Implement access token to ease credential downloading.

Allow to query the web site without copy/pasting the user SSL certificates. The query should be like: curl -X POST -H "X-Access-Token: ACCESSTOKENVALUE" "https://slaposmaster.example.org/myspace/my_account/request-a-certificate/WebSection_requestNewCertificate" Access token is destroyed after usage. The token validity is one day.

Implement access token to ease credential downloading.
Allow to query the web site without copy/pasting the user SSL certificates. The query should be like: curl -X POST -H "X-Access-Token: ACCESSTOKENVALUE" "https://slaposmaster.example.org/myspace/my_account/request-a-certificate/WebSection_requestNewCertificate" Access token is destroyed after usage. The token validity is one day.
95440d94 · Romain Courteaud · Marco Mariani · 983a0da1 · 95440d94 · 95440d94
Commit 95440d94 authored Jun 20, 2013 by Romain Courteaud Committed by Marco Mariani Jun 24, 2013
8 changed files
--- a/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/Base_generateAccessTokenFromJS.xml
+++ b/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/Base_generateAccessTokenFromJS.xml
@@ -79,7 +79,7 @@ return json.dumps({\'access_token\': access_token.getId()})\n
        </item>
        <item>
            <key> <string>id</string> </key>
-            <value> <string>Base_generateAccessTokenFromJS</string> </value>
+            <value> <string>Base_generateComputerTokenFromJS</string> </value>
        </item>
      </dictionary>
    </pickle>

--- a/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/Base_generateCredentialTokenFromJS.xml
+++ b/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/Base_generateCredentialTokenFromJS.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_body</string> </key>
+            <value> <string>import json\n
+\n
+portal = context.getPortalObject()\n
+person = portal.ERP5Site_getAuthenticatedMemberPersonValue()\n
+\n
+# Revoke user certificate\n
+try:\n
+  person.revokeCertificate()\n
+except ValueError:\n
+  pass\n
+\n
+web_site = context.getWebSiteValue()\n
+request_method = "POST"\n
+request_url = "%s/%s" % (web_site.absolute_url(), "myspace/my_account/request-a-certificate/WebSection_requestNewCertificate")\n
+\n
+access_token = portal.access_token_module.newContent(\n
+  portal_type="One Time Restricted Access Token",\n
+  agent_value=person,\n
+  url_string=request_url,\n
+  url_method="POST",\n
+)\n
+access_token.validate()\n
+\n
+request = context.REQUEST\n
+response = request.RESPONSE\n
+response.setHeader(\'Content-Type\', "application/json")\n
+return json.dumps({\'access_token\': access_token.getId()})\n
+</string> </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Base_generateCredentialTokenFromJS</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/Base_getTokenGeneratorJS.xml
+++ b/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/Base_getTokenGeneratorJS.xml
@@ -60,15 +60,24 @@ return """\n
  var methods;\n
 \n
  methods = {\n
-    click: function () {\n
+    click: function (method) {\n
      $(this).click(function() {\n
        $(this).parent().parent()\n
-          .slapostoken("generateToken");\n
+          .slapostoken(method);\n
        return false;\n
      });\n
    },\n
-    generateToken: function () {\n
-      $.ajax("./Base_generateAccessTokenFromJS", {\n
+    generateComputerToken: function () {\n
+      $.ajax("./Base_generateComputerTokenFromJS", {\n
+        context: $(this),\n
+        success: function(data) {\n
+          $(this).attr("class", "alignr")\n
+                 .text("New token: " + data.access_token);\n
+        }\n
+      })\n
+    },\n
+    generateCredentialToken: function () {\n
+      $.ajax("./Base_generateCredentialTokenFromJS", {\n
        context: $(this),\n
        success: function(data) {\n
          $(this).attr("class", "alignr")\n
@@ -93,8 +102,10 @@ return """\n
  };\n
 }(jQuery));\n
 \n
-$("#tokengenerationlink")\n
-  .slapostoken("click");\n
+$("#computertokengenerationlink")\n
+  .slapostoken("click", "generateComputerToken");\n
+$("#credentialtokengenerationlink")\n
+  .slapostoken("click", "generateCredentialToken");\n
 </script>\n
 """\n


--- a/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/WebSection_requestNewCertificate.xml
+++ b/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/WebSection_requestNewCertificate.xml
@@ -52,21 +52,27 @@
            <key> <string>_body</string> </key>
            <value> <string>person = context.ERP5Site_getAuthenticatedMemberPersonValue()\n
 request = context.REQUEST\n
-try:\n
-  certificate = person.getCertificate()\n
-  request.set(\'portal_status_message\', context.Base_translateString(\'Certificate created.\'))\n
-except ValueError:\n
-  certificate = {\'certificate\': \'\', \'key\': \'\'}\n
-  request.set(\'portal_status_message\', context.Base_translateString(\'Certificate was already requested, please revoke existing one.\'))\n
-request.set(\'your_certificate\', certificate[\'certificate\'])\n
-request.set(\'your_key\', certificate[\'key\'])\n
+response = request.RESPONSE\n
 \n
-return context.WebSection_viewCertificateAsWeb()\n
+if person is None:\n
+  response.setStatus(403)\n
+else:\n
+  try:\n
+    certificate = person.getCertificate()\n
+    request.set(\'portal_status_message\', context.Base_translateString(\'Certificate created.\'))\n
+  except ValueError:\n
+    certificate = {\'certificate\': \'\', \'key\': \'\'}\n
+    request.set(\'portal_status_message\', context.Base_translateString(\'Certificate was already requested, please revoke existing one.\'))\n
+    response.setStatus(403)\n
+  request.set(\'your_certificate\', certificate[\'certificate\'])\n
+  request.set(\'your_key\', certificate[\'key\'])\n
+\n
+  return context.WebSection_viewCertificateAsWeb()\n
 </string> </value>
        </item>
        <item>
            <key> <string>_params</string> </key>
-            <value> <string>form_id, *args, **kwargs</string> </value>
+            <value> <string>*args, **kwargs</string> </value>
        </item>
        <item>
            <key> <string>id</string> </key>

--- a/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/WebSection_viewMyAccountRender.xml
+++ b/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/WebSection_viewMyAccountRender.xml
@@ -90,7 +90,8 @@
                        <string>my_certificate_request_button</string>
                        <string>my_certificate_revoke_button</string>
                        <string>my_update_credential_button</string>
-                        <string>my_token_generate_button</string>
+                        <string>my_computer_token_generate_button</string>
+                        <string>my_credential_token_generate_button</string>
                        <string>your_ad</string>
                      </list>
                    </value>

--- a/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/WebSection_viewMyAccountRender/my_token_generate_button.xml
+++ b/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/WebSection_viewMyAccountRender/my_token_generate_button.xml
@@ -20,7 +20,7 @@
        </item>
        <item>
            <key> <string>id</string> </key>
-            <value> <string>my_token_generate_button</string> </value>
+            <value> <string>my_computer_token_generate_button</string> </value>
        </item>
        <item>
            <key> <string>message_values</string> </key>
@@ -97,11 +97,11 @@
                </item>
                <item>
                    <key> <string>default</string> </key>
-                    <value> <string>Generate a security token</string> </value>
+                    <value> <string>Generate a computer security token</string> </value>
                </item>
                <item>
                    <key> <string>extra</string> </key>
-                    <value> <string>id="tokengenerationlink"</string> </value>
+                    <value> <string>id="computertokengenerationlink"</string> </value>
                </item>
                <item>
                    <key> <string>field_id</string> </key>
@@ -121,7 +121,7 @@
                </item>
                <item>
                    <key> <string>title</string> </key>
-                    <value> <string>Generate a token</string> </value>
+                    <value> <string>Generate a computer token</string> </value>
                </item>
              </dictionary>
            </value>

--- a/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/WebSection_viewMyAccountRender/my_credential_token_generate_button.xml
+++ b/master/bt5/slapos_web/SkinTemplateItem/portal_skins/vifib_hosting/WebSection_viewMyAccountRender/my_credential_token_generate_button.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>delegated_list</string> </key>
+            <value>
+              <list>
+                <string>css_class</string>
+                <string>default</string>
+                <string>extra</string>
+                <string>href</string>
+                <string>title</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>my_credential_token_generate_button</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>css_class</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>default</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>href</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>css_class</string> </key>
+                    <value> <string>nolabel validate alignr</string> </value>
+                </item>
+                <item>
+                    <key> <string>default</string> </key>
+                    <value> <string>Generate a credential security token</string> </value>
+                </item>
+                <item>
+                    <key> <string>extra</string> </key>
+                    <value> <string>id="credentialtokengenerationlink"</string> </value>
+                </item>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string>my_hyperlink</string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string>Base_viewWebFieldLibrary</string> </value>
+                </item>
+                <item>
+                    <key> <string>href</string> </key>
+                    <value> <string>./</string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string>Click to edit the target</string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string>Generate a credential token</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/master/bt5/slapos_web/bt/revision
+++ b/master/bt5/slapos_web/bt/revision
-51
\ No newline at end of file
+52
\ No newline at end of file