erp5_certificate_authority: Implement backward-compatibility with ERP5 Login

Also extend tests to cover recently changes

erp5_certificate_authority: Implement backward-compatibility with ERP5 Login
Also extend tests to cover recently changes
994f2921 · Rafael Monnerat · 2857d1a6 · 994f2921 · 994f2921
Commit 994f2921 authored Aug 26, 2019 by Rafael Monnerat
2 changed files
--- a/bt5/erp5_certificate_authority/DocumentTemplateItem/portal_components/document.erp5_certificate_authority.Person.py
+++ b/bt5/erp5_certificate_authority/DocumentTemplateItem/portal_components/document.erp5_certificate_authority.Person.py
@@ -7,7 +7,16 @@ class Person(ERP5Person):
  security.declarePublic('getCertificate')
  def _getCertificateLoginDocument(self):
-    for _certificate_login in self.objectValues(portal_type="Certificate Login"):
+    for _erp5_login in self.objectValues(
+          portal_type=["ERP5 Login"]):
+      if _erp5_login.getValidationState() == "validated" and \
+        _erp5_login.getReference() == self.getUserId():
+        # The user already created a Login document as UserId, so 
+        # So just use this one.
+        return _erp5_login
+    for _certificate_login in self.objectValues(
+         portal_type=["Certificate Login"]):
      if _certificate_login.getValidationState() == "validated":
        return _certificate_login

--- a/bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5_certificate_authority.testCertificateAuthorityTool.py
+++ b/bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5_certificate_authority.testCertificateAuthorityTool.py
@@ -31,6 +31,7 @@ import os
 import random
 import unittest
 from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
+from Products.DCWorkflow.DCWorkflow import ValidationFailed
 from AccessControl import Unauthorized
 class TestCertificateAuthority(ERP5TypeTestCase):
@@ -39,8 +40,9 @@ class TestCertificateAuthority(ERP5TypeTestCase):
    return "Test Certificate Authority"
  def afterSetUp(self):
-    self.portal.portal_certificate_authority.certificate_authority_path = \
+    if "TEST_CA_PATH" in os.environ:
-        os.environ['TEST_CA_PATH']
+      self.portal.portal_certificate_authority.certificate_authority_path = \
+          os.environ['TEST_CA_PATH']
  def getBusinessTemplateList(self):
    return ('erp5_base', 'erp5_certificate_authority')
@@ -59,6 +61,30 @@ class TestCertificateAuthority(ERP5TypeTestCase):
    self.loginByUserName(login)
    person = self.portal.portal_membership.getAuthenticatedMember().getUserValue()
    certificate = person.getCertificate()
+    certificate_login_list = person.objectValues(
+      portal_type="Certificate Login"
+    )
+    self.assertEquals(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    self.assertEquals(certificate_login.getReference(), user_id)
+    self.assertEquals(certificate_login.getValidationState(), "validated")
+    self.assertTrue('CN=%s' % user_id in certificate['certificate'])
+  def test_person_duplicated_login(self):
+    user_id, login = self._createPerson()
+    self.loginByUserName(login)
+    person = self.portal.portal_membership.getAuthenticatedMember().getUserValue()
+    person.newContent(portal_type='ERP5 Login', reference=user_id).validate()
+    self.tic()
+    certificate = person.getCertificate()
+    certificate_login_list = person.objectValues(
+      portal_type="Certificate Login"
+    )
+    # If a erp5_login is already using the User ID, just reuse it for now
+    self.assertEquals(len(certificate_login_list), 0)
    self.assertTrue('CN=%s' % user_id in certificate['certificate'])
  def test_person_revoke_certificate(self):
@@ -72,6 +98,14 @@ class TestCertificateAuthority(ERP5TypeTestCase):
    self.loginByUserName(login)
    person = self.portal.portal_membership.getAuthenticatedMember().getUserValue()
    certificate = person.getCertificate()
+    certificate_login_list = person.objectValues(
+      portal_type="Certificate Login"
+    )
+    self.assertEquals(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    self.assertEquals(certificate_login.getReference(), user_id)
+    self.assertEquals(certificate_login.getValidationState(), "validated")
    self.assertTrue('CN=%s' % user_id in certificate['certificate'])
    person.revokeCertificate()
@@ -80,9 +114,56 @@ class TestCertificateAuthority(ERP5TypeTestCase):
    self.loginByUserName(login)
    person = self.portal.portal_membership.getAuthenticatedMember().getUserValue()
    certificate = person.getCertificate()
+    certificate_login_list = person.objectValues(
+      portal_type="Certificate Login"
+    )
+    self.assertEquals(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    self.assertEquals(certificate_login.getReference(), user_id)
    self.assertTrue('CN=%s' % user_id in certificate['certificate'])
+    self.assertEquals(certificate_login.getValidationState(), "validated")
    self.assertRaises(ValueError, person.getCertificate)
+    # Ensure it don't create a second object
+    certificate_login_list = person.objectValues(
+      portal_type="Certificate Login"
+    )
+    self.assertEquals(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    self.assertEquals(certificate_login.getReference(), user_id)
+    self.assertEquals(certificate_login.getValidationState(), "validated")
+  def test_person_request_revoke_request_certificate(self):
+    user_id, login = self._createPerson()
+    self.loginByUserName(login)
+    person = self.portal.portal_membership.getAuthenticatedMember().getUserValue()
+    certificate = person.getCertificate()
+    certificate_login_list = person.objectValues(
+      portal_type="Certificate Login"
+    )
+    self.assertEquals(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    self.assertEquals(certificate_login.getReference(), user_id)
+    self.assertTrue('CN=%s' % user_id in certificate['certificate'])
+    self.assertEquals(certificate_login.getValidationState(), "validated")
+    person.revokeCertificate()
+    certificate = person.getCertificate()
+    # Ensure it don't create a second object
+    certificate_login_list = person.objectValues(
+      portal_type="Certificate Login"
+    )
+    self.assertEquals(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    self.assertEquals(certificate_login.getReference(), user_id)
+    self.assertEquals(certificate_login.getValidationState(), "validated")
  def test_person_request_certificate_for_another(self):
    _, login = self._createPerson()
    _, login2 = self._createPerson()
@@ -91,6 +172,25 @@ class TestCertificateAuthority(ERP5TypeTestCase):
    self.loginByUserName(login2)
    self.assertRaises(Unauthorized, person.getCertificate)
+  def test_person_duplicated_login_from_another_user(self):
+    user_id, login = self._createPerson()    
+    person = self.portal.person_module.newContent(portal_type='Person',
+      reference=str(random.random()), password=login)
+    person.newContent(portal_type='Assignment').open()
+    # Try to create a login with other person user_id to cheat the system
+    person.newContent(portal_type='ERP5 Login', reference=user_id).validate()
+    self.tic()
+    self.loginByUserName(login)
+    person = self.portal.portal_membership.getAuthenticatedMember().getUserValue()
+    self.assertRaises(ValidationFailed, person.getCertificate)
+    certificate_login_list = [ i for i in person.objectValues(
+      portal_type="Certificate Login"
+    ) if i.getValidationState() == "validated"]
+    self.assertEquals(len(certificate_login_list), 0)
  def test_person_revoke_certificate_for_another(self):
    user_id, login = self._createPerson()
    _, login2 = self._createPerson()