Commit 994f2921 authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_certificate_authority: Implement backward-compatibility with ERP5 Login

Also extend tests to cover recently changes
parent 2857d1a6
...@@ -7,7 +7,16 @@ class Person(ERP5Person): ...@@ -7,7 +7,16 @@ class Person(ERP5Person):
security.declarePublic('getCertificate') security.declarePublic('getCertificate')
def _getCertificateLoginDocument(self): def _getCertificateLoginDocument(self):
for _certificate_login in self.objectValues(portal_type="Certificate Login"): for _erp5_login in self.objectValues(
portal_type=["ERP5 Login"]):
if _erp5_login.getValidationState() == "validated" and \
_erp5_login.getReference() == self.getUserId():
# The user already created a Login document as UserId, so
# So just use this one.
return _erp5_login
for _certificate_login in self.objectValues(
portal_type=["Certificate Login"]):
if _certificate_login.getValidationState() == "validated": if _certificate_login.getValidationState() == "validated":
return _certificate_login return _certificate_login
......
...@@ -31,6 +31,7 @@ import os ...@@ -31,6 +31,7 @@ import os
import random import random
import unittest import unittest
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
from Products.DCWorkflow.DCWorkflow import ValidationFailed
from AccessControl import Unauthorized from AccessControl import Unauthorized
class TestCertificateAuthority(ERP5TypeTestCase): class TestCertificateAuthority(ERP5TypeTestCase):
...@@ -39,6 +40,7 @@ class TestCertificateAuthority(ERP5TypeTestCase): ...@@ -39,6 +40,7 @@ class TestCertificateAuthority(ERP5TypeTestCase):
return "Test Certificate Authority" return "Test Certificate Authority"
def afterSetUp(self): def afterSetUp(self):
if "TEST_CA_PATH" in os.environ:
self.portal.portal_certificate_authority.certificate_authority_path = \ self.portal.portal_certificate_authority.certificate_authority_path = \
os.environ['TEST_CA_PATH'] os.environ['TEST_CA_PATH']
...@@ -59,6 +61,30 @@ class TestCertificateAuthority(ERP5TypeTestCase): ...@@ -59,6 +61,30 @@ class TestCertificateAuthority(ERP5TypeTestCase):
self.loginByUserName(login) self.loginByUserName(login)
person = self.portal.portal_membership.getAuthenticatedMember().getUserValue() person = self.portal.portal_membership.getAuthenticatedMember().getUserValue()
certificate = person.getCertificate() certificate = person.getCertificate()
certificate_login_list = person.objectValues(
portal_type="Certificate Login"
)
self.assertEquals(len(certificate_login_list), 1)
certificate_login = certificate_login_list[0]
self.assertEquals(certificate_login.getReference(), user_id)
self.assertEquals(certificate_login.getValidationState(), "validated")
self.assertTrue('CN=%s' % user_id in certificate['certificate'])
def test_person_duplicated_login(self):
user_id, login = self._createPerson()
self.loginByUserName(login)
person = self.portal.portal_membership.getAuthenticatedMember().getUserValue()
person.newContent(portal_type='ERP5 Login', reference=user_id).validate()
self.tic()
certificate = person.getCertificate()
certificate_login_list = person.objectValues(
portal_type="Certificate Login"
)
# If a erp5_login is already using the User ID, just reuse it for now
self.assertEquals(len(certificate_login_list), 0)
self.assertTrue('CN=%s' % user_id in certificate['certificate']) self.assertTrue('CN=%s' % user_id in certificate['certificate'])
def test_person_revoke_certificate(self): def test_person_revoke_certificate(self):
...@@ -72,6 +98,14 @@ class TestCertificateAuthority(ERP5TypeTestCase): ...@@ -72,6 +98,14 @@ class TestCertificateAuthority(ERP5TypeTestCase):
self.loginByUserName(login) self.loginByUserName(login)
person = self.portal.portal_membership.getAuthenticatedMember().getUserValue() person = self.portal.portal_membership.getAuthenticatedMember().getUserValue()
certificate = person.getCertificate() certificate = person.getCertificate()
certificate_login_list = person.objectValues(
portal_type="Certificate Login"
)
self.assertEquals(len(certificate_login_list), 1)
certificate_login = certificate_login_list[0]
self.assertEquals(certificate_login.getReference(), user_id)
