Commit a56a5431 authored by Ivan Tyagov's avatar Ivan Tyagov

Add remote authentication PAS plugin.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@25619 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent aa7e7631
##############################################################################
#
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights
# Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this
# distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
""" Classes: ERP5RemoteUserManager
"""
from Globals import InitializeClass
from AccessControl import ClassSecurityInfo
from AccessControl.SecurityManagement import getSecurityManager,\
setSecurityManager, newSecurityManager
from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlugin, \
IUserEnumerationPlugin
from Products.ERP5Type.Cache import CachingMethod
from DateTime import DateTime
from Products.ERP5Security.ERP5UserManager import ERP5UserManager, SUPER_USER
manage_addERP5RemoteUserManagerForm = PageTemplateFile(
'../dtml/ERP5Security_addERP5RemoteUserManager', globals(),
__name__='manage_addERP5RemoteUserManagerForm' )
def addERP5RemoteUserManager(dispatcher, id, title=None, REQUEST=None):
""" Add a ERP5UserManager to a Pluggable Auth Service. """
eum = ERP5RemoteUserManager(id, title)
print eum
dispatcher._setObject(eum.getId(), eum)
if REQUEST is not None:
REQUEST['RESPONSE'].redirect(
'%s/manage_workspace'
'?manage_tabs_message='
'ERP5RemoteUserManager+added.'
% dispatcher.absolute_url())
class ERP5RemoteUserManager(ERP5UserManager):
""" PAS plugin for managing users in remote ERP5 instance
"""
meta_type = 'ERP5 Remote User Manager'
security = ClassSecurityInfo()
#
# IAuthenticationPlugin implementation
#
security.declarePrivate( 'authenticateCredentials' )
def authenticateCredentials(self, credentials):
""" See IAuthenticationPlugin.
o We expect the credentials to be those returned by
ILoginPasswordExtractionPlugin.
"""
# Forbidden the usage of the super user.
if credentials.get('login') == SUPER_USER:
return None
def _authenticateCredentials(login, password, path):
if not login or not password:
return None
user_list = self.getUserByLogin(login)
if not user_list:
return None
user = user_list[0]
sm = getSecurityManager()
if sm.getUser().getId() != SUPER_USER:
newSecurityManager(self, self.getUser(SUPER_USER))
try:
# get assignment
assignment_list = [x for x in user.contentValues(portal_type="Assignment") \
if x.getValidationState() == "open"]
valid_assignment_list = []
# check dates if exist
login_date = DateTime()
for assignment in assignment_list:
if assignment.getStartDate() is not None and \
assignment.getStartDate() > login_date:
continue
if assignment.getStopDate() is not None and \
assignment.getStopDate() < login_date:
continue
valid_assignment_list.append(assignment)
# validate to remote ERP5 instance
portal = self.getPortalObject()
is_authenticated = int(portal.WizardTool_authenticateCredentials(login , password))
if is_authenticated:
print is_authenticated
return login, login
finally:
setSecurityManager(sm)
return None
_authenticateCredentials = CachingMethod(_authenticateCredentials,
id='ERP5RemoteUserManager_authenticateCredentials',
cache_factory='erp5_content_short')
return _authenticateCredentials(
login=credentials.get('login'),
password=credentials.get('password'),
path=self.getPhysicalPath())
classImplements( ERP5RemoteUserManager
, IAuthenticationPlugin
, IUserEnumerationPlugin
)
InitializeClass(ERP5RemoteUserManager)
......@@ -31,9 +31,19 @@
from Products.ERP5Type.Utils import initializeProduct, updateGlobals
import sys, Permissions
from AccessControl.Permissions import manage_users as ManageUsers
from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin
from Products.PluggableAuthService.permissions import ManageGroups
from Products.ERP5Wizard.PAS.ERP5RemoteUserManager import \
ERP5RemoteUserManager, manage_addERP5RemoteUserManagerForm, addERP5RemoteUserManager
this_module = sys.modules[ __name__ ]
document_classes = updateGlobals(this_module, globals(), permissions_module=Permissions)
registerMultiPlugin(ERP5RemoteUserManager.meta_type)
# Finish installation
def initialize(context):
import Document
......@@ -51,3 +61,13 @@ def initialize(context):
portal_tools=portal_tools,
content_constructors=content_constructors,
content_classes=content_classes)
# register ERP5Security plugin for Wizard
context.registerClass( ERP5RemoteUserManager
, permission=ManageUsers
, constructors=(
manage_addERP5RemoteUserManagerForm,
addERP5RemoteUserManager, )
, visibility=None
, icon='dtml/remote_user_manager_plugin.gif'
)
<h1 tal:replace="structure here/manage_page_header">Header</h1>
<h2 tal:define="form_title string:Add ERP5 Remote User Manager"
tal:replace="structure here/manage_form_title">Form Title</h2>
<p class="form-help">
ERP5 Remote User Manager applys the users managed in remote ERP5 instance's person module
to the Pluggable Authentication Service
</p>
<form action="addERP5RemoteUserManager" method="post">
<table cellspacing="0" cellpadding="2" border="0">
<tr>
<td align="left" valign="top">
<div class="form-label">
Id
</div>
</td>
<td align="left" valign="top">
<input type="text" name="id" size="40" />
</td>
</tr>
<tr>
<td align="left" valign="top">
<div class="form-optional">
Title
</div>
</td>
<td align="left" valign="top">
<input type="text" name="title" size="40" />
</td>
</tr>
<tr>
<td align="left" valign="top">
</td>
<td align="left" valign="top">
<div class="form-element">
<input class="form-element" type="submit" name="submit"
value=" Add " />
</div>
</td>
</tr>
</table>
</form>
<h1 tal:replace="structure here/manage_page_footer">Footer</h1>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment