect(keep_items = {'portal_status_message': portal_status_message})
--- a/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newPersonCredentialUpdate.xml
+++ b/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_newPersonCredentialUpdate.xml
@@ -50,7 +50,7 @@
        </item>
        <item>
            <key> <string>_params</string> </key>
-            <value> <string>default_email_text=None, last_name=None, first_name=None, gender=None, nationality=None, password=None, date_of_birth=None, default_telephone_telephone_country=None, default_telephone_text=None, default_mobile_telephone_telephone_country=None, default_mobile_telephone_text=None, default_fax_text=None, default_credential_question_question=None, default_credential_question_question_free_text=None, default_credential_question_answer=None,  function=None, activity_list=None, skill_list=None, default_address_city=None, default_address_street_address=None, default_address_zip_code=None,default_address_region=None,default_image_file=None, description=None, dialog_id=\'\', **kw</string> </value>
+            <value> <string>default_email_text=None, last_name=None, first_name=None, gender=None, nationality=None, password=None, date_of_birth=None, default_telephone_telephone_country=None, default_telephone_text=None, default_mobile_telephone_telephone_country=None, default_mobile_telephone_text=None, default_fax_text=None, default_credential_question_question=None, default_credential_question_question_free_text=None, default_credential_question_answer=None,  function=None, activity_list=None, skill_list=None, default_address_city=None, default_address_street_address=None, default_address_zip_code=None,default_address_region=None,default_image_file=None, description=None, reference=None, dialog_id=\'\', **kw</string> </value>
        </item>
        <item>
            <key> <string>_proxy_roles</string> </key>

--- a/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_viewNewPersonCredentialUpdateDialog.xml
+++ b/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_viewNewPersonCredentialUpdateDialog.xml
@@ -93,6 +93,7 @@
                    <key> <string>left</string> </key>
                    <value>
                      <list>
+                        <string>your_reference</string>
                        <string>your_gender</string>
                        <string>your_first_name</string>
                        <string>your_last_name</string>

--- a/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_viewNewPersonCredentialUpdateDialog/your_reference.xml
+++ b/bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/ERP5Site_viewNewPersonCredentialUpdateDialog/your_reference.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>delegated_list</string> </key>
+            <value>
+              <list>
+                <string>items</string>
+                <string>required</string>
+                <string>title</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>your_reference</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>items</string> </key>
+                    <value>
+                      <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>required</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string>my_list_field</string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string>Base_viewFieldLibrary</string> </value>
+                </item>
+                <item>
+                    <key> <string>items</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>required</string> </key>
+                    <value> <int>1</int> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string>Click to edit the target</string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string>User Login</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="TALESMethod" module="Products.Formulator.TALESField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_text</string> </key>
+            <value> <string>here/Base_getValidatedLoginReferenceList</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/product/ERP5/tests/testERP5Credential.py
+++ b/product/ERP5/tests/testERP5Credential.py
@@ -430,6 +430,7 @@ class TestERP5Credential(ERP5TypeTestCase):
    credential_update = credential_update_module.newContent(\
        first_name='Homie',
        last_name='Simpsons', # add a 's' to the end of the last_name
+        reference='homie',
        password='new_password',
        default_email_text='homie.simpsons@fox.com',
        destination_decision=homie.getRelativeUrl())
@@ -548,13 +549,19 @@ class TestERP5Credential(ERP5TypeTestCase):
    person_module = portal.getDefaultModule('Person')
    person = person_module.newContent(title='Barney',
                             reference='barney',
-                             password='secret',
                             start_date=DateTime('1970/01/01'),
                             default_email_text='barney@duff.com')
    # create an assignment
    assignment = person.newContent(portal_type='Assignment',
                      function='member')
    assignment.open()
+    # create a login
+    login = person.newContent(
+      portal_type='ERP5 Login',
+      reference=person.getReference(),
+      password='secret',
+    )
+    login.validate()
    sequence.edit(person_reference=person.getReference(),
                  default_email_text=person.getDefaultEmailText())

@@ -572,12 +579,18 @@ class TestERP5Credential(ERP5TypeTestCase):
      person_module = portal.getDefaultModule('Person')
      person = person_module.newContent(title=reference,
                               reference=reference,
-                               password='secret',
                               default_email_text=default_email_text)
      # create an assignment
      assignment = person.newContent(portal_type='Assignment',
                        function='member')
      assignment.open()
+      # create a login
+      login = person.newContent(
+        portal_type='ERP5 Login',
+        reference=person.getReference(),
+        password='secret',
+      )
+      login.validate()
      person_list.append(person)

    sequence.edit(person_list=person_list,