Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
1
Issues
1
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Roque
erp5
Commits
2e8c2ad1
Commit
2e8c2ad1
authored
Jul 15, 2020
by
Xiaowu Zhang
Browse files
Options
Browse Files
Download
Plain Diff
erp5_authentication_policy: force user to change password if not yet do
See merge request
nexedi/erp5!1196
parents
e2f46ae8
6a44a135
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
27 additions
and
1 deletion
+27
-1
bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_isPasswordExpired.py
...ins/erp5_authentication_policy/Login_isPasswordExpired.py
+7
-0
product/ERP5/tests/testAuthenticationPolicy.py
product/ERP5/tests/testAuthenticationPolicy.py
+20
-1
No files found.
bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_isPasswordExpired.py
View file @
2e8c2ad1
...
...
@@ -25,6 +25,13 @@ if password_event_list:
password_lifetime_expire_warning_duration
=
portal_preferences
.
getPreferredPasswordLifetimeExpireWarningDuration
()
if
password_lifetime_expire_warning_duration
and
now
>
expire_date
-
password_lifetime_expire_warning_duration
*
ONE_HOUR
:
expire_date_warning
=
expire_date
else
:
# No Password Event found means user doesn't yet change password
# Force user to change it if authentication policy is configured
if
portal
.
portal_preferences
.
getPreferredMaxPasswordLifetimeDuration
()
is
not
None
:
if
context
.
getPassword
():
is_password_expired
=
True
request
=
portal
.
REQUEST
request
.
set
(
'is_user_account_password_expired'
,
is_password_expired
)
request
.
set
(
'is_user_account_password_expired_expire_date'
,
expire_date_warning
)
...
...
product/ERP5/tests/testAuthenticationPolicy.py
View file @
2e8c2ad1
...
...
@@ -132,6 +132,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
reference
=
username
,
password
=
password
)
login
.
validate
()
self
.
tic
()
return
person
def
test_BlockLogin
(
self
):
...
...
@@ -545,14 +546,32 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self
.
assertTrue
(
portal
.
portal_preferences
.
isAuthenticationPolicyEnabled
())
preference
=
portal
.
portal_catalog
.
getResultValue
(
portal_type
=
'System Preference'
,
title
=
'Authentication'
,)
preference
.
setPreferredMaxPasswordLifetimeDuration
(
24
)
# No password event will be created for such configuration
preference
.
setPreferredNumberOfLastPasswordToCheck
(
0
)
preference
.
setPreferredMaxPasswordLifetimeDuration
(
None
)
self
.
tic
()
self
.
_clearCache
()
person
=
self
.
createUser
(
'test-04'
,
password
=
'used_ALREADY_1234'
)
login
=
person
.
objectValues
(
portal_type
=
'ERP5 Login'
)[
0
]
self
.
assertEqual
(
login
.
getDestinationRelatedValue
(
portal_type
=
'Password Event'
),
None
)
self
.
assertFalse
(
login
.
isPasswordExpired
())
self
.
assertFalse
(
request
[
'is_user_account_password_expired'
])
# password is expired if no passwor event
preference
.
setPreferredMaxPasswordLifetimeDuration
(
24
)
self
.
tic
()
self
.
_clearCache
()
self
.
assertEqual
(
login
.
getDestinationRelatedValue
(
portal_type
=
'Password Event'
),
None
)
self
.
assertTrue
(
login
.
isPasswordExpired
())
self
.
assertTrue
(
request
[
'is_user_account_password_expired'
])
# now set password to trigger password event creation
login
.
setPassword
(
'used_ALREADY_1234'
)
self
.
tic
()
self
.
_clearCache
()
self
.
assertTrue
(
login
.
getDestinationRelatedValue
(
portal_type
=
'Password Event'
)
is
not
None
)
self
.
assertFalse
(
login
.
isPasswordExpired
())
self
.
assertFalse
(
request
[
'is_user_account_password_expired'
])
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment