Commit 0d078bd1 authored by Jérome Perrin's avatar Jérome Perrin

authentication policy: Fix Credential Recovery creation

`erp5_authentication_policy` can be configured to automatically create `Credential Recovery` for user once login expire.

This was no longer working since we switched to `ERP5 Login`, `Credential Recovery` ticket was created with a relation to `ERP5 Login`, but it should be related to the `Person`.

See merge request !1096
parents 9b4f14a6 68e67160
......@@ -9,25 +9,28 @@ portal = context.getPortalObject()
portal_preferences = portal.portal_preferences
if not portal_preferences.isAuthenticationPolicyEnabled() or \
not portal.portal_preferences.isPreferredSystemRecoverExpiredPassword():
not portal_preferences.isPreferredSystemRecoverExpiredPassword():
# no policy, no sense to file expire at all or symply system do not configured to
return 0
return
user = context.getParentValue()
username = context.getReference()
# Prevent creating new recovery if one was recently created
recovery_list = portal.portal_catalog(
portal_type="Credential Recovery",
reference=context.getReference(),
default_destination_decision_uid=context.getUid(),
reference=username,
default_destination_decision_uid=user.getUid(),
creation_date=Query(range="min", creation_date=addToDate(DateTime(), {'day': -1})),
limit=1)
if (len(recovery_list) > 0):
return 0
if recovery_list:
return
module = portal.getDefaultModule(portal_type='Credential Recovery')
credential_recovery = module.newContent(
portal_type="Credential Recovery",
reference=context.getReference(),
destination_decision_value=context,
reference=username,
destination_decision_value=user,
language=portal.Localizer.get_selected_language())
context.serialize()
credential_recovery.submit()
......@@ -66,8 +66,9 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
uf = portal.acl_users
uf._doAddUser(self.manager_username, self.manager_password, ['Manager'], [])
self.loginByUserName(self.manager_username)
kw = dict(portal_type='Person',
reference = 'test')
kw = dict(portal_type='ERP5 Login',
reference='test')
if portal.portal_catalog.getResultValue(**kw) is None:
# add a loggable Person
person = self.createUser(
......@@ -80,7 +81,6 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
assignment = person.newContent(portal_type = 'Assignment')
assignment.open()
# Reset and Setup auth policy
old_preference = portal.portal_catalog.getResultValue(
portal_type='System Preference',
......@@ -114,19 +114,21 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self.portal.system_event_module.manage_delObjects([x.getId() for x in self._getPasswordEventList(login)])
def createUser(self, reference, password=None, person_kw=None):
def createUser(self, username, password=None, person_kw=None):
"""
Modified version from ERP5TypeTestCase, that does set reference as
password when password is None.
Modified version from ERP5TypeTestCase, that does not set reference as
password when password is None and does not set the same reference on
person, so that we can reveal problems with code assuming that person's
reference is same as login, which use to be true before ERP5 Login were
introduced.
"""
if person_kw is None:
person_kw = {}
person = self.portal.person_module.newContent(portal_type='Person',
reference=reference,
**person_kw)
self.createUser
person = self.portal.person_module.newContent(
portal_type='Person', **person_kw)
login = person.newContent(portal_type='ERP5 Login',
reference=reference,
reference=username,
password=password)
login.validate()
return person
......@@ -138,9 +140,10 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
portal = self.getPortal()
self.assertTrue(portal.portal_preferences.isAuthenticationPolicyEnabled())
person = portal.portal_catalog.getResultValue(portal_type = 'Person',
reference = 'test')
login = person.objectValues(portal_type='ERP5 Login')[0]
login = portal.portal_catalog.getResultValue(
portal_type='ERP5 Login',
reference='test')
self.assertIsNotNone(login)
preference = portal.portal_catalog.getResultValue(portal_type = 'System Preference',
title = 'Authentication',)
# login should be allowed
......@@ -595,7 +598,8 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self.tic()
person = self.createUser(self.id(), password='password')
assignment = person.newContent(portal_type = 'Assignment')
person.setDefaultEmailCoordinateText('user@example.com')
assignment = person.newContent(portal_type='Assignment')
assignment.open()
login = person.objectValues(portal_type='ERP5 Login')[0]
......@@ -615,15 +619,22 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self.tic()
# and a credential recovery is created automatically
credential_recovery, = login.getDestinationDecisionRelatedValueList(
credential_recovery, = person.getDestinationDecisionRelatedValueList(
portal_type='Credential Recovery')
# trying to login again does not create a new credential recovery
response = publish()
self.assertTrue(response.getHeader("Location").endswith("login_form"))
self.tic()
credential_recovery, = login.getDestinationDecisionRelatedValueList(
credential_recovery, = person.getDestinationDecisionRelatedValueList(
portal_type='Credential Recovery')
credential_recovery.accept()
self.tic()
_, (to,), message = self.portal.MailHost._last_message
self.assertEqual(to, 'user@example.com')
self.assertIn('Password Recovery', message)
def test_HttpRequest(self):
"""
Check HTTP responses
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment