Add key authentication plugin (preliminary work of FX) and extend tests to...

Add key authentication plugin (preliminary work of FX) and extend tests to basic cover it. This is a work in progress and needs improvements (see XXX) and better test coverage. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@34434 20353a03-c40f-0410-a6d1-a30d3c3de9de

Add key authentication plugin (preliminary work of FX) and extend tests to...
Add key authentication plugin (preliminary work of FX) and extend tests to basic cover it. This is a work in progress and needs improvements (see XXX) and better test coverage. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@34434 20353a03-c40f-0410-a6d1-a30d3c3de9de
b45f325f · Ivan Tyagov · f8179b18 · b45f325f · b45f325f · b45f325f
Commit b45f325f authored Apr 09, 2010 by Ivan Tyagov
5 changed files
--- a/product/ERP5Security/ERP5KeyAuthPlugin.py
+++ b/product/ERP5Security/ERP5KeyAuthPlugin.py
--- a/product/ERP5Security/__init__.py
+++ b/product/ERP5Security/__init__.py
@@ -25,6 +25,7 @@ import ERP5UserManager
 import ERP5GroupManager
 import ERP5RoleManager
 import ERP5UserFactory
+import ERP5KeyAuthPlugin

 def mergedLocalRoles(object):
  """Returns a merging of object and its ancestors'
@@ -58,6 +59,7 @@ registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type)
 registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type)
 registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type)
 registerMultiPlugin(ERP5UserFactory.ERP5UserFactory.meta_type)
+registerMultiPlugin(ERP5KeyAuthPlugin.ERP5KeyAuthPlugin.meta_type)

 def initialize(context):

@@ -97,3 +99,12 @@ def initialize(context):
                         , icon='www/portal.gif'
                         )

+    context.registerClass( ERP5KeyAuthPlugin.ERP5KeyAuthPlugin
+                         , permission=ManageUsers
+                         , constructors=(
+                            ERP5KeyAuthPlugin.manage_addERP5KeyAuthPluginForm,
+                            ERP5KeyAuthPlugin.addERP5KeyAuthPlugin, )
+                         , visibility=None
+                         , icon='www/portal.gif'
+                         )
+
--- a/product/ERP5Security/tests/testERP5Security.py
+++ b/product/ERP5Security/tests/testERP5Security.py
@@ -619,6 +619,56 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
                            basic='guest:guest')
    self.assertEqual(response.getStatus(), 401)

+  def testKeyAuthentication(self):
+    """
+     Make sure that we can grant security using a key.
+    """
+    # add key authentication PAS plugin
+    portal = self.portal
+    uf = portal.acl_users
+    uf.manage_addProduct['ERP5Security'].addERP5KeyAuthPlugin(
+         id="erp5_auth_key", \
+         title="ERP5 Auth key",\
+         encryption_key='fdgfhkfjhltylutyu',
+         cookie_name='__key',\
+         default_cookie_name='__ac')
+
+    erp5_auth_key_plugin = getattr(uf, "erp5_auth_key")
+    erp5_auth_key_plugin.manage_activateInterfaces(
+       interfaces=['IExtractionPlugin',
+                   'IAuthenticationPlugin',
+                   'ICredentialsUpdatePlugin',
+                   'ICredentialsResetPlugin'])
+    self.stepTic()
+
+    reference = 'UserReferenceTextWhichShouldBeHardToGeneratedInAnyHumanOrComputerLanguage'
+    loginable_person = self.getPersonModule().newContent(portal_type='Person',
+                                                         reference=reference,
+                                                         password='guest')
+    assignment = loginable_person.newContent(portal_type='Assignment',
+                                             function='another_subcat')
+    assignment.open()
+    self.stepTic()
+
+    # encrypt & decrypt works 
+    key = erp5_auth_key_plugin.encrypt(reference)
+    self.assertNotEquals(reference, key)
+    self.assertEquals(reference, erp5_auth_key_plugin.decrypt(key))
+    base_url = '%s/view' %portal.absolute_url(relative=1)
+
+    # without key we are Anonymous User so we should be redirected with proper HTML
+    # status code to login_form
+    response = self.publish(base_url)
+    self.assertEqual(response.getStatus(), 302)
+    self.assertTrue('location' in response.headers.keys())
+    self.assertTrue(response.headers['location'].endswith('login_form'))
+     
+    # view front page we should be logged in if we use authentication key
+    response = self.publish('%s?__ac_key=%s' %(base_url, key))
+    self.assertEqual(response.getStatus(), 200)
+    self.assertTrue(reference in response.getBody())
+
+
 def test_suite():
  suite = unittest.TestSuite()
  suite.addTest(unittest.makeSuite(TestUserManagement))

--- a/product/ERP5Security/www/ERP5Security_addERP5KeyAuthPlugin.zpt
+++ b/product/ERP5Security/www/ERP5Security_addERP5KeyAuthPlugin.zpt
+<h1 tal:replace="structure context/manage_page_header">PAGE HEADER</h1>
+<h2 tal:define="form_title string:Add ERP5 Key Authentication PAS"
+    tal:replace="structure context/manage_form_title">FORM TITLE</h2>
+
+<p class="form-help">Please input the configuration</p>
+
+<form action="addERP5KeyAuthPlugin" method="POST">
+<table cellspacing="0" cellpadding="2" border="0">
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-label">
+    Id
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="id" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-label">
+    Title
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="title" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-label">
+    Encryption Key
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="encryption_key" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-label">
+    Cookie Name
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="cookie_name"
+           value="__key" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td align="left" valign="top">
+    <div class="form-label">
+    Default Cookie Name
+    </div>
+    </td>
+    <td align="left" valign="top">
+    <input type="text" name="default_cookie_name" 
+           value="__ac" size="40" />
+    </td>
+  </tr>
+  <tr>
+    <td colspan="2"> <input type="submit" value="add plugin"/>
+    </td>
+  </tr>
+</table>
+</form>
+
+<h1 tal:replace="structure context/manage_page_footer">PAGE FOOTER</h1>
--- a/product/ERP5Security/www/ERP5Security_editERP5KeyAuthPlugin.zpt
+++ b/product/ERP5Security/www/ERP5Security_editERP5KeyAuthPlugin.zpt
+<h1 tal:replace="structure context/manage_page_header">PAGE HEADER</h1>
+<h2 tal:replace="structure here/manage_tabs"> TABS </h2>
+<h2 tal:define="form_title string:Edit ERP5 Key Authentification Plugin"
+    tal:replace="structure context/manage_form_title">FORM TITLE</h2>
+
+<p class="form-help">Please input the configuration for the radius host</p>
+
+<form action="manage_editKeyAuthPlugin" method="POST">
+
+<table tal:define="encryption_key request/encryption_key|context/encryption_key|string:;
+                   default_cookie_name request/default_cookie_name|context/default_cookie_name|string:;
+                   cookie_name request/cookie_name|context/cookie_name|string:;">
+
+<tr>
+   <td> Encryption Key </td>
+   <td>
+     <input type="text" name="encryption_key" value=""
+            tal:attributes="value encryption_key;" />
+   </td>
+</tr>
+<tr>
+   <td> Cookie Name </td>
+   <td>
+     <input type="text" name="cookie_name" value=""
+            tal:attributes="value cookie_name;" />
+   </td>
+</tr>
+<tr>
+   <td> Default Cookie Name </td>
+   <td>
+     <input type="text" name="default_cookie_name" value=""
+            tal:attributes="value default_cookie_name;" />
+   </td>
+</tr>
+<tr>
+   <td colspan="2"> 
+    <input type="submit" value="save"/>
+   </td>
+</tr>
+
+</table>
+
+</form>
+
+<h1 tal:replace="structure context/manage_page_footer">PAGE FOOTER</h1>