Commit 68e67160 authored by Jérome Perrin's avatar Jérome Perrin

authentication_policy: fix credential recovery on password expiration

Credential Recovery are supposed to be related to persons, not logins.
Extend the tests to make sure that after the credential recovery is
accepted a reset password email is sent and fix authentication_policy
scripts to create a Credential Recovery related to the person.
parent cac1377a
...@@ -9,25 +9,28 @@ portal = context.getPortalObject() ...@@ -9,25 +9,28 @@ portal = context.getPortalObject()
portal_preferences = portal.portal_preferences portal_preferences = portal.portal_preferences
if not portal_preferences.isAuthenticationPolicyEnabled() or \ if not portal_preferences.isAuthenticationPolicyEnabled() or \
not portal.portal_preferences.isPreferredSystemRecoverExpiredPassword(): not portal_preferences.isPreferredSystemRecoverExpiredPassword():
# no policy, no sense to file expire at all or symply system do not configured to # no policy, no sense to file expire at all or symply system do not configured to
return 0 return
user = context.getParentValue()
username = context.getReference()
# Prevent creating new recovery if one was recently created # Prevent creating new recovery if one was recently created
recovery_list = portal.portal_catalog( recovery_list = portal.portal_catalog(
portal_type="Credential Recovery", portal_type="Credential Recovery",
reference=context.getReference(), reference=username,
default_destination_decision_uid=context.getUid(), default_destination_decision_uid=user.getUid(),
creation_date=Query(range="min", creation_date=addToDate(DateTime(), {'day': -1})), creation_date=Query(range="min", creation_date=addToDate(DateTime(), {'day': -1})),
limit=1) limit=1)
if (len(recovery_list) > 0): if recovery_list:
return 0 return
module = portal.getDefaultModule(portal_type='Credential Recovery') module = portal.getDefaultModule(portal_type='Credential Recovery')
credential_recovery = module.newContent( credential_recovery = module.newContent(
portal_type="Credential Recovery", portal_type="Credential Recovery",
reference=context.getReference(), reference=username,
destination_decision_value=context, destination_decision_value=user,
language=portal.Localizer.get_selected_language()) language=portal.Localizer.get_selected_language())
context.serialize() context.serialize()
credential_recovery.submit() credential_recovery.submit()
...@@ -598,7 +598,8 @@ class TestAuthenticationPolicy(ERP5TypeTestCase): ...@@ -598,7 +598,8 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self.tic() self.tic()
person = self.createUser(self.id(), password='password') person = self.createUser(self.id(), password='password')
assignment = person.newContent(portal_type = 'Assignment') person.setDefaultEmailCoordinateText('user@example.com')
assignment = person.newContent(portal_type='Assignment')
assignment.open() assignment.open()
login = person.objectValues(portal_type='ERP5 Login')[0] login = person.objectValues(portal_type='ERP5 Login')[0]
...@@ -618,15 +619,22 @@ class TestAuthenticationPolicy(ERP5TypeTestCase): ...@@ -618,15 +619,22 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self.tic() self.tic()
# and a credential recovery is created automatically # and a credential recovery is created automatically
credential_recovery, = login.getDestinationDecisionRelatedValueList( credential_recovery, = person.getDestinationDecisionRelatedValueList(
portal_type='Credential Recovery') portal_type='Credential Recovery')
# trying to login again does not create a new credential recovery # trying to login again does not create a new credential recovery
response = publish() response = publish()
self.assertTrue(response.getHeader("Location").endswith("login_form"))
self.tic() self.tic()
credential_recovery, = login.getDestinationDecisionRelatedValueList( credential_recovery, = person.getDestinationDecisionRelatedValueList(
portal_type='Credential Recovery') portal_type='Credential Recovery')
credential_recovery.accept()
self.tic()
_, (to,), message = self.portal.MailHost._last_message
self.assertEqual(to, 'user@example.com')
self.assertIn('Password Recovery', message)
def test_HttpRequest(self): def test_HttpRequest(self):
""" """
Check HTTP responses Check HTTP responses
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment