Commit 95d29a00 authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_access_token: Fix *_getExternalLogin API

Since the change for use of User ID this code should return reference and portal type of the ERP5 Login object.
parent b8ae8bef
......@@ -2,7 +2,7 @@ from zExceptions import Unauthorized
if REQUEST is not None:
raise Unauthorized
result = None
result = None, None
access_token_document = context
request = context.REQUEST
......@@ -14,7 +14,10 @@ if access_token_document.getValidationState() == 'validated':
agent_document = access_token_document.getAgentValue()
if agent_document is not None:
result = agent_document.Person_getUserId()
portal = agent_document.getPortalObject()
for erp5_login in agent_document.objectValues(portal.getPortalLoginTypeList()):
if erp5_login.getValidationState() == "validated":
result = erp5_login.getReference(), erp5_login.getPortalType()
comment = "Token usage accepted"
access_token_document.invalidate(comment=comment)
......
......@@ -3,7 +3,6 @@ import hmac
if REQUEST is not None:
raise Unauthorized
result = None
access_token_document = context
request = context.REQUEST
......@@ -18,10 +17,13 @@ if access_token_document.getValidationState() == 'validated':
# use hmac.compare_digest and not string comparison to avoid timing attacks
if not hmac.compare_digest(access_token_document.getReference(), reference):
return None
return None, None
agent_document = access_token_document.getAgentValue()
if agent_document is not None:
result = agent_document.Person_getUserId()
portal = agent_document.getPortalObject()
for erp5_login in agent_document.objectValues(portal.getPortalLoginTypeList()):
if erp5_login.getValidationState() == "validated":
return erp5_login.getReference(), erp5_login.getPortalType()
return result
return None, None
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment