Commit 84a999ea authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

* passed header key should be converted here, i.e. openAMid -> HTTP_OPENAMID,...

* passed header key should be converted here, i.e. openAMid -> HTTP_OPENAMID, so 'literal=True' should be removed.
* no need to inherit CookieAuthHelper class.
* use 'external_login' instead of 'login' so that both extract part and authentication part of this plugin should be used, and not used in other authentication plugins.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@40385 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 1c139bcc
......@@ -41,7 +41,6 @@ from Products.PluggableAuthService.interfaces import plugins
from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.permissions import ManageUsers
from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHelper
from Products.ERP5Type.Cache import CachingMethod
from Products.ERP5Security.ERP5UserManager import ERP5UserManager,\
......@@ -66,7 +65,7 @@ def addERP5ExternalAuthenticationPlugin(dispatcher, id, title=None, user_id_key=
'ERP5ExternalAuthenticationPlugin+added.'
% dispatcher.absolute_url())
class ERP5ExternalAuthenticationPlugin(ERP5UserManager, CookieAuthHelper):
class ERP5ExternalAuthenticationPlugin(ERP5UserManager):
"""
External authentification PAS plugin which extracts the user id from HTTP
request header, like REMOTE_USER, openAMid, etc.
......@@ -82,6 +81,15 @@ class ERP5ExternalAuthenticationPlugin(ERP5UserManager, CookieAuthHelper):
+ BasePlugin.manage_options[:]
)
_properties = (({'id':'user_id_key',
'type':'string',
'mode':'w',
'label':'HTTP request header key where the user_id is stored'
},
)
+ BasePlugin._properties[:]
)
def __init__(self, id, title=None, user_id_key=''):
#Register value
self._setId(id)
......@@ -95,9 +103,9 @@ class ERP5ExternalAuthenticationPlugin(ERP5UserManager, CookieAuthHelper):
def extractCredentials(self, request):
""" Extract credentials from the request header. """
creds = {}
user_id = request.getHeader(self.user_id_key, literal=True)
user_id = request.getHeader(self.user_id_key)
if user_id is not None:
creds['login'] = user_id
creds['external_login'] = user_id
#Complete credential with some informations
if creds:
......@@ -115,7 +123,7 @@ class ERP5ExternalAuthenticationPlugin(ERP5UserManager, CookieAuthHelper):
security.declarePrivate('authenticateCredentials')
def authenticateCredentials( self, credentials ):
"""Authentificate with credentials"""
login = credentials.get('login', None)
login = credentials.get('external_login', None)
# Forbidden the usage of the super user.
if login == SUPER_USER:
return None
......
......@@ -763,7 +763,7 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
# self.assertTrue(response.headers['location'].endswith('login_form'))
# view front page we should be logged in if we use authentication key
response = self.publish(base_url, env={user_id_key:reference})
response = self.publish(base_url, env={user_id_key.replace('-', '_').upper():reference})
self.assertEqual(response.getStatus(), 200)
self.assertTrue(reference in response.getBody())
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment