Commit 6c4b8912 authored by Łukasz Nowak's avatar Łukasz Nowak

Support external_login in authenticateCredentials

Thanks to this no need of code duplication is required, and
ERP5ExternalAuthenticationPlugin can be responsible for only one thing:
extraction of credentials passed by external service.
parent f51bd472
...@@ -120,70 +120,6 @@ class ERP5ExternalAuthenticationPlugin(ERP5UserManager): ...@@ -120,70 +120,6 @@ class ERP5ExternalAuthenticationPlugin(ERP5UserManager):
return creds return creds
################################
# IAuthenticationPlugin #
################################
security.declarePrivate('authenticateCredentials')
def authenticateCredentials(self, credentials):
"""Authentificate with credentials"""
login = credentials.get('external_login', None)
# Forbidden the usage of the super user.
if login == SUPER_USER:
return None
#Function to allow cache
def _authenticateCredentials(login):
if not login:
return None
#Search the user by his login
user_list = self.getUserByLogin(login)
if len(user_list) != 1:
raise _AuthenticationFailure()
user = user_list[0]
#We need to be super_user
sm = getSecurityManager()
if sm.getUser().getId() != SUPER_USER:
newSecurityManager(self, self.getUser(SUPER_USER))
try:
# get assignment list
assignment_list = [x for x in user.objectValues(portal_type="Assignment") \
if x.getValidationState() == "open"]
valid_assignment_list = []
# check dates if exist
login_date = DateTime()
for assignment in assignment_list:
if assignment.getStartDate() is not None and \
assignment.getStartDate() > login_date:
continue
if assignment.getStopDate() is not None and \
assignment.getStopDate() < login_date:
continue
valid_assignment_list.append(assignment)
# validate
if len(valid_assignment_list) > 0:
return (login,login)
finally:
setSecurityManager(sm)
raise _AuthenticationFailure()
#Cache Method for best performance
_authenticateCredentials = CachingMethod(
_authenticateCredentials,
id='ERP5ExternalAuthenticationPlugin_authenticateCredentials',
cache_factory='erp5_content_short')
try:
return _authenticateCredentials(login=login)
except _AuthenticationFailure:
return None
except StandardError,e:
#Log standard error
LOG('ERP5ExternalAuthenticationPlugin.authenticateCredentials', PROBLEM, str(e))
return None
################################ ################################
# Properties for ZMI managment # # Properties for ZMI managment #
################################ ################################
...@@ -219,7 +155,6 @@ class ERP5ExternalAuthenticationPlugin(ERP5UserManager): ...@@ -219,7 +155,6 @@ class ERP5ExternalAuthenticationPlugin(ERP5UserManager):
#List implementation of class #List implementation of class
classImplements(ERP5ExternalAuthenticationPlugin, classImplements(ERP5ExternalAuthenticationPlugin,
plugins.IAuthenticationPlugin,
plugins.ILoginPasswordHostExtractionPlugin) plugins.ILoginPasswordHostExtractionPlugin)
InitializeClass(ERP5ExternalAuthenticationPlugin) InitializeClass(ERP5ExternalAuthenticationPlugin)
...@@ -118,12 +118,18 @@ class ERP5UserManager(BasePlugin): ...@@ -118,12 +118,18 @@ class ERP5UserManager(BasePlugin):
o We expect the credentials to be those returned by o We expect the credentials to be those returned by
ILoginPasswordExtractionPlugin. ILoginPasswordExtractionPlugin.
""" """
login = credentials.get('login')
ignore_password = False
if not login:
login = credentials.get('external_login')
ignore_password = True
# Forbidden the usage of the super user. # Forbidden the usage of the super user.
if credentials.get('login') == SUPER_USER: if login == SUPER_USER:
return None return None
def _authenticateCredentials(login, password, path): def _authenticateCredentials(login, password, path,
if not login or not password: ignore_password=False):
if not login or not (password or ignore_password):
return None return None
user_list = self.getUserByLogin(login) user_list = self.getUserByLogin(login)
...@@ -151,7 +157,7 @@ class ERP5UserManager(BasePlugin): ...@@ -151,7 +157,7 @@ class ERP5UserManager(BasePlugin):
continue continue
valid_assignment_list.append(assignment) valid_assignment_list.append(assignment)
if pw_validate(user.getPassword(), password) and \ if (ignore_password or pw_validate(user.getPassword(), password)) and \
len(valid_assignment_list) and user \ len(valid_assignment_list) and user \
.getValidationState() != 'deleted': #user.getCareerRole() == 'internal': .getValidationState() != 'deleted': #user.getCareerRole() == 'internal':
return login, login # use same for user_id and login return login, login # use same for user_id and login
...@@ -164,9 +170,10 @@ class ERP5UserManager(BasePlugin): ...@@ -164,9 +170,10 @@ class ERP5UserManager(BasePlugin):
cache_factory='erp5_content_short') cache_factory='erp5_content_short')
try: try:
authentication_result = _authenticateCredentials( authentication_result = _authenticateCredentials(
login=credentials.get('login'), login=login,
password=credentials.get('password'), password=credentials.get('password'),
path=self.getPhysicalPath()) path=self.getPhysicalPath(),
ignore_password=ignore_password)
except _AuthenticationFailure: except _AuthenticationFailure:
authentication_result = None authentication_result = None
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment