Commit 95d29a00 authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_access_token: Fix *_getExternalLogin API

Since the change for use of User ID this code should return reference and portal type of the ERP5 Login object.
parent b8ae8bef
...@@ -2,7 +2,7 @@ from zExceptions import Unauthorized ...@@ -2,7 +2,7 @@ from zExceptions import Unauthorized
if REQUEST is not None: if REQUEST is not None:
raise Unauthorized raise Unauthorized
result = None result = None, None
access_token_document = context access_token_document = context
request = context.REQUEST request = context.REQUEST
...@@ -14,7 +14,10 @@ if access_token_document.getValidationState() == 'validated': ...@@ -14,7 +14,10 @@ if access_token_document.getValidationState() == 'validated':
agent_document = access_token_document.getAgentValue() agent_document = access_token_document.getAgentValue()
if agent_document is not None: if agent_document is not None:
result = agent_document.Person_getUserId() portal = agent_document.getPortalObject()
for erp5_login in agent_document.objectValues(portal.getPortalLoginTypeList()):
if erp5_login.getValidationState() == "validated":
result = erp5_login.getReference(), erp5_login.getPortalType()
comment = "Token usage accepted" comment = "Token usage accepted"
access_token_document.invalidate(comment=comment) access_token_document.invalidate(comment=comment)
......
...@@ -3,7 +3,6 @@ import hmac ...@@ -3,7 +3,6 @@ import hmac
if REQUEST is not None: if REQUEST is not None:
raise Unauthorized raise Unauthorized
result = None
access_token_document = context access_token_document = context
request = context.REQUEST request = context.REQUEST
...@@ -18,10 +17,13 @@ if access_token_document.getValidationState() == 'validated': ...@@ -18,10 +17,13 @@ if access_token_document.getValidationState() == 'validated':
# use hmac.compare_digest and not string comparison to avoid timing attacks # use hmac.compare_digest and not string comparison to avoid timing attacks
if not hmac.compare_digest(access_token_document.getReference(), reference): if not hmac.compare_digest(access_token_document.getReference(), reference):
return None return None, None
agent_document = access_token_document.getAgentValue() agent_document = access_token_document.getAgentValue()
if agent_document is not None: if agent_document is not None:
result = agent_document.Person_getUserId() portal = agent_document.getPortalObject()
for erp5_login in agent_document.objectValues(portal.getPortalLoginTypeList()):
if erp5_login.getValidationState() == "validated":
return erp5_login.getReference(), erp5_login.getPortalType()
return result return None, None
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment