erp5_authentication_policy: Do not cache password expiration state.

Caching in authentication-related work is not a good idea.
Also, simplify the resulting script:
- do not load Password Event from ZODB, just use the creation_date found by
  catalog
- reorder accesses to only do them when they are needed (ex: preferences)
- factorise access to persistent objects (portal_preferences)
- fix coding style: space after comma, no space around named-argument equal
  signs, 2-spaces indentation, spaces around multiplication and division
  operators, upper-case pseudo-constant
- factorise now vs. expire_date comparison, getting rid of the mishandled
  "now == expire_date" edge case in original code
- remove commented-out code and obvious comments
- DateTime is already implicitly bound in any script's globals, no need to
  explicitly import it.
In turn, this allows removing immediate reindexation on corresponding scripts,
as immediate reindexation will be disallowed for restricted python.

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_isPasswordExpired.py

@@ -2,43 +2,30 @@
   Returns if user account is Person's password is expired.
   Start password recovery process for expired password (if configured).
 """
-from Products.ERP5Type.Cache import CachingMethod
-
-request = context.REQUEST
 portal = context.getPortalObject()
-
-def _isPasswordExpired():
-  from DateTime import DateTime
-  one_hour = 1/24.0
+is_password_expired = False
+expire_date_warning = 0
+password_event_list = portal.portal_catalog(
+  select_list=['creation_date'],
+  portal_type='Password Event',
+  default_destination_uid=context.getUid(),
+  validation_state='confirmed',
+  sort_on=(('creation_date', 'DESC'), ),
+  limit=1,
+)
+if password_event_list:
+  ONE_HOUR = 1 / 24.0
+  portal_preferences = portal.portal_preferences
+  expire_date = password_event_list[0].creation_date + portal_preferences.getPreferredMaxPasswordLifetimeDuration() * ONE_HOUR
   now = DateTime()
-  max_password_lifetime_duration = portal.portal_preferences.getPreferredMaxPasswordLifetimeDuration()
-  password_lifetime_expire_warning_duration = portal.portal_preferences.getPreferredPasswordLifetimeExpireWarningDuration()
-  last_password_event = portal.portal_catalog.getResultValue(
-                                                portal_type = 'Password Event',
-                                                default_destination_uid = context.getUid(),
-                                                validation_state = 'confirmed',
-                                                sort_on = (('creation_date', 'DESC',),))
-  expire_date_warning = 0 
-  if last_password_event is not None:
-    last_password_modification_date = last_password_event.getCreationDate()
-    expire_date = last_password_modification_date + max_password_lifetime_duration*one_hour 
-    if password_lifetime_expire_warning_duration not in (0, None,):
-      # calculate early warning period
-      if now > expire_date - password_lifetime_expire_warning_duration*one_hour and \
-         expire_date > now:
-        expire_date_warning =  expire_date
-    if expire_date < now:
-      # password is expired
-      #context.log('expired %s' %context.getReference())
-      return True, expire_date_warning
-  return False, expire_date_warning
-
-_isPasswordExpired = CachingMethod(_isPasswordExpired,
-                                   id='Person_isPasswordExpired_%s' %context.getReference(),
-                                   cache_factory='erp5_content_short')
-is_password_expired, expire_date = _isPasswordExpired()
-
+  if expire_date < now:
+    # password is expired
+    is_password_expired = True
+  else:
+    password_lifetime_expire_warning_duration = portal_preferences.getPreferredPasswordLifetimeExpireWarningDuration()
+    if password_lifetime_expire_warning_duration and now > expire_date - password_lifetime_expire_warning_duration * ONE_HOUR:
+      expire_date_warning = expire_date
+request = portal.REQUEST
 request.set('is_user_account_password_expired', is_password_expired)
-request.set('is_user_account_password_expired_expire_date', expire_date)
-
+request.set('is_user_account_password_expired_expire_date', expire_date_warning)
 return is_password_expired

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Login_notifyPasswordExpire.py

@@ -29,7 +29,5 @@ credential_recovery = module.newContent(
                                reference=context.getReference(),
                                destination_decision_value=context,
                                language=portal.Localizer.get_selected_language())
-# immediate reindex allowed because it is a new object
-credential_recovery.immediateReindexObject()
 context.serialize()
 credential_recovery.submit()

bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/afterChangePassword.py

@@ -13,6 +13,3 @@ if portal.portal_preferences.getPreferredNumberOfLastPasswordToCheck() or \
                                                            destination_value=login,
                                                            password=current_password)
     password_event.confirm()
-    # Person_isPasswordExpired cache the wrong result if document is not in catalog.
-    # As the document is created in the same transaction, it is possible to force reindexation
-    password_event.immediateReindexObject()