Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alecs_myu
erp5
Commits
adb649bd
Commit
adb649bd
authored
Feb 26, 2019
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
access_token: post upgrade constraint to enable PAS plugins
parent
c957099d
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
288 additions
and
19 deletions
+288
-19
bt5/erp5_access_token/PortalTypePropertySheetTemplateItem/property_sheet_list.xml
...rtalTypePropertySheetTemplateItem/property_sheet_list.xml
+3
-0
bt5/erp5_access_token/PropertySheetTemplateItem/portal_property_sheets/TemplateToolERP5AccessTokenExtractionPluginConstraint.xml
...TemplateToolERP5AccessTokenExtractionPluginConstraint.xml
+66
-0
bt5/erp5_access_token/PropertySheetTemplateItem/portal_property_sheets/TemplateToolERP5AccessTokenExtractionPluginConstraint/ERP5AccessTokenExtractionPlugin_existence_constraint.xml
.../ERP5AccessTokenExtractionPlugin_existence_constraint.xml
+80
-0
bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency.py
...eckERP5AccessTokenExtractionPluginExistenceConsistency.py
+46
-0
bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency.xml
...ckERP5AccessTokenExtractionPluginExistenceConsistency.xml
+62
-0
bt5/erp5_access_token/TestTemplateItem/portal_components/test.erp5.testERP5AccessToken.py
...teItem/portal_components/test.erp5.testERP5AccessToken.py
+28
-18
bt5/erp5_access_token/bt/template_portal_type_property_sheet_list
..._access_token/bt/template_portal_type_property_sheet_list
+2
-1
bt5/erp5_access_token/bt/template_property_sheet_id_list
bt5/erp5_access_token/bt/template_property_sheet_id_list
+1
-0
No files found.
bt5/erp5_access_token/PortalTypePropertySheetTemplateItem/property_sheet_list.xml
View file @
adb649bd
...
...
@@ -6,4 +6,7 @@
<item>
Reference
</item>
<item>
Url
</item>
</portal_type>
<portal_type
id=
"Template Tool"
>
<item>
TemplateToolERP5AccessTokenExtractionPluginConstraint
</item>
</portal_type>
</property_sheet_list>
\ No newline at end of file
bt5/erp5_access_token/PropertySheetTemplateItem/portal_property_sheets/TemplateToolERP5AccessTokenExtractionPluginConstraint.xml
0 → 100644
View file @
adb649bd
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"Property Sheet"
module=
"erp5.portal_type"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
_count
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAI=
</string>
</persistent>
</value>
</item>
<item>
<key>
<string>
_mt_index
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAM=
</string>
</persistent>
</value>
</item>
<item>
<key>
<string>
_tree
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAQ=
</string>
</persistent>
</value>
</item>
<item>
<key>
<string>
description
</string>
</key>
<value>
<none/>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
TemplateToolERP5AccessTokenExtractionPluginConstraint
</string>
</value>
</item>
<item>
<key>
<string>
portal_type
</string>
</key>
<value>
<string>
Property Sheet
</string>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"2"
aka=
"AAAAAAAAAAI="
>
<pickle>
<global
name=
"Length"
module=
"BTrees.Length"
/>
</pickle>
<pickle>
<int>
0
</int>
</pickle>
</record>
<record
id=
"3"
aka=
"AAAAAAAAAAM="
>
<pickle>
<global
name=
"OOBTree"
module=
"BTrees.OOBTree"
/>
</pickle>
<pickle>
<none/>
</pickle>
</record>
<record
id=
"4"
aka=
"AAAAAAAAAAQ="
>
<pickle>
<global
name=
"OOBTree"
module=
"BTrees.OOBTree"
/>
</pickle>
<pickle>
<none/>
</pickle>
</record>
</ZopeData>
bt5/erp5_access_token/PropertySheetTemplateItem/portal_property_sheets/TemplateToolERP5AccessTokenExtractionPluginConstraint/ERP5AccessTokenExtractionPlugin_existence_constraint.xml
0 → 100644
View file @
adb649bd
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"Script Constraint"
module=
"erp5.portal_type"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
_identity_criterion
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAI=
</string>
</persistent>
</value>
</item>
<item>
<key>
<string>
_range_criterion
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAM=
</string>
</persistent>
</value>
</item>
<item>
<key>
<string>
categories
</string>
</key>
<value>
<tuple>
<string>
constraint_type/post_upgrade
</string>
</tuple>
</value>
</item>
<item>
<key>
<string>
description
</string>
</key>
<value>
<none/>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
ERP5AccessTokenExtractionPlugin_existence_constraint
</string>
</value>
</item>
<item>
<key>
<string>
portal_type
</string>
</key>
<value>
<string>
Script Constraint
</string>
</value>
</item>
<item>
<key>
<string>
script_id
</string>
</key>
<value>
<string>
TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency
</string>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"2"
aka=
"AAAAAAAAAAI="
>
<pickle>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
data
</string>
</key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"3"
aka=
"AAAAAAAAAAM="
>
<pickle>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
data
</string>
</key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency.py
0 → 100644
View file @
adb649bd
acl_users
=
context
.
getPortalObject
().
acl_users
token_extraction_id
=
"erp5_access_token_plugin"
access_token_plugin_list
=
[
plugin
for
plugin
in
acl_users
.
objectValues
()
if
plugin
.
meta_type
==
'ERP5 Access Token Extraction Plugin'
]
if
len
(
access_token_plugin_list
)
>
1
:
return
[
"More than one plugin found: %s"
%
access_token_plugin_list
]
error_list
=
[]
if
not
access_token_plugin_list
:
# A dumb http extraction plugin is required as fallback if we use an access token
# since https://github.com/Nexedi/erp5/commit/0bee523da0075c6efe3c06296dddd01d9dd5045a
# we enable it automatically at site creation, but for compatibility with old instances
# make sure it is created if needed
if
'erp5_dumb_http_extraction'
not
in
acl_users
.
objectIds
():
error_list
.
append
(
"erp5_dumb_http_extraction is missing"
)
if
fixit
:
dispacher
=
acl_users
.
manage_addProduct
[
'ERP5Security'
]
dispacher
.
addERP5DumbHTTPExtractionPlugin
(
'erp5_dumb_http_extraction'
)
acl_users
.
erp5_dumb_http_extraction
.
manage_activateInterfaces
((
'IExtractionPlugin'
,
))
error_list
.
append
(
"erp5_access_token_plugin is missing"
)
if
fixit
:
dispacher
=
acl_users
.
manage_addProduct
[
'ERP5Security'
]
dispacher
.
addERP5AccessTokenExtractionPlugin
(
token_extraction_id
)
access_token_plugin_list
=
[
getattr
(
acl_users
,
token_extraction_id
)]
if
access_token_plugin_list
:
access_token_plugin
,
=
access_token_plugin_list
# We only check that our plugin is enabled for IAuthenticationPlugin, this covers both
# cases where plugin was not enabled at all or was enabled only for IExtractionPlugin
IAuthenticationPlugin
=
[
# Products.PluggableAuthService.interfaces.plugins.IAuthenticationPlugin cannot
# be imported in restricted python but we can get it this way.
x
for
x
in
acl_users
.
plugins
.
listPluginTypeInfo
()
if
x
[
'id'
]
==
'IAuthenticationPlugin'
][
0
][
'interface'
]
if
(
access_token_plugin
.
getId
()
not
in
acl_users
.
plugins
.
listPluginIds
(
IAuthenticationPlugin
)):
error_list
.
append
(
"erp5_access_token_plugin is not activated"
)
if
fixit
:
access_token_plugin
.
manage_activateInterfaces
((
'IExtractionPlugin'
,
'IAuthenticationPlugin'
,))
return
error_list
bt5/erp5_access_token/SkinTemplateItem/portal_skins/erp5_access_token/TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency.xml
0 → 100644
View file @
adb649bd
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"PythonScript"
module=
"Products.PythonScripts.PythonScript"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
Script_magic
</string>
</key>
<value>
<int>
3
</int>
</value>
</item>
<item>
<key>
<string>
_bind_names
</string>
</key>
<value>
<object>
<klass>
<global
name=
"NameAssignments"
module=
"Shared.DC.Scripts.Bindings"
/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key>
<string>
_asgns
</string>
</key>
<value>
<dictionary>
<item>
<key>
<string>
name_container
</string>
</key>
<value>
<string>
container
</string>
</value>
</item>
<item>
<key>
<string>
name_context
</string>
</key>
<value>
<string>
context
</string>
</value>
</item>
<item>
<key>
<string>
name_m_self
</string>
</key>
<value>
<string>
script
</string>
</value>
</item>
<item>
<key>
<string>
name_subpath
</string>
</key>
<value>
<string>
traverse_subpath
</string>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
fixit=False
</string>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency
</string>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
bt5/erp5_access_token/TestTemplateItem/portal_components/test.erp5.testERP5AccessToken.py
View file @
adb649bd
...
...
@@ -29,6 +29,7 @@
from
ZPublisher.HTTPRequest
import
HTTPRequest
from
ZPublisher.HTTPResponse
import
HTTPResponse
from
Products.PluggableAuthService.interfaces.plugins
import
IAuthenticationPlugin
from
DateTime
import
DateTime
import
base64
import
StringIO
...
...
@@ -55,7 +56,6 @@ class AccessTokenTestCase(ERP5TypeTestCase):
class
TestERP5AccessTokenSkins
(
AccessTokenTestCase
):
test_token_extraction_id
=
'test_erp5_access_token_extraction'
def
generateNewId
(
self
):
return
str
(
self
.
portal
.
portal_ids
.
generateNewId
(
...
...
@@ -66,27 +66,13 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
This is ran before anything, used to set the environment
"""
self
.
new_id
=
self
.
generateNewId
()
self
.
_setupAccessTokenExtraction
()
self
.
portal
.
portal_templates
.
TemplateTool_checkERP5AccessTokenExtractionPluginExistenceConsistency
(
fixit
=
True
)
self
.
tic
()
def
_setupAccessTokenExtraction
(
self
):
pas
=
self
.
portal
.
acl_users
access_extraction_list
=
[
q
for
q
in
pas
.
objectValues
()
\
if
q
.
meta_type
==
'ERP5 Access Token Extraction Plugin'
]
if
len
(
access_extraction_list
)
==
0
:
dispacher
=
pas
.
manage_addProduct
[
'ERP5Security'
]
dispacher
.
addERP5AccessTokenExtractionPlugin
(
self
.
test_token_extraction_id
)
getattr
(
pas
,
self
.
test_token_extraction_id
).
manage_activateInterfaces
(
(
'IExtractionPlugin'
,
'IAuthenticationPlugin'
))
elif
len
(
access_extraction_list
)
==
1
:
self
.
test_token_extraction_id
=
access_extraction_list
[
0
].
getId
()
elif
len
(
access_extraction_list
)
>
1
:
raise
ValueError
self
.
commit
()
def
_getTokenCredential
(
self
,
request
):
"""Authenticate the request and return (user_id, login) or None if not authorized."""
plugin
=
getattr
(
self
.
portal
.
acl_users
,
self
.
test_token_extraction_id
)
plugin
=
self
.
portal
.
acl_users
.
erp5_access_token_plugin
return
plugin
.
authenticateCredentials
(
plugin
.
extractCredentials
(
request
))
def
_createRestrictedAccessToken
(
self
,
new_id
,
person
,
method
,
url_string
):
...
...
@@ -412,3 +398,27 @@ class TestERP5DumbHTTPExtractionPlugin(AccessTokenTestCase):
request
=
self
.
do_fake_request
(
"GET"
,
{
"HTTP_AUTHORIZATION"
:
"Basic "
+
base64
.
b64encode
(
"%s:test"
%
self
.
new_id
)})
ret
=
ERP5DumbHTTPExtractionPlugin
(
"default_extraction"
).
extractCredentials
(
request
)
self
.
assertEqual
(
ret
,
{
'login'
:
self
.
new_id
,
'password'
:
'test'
,
'remote_host'
:
'bobo.remote.host'
,
'remote_address'
:
'204.183.226.81 '
})
class
TestERP5AccessTokenUpgraderEnablePlugin
(
AccessTokenTestCase
):
def
afterSetUp
(
self
):
# disable plugin if it had been enabled by another test.
acl_users
=
self
.
portal
.
acl_users
acl_users
.
manage_delObjects
(
ids
=
[
x
.
getId
()
for
x
in
acl_users
.
objectValues
(
spec
=
(
'ERP5 Access Token Extraction Plugin'
,))])
self
.
commit
()
def
test_post_upgrade_constraint_enable_plugin
(
self
):
consistency_list
=
self
.
portal
.
portal_templates
.
checkConsistency
(
filter
=
{
"constraint_type"
:
"post_upgrade"
})
self
.
assertIn
(
'erp5_access_token_plugin is missing'
,
[
x
.
message
for
x
in
consistency_list
])
self
.
portal
.
portal_templates
.
checkConsistency
(
fixit
=
True
,
filter
=
{
"constraint_type"
:
"post_upgrade"
})
self
.
commit
()
self
.
assertIn
(
'erp5_access_token_plugin'
,
self
.
portal
.
acl_users
.
plugins
.
listPluginIds
(
IAuthenticationPlugin
))
\ No newline at end of file
bt5/erp5_access_token/bt/template_portal_type_property_sheet_list
View file @
adb649bd
One Time Restricted Access Token | Url
Restricted Access Token | Reference
Restricted Access Token | Url
\ No newline at end of file
Restricted Access Token | Url
Template Tool | TemplateToolERP5AccessTokenExtractionPluginConstraint
\ No newline at end of file
bt5/erp5_access_token/bt/template_property_sheet_id_list
0 → 100644
View file @
adb649bd
TemplateToolERP5AccessTokenExtractionPluginConstraint
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment