Commit f2cb1f6c authored by Jérome Perrin's avatar Jérome Perrin

ERP5ExternalOauth2ExtractionPlugin: do not create user in extraction plugin

A more apporpriate place would be a dedicated "signup using oauth"
page, relying on erp5_credential for the actual user creation.
parent 8c4b9714
from DateTime import DateTime
if context.REQUEST.get('Base_createOauth2User') is not None:
return
context.REQUEST.set('Base_createOauth2User', 1)
portal = context.getPortalObject()
if portal.portal_activities.countMessageWithTag(tag) > 0:
# If activity already exists, it means that the user reloaded the page and
# searchUsers() from ERP5ExternalOauth2ExtractionPlugin:186 did not find the user yet
return
person = portal.Base_getUserValueByUserId(reference)
current_user = portal.portal_membership.getAuthenticatedMember()
if person is not None or (current_user and current_user is None):
# Script should here stop if person exists or the user logged in is a Zope user
return
activate_kw = {'tag': tag}
# In future we can move this script to another, because this script is generic enough
# to support Facebook login, for example.
assert login_portal_type in ("Google Login",), "Impossible to select a portal type"
if user_id in ("Anonymous User", None):
person = portal.person_module.newContent(portal_type='Person',
user_id=reference,
first_name=first_name,
last_name=last_name,
default_email_coordinate_text=email,
activate_kw=activate_kw)
duration = getattr(portal.portal_preferences,
"getPreferredCredentialAssignmentDuration",
lambda: 0)() or 365
today = DateTime()
delay = today + duration
# Support erp5_credential
getAssignmentCategoryList = getattr(portal.portal_preferences,
"getPreferredSubscriptionAssignmentCategoryList",
None)
category_list = getAssignmentCategoryList and getAssignmentCategoryList() or []
assignment = person.newContent(
portal_type='Assignment',
category_list=category_list,
start_date=today,
stop_date=delay,
activate_kw=activate_kw)
assignment.open(activate_kw=activate_kw)
person.setDefaultCareerRoleList(assignment.getRoleList())
else:
person = context.Base_getUserValueByUserId(user_id)
login = person.newContent(portal_type=login_portal_type,
reference=reference)
login.validate(activate_kw=activate_kw)
if person.getValidationState() != "validated":
person.validate(activate_kw=activate_kw)
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>tag, first_name, last_name, reference, email, login_portal_type, user_id=None</string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Base_createOauth2User</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -139,14 +139,6 @@ class ERP5ExternalOauth2ExtractionPlugin:
security.declarePrivate('extractCredentials')
def extractCredentials(self, request):
""" Extract Oauth2 credentials from the request header. """
Base_createOauth2User = getattr(self.getPortalObject(),
'Base_createOauth2User', None)
if Base_createOauth2User is None:
LOG('ERP5ExternalOauth2ExtractionPlugin', INFO,
'No Base_createOauth2User script available, install '
'erp5_credential_oauth2, disabled authentication.')
return DumbHTTPExtractor().extractCredentials(request)
cookie_hash = request.get(self.cookie_name)
if cookie_hash is not None:
try:
......@@ -177,29 +169,6 @@ class ERP5ExternalOauth2ExtractionPlugin:
# fallback to default way
return DumbHTTPExtractor().extractCredentials(request)
tag = '%s_user_creation_in_progress' % cookie_hash.encode('hex')
if self.getPortalObject().portal_activities.countMessageWithTag(tag) > 0:
self.REQUEST['USER_CREATION_IN_PROGRESS'] = user_dict
else:
# create the user if not found
if not self.searchUsers(login=user, exact_match=True):
sm = getSecurityManager()
if sm.getUser().getId() != ERP5Security.SUPER_USER:
newSecurityManager(self, self.getUser(ERP5Security.SUPER_USER))
try:
self.REQUEST['USER_CREATION_IN_PROGRESS'] = user_dict
user_entry["login_portal_type"] = self.login_portal_type
# user_id is optional.
# It is only used to create Google Login under a pre-existing person
user_entry["user_id"] = user_dict.get("user_id")
try:
Base_createOauth2User(tag, **user_entry)
except Exception:
LOG('ERP5ExternalOauth2ExtractionPlugin', ERROR,
'Issue while calling creation script:', error=True)
raise
finally:
setSecurityManager(sm)
try:
self.setToken(self.prefix + token, user)
except KeyError:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment