erp5_authentication_policy: prevent to create too much credential recovery

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_notifyPasswordExpire.py

@@ -25,12 +25,16 @@ recovery_list = portal.portal_catalog(
   limit=1)
 if recovery_list:
   return
+tag = 'credential_recovery_%s' %context.getReference()
+if portal.portal_activities.countMessageWithTag(tag):
+  return
 
 module = portal.getDefaultModule(portal_type='Credential Recovery')
 credential_recovery = module.newContent(
     portal_type="Credential Recovery",
     reference=username,
     destination_decision_value=user,
-    language=portal.Localizer.get_selected_language())
+    language=portal.Localizer.get_selected_language(),
+    activate_kw={'tag': tag})
 context.serialize()
 credential_recovery.submit()

product/ERP5/tests/testAuthenticationPolicy.py

@@ -634,13 +634,16 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
       basic=self.id() + ':password',
     )
     # User cannot login
-    response = publish()
-    self.assertTrue(response.getHeader("Location").endswith("login_form"))
+    # fire 5 requests, only 1 credential recovery should be created
+    for i in range(5):
+      response = publish()
+      self.assertTrue(response.getHeader("Location").endswith("login_form"))
     self.tic()
 
     # and a credential recovery is created automatically
-    credential_recovery, = person.getDestinationDecisionRelatedValueList(
+    credential_recovery_list = person.getDestinationDecisionRelatedValueList(
         portal_type='Credential Recovery')
+    self.assertEqual(len(credential_recovery_list), 1)
 
     # trying to login again does not create a new credential recovery
     response = publish()