Commit 1634fa64 authored by Jérome Perrin's avatar Jérome Perrin

Fix AccessToken login with ERP5 Login

Backport final state of nexedi/erp5!838 API changed a bit after first backport in https://lab.nexedi.com/nexedi/erp5-capago/merge_requests/37

/reviewed-on https://lab.nexedi.com/nexedi/erp5-capago/merge_requests/38
parents 0229018e 3b0291d0
...@@ -54,7 +54,7 @@ ...@@ -54,7 +54,7 @@
</item> </item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>AccessToken_getUserId</string> </value> <value> <string>AccessToken_getUserValue</string> </value>
</item> </item>
</dictionary> </dictionary>
</pickle> </pickle>
......
...@@ -14,7 +14,7 @@ if access_token_document.getValidationState() == 'validated': ...@@ -14,7 +14,7 @@ if access_token_document.getValidationState() == 'validated':
agent_document = access_token_document.getAgentValue() agent_document = access_token_document.getAgentValue()
if agent_document is not None: if agent_document is not None:
result = agent_document.Person_getUserId() result = agent_document
comment = "Token usage accepted" comment = "Token usage accepted"
access_token_document.invalidate(comment=comment) access_token_document.invalidate(comment=comment)
......
...@@ -54,7 +54,7 @@ ...@@ -54,7 +54,7 @@
</item> </item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>OneTimeRestrictedAccessToken_getUserId</string> </value> <value> <string>OneTimeRestrictedAccessToken_getUserValue</string> </value>
</item> </item>
</dictionary> </dictionary>
</pickle> </pickle>
......
...@@ -24,7 +24,8 @@ if access_token_document.getValidationState() == 'validated': ...@@ -24,7 +24,8 @@ if access_token_document.getValidationState() == 'validated':
if agent_document is not None: if agent_document is not None:
if agent_document.getPortalType() == 'Person': if agent_document.getPortalType() == 'Person':
# if this is a token for a person, only make accept if person has valid # if this is a token for a person, only make accept if person has valid
# assignments (for compatibility with login/password authentication) # assignments and a validated login (for compatibility with login/password
# authentication)
if agent_document.getValidationState() == 'deleted': if agent_document.getValidationState() == 'deleted':
return None return None
now = DateTime() now = DateTime()
...@@ -37,6 +38,13 @@ if access_token_document.getValidationState() == 'validated': ...@@ -37,6 +38,13 @@ if access_token_document.getValidationState() == 'validated':
break break
else: else:
return None return None
result = agent_document.Person_getUserId()
user, = context.getPortalObject().acl_users.searchUsers(
exact_match=True,
id=agent_document.Person_getUserId())
if not user['login_list']:
return None
result = agent_document
return result return result
...@@ -54,7 +54,7 @@ ...@@ -54,7 +54,7 @@
</item> </item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>RestrictedAccessToken_getUserId</string> </value> <value> <string>RestrictedAccessToken_getUserValue</string> </value>
</item> </item>
</dictionary> </dictionary>
</pickle> </pickle>
......
...@@ -67,10 +67,7 @@ class ERP5AccessTokenExtractionPlugin(BasePlugin): ...@@ -67,10 +67,7 @@ class ERP5AccessTokenExtractionPlugin(BasePlugin):
if token: if token:
creds['erp5_access_token_id'] = token creds['erp5_access_token_id'] = token
creds['remote_host'] = request.get('REMOTE_HOST', '') creds['remote_host'] = request.get('REMOTE_HOST', '')
try:
creds['remote_address'] = request.getClientAddr() creds['remote_address'] = request.getClientAddr()
except AttributeError:
creds['remote_address'] = request.get('REMOTE_ADDR', '')
return creds return creds
####################### #######################
...@@ -84,23 +81,12 @@ class ERP5AccessTokenExtractionPlugin(BasePlugin): ...@@ -84,23 +81,12 @@ class ERP5AccessTokenExtractionPlugin(BasePlugin):
erp5_access_token_id = credentials['erp5_access_token_id'] erp5_access_token_id = credentials['erp5_access_token_id']
token_document = self.getPortalObject().access_token_module.\ token_document = self.getPortalObject().access_token_module.\
_getOb(erp5_access_token_id, None) _getOb(erp5_access_token_id, None)
# Access Token should be validated
# Check restricted access of URL
# Extract login information
if token_document is not None: if token_document is not None:
# Token API changed from returning a login to returning a user id. method = token_document._getTypeBasedMethod('getUserValue')
# We detect if the old way of configuration is still in place and
# advise that configuration has to be updated in that case.
method = token_document._getTypeBasedMethod('getExternalLogin')
assert method is None, "Please update and remove obsolete method %r" % method
user_id = None
method = token_document._getTypeBasedMethod('getUserId')
if method is not None: if method is not None:
user_id = method() user_value = method()
if user_value is not None:
if user_id is not None: return (user_value.getUserId(), token_document.getRelativeUrl())
return (user_id, 'token {erp5_access_token_id} for {user_id}'.format(**locals()))
#Form for new plugin in ZMI #Form for new plugin in ZMI
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment