erp5_authentication_policy: migrate to ERP5 Login authentication.

bt5/erp5_authentication_policy/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml

 <workflow_chain>
  <chain>
-  <type>Person</type>
+  <type>ERP5 Login</type>
   <workflow>password_interaction_workflow</workflow>
  </chain>
 </workflow_chain>
\ No newline at end of file

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_analyzePassword.xml → bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_analyzePassword.xml

@@ -62,7 +62,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Person_analyzePassword</string> </value>
+            <value> <string>Login_analyzePassword</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_getListboxUrl.xml → bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_getListboxUrl.xml

@@ -54,7 +54,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Person_getListboxUrl</string> </value>
+            <value> <string>Login_getListboxUrl</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_isLoginBlocked.xml → bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_isLoginBlocked.xml

@@ -62,7 +62,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Person_isLoginBlocked</string> </value>
+            <value> <string>Login_isLoginBlocked</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_isPasswordExpired.xml → bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_isPasswordExpired.xml

@@ -62,7 +62,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Person_isPasswordExpired</string> </value>
+            <value> <string>Login_isPasswordExpired</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_isPasswordValid.py → bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_isPasswordValid.py

@@ -13,27 +13,13 @@ message_dict = { 0: 'Unknown error',
                 -4: 'You have already used this password.',
                 -5: 'You can not use any parts of your first and last name in password.'}
 
-def doValidation(person, password):
+def doValidation(login, password):
   # raise so Formulator shows proper message
-  result_code_list = person.Person_analyzePassword(password)
+  result_code_list = login.analyzePassword(password)
   if result_code_list!=[]:
     translateString = context.Base_translateString
     message = ' '.join([translateString(message_dict[x]) for x in result_code_list])
     raise ValidationError('external_validator_failed', context, error_text=message)
   return 1
 
-user_login = request.get('field_user_login', None)
-# find Person object (or authenticated member) and validate it on it (password recovered for an existing account)
-person = context.ERP5Site_getAuthenticatedMemberPersonValue(user_login)
-if person is not None:
-  return doValidation(person, password)
-
-# use a temp object (new account created)
-first_name = request.get('field_your_first_name', None) 
-last_name = request.get('field_your_last_name', None) 
-kw = {'title': '%s %s' %(first_name, last_name),
-      'first_name': first_name,
-      'last_name': last_name}
-person = newTempBase(portal, kw['title'], **kw)
-
-return doValidation(person, password)
+return doValidation(context, password)

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_isPasswordValid.xml → bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_isPasswordValid.xml

@@ -62,7 +62,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Base_isPasswordValid</string> </value>
+            <value> <string>Login_isPasswordValid</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_notifyLoginFailure.xml → bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_notifyLoginFailure.xml

@@ -63,7 +63,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Person_notifyLoginFailure</string> </value>
+            <value> <string>Login_notifyLoginFailure</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_notifyPasswordExpire.xml → bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_notifyPasswordExpire.xml

@@ -63,7 +63,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Person_notifyPasswordExpire</string> </value>
+            <value> <string>Login_notifyPasswordExpire</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_unblockLogin.xml → bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_unblockLogin.xml

@@ -54,7 +54,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Person_unblockLogin</string> </value>
+            <value> <string>Login_unblockLogin</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemEventModule_viewBlockUseLoginList/listbox.xml

@@ -174,15 +174,15 @@
                       <list>
                         <tuple>
                           <string>title</string>
-                          <string>Person_getListboxUrl</string>
+                          <string>Login_getListboxUrl</string>
                         </tuple>
                         <tuple>
                           <string>reference</string>
-                          <string>Person_getListboxUrl</string>
+                          <string>Login_getListboxUrl</string>
                         </tuple>
                         <tuple>
                           <string>count</string>
-                          <string>Person_getListboxUrl</string>
+                          <string>Login_getListboxUrl</string>
                         </tuple>
                       </list>
                     </value>

bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/interactions/changePassword.xml

@@ -28,7 +28,7 @@
             <key> <string>after_script_name</string> </key>
             <value>
               <list>
-                <string>Person_changePassword</string>
+                <string>afterChangePassword</string>
               </list>
             </value>
         </item>
@@ -72,10 +72,16 @@
             <key> <string>portal_type_filter</string> </key>
             <value>
               <list>
-                <string>Person</string>
+                <string>ERP5 Login</string>
               </list>
             </value>
         </item>
+        <item>
+            <key> <string>portal_type_group_filter</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
         <item>
             <key> <string>script_name</string> </key>
             <value>

bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/Person_changePassword.py → bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/afterChangePassword.py

-from DateTime import DateTime
-portal = context.getPortalObject()
-person = state_change['object']
+login = state_change['object']
+portal = login.getPortalObject()
 
 # check preferences and save only if set
 number_of_last_password_to_check = portal.portal_preferences.getPreferredNumberOfLastPasswordToCheck()
 
 if number_of_last_password_to_check is not None and number_of_last_password_to_check:
   # save password and modification date
-  current_password = person.getPassword()
+  current_password = login.getPassword()
   if current_password is not None:
-    password_event = portal.system_event_module.newContent(portal_type = 'Password Event',
-                                                           source_value = person,
-                                                           destination_value = person,
-                                                           password = current_password)
+    password_event = portal.system_event_module.newContent(portal_type='Password Event',
+                                                           source_value=login,
+                                                           destination_value=login,
+                                                           password=current_password)
     password_event.confirm()
     # Person_isPasswordExpired cache the wrong result if document is not in catalog.
     # As the document is created in the same transaction, it is possible to force reindexation

bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/Person_changePassword.xml → bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/afterChangePassword.xml

@@ -63,7 +63,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Person_changePassword</string> </value>
+            <value> <string>afterChangePassword</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_authentication_policy/bt/template_portal_type_workflow_chain_list

-Person | password_interaction_workflow
+ERP5 Login | password_interaction_workflow
\ No newline at end of file

bt5/erp5_system_event/SkinTemplateItem/portal_skins/erp5_system_event/PasswordEvent_view/my_destination_title.xml

@@ -102,8 +102,8 @@
                     <value>
                       <list>
                         <tuple>
-                          <string>Person</string>
-                          <string>Person</string>
+                          <string>ERP5 Login</string>
+                          <string>ERP5 Login</string>
                         </tuple>
                       </list>
                     </value>

bt5/erp5_system_event/SkinTemplateItem/portal_skins/erp5_system_event/PasswordEvent_view/my_source_title.xml

@@ -102,8 +102,8 @@
                     <value>
                       <list>
                         <tuple>
-                          <string>Person</string>
-                          <string>Person</string>
+                          <string>ERP5 Login</string>
+                          <string>ERP5 Login</string>
                         </tuple>
                       </list>
                     </value>

product/ERP5/tests/testAuthenticationPolicy.py

@@ -66,10 +66,12 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
               reference = 'test')
     if portal.portal_catalog.getResultValue(**kw) is None:
       # add a loggable Person
-      person = portal.person_module.newContent(password = 'test',
-                                               first_name = 'First',
-                                               last_name = 'Last',
-                                               **kw)
+      person = self.createUser(
+        kw['reference'],
+        password='test',
+        person_kw={'first_name': 'First',
+                   'last_name': 'Last'},
+      )
       person.validate()
       assignment = person.newContent(portal_type = 'Assignment')
       assignment.open()
@@ -91,16 +93,33 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
                           'erp5_content_short', # for authentication cache
                           ))
 
-  def _getPasswordEventList(self, person):
+  def _getPasswordEventList(self, login):
     return [x.getObject() for x in self.portal.portal_catalog(
                                                  portal_type = 'Password Event',
-                                                 default_destination_uid = person.getUid(),
+                                                 default_destination_uid = login.getUid(),
                                                  sort_on = (('creation_date', 'DESC',),))]
 
-  def _cleanUpPerson(self, person):
-    self.portal.system_event_module.manage_delObjects([x.getId() for x in self._getPasswordEventList(person)])
+  def _cleanUpLogin(self, login):
+    self.portal.system_event_module.manage_delObjects([x.getId() for x in self._getPasswordEventList(login)])
 
 
+  def createUser(self, reference, password=None, person_kw=None):
+    """
+      Modified version from ERP5TypeTestCase, that does set reference as
+      password when password is None.
+    """
+    if person_kw is None:
+      person_kw = {}
+
+    person = self.portal.person_module.newContent(portal_type='Person',
+                                                  reference=reference,
+                                                  **person_kw)
+    login = person.newContent(portal_type='ERP5 Login',
+                              reference=reference,
+                              password=password)
+    login.validate()
+    return person
+
   def test_01_BlockLogin(self):
     """
       Test that a recataloging works for Web Site documents
@@ -110,73 +129,74 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
 
     person = portal.portal_catalog.getResultValue(portal_type = 'Person',
                                                   reference = 'test')
+    login = person.objectValues(portal_type='ERP5 Login')[0]
     preference = portal.portal_catalog.getResultValue(portal_type = 'System Preference',
                                                       title = 'Authentication',)
     # login should be allowed
-    self.assertFalse(person.isLoginBlocked())
+    self.assertFalse(login.isLoginBlocked())
 
     # file some failures so we should detect and block account
-    person.notifyLoginFailure()
-    person.notifyLoginFailure()
-    person.notifyLoginFailure()
+    login.notifyLoginFailure()
+    login.notifyLoginFailure()
+    login.notifyLoginFailure()
     self.tic()
 
     # should be blocked
-    self.assertTrue(person.isLoginBlocked())
+    self.assertTrue(login.isLoginBlocked())
 
     # set check back interval to actualy disable blocking
     preference.setPreferredAuthenticationFailureCheckDuration(0)
     self._clearCache()
     self.tic()
     time.sleep(1) # we need to give a moment
-    self.assertFalse(person.isLoginBlocked())
+    self.assertFalse(login.isLoginBlocked())
 
     # .. and revert it back
     preference.setPreferredAuthenticationFailureCheckDuration(600)
     self._clearCache()
     self.tic()
-    self.assertTrue(person.isLoginBlocked())
+    self.assertTrue(login.isLoginBlocked())
 
     # increase failures attempts
     preference.setPreferredMaxAuthenticationFailure(4)
     self._clearCache()
     self.tic()
-    self.assertFalse(person.isLoginBlocked())
+    self.assertFalse(login.isLoginBlocked())
 
     # .. and revert it back
     preference.setPreferredMaxAuthenticationFailure(3)
     self._clearCache()
     self.tic()
-    self.assertTrue(person.isLoginBlocked())
+    self.assertTrue(login.isLoginBlocked())
 
     # set short block interval so we can test it as well
     preference.setPreferredAuthenticationFailureBlockDuration(3)
     self._clearCache()
     self.tic()
     time.sleep(4)
-    self.assertFalse(person.isLoginBlocked())
+    self.assertFalse(login.isLoginBlocked())
 
     # test multiple concurrent transactions without waiting for activities to be over
     preference.setPreferredAuthenticationFailureCheckDuration(600)
     preference.setPreferredAuthenticationFailureBlockDuration(600)
     preference.setPreferredMaxAuthenticationFailure(3)
-    person.Person_unblockLogin()
+    login.Login_unblockLogin()
     self._clearCache()
     self.tic()
 
-    person.notifyLoginFailure()
-    person.notifyLoginFailure()
-    person.notifyLoginFailure()
+    login.notifyLoginFailure()
+    login.notifyLoginFailure()
+    login.notifyLoginFailure()
 
     self.commit()
-    self.assertTrue(person.isLoginBlocked())
+    self.assertTrue(login.isLoginBlocked())
     self.tic()
-    self.assertTrue(person.isLoginBlocked())
+    self.assertTrue(login.isLoginBlocked())
 
     # test unblock account
-    person.Person_unblockLogin()
+    login.Login_unblockLogin()
     self.tic()
-    self.assertFalse(person.isLoginBlocked())
+    self.assertFalse(login.isLoginBlocked())
 
 
   def test_02_PasswordHistory(self):
@@ -186,61 +206,61 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
     portal = self.getPortal()
     self.assertTrue(portal.portal_preferences.isAuthenticationPolicyEnabled())
 
-    person = portal.person_module.newContent(portal_type = 'Person',
-                                             reference = 'test-02')
+    person = self.createUser('test-02')
+    login = person.objectValues(portal_type='ERP5 Login')[0]
     preference = portal.portal_catalog.getResultValue(portal_type = 'System Preference',
                                                       title = 'Authentication',)
     self.tic()
 
     # Check that last (X where X is set in preferences) passwords are saved.
-    self.assertEqual([], self._getPasswordEventList(person))
+    self.assertEqual([], self._getPasswordEventList(login))
     preference.setPreferredNumberOfLastPasswordToCheck(10)
     self.tic()
     self._clearCache()
 
-    person.setPassword('12345678')
+    login.setPassword('12345678')
     self.tic()
 
     # password change date should be saved as well hashed old password value
-    old_password = person.getPassword()
-    self.assertSameSet([old_password], [x.getPassword() for x in self._getPasswordEventList(person)])
+    old_password = login.getPassword()
+    self.assertSameSet([old_password], [x.getPassword() for x in self._getPasswordEventList(login)])
 
     # .. test one more time to check history of password is saved in a list
-    person.setPassword('123456789')
+    login.setPassword('123456789')
     self.tic()
-    old_password1 = person.getPassword()
+    old_password1 = login.getPassword()
 
     # password change date should be saved as well hashed old password value
-    self.assertSameSet([old_password1, old_password], [x.getPassword() for x in self._getPasswordEventList(person)])
+    self.assertSameSet([old_password1, old_password], [x.getPassword() for x in self._getPasswordEventList(login)])
 
     # other methods (_setPassword)...
-    person._setPassword('123456789-1')
+    login._setPassword('123456789-1')
     self.tic()
-    old_password2 = person.getPassword()
+    old_password2 = login.getPassword()
     self.assertSameSet([old_password2, old_password1, old_password], \
-                     [x.getPassword() for x in self._getPasswordEventList(person)])
+                     [x.getPassword() for x in self._getPasswordEventList(login)])
 
     # other methods (_forceSetPassword)...
-    person._forceSetPassword('123456789-2')
+    login._forceSetPassword('123456789-2')
     self.tic()
-    old_password3 = person.getPassword()
+    old_password3 = login.getPassword()
     self.assertSameSet([old_password3, old_password2, old_password1, old_password], \
-                     [x.getPassword() for x in self._getPasswordEventList(person)])
+                     [x.getPassword() for x in self._getPasswordEventList(login)])
 
 
     # other methods (setEncodedPassword)...
-    person.setEncodedPassword('123456789-3')
+    login.setEncodedPassword('123456789-3')
     self.tic()
-    old_password4 = person.getPassword()
+    old_password4 = login.getPassword()
     self.assertSameSet([old_password4, old_password3, old_password2, old_password1, old_password], \
-                     [x.getPassword() for x in self._getPasswordEventList(person)])
+                     [x.getPassword() for x in self._getPasswordEventList(login)])
 
     # other methods (edit)...
-    person.edit(password = '123456789-4')
+    login.edit(password = '123456789-4')
     self.tic()
-    old_password5 = person.getPassword()
+    old_password5 = login.getPassword()
     self.assertSameSet([old_password5, old_password4, old_password3, old_password2, old_password1, old_password], \
-                     [x.getPassword() for x in self._getPasswordEventList(person)])
+                     [x.getPassword() for x in self._getPasswordEventList(login)])
 
 
   def test_03_PasswordValidity(self):
@@ -258,105 +278,107 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
 
     self.assertTrue(portal.portal_preferences.isAuthenticationPolicyEnabled())
 
-    person = portal.person_module.newContent(portal_type = 'Person',
-                                             reference = 'test-03',
-                                             password = 'test',
-                                             first_name = 'First',
-                                             last_name = 'Last')
+    person = self.createUser(
+        'test-03',
+        password='test',
+        person_kw={'first_name': 'First',
+                   'last_name': 'Last'},
+    )
+    login = person.objectValues(portal_type='ERP5 Login')[0]
     preference = portal.portal_catalog.getResultValue(portal_type = 'System Preference',
                                                       title = 'Authentication',)
     self.tic()
 
     # by default an empty password if nothing set in preferences is OK
-    self.assertTrue(person.isPasswordValid(''))
+    self.assertTrue(login.isPasswordValid(''))
 
     # Not long enough passwords used
-    self._cleanUpPerson(person)
+    self._cleanUpLogin(login)
     preference.setPreferredMinPasswordLength(8)
     preference.setPreferredNumberOfLastPasswordToCheck(0)
     self.tic()
     self._clearCache()
 
-    self.assertEqual([-1], person.analyzePassword(''))
-    self.assertEqual([-1], person.analyzePassword('1234567'))
-    self.assertTrue(person.isPasswordValid('12345678'))
+    self.assertEqual([-1], login.analyzePassword(''))
+    self.assertEqual([-1], login.analyzePassword('1234567'))
+    self.assertTrue(login.isPasswordValid('12345678'))
 
     # not changed in last x days
-    self._cleanUpPerson(person)
+    self._cleanUpLogin(login)
     preference.setPreferredMinPasswordLifetimeDuration(24)
     preference.setPreferredNumberOfLastPasswordToCheck(3)
     self.tic()
     self._clearCache()
 
-    self.assertTrue(person.isPasswordValid('12345678'))
-    person.setPassword('12345678')
+    self.assertTrue(login.isPasswordValid('12345678'))
+    login.setPassword('12345678')
     self.tic()
 
     # if we try to change now we should fail with any password
-    self.assertSameSet([-3], person.analyzePassword('87654321'))
-    self.assertSameSet([-1, -3], person.analyzePassword('short')) # multiple failures
-    self.assertFalse(person.isPasswordValid('short')) # multiple failures
-    self.assertRaises(ValueError, person.setPassword, '87654321')
+    self.assertSameSet([-3], login.analyzePassword('87654321'))
+    self.assertSameSet([-1, -3], login.analyzePassword('short')) # multiple failures
+    self.assertFalse(login.isPasswordValid('short')) # multiple failures
+    self.assertRaises(ValueError, login.setPassword, '87654321')
 
     preference.setPreferredMinPasswordLifetimeDuration(0) # remove restriction
     self.tic()
     self._clearCache()
-    self.assertTrue(person.isPasswordValid('87654321')) # it's OK to change
+    self.assertTrue(login.isPasswordValid('87654321')) # it's OK to change
 
     # password not used in previous X passwords
     preference.setPreferredMinPasswordLength(None) # disable for now
-    self._cleanUpPerson(person)
+    self._cleanUpLogin(login)
     self._clearCache()
     self.tic()
 
-    person.setPassword('12345678-new')
+    login.setPassword('12345678-new')
     self.tic()
 
-    self.assertSameSet([-4], person.analyzePassword('12345678-new')) # if we try to change now we should fail with this EXACT password
-    self.assertRaises(ValueError, person.setPassword, '12345678-new')
-    self.assertTrue(person.isPasswordValid('12345678_')) # it's OK with another one not used yet
+    self.assertSameSet([-4], login.analyzePassword('12345678-new')) # if we try to change now we should fail with this EXACT password
+    self.assertRaises(ValueError, login.setPassword, '12345678-new')
+    self.assertTrue(login.isPasswordValid('12345678_')) # it's OK with another one not used yet
     for password in ['a','b','c','d', 'e', 'f']:
       # this sleep is not so beautiful, but mysql datetime columns has a
       # precision of one second only, and we use creation_date to order
       # "Password Event" objects. So without this sleep, the test is
       # failing randomly.
       time.sleep(1)
-      person.setPassword(password)
+      login.setPassword(password)
       self.tic()
     self._clearCache()
     self.tic()
 
-    self.assertTrue(person.isPasswordValid('12345678-new'))
-    self.assertTrue(person.isPasswordValid('a'))
-    self.assertTrue(person.isPasswordValid('b'))
-    self.assertTrue(person.isPasswordValid('c'))
+    self.assertTrue(login.isPasswordValid('12345678-new'))
+    self.assertTrue(login.isPasswordValid('a'))
+    self.assertTrue(login.isPasswordValid('b'))
+    self.assertTrue(login.isPasswordValid('c'))
     # only last 3 (including current one are invalid)
-    self.assertSameSet([-4], person.analyzePassword('d'))
-    self.assertSameSet([-4], person.analyzePassword('e'))
-    self.assertSameSet([-4], person.analyzePassword('f'))
+    self.assertSameSet([-4], login.analyzePassword('d'))
+    self.assertSameSet([-4], login.analyzePassword('e'))
+    self.assertSameSet([-4], login.analyzePassword('f'))
 
     # if we remove restricted then all password are usable
     preference.setPreferredNumberOfLastPasswordToCheck(None)
     self._clearCache()
     self.tic()
 
-    self.assertTrue(person.isPasswordValid('d'))
-    self.assertTrue(person.isPasswordValid('e'))
-    self.assertTrue(person.isPasswordValid('f'))
+    self.assertTrue(login.isPasswordValid('d'))
+    self.assertTrue(login.isPasswordValid('e'))
+    self.assertTrue(login.isPasswordValid('f'))
 
     # if we set only last password to check
     preference.setPreferredNumberOfLastPasswordToCheck(1)
     self._clearCache()
     self.tic()
-    self.assertTrue(person.isPasswordValid('c'))
-    self.assertTrue(person.isPasswordValid('d'))
-    self.assertTrue(person.isPasswordValid('e'))
-    self.assertSameSet([-4], person.analyzePassword('f'))
+    self.assertTrue(login.isPasswordValid('c'))
+    self.assertTrue(login.isPasswordValid('d'))
+    self.assertTrue(login.isPasswordValid('e'))
+    self.assertSameSet([-4], login.analyzePassword('f'))
 
     preference.setPreferredRegularExpressionGroupList(regular_expression_list)
     preference.setPreferredMinPasswordLength(7)
     preference.setPreferredNumberOfLastPasswordToCheck(None)
-    self._cleanUpPerson(person)
+    self._cleanUpLogin(login)
     self._clearCache()
     self.tic()
 
@@ -370,47 +392,47 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
     self._clearCache()
     self.tic()
     for password in four_group_password_list:
-      self.assertTrue(person.isPasswordValid(password))
+      self.assertTrue(login.isPasswordValid(password))
     for password in three_group_password_list+two_group_password_list + one_group_password_list:
-      self.assertSameSet([-2], person.analyzePassword(password))
+      self.assertSameSet([-2], login.analyzePassword(password))
 
     # min 3 out of all groups
     preference.setPreferredMinRegularExpressionGroupNumber(3)
     self._clearCache()
-    self._cleanUpPerson(person)
+    self._cleanUpLogin(login)
     self.tic()
     for password in four_group_password_list + three_group_password_list:
-      self.assertTrue(person.isPasswordValid(password))
+      self.assertTrue(login.isPasswordValid(password))
     for password in two_group_password_list + one_group_password_list:
-      self.assertSameSet([-2], person.analyzePassword(password))
+      self.assertSameSet([-2], login.analyzePassword(password))
 
     # min 2 out of all groups
     preference.setPreferredMinRegularExpressionGroupNumber(2)
     self._clearCache()
     self.tic()
     for password in four_group_password_list + three_group_password_list + two_group_password_list:
-      self.assertTrue(person.isPasswordValid(password))
+      self.assertTrue(login.isPasswordValid(password))
     for password in one_group_password_list:
-      self.assertSameSet([-2], person.analyzePassword(password))
+      self.assertSameSet([-2], login.analyzePassword(password))
 
     # min 1 out of all groups
     preference.setPreferredMinRegularExpressionGroupNumber(1)
     self._clearCache()
     self.tic()
     for password in four_group_password_list + three_group_password_list + two_group_password_list+one_group_password_list:
-      self.assertTrue(person.isPasswordValid(password))
+      self.assertTrue(login.isPasswordValid(password))
 
     # not contain the full name of the user
     preference.setPrefferedForceUsernameCheckInPassword(1)
     self._clearCache()
     self.tic()
-    self.assertSameSet([-5], person.analyzePassword('abAB#12_%s' %person.getFirstName()))
-    self.assertSameSet([-5], person.analyzePassword('abAB#12_%s' %person.getLastName()))
+    self.assertSameSet([-5], login.analyzePassword('abAB#12_%s' %person.getFirstName()))
+    self.assertSameSet([-5], login.analyzePassword('abAB#12_%s' %person.getLastName()))
     preference.setPrefferedForceUsernameCheckInPassword(0)
     self._clearCache()
     self.tic()
-    self.assertTrue(person.isPasswordValid('abAB#12_%s' %person.getFirstName()))
-    self.assertTrue(person.isPasswordValid('abAB#12_%s' %person.getLastName()))
+    self.assertTrue(login.isPasswordValid('abAB#12_%s' %person.getFirstName()))
+    self.assertTrue(login.isPasswordValid('abAB#12_%s' %person.getLastName()))
 
     # check on temp objects just passworrd length( i.e. simulating a new user account creation)
     first_name = 'John'
@@ -425,8 +447,8 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
     self._clearCache()
     self.tic()
     # in this case which is basically used in new account creation only length of password matters
-    self.assertSameSet([-1], temp_person.Person_analyzePassword('onlyNine1'))
-    self.assertSameSet([], temp_person.Person_analyzePassword('longEnough1'))
+    self.assertSameSet([-1], temp_person.Login_analyzePassword('onlyNine1'))
+    self.assertSameSet([], temp_person.Login_analyzePassword('longEnough1'))
 
     # make sure re check works on temp as well ( i.e. min 3 out of all groups)
     preference.setPreferredRegularExpressionGroupList(regular_expression_list)
@@ -435,22 +457,22 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
     self._clearCache()
     self.tic()
     for password in four_group_password_list + three_group_password_list:
-      self.assertSameSet([], temp_person.Person_analyzePassword(password))
+      self.assertSameSet([], temp_person.Login_analyzePassword(password))
     for password in two_group_password_list + one_group_password_list:
-      self.assertSameSet([-2], temp_person.Person_analyzePassword(password))
+      self.assertSameSet([-2], temp_person.Login_analyzePassword(password))
 
     # make sure peron's check on username works on temp as well (i.e. not contain the full name of the user)
     preference.setPrefferedForceUsernameCheckInPassword(1)
     self._clearCache()
     self.tic()
-    self.assertSameSet([-5], temp_person.Person_analyzePassword('abAB#12_%s' %first_name))
-    self.assertSameSet([-5], temp_person.Person_analyzePassword('abAB#12_%s' %last_name))
+    self.assertSameSet([-5], temp_person.Login_analyzePassword('abAB#12_%s' %first_name))
+    self.assertSameSet([-5], temp_person.Login_analyzePassword('abAB#12_%s' %last_name))
 
     preference.setPrefferedForceUsernameCheckInPassword(0)
     self._clearCache()
     self.tic()
-    self.assertSameSet([], temp_person.Person_analyzePassword('abAB#12_%s' %first_name))
-    self.assertSameSet([], temp_person.Person_analyzePassword('abAB#12_%s' %last_name))
+    self.assertSameSet([], temp_person.Login_analyzePassword('abAB#12_%s' %first_name))
+    self.assertSameSet([], temp_person.Login_analyzePassword('abAB#12_%s' %last_name))
 
     # check Base_isPasswordValid is able to work in Anonymous User fashion
     # but with already create Person object (i.e. recover password case)
@@ -461,20 +483,20 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
     self._clearCache()
     self.tic()
 
-    person.setPassword('used_ALREADY_1234')
+    login.setPassword('used_ALREADY_1234')
     self._clearCache()
     self.tic()
 
     # emulate Anonymous User
     self.logout()
-    request.set('field_user_login', person.getReference())
-    self.assertRaises(ValidationError,  portal.Base_isPasswordValid, 'abAB#12_%s' %person.getFirstName(), request) # contains name
-    self.assertRaises(ValidationError,  portal.Base_isPasswordValid, 'abAB#12_%s' %person.getLastName(), request) # contains name
-    self.assertRaises(ValidationError,  portal.Base_isPasswordValid, 'abAB#1', request) # too short
-    self.assertRaises(ValidationError,  portal.Base_isPasswordValid, 'abABCDEFG', request) # too few groups
-    self.assertRaises(ValidationError,  portal.Base_isPasswordValid, 'used_ALREADY_1234', request) # already used
-    self.assertEqual(1, portal.Base_isPasswordValid('abAB#12_', request))
-    self.assertEqual(1, portal.Base_isPasswordValid('not_used_ALREADY_1234', request))
+    request.set('field_user_login', login.getReference())
+    self.assertRaises(ValidationError,  login.Login_isPasswordValid, 'abAB#12_%s' %person.getFirstName(), request) # contains name
+    self.assertRaises(ValidationError,  login.Login_isPasswordValid, 'abAB#12_%s' %person.getLastName(), request) # contains name
+    self.assertRaises(ValidationError,  login.Login_isPasswordValid, 'abAB#1', request) # too short
+    self.assertRaises(ValidationError,  login.Login_isPasswordValid, 'abABCDEFG', request) # too few groups
+    self.assertRaises(ValidationError,  login.Login_isPasswordValid, 'used_ALREADY_1234', request) # already used
+    self.assertEqual(1, login.Login_isPasswordValid('abAB#12_', request))
+    self.assertEqual(1, login.Login_isPasswordValid('not_used_ALREADY_1234', request))
 
   def test_04_PasswordExpire(self):
     """
@@ -485,16 +507,16 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
 
     self.assertTrue(portal.portal_preferences.isAuthenticationPolicyEnabled())
 
-    person = portal.person_module.newContent(portal_type = 'Person',
-                                             reference = 'test-04',
-                                             password = 'used_ALREADY_1234')
+    person = self.createUser('test-04',
+                             password='used_ALREADY_1234')
+    login = person.objectValues(portal_type='ERP5 Login')[0]
     preference = portal.portal_catalog.getResultValue(portal_type = 'System Preference',
                                                       title = 'Authentication',)
 
     preference.setPreferredMaxPasswordLifetimeDuration(24)
     self.tic()
     self._clearCache()
-    self.assertFalse(person.isPasswordExpired())
+    self.assertFalse(login.isPasswordExpired())
     self.assertFalse(request['is_user_account_password_expired'])
 
 
@@ -502,21 +524,21 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
     preference.setPreferredMaxPasswordLifetimeDuration(4*24) # password expire in 4 days
     self.tic()
     self._clearCache()
-    self.assertFalse(person.isPasswordExpired())
+    self.assertFalse(login.isPasswordExpired())
     self.assertFalse(request['is_user_account_password_expired'])
 
     # test early warning password expire notification is detected
     preference.setPreferredPasswordLifetimeExpireWarningDuration(4*24) # password expire notification appear immediately
     self.tic()
     self._clearCache()
-    self.assertFalse(person.isPasswordExpired())
+    self.assertFalse(login.isPasswordExpired())
     self.assertTrue(request['is_user_account_password_expired_expire_date'])
 
     # test early warning password expire notification is detected
     preference.setPreferredPasswordLifetimeExpireWarningDuration(4*24-24) # password expire notification appear 3 days befor time
     self.tic()
     self._clearCache()
-    self.assertFalse(person.isPasswordExpired())
+    self.assertFalse(login.isPasswordExpired())
     self.assertFalse(request['is_user_account_password_expired_expire_date'])
 
   def test_05_HttpRequest(self):
@@ -525,50 +547,52 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
     """
     portal = self.getPortal()
     request = self.app.REQUEST
-    person = portal.portal_catalog.getResultValue(portal_type = 'Person',
-                                                  reference = 'test')
+    person = self.createUser('test-05')
+    assignment = person.newContent(portal_type = 'Assignment')
+    assignment.open()
+    login = person.objectValues(portal_type='ERP5 Login')[0]
     preference = portal.portal_catalog.getResultValue(portal_type = 'System Preference',
                                                       title = 'Authentication',)
-    person.setPassword('used_ALREADY_1234')
+    login.setPassword('used_ALREADY_1234')
     self.tic()
 
-    path = portal.absolute_url_path() + '/view?__ac_name=%s&__ac_password=%s'  %('test', 'used_ALREADY_1234')
+    path = portal.absolute_url_path() + '/view?__ac_name=%s&__ac_password=%s'  %('test-05', 'used_ALREADY_1234')
     response = self.publish(path)
     self.assertTrue('Welcome to ERP5' in response.getBody())
-    self.assertFalse(person.isLoginBlocked())
+    self.assertFalse(login.isLoginBlocked())
 
     # fail request #1
-    path = portal.absolute_url_path() + '/view?__ac_name=%s&__ac_password=%s'  %('test', 'bad_test')
+    path = portal.absolute_url_path() + '/view?__ac_name=%s&__ac_password=%s'  %('test-05', 'bad_test')
     response = self.publish(path)
     self.assertTrue(response.getHeader("Location").endswith("login_form"))
-    self.assertFalse(person.isLoginBlocked())
+    self.assertFalse(login.isLoginBlocked())
 
     # fail request #2
     response = self.publish(path)
     self.assertTrue(response.getHeader("Location").endswith("login_form"))
-    self.assertFalse(person.isLoginBlocked())
+    self.assertFalse(login.isLoginBlocked())
 
     # fail request #3
     response = self.publish(path)
     self.assertTrue(response.getHeader("Location").endswith("login_form"))
-    self.assertTrue(person.isLoginBlocked())
+    self.assertTrue(login.isLoginBlocked())
 
     self.tic()
 
     # test message that account is blocked
-    self.assertTrue(person.isLoginBlocked())
-    path = portal.absolute_url_path() + '/logged_in?__ac_name=%s&__ac_password=%s'  %('test', 'used_ALREADY_1234')
+    self.assertTrue(login.isLoginBlocked())
+    path = portal.absolute_url_path() + '/logged_in?__ac_name=%s&__ac_password=%s'  %('test-05', 'used_ALREADY_1234')
     response = self.publish(path)
     self.assertTrue(response.getHeader("Location").endswith("login_form?portal_status_message=Account is blocked."))
 
     # test expire password message, first unblock it
-    person.Person_unblockLogin()
+    login.Login_unblockLogin()
     preference.setPreferredMaxPasswordLifetimeDuration(0)
     self.tic()
     self._clearCache()
     response = self.publish(path)
     self.assertTrue(response.getHeader("Location").endswith("login_form?portal_status_message=Password is expired."))
-    self.assertTrue(person.isPasswordExpired())
+    self.assertTrue(login.isPasswordExpired())
 
     # test we're redirected to update password due to soon expire
     preference.setPreferredMaxPasswordLifetimeDuration(24)
@@ -584,7 +608,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
     preference.setPreferredPasswordLifetimeExpireWarningDuration(12)
     self.tic()
     self._clearCache()
-    path = portal.absolute_url_path() + '/view?__ac_name=%s&__ac_password=%s'  %('test', 'used_ALREADY_1234')
+    path = portal.absolute_url_path() + '/view?__ac_name=%s&__ac_password=%s'  %('test-05', 'used_ALREADY_1234')
     response = self.publish(path)
     self.assertTrue('Welcome to ERP5' in response.getBody())
 
@@ -593,18 +617,18 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
       Check that expiring old Authentication Event list works.
     """
     portal = self.getPortal()
-    person = portal.portal_catalog.getResultValue(portal_type = 'Person',
-                                                  reference = 'test')
+    person = self.createUser('test-06')
+    login = person.objectValues(portal_type='ERP5 Login')[0]
     preference = portal.portal_catalog.getResultValue(portal_type = 'System Preference',
                                                       title = 'Authentication',)
     # file some failures so we should detect and block account
-    person.notifyLoginFailure()
-    person.notifyLoginFailure()
-    person.notifyLoginFailure()
+    login.notifyLoginFailure()
+    login.notifyLoginFailure()
+    login.notifyLoginFailure()
     self.tic()
 
     # should be blocked
-    self.assertTrue(person.isLoginBlocked())
+    self.assertTrue(login.isLoginBlocked())
 
     # set 0 check interval
     preference.setPreferredAuthenticationFailureCheckDuration(0)
@@ -612,14 +636,14 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
     self._clearCache()
 
     time.sleep(1) # we need to give a moment
-    self.assertFalse(person.isLoginBlocked())
+    self.assertFalse(login.isLoginBlocked())
 
     # expire manually old
     portal.system_event_module.SystemEventModule_expireAuthenticationEventList()
     self.tic()
 
     self.assertEqual(3, len(portal.portal_catalog(portal_type ="Authentication Event",
-                                                 default_destination_uid = person.getUid(),
+                                                 default_destination_uid = login.getUid(),
                                                  validation_state = "expired")))