self.assertEquals(certificate_login.getValidationState(), "validated")
self.assertTrue('CN=%s' % user_id in certificate['certificate']) self.assertTrue('CN=%s' % user_id in certificate['certificate'])
person.revokeCertificate() person.revokeCertificate()
...@@ -80,9 +114,56 @@ class TestCertificateAuthority(ERP5TypeTestCase): ...@@ -80,9 +114,56 @@ class TestCertificateAuthority(ERP5TypeTestCase):
self.loginByUserName(login) self.loginByUserName(login)
person = self.portal.portal_membership.getAuthenticatedMember().getUserValue() person = self.portal.portal_membership.getAuthenticatedMember().getUserValue()
certificate = person.getCertificate() certificate = person.getCertificate()
certificate_login_list = person.objectValues(
portal_type="Certificate Login"
)
self.assertEquals(len(certificate_login_list), 1)
certificate_login = certificate_login_list[0]
self.assertEquals(certificate_login.getReference(), user_id)
self.assertTrue('CN=%s' % user_id in certificate['certificate']) self.assertTrue('CN=%s' % user_id in certificate['certificate'])
self.assertEquals(certificate_login.getValidationState(), "validated")
self.assertRaises(ValueError, person.getCertificate) self.assertRaises(ValueError, person.getCertificate)
# Ensure it don't create a second object
certificate_login_list = person.objectValues(
portal_type="Certificate Login"
)
self.assertEquals(len(certificate_login_list), 1)
certificate_login = certificate_login_list[0]
self.assertEquals(certificate_login.getReference(), user_id)
self.assertEquals(certificate_login.getValidationState(), "validated")
def test_person_request_revoke_request_certificate(self):
user_id, login = self._createPerson()
self.loginByUserName(login)
person = self.portal.portal_membership.getAuthenticatedMember().getUserValue()
certificate = person.getCertificate()
certificate_login_list = person.objectValues(
portal_type="Certificate Login"
)
self.assertEquals(len(certificate_login_list), 1)
certificate_login = certificate_login_list[0]
self.assertEquals(certificate_login.getReference(), user_id)
self.assertTrue('CN=%s' % user_id in certificate['certificate'])
self.assertEquals(certificate_login.getValidationState(), "validated")
person.revokeCertificate()
certificate = person.getCertificate()
# Ensure it don't create a second object
certificate_login_list = person.objectValues(
portal_type="Certificate Login"
)
self.assertEquals(len(certificate_login_list), 1)
certificate_login = certificate_login_list[0]
self.assertEquals(certificate_login.getReference(), user_id)
self.assertEquals(certificate_login.getValidationState(), "validated")
def test_person_request_certificate_for_another(self): def test_person_request_certificate_for_another(self):
_, login = self._createPerson() _, login = self._createPerson()
_, login2 = self._createPerson() _, login2 = self._createPerson()
...@@ -91,6 +172,25 @@ class TestCertificateAuthority(ERP5TypeTestCase): ...@@ -91,6 +172,25 @@ class TestCertificateAuthority(ERP5TypeTestCase):
self.loginByUserName(login2) self.loginByUserName(login2)
self.assertRaises(Unauthorized, person.getCertificate) self.assertRaises(Unauthorized, person.getCertificate)
def test_person_duplicated_login_from_another_user(self):
user_id, login = self._createPerson()
person = self.portal.person_module.newContent(portal_type='Person',
reference=str(random.random()), password=login)
person.newContent(portal_type='Assignment').open()
# Try to create a login with other person user_id to cheat the system
person.newContent(portal_type='ERP5 Login', reference=user_id).validate()
self.tic()
self.loginByUserName(login)
person = self.portal.portal_membership.getAuthenticatedMember().getUserValue()
self.assertRaises(ValidationFailed, person.getCertificate)
certificate_login_list = [ i for i in person.objectValues(
portal_type="Certificate Login"
) if i.getValidationState() == "validated"]
self.assertEquals(len(certificate_login_list), 0)
def test_person_revoke_certificate_for_another(self): def test_person_revoke_certificate_for_another(self):
user_id, login = self._createPerson() user_id, login = self._createPerson()
_, login2 = self._createPerson() _, login2 = self._createPerson()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment