Commit f18700eb authored by Romain Courteaud's avatar Romain Courteaud

Implement access token to ease credential downloading.

Allow to query the web site without copy/pasting the user SSL certificates.
The query should be like:
curl -X POST -H "X-Access-Token: ACCESSTOKENVALUE" "https://slaposmaster.example.org/myspace/my_account/request-a-certificate/WebSection_requestNewCertificate"

Access token is destroyed after usage.
The token validity is one day.
parent ce761265
...@@ -79,7 +79,7 @@ return json.dumps({\'access_token\': access_token.getId()})\n ...@@ -79,7 +79,7 @@ return json.dumps({\'access_token\': access_token.getId()})\n
</item> </item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>Base_generateAccessTokenFromJS</string> </value> <value> <string>Base_generateComputerTokenFromJS</string> </value>
</item> </item>
</dictionary> </dictionary>
</pickle> </pickle>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>import json\n
\n
portal = context.getPortalObject()\n
person = portal.ERP5Site_getAuthenticatedMemberPersonValue()\n
\n
# Revoke user certificate\n
try:\n
person.revokeCertificate()\n
except ValueError:\n
pass\n
\n
web_site = context.getWebSiteValue()\n
request_method = "POST"\n
request_url = "%s/%s" % (web_site.absolute_url(), "myspace/my_account/request-a-certificate/WebSection_requestNewCertificate")\n
\n
access_token = portal.access_token_module.newContent(\n
portal_type="One Time Restricted Access Token",\n
agent_value=person,\n
url_string=request_url,\n
url_method="POST",\n
)\n
access_token.validate()\n
\n
request = context.REQUEST\n
response = request.RESPONSE\n
response.setHeader(\'Content-Type\', "application/json")\n
return json.dumps({\'access_token\': access_token.getId()})\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Base_generateCredentialTokenFromJS</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
...@@ -60,15 +60,24 @@ return """\n ...@@ -60,15 +60,24 @@ return """\n
var methods;\n var methods;\n
\n \n
methods = {\n methods = {\n
click: function () {\n click: function (method) {\n
$(this).click(function() {\n $(this).click(function() {\n
$(this).parent().parent()\n $(this).parent().parent()\n
.slapostoken("generateToken");\n .slapostoken(method);\n
return false;\n return false;\n
});\n });\n
},\n },\n
generateToken: function () {\n generateComputerToken: function () {\n
$.ajax("./Base_generateAccessTokenFromJS", {\n $.ajax("./Base_generateComputerTokenFromJS", {\n
context: $(this),\n
success: function(data) {\n
$(this).attr("class", "alignr")\n
.text("New token: " + data.access_token);\n
}\n
})\n
},\n
generateCredentialToken: function () {\n
$.ajax("./Base_generateCredentialTokenFromJS", {\n
context: $(this),\n context: $(this),\n
success: function(data) {\n success: function(data) {\n
$(this).attr("class", "alignr")\n $(this).attr("class", "alignr")\n
...@@ -93,8 +102,10 @@ return """\n ...@@ -93,8 +102,10 @@ return """\n
};\n };\n
}(jQuery));\n }(jQuery));\n
\n \n
$("#tokengenerationlink")\n $("#computertokengenerationlink")\n
.slapostoken("click");\n .slapostoken("click", "generateComputerToken");\n
$("#credentialtokengenerationlink")\n
.slapostoken("click", "generateCredentialToken");\n
</script>\n </script>\n
"""\n """\n
......
...@@ -52,21 +52,27 @@ ...@@ -52,21 +52,27 @@
<key> <string>_body</string> </key> <key> <string>_body</string> </key>
<value> <string>person = context.ERP5Site_getAuthenticatedMemberPersonValue()\n <value> <string>person = context.ERP5Site_getAuthenticatedMemberPersonValue()\n
request = context.REQUEST\n request = context.REQUEST\n
try:\n response = request.RESPONSE\n
certificate = person.getCertificate()\n
request.set(\'portal_status_message\', context.Base_translateString(\'Certificate created.\'))\n
except ValueError:\n
certificate = {\'certificate\': \'\', \'key\': \'\'}\n
request.set(\'portal_status_message\', context.Base_translateString(\'Certificate was already requested, please revoke existing one.\'))\n
request.set(\'your_certificate\', certificate[\'certificate\'])\n
request.set(\'your_key\', certificate[\'key\'])\n
\n \n
return context.WebSection_viewCertificateAsWeb()\n if person is None:\n
response.setStatus(403)\n
else:\n
try:\n
certificate = person.getCertificate()\n
request.set(\'portal_status_message\', context.Base_translateString(\'Certificate created.\'))\n
except ValueError:\n
certificate = {\'certificate\': \'\', \'key\': \'\'}\n
request.set(\'portal_status_message\', context.Base_translateString(\'Certificate was already requested, please revoke existing one.\'))\n
response.setStatus(403)\n
request.set(\'your_certificate\', certificate[\'certificate\'])\n
request.set(\'your_key\', certificate[\'key\'])\n
\n
return context.WebSection_viewCertificateAsWeb()\n
</string> </value> </string> </value>
</item> </item>
<item> <item>
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>form_id, *args, **kwargs</string> </value> <value> <string>*args, **kwargs</string> </value>
</item> </item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
......
...@@ -90,7 +90,8 @@ ...@@ -90,7 +90,8 @@
<string>my_certificate_request_button</string> <string>my_certificate_request_button</string>
<string>my_certificate_revoke_button</string> <string>my_certificate_revoke_button</string>
<string>my_update_credential_button</string> <string>my_update_credential_button</string>
<string>my_token_generate_button</string> <string>my_computer_token_generate_button</string>
<string>my_credential_token_generate_button</string>
<string>your_ad</string> <string>your_ad</string>
</list> </list>
</value> </value>
......
...@@ -20,7 +20,7 @@ ...@@ -20,7 +20,7 @@
</item> </item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>my_token_generate_button</string> </value> <value> <string>my_computer_token_generate_button</string> </value>
</item> </item>
<item> <item>
<key> <string>message_values</string> </key> <key> <string>message_values</string> </key>
...@@ -97,11 +97,11 @@ ...@@ -97,11 +97,11 @@
</item> </item>
<item> <item>
<key> <string>default</string> </key> <key> <string>default</string> </key>
<value> <string>Generate a security token</string> </value> <value> <string>Generate a computer security token</string> </value>
</item> </item>
<item> <item>
<key> <string>extra</string> </key> <key> <string>extra</string> </key>
<value> <string>id="tokengenerationlink"</string> </value> <value> <string>id="computertokengenerationlink"</string> </value>
</item> </item>
<item> <item>
<key> <string>field_id</string> </key> <key> <string>field_id</string> </key>
...@@ -121,7 +121,7 @@ ...@@ -121,7 +121,7 @@
</item> </item>
<item> <item>
<key> <string>title</string> </key> <key> <string>title</string> </key>
<value> <string>Generate a token</string> </value> <value> <string>Generate a computer token</string> </value>
</item> </item>
</dictionary> </dictionary>
</value> </value>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>delegated_list</string> </key>
<value>
<list>
<string>css_class</string>
<string>default</string>
<string>extra</string>
<string>href</string>
<string>title</string>
</list>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>my_credential_token_generate_button</string> </value>
</item>
<item>
<key> <string>message_values</string> </key>
<value>
<dictionary>
<item>
<key> <string>external_validator_failed</string> </key>
<value> <string>The input failed the external validator.</string> </value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>overrides</string> </key>
<value>
<dictionary>
<item>
<key> <string>field_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>form_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>target</string> </key>
<value> <string></string> </value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>tales</string> </key>
<value>
<dictionary>
<item>
<key> <string>css_class</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>default</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>field_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>form_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>href</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>target</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string></string> </value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>values</string> </key>
<value>
<dictionary>
<item>
<key> <string>css_class</string> </key>
<value> <string>nolabel validate alignr</string> </value>
</item>
<item>
<key> <string>default</string> </key>
<value> <string>Generate a credential security token</string> </value>
</item>
<item>
<key> <string>extra</string> </key>
<value> <string>id="credentialtokengenerationlink"</string> </value>
</item>
<item>
<key> <string>field_id</string> </key>
<value> <string>my_hyperlink</string> </value>
</item>
<item>
<key> <string>form_id</string> </key>
<value> <string>Base_viewWebFieldLibrary</string> </value>
</item>
<item>
<key> <string>href</string> </key>
<value> <string>./</string> </value>
</item>
<item>
<key> <string>target</string> </key>
<value> <string>Click to edit the target</string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string>Generate a credential token</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
51 52
\ No newline at end of file \ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment