Commit 7862ea47 authored by Rafael Monnerat's avatar Rafael Monnerat

Master: Include authentification Policy BT5

  slapos_erp5: Add erp5_authentication_policy as project dependency
  slapos_cloud: Define standard configuration for authentication policy
  Update tests on various bt5.
parent e95da4ac
......@@ -264,6 +264,18 @@ It\'s the lowest priority one; ie. managers can create higher priority preferenc
<key> <string>preferred_date_order</string> </key>
<value> <string>ymd</string> </value>
</item>
<item>
<key> <string>preferred_diff_filter_script_id</string> </key>
<value>
<tuple>
<string>TemplateTool_filterClassTupleDiff</string>
<string>TemplateTool_filterTemplateUnicodeDiff</string>
<string>TemplateTool_filterPortalTypeClassDiff</string>
<string>TemplateTool_filterOOBTreeClassDiff</string>
<string>TemplateTool_filterEmptyContentTranslation</string>
</tuple>
</value>
</item>
<item>
<key> <string>preferred_document_file_name_regular_expression</string> </key>
<value> <string encoding="cdata"><![CDATA[
......
......@@ -93,6 +93,18 @@
<key> <string>preferred_aggregated_subscription_sale_trade_condition</string> </key>
<value> <string>sale_trade_condition_module/slapos_aggregated_subscription_trade_condition</string> </value>
</item>
<item>
<key> <string>preferred_authentication_failure_block_duration</string> </key>
<value> <int>1800</int> </value>
</item>
<item>
<key> <string>preferred_authentication_failure_check_duration</string> </key>
<value> <int>5400</int> </value>
</item>
<item>
<key> <string>preferred_authentication_policy_enabled</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>preferred_campaign_use</string> </key>
<value>
......@@ -165,6 +177,14 @@
<key> <string>preferred_instance_update_movement_template</string> </key>
<value> <string>sale_packing_list_module/slapos_accounting_instance_delivery_line_template/update</string> </value>
</item>
<item>
<key> <string>preferred_max_authentication_failure</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>preferred_max_password_lifetime_duration</string> </key>
<value> <int>1008</int> </value>
</item>
<item>
<key> <string>preferred_maximum_balance</string> </key>
<value> <float>-50.0</float> </value>
......@@ -273,6 +293,10 @@
</tuple>
</value>
</item>
<item>
<key> <string>preferred_system_recover_expired_password</string> </key>
<value> <int>1</int> </value>
</item>
<item>
<key> <string>preferred_time_zone</string> </key>
<value> <string>Europe/Paris</string> </value>
......@@ -289,6 +313,10 @@
<key> <string>preferred_wechat_payment_service_reference</string> </key>
<value> <string>PSERV-Wechat-Test</string> </value>
</item>
<item>
<key> <string>preffered_force_username_check_in_password</string> </key>
<value> <int>1</int> </value>
</item>
<item>
<key> <string>priority</string> </key>
<value> <int>1</int> </value>
......
......@@ -118,10 +118,13 @@ class SlapOSTestCaseMixin(testSlapOSMixin):
return person_user
def _addERP5Login(self, document):
def _addERP5Login(self, document, **kw):
if document.getPortalType() == "Person":
kw["password"] = "%s-aA$1" % self.generateNewId()
login = document.newContent(
portal_type="ERP5 Login",
reference=document.getReference())
reference=document.getReference(),
**kw)
login.validate()
return login
......
......@@ -60,7 +60,8 @@ class TestSlapOSSecurityMixin(SlapOSTestCaseMixin):
for _, plugin in uf._getOb('plugins').listPlugins(
IAuthenticationPlugin ):
if plugin.authenticateCredentials(
{'login_portal_type': ('ERP5 Login', 'Certificate Login'),
{'login_portal_type': ('ERP5 Login', 'Certificate Login',
'Facebook Login', 'Google Login'),
'external_login': login}) is not None:
break
else:
......@@ -182,18 +183,23 @@ class TestSlapOSSoftwareInstanceSecurity(TestSlapOSSecurityMixin):
class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin):
def test_active(self, login_portal_type="Certificate Login"):
password = str(random.random())
password = '%s-aA1$' % str(random.random())
reference = self._generateRandomUniqueReference('Person')
user_id = self._generateRandomUniqueUserId('Person')
person = self.portal.person_module.newContent(
portal_type='Person',
reference=reference, password=password)
reference=reference)
person.setUserId(user_id)
person.newContent(portal_type='Assignment').open()
if login_portal_type == "ERP5 Login":
person.newContent(portal_type=login_portal_type,
reference=reference,
password=password).validate()
else:
person.newContent(portal_type=login_portal_type,
reference=reference, password=password).validate()
reference=reference).validate()
self.tic()
......@@ -229,20 +235,24 @@ class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin):
self.assertSameSet(['R-MEMBER', 'G-COMPANY'], user.getGroups())
def test_inactive(self, login_portal_type="Certificate Login"):
password = str(random.random())
password = '%s-aA1$' % str(random.random())
reference = self._generateRandomUniqueReference('Person')
user_id = self._generateRandomUniqueReference('Person')
person = self.portal.person_module.newContent(portal_type='Person',
reference=reference, password=password)
reference=reference)
self.tic()
self._assertUserDoesNotExists(user_id, reference, password)
if login_portal_type == "ERP5 Login":
person.newContent(portal_type=login_portal_type,
reference=reference,
password=password).validate()
else:
person.newContent(portal_type=login_portal_type,
reference=reference).validate()
self.tic()
self._assertUserDoesNotExists(user_id, reference, password)
......@@ -253,7 +263,17 @@ class TestSlapOSPersonSecurity(TestSlapOSSecurityMixin):
def test_inactive_erp5_login(self):
self.test_inactive(login_portal_type="ERP5 Login")
def test_active_facebook_login(self):
self.test_active(login_portal_type="Facebook Login")
def test_inactive_facebook_login(self):
self.test_inactive(login_portal_type="Facebook Login")
def test_active_google_login(self):
self.test_active(login_portal_type="Google Login")
def test_inactive_google_login(self):
self.test_inactive(login_portal_type="Google Login")
def test_suite():
......
......@@ -27,6 +27,7 @@ import os
class TestSlapOSConfigurator(SlapOSTestCaseMixin):
maxDiff = None
def bootstrapSite(self):
SlapOSTestCaseMixin.bootstrapSite(self)
self.getBusinessConfiguration().BusinessConfiguration_invokeSlapOSMasterPromiseAlarmList()
......@@ -338,6 +339,7 @@ class TestSlapOSConfigurator(SlapOSTestCaseMixin):
'erp5_slapos_tutorial',
'erp5_slapos_tutorial_data',
'erp5_slideshow_style',
'erp5_authentication_policy',
'slapos_cloud',
'slapos_slap_tool',
'slapos_category',
......
......@@ -28,7 +28,12 @@ class TestSlaposSkinSelection(SlapOSTestCaseMixin):
# Ignore these bt5 as they might be present on development instances
# but not present on the test.
ignore_list = ["slapos_ui_test"]
ignore_list = [
# UI testing folders not deployed by Configurator
"slapos_ui_test", "slapos_zh_ui_test",
# Legacy and/or custom bt5 folders
"slapos_vifib", "rapid_space", "rapid_space_ui_test"]
def getTitle(self):
return "Slapos Skin Selection"
......@@ -150,6 +155,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......@@ -266,6 +272,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......@@ -383,6 +390,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......@@ -496,6 +504,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......@@ -613,6 +622,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......@@ -730,6 +740,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......@@ -844,6 +855,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......@@ -959,6 +971,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......@@ -1073,6 +1086,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......@@ -1188,6 +1202,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......@@ -1303,6 +1318,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......@@ -1419,6 +1435,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......@@ -1535,6 +1552,7 @@ erp5_access_tab
erp5_access_token
erp5_accounting
erp5_administration
erp5_authentication_policy
erp5_auto_logout
erp5_base
erp5_bearer_token
......
erp5_authentication_policy
erp5_administration
erp5_credential
erp5_project
......
......@@ -2249,13 +2249,14 @@ class TestSlapOSSlapToolInstanceAccess(TestSlapOSSlapToolMixin):
class TestSlapOSSlapToolPersonAccess(TestSlapOSSlapToolMixin):
def afterSetUp(self):
password = self.generateNewId()
password = "%s-1Aa$" % self.generateNewId()
reference = 'test_%s' % self.generateNewId()
person = self.portal.person_module.newContent(portal_type='Person',
title=reference,
reference=reference, password=password)
reference=reference)
person.newContent(portal_type='Assignment', role='member').open()
person.newContent(portal_type='ERP5 Login', reference=reference).validate()
person.newContent(portal_type='ERP5 Login',
reference=reference, password=password).validate()
self.commit()
self.person = person
......
......@@ -226,6 +226,7 @@ class testSlapOSMixin(ERP5TypeTestCase):
def bootstrapSite(self):
self.logMessage('SlapOS bootstrapSite')
self.getDefaultSystemPreference().setPreferredHateoasUrl("http://dummy/")
self.getDefaultSystemPreference().setPreferredAuthenticationPolicyEnabled(True)
self.clearCache()
self.tic()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment