Commit 68e67160 authored by Jérome Perrin's avatar Jérome Perrin

authentication_policy: fix credential recovery on password expiration

Credential Recovery are supposed to be related to persons, not logins.
Extend the tests to make sure that after the credential recovery is
accepted a reset password email is sent and fix authentication_policy
scripts to create a Credential Recovery related to the person.
parent cac1377a
Pipeline #8753 failed with stage
in 0 seconds
......@@ -9,25 +9,28 @@ portal = context.getPortalObject()
portal_preferences = portal.portal_preferences
if not portal_preferences.isAuthenticationPolicyEnabled() or \
not portal.portal_preferences.isPreferredSystemRecoverExpiredPassword():
not portal_preferences.isPreferredSystemRecoverExpiredPassword():
# no policy, no sense to file expire at all or symply system do not configured to
return 0
return
user = context.getParentValue()
username = context.getReference()
# Prevent creating new recovery if one was recently created
recovery_list = portal.portal_catalog(
portal_type="Credential Recovery",
reference=context.getReference(),
default_destination_decision_uid=context.getUid(),
reference=username,
default_destination_decision_uid=user.getUid(),
creation_date=Query(range="min", creation_date=addToDate(DateTime(), {'day': -1})),
limit=1)
if (len(recovery_list) > 0):
return 0
if recovery_list:
return
module = portal.getDefaultModule(portal_type='Credential Recovery')
credential_recovery = module.newContent(
portal_type="Credential Recovery",
reference=context.getReference(),
destination_decision_value=context,
reference=username,
destination_decision_value=user,
language=portal.Localizer.get_selected_language())
context.serialize()
credential_recovery.submit()
......@@ -598,7 +598,8 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self.tic()
person = self.createUser(self.id(), password='password')
assignment = person.newContent(portal_type = 'Assignment')
person.setDefaultEmailCoordinateText('user@example.com')
assignment = person.newContent(portal_type='Assignment')
assignment.open()
login = person.objectValues(portal_type='ERP5 Login')[0]
......@@ -618,15 +619,22 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self.tic()
# and a credential recovery is created automatically
credential_recovery, = login.getDestinationDecisionRelatedValueList(
credential_recovery, = person.getDestinationDecisionRelatedValueList(
portal_type='Credential Recovery')
# trying to login again does not create a new credential recovery
response = publish()
self.assertTrue(response.getHeader("Location").endswith("login_form"))
self.tic()
credential_recovery, = login.getDestinationDecisionRelatedValueList(
credential_recovery, = person.getDestinationDecisionRelatedValueList(
portal_type='Credential Recovery')
credential_recovery.accept()
self.tic()
_, (to,), message = self.portal.MailHost._last_message
self.assertEqual(to, 'user@example.com')
self.assertIn('Password Recovery', message)
def test_HttpRequest(self):
"""
Check HTTP responses
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment