diff --git a/product/ERP5Configurator/Tool/ConfiguratorTool.py b/product/ERP5Configurator/Tool/ConfiguratorTool.py index 9640e683f64ac69875a678d21af1716875c13b56..3ec643220b5899c114242b0e77f6f3618a01a31b 100644 --- a/product/ERP5Configurator/Tool/ConfiguratorTool.py +++ b/product/ERP5Configurator/Tool/ConfiguratorTool.py @@ -33,6 +33,7 @@ from Products.ERP5Type.Globals import DTMLFile from Products.ERP5Type.Accessor.Constant import PropertyGetter as \ ConstantGetter from Products.ERP5Type.Tool.BaseTool import BaseTool +from Products.ERP5Type.Cache import CachingMethod from Products.ERP5Type import Permissions from Products.ERP5Configurator import _dtmldir from Products.CMFCore.utils import getToolByName @@ -145,7 +146,8 @@ class ConfiguratorTool(BaseTool): def login(self, REQUEST): """ Login client and show next form. """ password = REQUEST.get('field_my_ac_key', '') - if self._isCorrectConfigurationKey(password): + bc = REQUEST.get('field_your_business_configuration') + if self._isCorrectConfigurationKey(password, bc): # set user preferred configuration language user_preferred_language = REQUEST.get( 'field_my_user_preferred_language', None) @@ -165,7 +167,6 @@ class ConfiguratorTool(BaseTool): __ac_key, expires = expires) REQUEST.set('__ac_key', __ac_key) - bc = REQUEST.get('field_your_business_configuration') REQUEST.RESPONSE.setCookie(BUSINESS_CONFIGURATION_COOKIE_NAME, bc, expires = expires) @@ -176,12 +177,26 @@ class ConfiguratorTool(BaseTool): self.Base_translateString('Incorrect Configuration Key')) return self.view() - def _isCorrectConfigurationKey(self, password=None): + def _isCorrectConfigurationKey(self, password=None, + business_configuration=None): """ Is configuration key correct """ if password is None: password = self.REQUEST.get('__ac_key', None) + else: + password = quote(encodestring(password)) # Not still not finished yet. - return 1 + if business_configuration is None: + business_configuration = self.REQUEST.get(BUSINESS_CONFIGURATION_COOKIE_NAME, None) + if None not in [password, business_configuration]: + def is_key_valid(password, business_configuration): + bc = self.getPortalObject().unrestrictedTraverse(business_configuration) + return quote(encodestring(bc.getReference(''))) == password + return CachingMethod(is_key_valid, + "ConfiguratorTool_is_key_valid", + cache_factory='erp5_content_long')( + password, business_configuration) + return False + #security.declareProtected(Permissions.ModifyPortalContent, 'next') def next(self, REQUEST):