diff --git a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_isPasswordExpired.py b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_isPasswordExpired.py index 256461dcee18b1bf455ec87aee7a082487548586..0ca2d9e0c1ac52544b36e979f66281ef450aea39 100644 --- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_isPasswordExpired.py +++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_isPasswordExpired.py @@ -2,43 +2,30 @@ Returns if user account is Person's password is expired. Start password recovery process for expired password (if configured). """ -from Products.ERP5Type.Cache import CachingMethod - -request = context.REQUEST portal = context.getPortalObject() - -def _isPasswordExpired(): - from DateTime import DateTime - one_hour = 1/24.0 +is_password_expired = False +expire_date_warning = 0 +password_event_list = portal.portal_catalog( + select_list=['creation_date'], + portal_type='Password Event', + default_destination_uid=context.getUid(), + validation_state='confirmed', + sort_on=(('creation_date', 'DESC'), ), + limit=1, +) +if password_event_list: + ONE_HOUR = 1 / 24.0 + portal_preferences = portal.portal_preferences + expire_date = password_event_list[0].creation_date + portal_preferences.getPreferredMaxPasswordLifetimeDuration() * ONE_HOUR now = DateTime() - max_password_lifetime_duration = portal.portal_preferences.getPreferredMaxPasswordLifetimeDuration() - password_lifetime_expire_warning_duration = portal.portal_preferences.getPreferredPasswordLifetimeExpireWarningDuration() - last_password_event = portal.portal_catalog.getResultValue( - portal_type = 'Password Event', - default_destination_uid = context.getUid(), - validation_state = 'confirmed', - sort_on = (('creation_date', 'DESC',),)) - expire_date_warning = 0 - if last_password_event is not None: - last_password_modification_date = last_password_event.getCreationDate() - expire_date = last_password_modification_date + max_password_lifetime_duration*one_hour - if password_lifetime_expire_warning_duration not in (0, None,): - # calculate early warning period - if now > expire_date - password_lifetime_expire_warning_duration*one_hour and \ - expire_date > now: - expire_date_warning = expire_date - if expire_date < now: - # password is expired - #context.log('expired %s' %context.getReference()) - return True, expire_date_warning - return False, expire_date_warning - -_isPasswordExpired = CachingMethod(_isPasswordExpired, - id='Person_isPasswordExpired_%s' %context.getReference(), - cache_factory='erp5_content_short') -is_password_expired, expire_date = _isPasswordExpired() - + if expire_date < now: + # password is expired + is_password_expired = True + else: + password_lifetime_expire_warning_duration = portal_preferences.getPreferredPasswordLifetimeExpireWarningDuration() + if password_lifetime_expire_warning_duration and now > expire_date - password_lifetime_expire_warning_duration * ONE_HOUR: + expire_date_warning = expire_date +request = portal.REQUEST request.set('is_user_account_password_expired', is_password_expired) -request.set('is_user_account_password_expired_expire_date', expire_date) - +request.set('is_user_account_password_expired_expire_date', expire_date_warning) return is_password_expired diff --git a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_notifyPasswordExpire.py b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_notifyPasswordExpire.py index 5705780f854e8b8904256fa994aa7adfd843e8b3..baff66ada86295c71bbc3a505ec759ed72d35e41 100644 --- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_notifyPasswordExpire.py +++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_notifyPasswordExpire.py @@ -29,7 +29,5 @@ credential_recovery = module.newContent( reference=context.getReference(), destination_decision_value=context, language=portal.Localizer.get_selected_language()) -# immediate reindex allowed because it is a new object -credential_recovery.immediateReindexObject() context.serialize() credential_recovery.submit() diff --git a/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/afterChangePassword.py b/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/afterChangePassword.py index 1b9e8f1262f18d99a844734dd677b26c436605c3..9afba02454a48d25423cc67aec65be46b570fc87 100644 --- a/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/afterChangePassword.py +++ b/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/afterChangePassword.py @@ -13,6 +13,3 @@ if portal.portal_preferences.getPreferredNumberOfLastPasswordToCheck() or \ destination_value=login, password=current_password) password_event.confirm() - # Person_isPasswordExpired cache the wrong result if document is not in catalog. - # As the document is created in the same transaction, it is possible to force reindexation - password_event.immediateReindexObject()