Master: Include authentification Policy BT5

  slapos_erp5: Add erp5_authentication_policy as project dependency
  slapos_cloud: Define standard configuration for authentication policy
  Update tests on various bt5.

master/bt5/slapos_cloud/PreferenceTemplateItem/portal_preferences/slapos_default_site_preference.xml

@@ -264,6 +264,18 @@ It\'s the lowest priority one; ie. managers can create higher priority preferenc
             <key> <string>preferred_date_order</string> </key>
             <value> <string>ymd</string> </value>
         </item>
+        <item>
+            <key> <string>preferred_diff_filter_script_id</string> </key>
+            <value>
+              <tuple>
+                <string>TemplateTool_filterClassTupleDiff</string>
+                <string>TemplateTool_filterTemplateUnicodeDiff</string>
+                <string>TemplateTool_filterPortalTypeClassDiff</string>
+                <string>TemplateTool_filterOOBTreeClassDiff</string>
+                <string>TemplateTool_filterEmptyContentTranslation</string>
+              </tuple>
+            </value>
+        </item>
         <item>
             <key> <string>preferred_document_file_name_regular_expression</string> </key>
             <value> <string encoding="cdata"><![CDATA[

master/bt5/slapos_cloud/PreferenceTemplateItem/portal_preferences/slapos_default_system_preference.xml

@@ -93,6 +93,18 @@
             <key> <string>preferred_aggregated_subscription_sale_trade_condition</string> </key>
             <value> <string>sale_trade_condition_module/slapos_aggregated_subscription_trade_condition</string> </value>
         </item>
+        <item>
+            <key> <string>preferred_authentication_failure_block_duration</string> </key>
+            <value> <int>1800</int> </value>
+        </item>
+        <item>
+            <key> <string>preferred_authentication_failure_check_duration</string> </key>
+            <value> <int>5400</int> </value>
+        </item>
+        <item>
+            <key> <string>preferred_authentication_policy_enabled</string> </key>
+            <value> <int>0</int> </value>
+        </item>
         <item>
             <key> <string>preferred_campaign_use</string> </key>
             <value>
@@ -165,6 +177,14 @@
             <key> <string>preferred_instance_update_movement_template</string> </key>
             <value> <string>sale_packing_list_module/slapos_accounting_instance_delivery_line_template/update</string> </value>
         </item>
+        <item>
+            <key> <string>preferred_max_authentication_failure</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>preferred_max_password_lifetime_duration</string> </key>
+            <value> <int>1008</int> </value>
+        </item>
         <item>
             <key> <string>preferred_maximum_balance</string> </key>
             <value> <float>-50.0</float> </value>
@@ -273,6 +293,10 @@
               </tuple>
             </value>
         </item>
+        <item>
+            <key> <string>preferred_system_recover_expired_password</string> </key>
+            <value> <int>1</int> </value>
+        </item>
         <item>
             <key> <string>preferred_time_zone</string> </key>
             <value> <string>Europe/Paris</string> </value>
@@ -289,6 +313,10 @@
             <key> <string>preferred_wechat_payment_service_reference</string> </key>
             <value> <string>PSERV-Wechat-Test</string> </value>
         </item>
+        <item>
+            <key> <string>preffered_force_username_check_in_password</string> </key>
+            <value> <int>1</int> </value>
+        </item>
         <item>
             <key> <string>priority</string> </key>
             <value> <int>1</int> </value>

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.SlapOSTestCaseMixin.py

@@ -118,10 +118,13 @@ class SlapOSTestCaseMixin(testSlapOSMixin):
 
     return person_user
 
-  def _addERP5Login(self, document):
+  def _addERP5Login(self, document, **kw):
+    if document.getPortalType() == "Person":
+      kw["password"] = "%s-aA$1" % self.generateNewId()
     login = document.newContent(
         portal_type="ERP5 Login",
-        reference=document.getReference())
+        reference=document.getReference(),
+        **kw)
     login.validate()
     return login
 

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.testSlapOSCloudSecurityGroup.py

@@ -60,7 +60,8 @@ class TestSlapOSSecurityMixin(SlapOSTestCaseMixin):
     for _, plugin in uf._getOb('plugins').listPlugins(
                                 IAuthenticationPlugin ):
       if plugin.authenticateCredentials(
-                  {'login_portal_type': ('ERP5 Login', 'Certificate Login'),
+                  {'login_portal_type': ('ERP5 Login', 'Certificate Login',
+                                         'Facebook Login', 'Google Login'),
                    'external_login': login}) is not None:
         break
     else:
@@ -182,18 +183,23 @@ class TestSlapOSSoftwareInstanceSecurity(TestSlapOSSecurityMixin):
 
 class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin):
   def test_active(self, login_portal_type="Certificate Login"):
-    password = str(random.random())
+    password = '%s-aA1$' % str(random.random())
     reference = self._generateRandomUniqueReference('Person')
     user_id = self._generateRandomUniqueUserId('Person')
 
     person = self.portal.person_module.newContent(
       portal_type='Person',
-      reference=reference, password=password)
+      reference=reference)
     person.setUserId(user_id)
 
     person.newContent(portal_type='Assignment').open()
-    person.newContent(portal_type=login_portal_type,
-      reference=reference, password=password).validate()
+    if login_portal_type == "ERP5 Login":
+      person.newContent(portal_type=login_portal_type,
+                      reference=reference,
+                      password=password).validate()
+    else:
+      person.newContent(portal_type=login_portal_type,
+                      reference=reference).validate()
 
     self.tic()
 
@@ -229,20 +235,24 @@ class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin):
     self.assertSameSet(['R-MEMBER', 'G-COMPANY'], user.getGroups())
 
   def test_inactive(self, login_portal_type="Certificate Login"):
-    password = str(random.random())
+    password = '%s-aA1$' % str(random.random())
     reference = self._generateRandomUniqueReference('Person')
     user_id = self._generateRandomUniqueReference('Person')
     
     person = self.portal.person_module.newContent(portal_type='Person',
-      reference=reference, password=password)
+      reference=reference)
 
     self.tic()
 
     self._assertUserDoesNotExists(user_id, reference, password)
 
-    person.newContent(portal_type=login_portal_type,
+    if login_portal_type == "ERP5 Login":
+      person.newContent(portal_type=login_portal_type,
+                      reference=reference,
+                      password=password).validate()
+    else:
+      person.newContent(portal_type=login_portal_type,
                       reference=reference).validate()
-
     self.tic()
 
     self._assertUserDoesNotExists(user_id, reference, password)
@@ -253,7 +263,17 @@ class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin):
   def test_inactive_erp5_login(self):
     self.test_inactive(login_portal_type="ERP5 Login")
 
+  def test_active_facebook_login(self):
+    self.test_active(login_portal_type="Facebook Login")
+
+  def test_inactive_facebook_login(self):
+    self.test_inactive(login_portal_type="Facebook Login")
   
+  def test_active_google_login(self):
+    self.test_active(login_portal_type="Google Login")
+
+  def test_inactive_google_login(self):
+    self.test_inactive(login_portal_type="Google Login")
 
 
 def test_suite():

master/bt5/slapos_configurator/TestTemplateItem/portal_components/test.erp5.testSlapOSConfigurator.py

@@ -27,6 +27,7 @@ import os
 
 class TestSlapOSConfigurator(SlapOSTestCaseMixin):
 
+  maxDiff = None
   def bootstrapSite(self):
     SlapOSTestCaseMixin.bootstrapSite(self)
     self.getBusinessConfiguration().BusinessConfiguration_invokeSlapOSMasterPromiseAlarmList()
@@ -338,6 +339,7 @@ class TestSlapOSConfigurator(SlapOSTestCaseMixin):
       'erp5_slapos_tutorial',
       'erp5_slapos_tutorial_data',	
       'erp5_slideshow_style',
+      'erp5_authentication_policy',
       'slapos_cloud',
       'slapos_slap_tool',
       'slapos_category',

master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5SkinSelection.py

@@ -28,7 +28,12 @@ class TestSlaposSkinSelection(SlapOSTestCaseMixin):
 
   # Ignore these bt5 as they might be present on development instances
   # but not present on the test.
-  ignore_list = ["slapos_ui_test"]
+  ignore_list = [
+    # UI testing folders not deployed by Configurator
+    "slapos_ui_test", "slapos_zh_ui_test",
+
+    # Legacy and/or custom bt5 folders
+    "slapos_vifib", "rapid_space", "rapid_space_ui_test"]
 
   def getTitle(self):
     return "Slapos Skin Selection"
@@ -150,6 +155,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token
@@ -266,6 +272,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token
@@ -383,6 +390,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token
@@ -496,6 +504,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token
@@ -613,6 +622,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token
@@ -730,6 +740,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token
@@ -844,6 +855,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token
@@ -959,6 +971,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token
@@ -1073,6 +1086,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token
@@ -1188,6 +1202,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token
@@ -1303,6 +1318,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token
@@ -1419,6 +1435,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token
@@ -1535,6 +1552,7 @@ erp5_access_tab
 erp5_access_token
 erp5_accounting
 erp5_administration
+erp5_authentication_policy
 erp5_auto_logout
 erp5_base
 erp5_bearer_token

master/bt5/slapos_erp5/bt/dependency_list

+erp5_authentication_policy
 erp5_administration
 erp5_credential
 erp5_project

master/bt5/slapos_slap_tool/TestTemplateItem/portal_components/test.erp5.testSlapOSSlapTool.py

@@ -2249,13 +2249,14 @@ class TestSlapOSSlapToolInstanceAccess(TestSlapOSSlapToolMixin):
 
 class TestSlapOSSlapToolPersonAccess(TestSlapOSSlapToolMixin):
   def afterSetUp(self):
-    password = self.generateNewId()
+    password = "%s-1Aa$" % self.generateNewId() 
     reference = 'test_%s' % self.generateNewId()
     person = self.portal.person_module.newContent(portal_type='Person',
       title=reference,
-      reference=reference, password=password)
+      reference=reference)
     person.newContent(portal_type='Assignment', role='member').open()
-    person.newContent(portal_type='ERP5 Login', reference=reference).validate()
+    person.newContent(portal_type='ERP5 Login',
+      reference=reference, password=password).validate()
 
     self.commit()
     self.person = person

master/product/SlapOS/tests/testSlapOSMixin.py

@@ -226,6 +226,7 @@ class testSlapOSMixin(ERP5TypeTestCase):
   def bootstrapSite(self):
     self.logMessage('SlapOS bootstrapSite')
     self.getDefaultSystemPreference().setPreferredHateoasUrl("http://dummy/")
+    self.getDefaultSystemPreference().setPreferredAuthenticationPolicyEnabled(True)
 
     self.clearCache()
     self.tic()