Add remote authentication PAS plugin.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@25619 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5Wizard/PAS/ERP5RemoteUserManager.py

+##############################################################################
+#
+# Copyright (c) 2001 Zope Corporation and Contributors. All Rights
+# Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this
+# distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Classes: ERP5RemoteUserManager
+"""
+
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.SecurityManagement import getSecurityManager,\
+    setSecurityManager, newSecurityManager
+from Products.PageTemplates.PageTemplateFile import PageTemplateFile
+from Products.PluggableAuthService.utils import classImplements
+from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlugin, \
+                                                             IUserEnumerationPlugin
+from Products.ERP5Type.Cache import CachingMethod
+from DateTime import DateTime
+from Products.ERP5Security.ERP5UserManager import ERP5UserManager, SUPER_USER
+
+
+manage_addERP5RemoteUserManagerForm = PageTemplateFile(
+    '../dtml/ERP5Security_addERP5RemoteUserManager', globals(),
+    __name__='manage_addERP5RemoteUserManagerForm' )
+
+def addERP5RemoteUserManager(dispatcher, id, title=None, REQUEST=None):
+    """ Add a ERP5UserManager to a Pluggable Auth Service. """
+
+    eum = ERP5RemoteUserManager(id, title)
+    print eum
+    dispatcher._setObject(eum.getId(), eum)
+
+    if REQUEST is not None:
+        REQUEST['RESPONSE'].redirect(
+                                '%s/manage_workspace'
+                                '?manage_tabs_message='
+                                'ERP5RemoteUserManager+added.'
+                            % dispatcher.absolute_url())
+
+
+class ERP5RemoteUserManager(ERP5UserManager):
+    """ PAS plugin for managing users in remote ERP5 instance
+    """
+
+    meta_type = 'ERP5 Remote User Manager'
+    security = ClassSecurityInfo()
+
+
+    #
+    #   IAuthenticationPlugin implementation
+    #
+    security.declarePrivate( 'authenticateCredentials' )
+    def authenticateCredentials(self, credentials):
+        """ See IAuthenticationPlugin.
+
+        o We expect the credentials to be those returned by
+            ILoginPasswordExtractionPlugin.
+        """
+        # Forbidden the usage of the super user.
+        if credentials.get('login') == SUPER_USER:
+          return None
+
+        def _authenticateCredentials(login, password, path):
+            if not login or not password:
+                return None
+
+            user_list = self.getUserByLogin(login)
+
+            if not user_list:
+                return None
+
+            user = user_list[0]
+
+            sm = getSecurityManager()
+            if sm.getUser().getId() != SUPER_USER:
+              newSecurityManager(self, self.getUser(SUPER_USER))
+            try:
+              # get assignment
+              assignment_list = [x for x in user.contentValues(portal_type="Assignment") \
+                                   if x.getValidationState() == "open"]
+              valid_assignment_list = []
+              # check dates if exist
+              login_date = DateTime()
+              for assignment in assignment_list:
+                if assignment.getStartDate() is not None and \
+                       assignment.getStartDate() > login_date:
+                  continue
+                if assignment.getStopDate() is not None and \
+                       assignment.getStopDate() < login_date:
+                  continue
+                valid_assignment_list.append(assignment)
+
+              # validate to remote ERP5 instance
+              portal = self.getPortalObject() 
+              is_authenticated = int(portal.WizardTool_authenticateCredentials(login , password))
+              if is_authenticated:
+                print is_authenticated
+                return login, login
+            finally:
+              setSecurityManager(sm)
+
+            return None
+
+        _authenticateCredentials = CachingMethod(_authenticateCredentials,
+                                                 id='ERP5RemoteUserManager_authenticateCredentials',
+                                                 cache_factory='erp5_content_short')
+        return _authenticateCredentials(
+                      login=credentials.get('login'),
+                      password=credentials.get('password'),
+                      path=self.getPhysicalPath())
+
+classImplements( ERP5RemoteUserManager
+               , IAuthenticationPlugin
+               , IUserEnumerationPlugin
+               )
+
+InitializeClass(ERP5RemoteUserManager)

product/ERP5Wizard/__init__.py

@@ -31,9 +31,19 @@
 
 from Products.ERP5Type.Utils import initializeProduct, updateGlobals
 import sys, Permissions
+
+from AccessControl.Permissions import manage_users as ManageUsers
+from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin
+from Products.PluggableAuthService.permissions import ManageGroups
+from Products.ERP5Wizard.PAS.ERP5RemoteUserManager import \
+       ERP5RemoteUserManager, manage_addERP5RemoteUserManagerForm, addERP5RemoteUserManager
+
 this_module = sys.modules[ __name__ ]
 document_classes = updateGlobals(this_module, globals(), permissions_module=Permissions)
 
+
+registerMultiPlugin(ERP5RemoteUserManager.meta_type)
+
 # Finish installation
 def initialize(context):
   import Document
@@ -51,3 +61,13 @@ def initialize(context):
                     portal_tools=portal_tools,
                     content_constructors=content_constructors,
                     content_classes=content_classes)
+
+  # register ERP5Security plugin for Wizard
+  context.registerClass( ERP5RemoteUserManager
+                         , permission=ManageUsers
+                         , constructors=(
+                            manage_addERP5RemoteUserManagerForm,
+                            addERP5RemoteUserManager, )
+                         , visibility=None
+                         , icon='dtml/remote_user_manager_plugin.gif'
+                         )  

product/ERP5Wizard/dtml/ERP5Security_addERP5RemoteUserManager.zpt

+<h1 tal:replace="structure here/manage_page_header">Header</h1>
+
+<h2 tal:define="form_title string:Add ERP5 Remote User Manager"
+    tal:replace="structure here/manage_form_title">Form Title</h2>
+
+<p class="form-help">
+ERP5 Remote User Manager applys the users managed in remote ERP5 instance's person module
+to the Pluggable Authentication Service
+</p>
+
+<form action="addERP5RemoteUserManager" method="post">
+<table cellspacing="0" cellpadding="2" border="0">
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-label">
+    Id
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="id" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-optional">
+    Title
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="title" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    </td>
+    <td align="left" valign="top">
+    <div class="form-element">
+    <input class="form-element" type="submit" name="submit" 
+     value=" Add " /> 
+    </div>
+    </td>
+  </tr>
+</table>
+</form>
+
+<h1 tal:replace="structure here/manage_page_footer">Footer</h1>