Commit 68af0729 authored by Jérome Perrin's avatar Jérome Perrin

base/credential: fix password type ( use str )

parent 0db50518
...@@ -228,13 +228,13 @@ class TestAuthenticationPolicy(ERP5TypeTestCase): ...@@ -228,13 +228,13 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self.tic() self.tic()
# password change date should be saved as well hashed old password value # password change date should be saved as well hashed old password value
old_password = login.getPassword().decode() old_password = login.getPassword()
self.assertSameSet([old_password], [x.getPassword() for x in self._getPasswordEventList(login)]) self.assertSameSet([old_password], [x.getPassword() for x in self._getPasswordEventList(login)])
# .. test one more time to check history of password is saved in a list # .. test one more time to check history of password is saved in a list
login.setPassword('123456789') login.setPassword('123456789')
self.tic() self.tic()
old_password1 = login.getPassword().decode() old_password1 = login.getPassword()
# password change date should be saved as well hashed old password value # password change date should be saved as well hashed old password value
self.assertSameSet([old_password1, old_password], [x.getPassword() for x in self._getPasswordEventList(login)]) self.assertSameSet([old_password1, old_password], [x.getPassword() for x in self._getPasswordEventList(login)])
...@@ -242,29 +242,29 @@ class TestAuthenticationPolicy(ERP5TypeTestCase): ...@@ -242,29 +242,29 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
# other methods (_setPassword)... # other methods (_setPassword)...
login._setPassword('123456789-1') login._setPassword('123456789-1')
self.tic() self.tic()
old_password2 = login.getPassword().decode() old_password2 = login.getPassword()
self.assertSameSet([old_password2, old_password1, old_password], \ self.assertSameSet([old_password2, old_password1, old_password], \
[x.getPassword() for x in self._getPasswordEventList(login)]) [x.getPassword() for x in self._getPasswordEventList(login)])
# other methods (_forceSetPassword)... # other methods (_forceSetPassword)...
login._forceSetPassword('123456789-2') login._forceSetPassword('123456789-2')
self.tic() self.tic()
old_password3 = login.getPassword().decode() old_password3 = login.getPassword()
self.assertSameSet([old_password3, old_password2, old_password1, old_password], \ self.assertSameSet([old_password3, old_password2, old_password1, old_password], \
[x.getPassword() for x in self._getPasswordEventList(login)]) [x.getPassword() for x in self._getPasswordEventList(login)])
# other methods (setEncodedPassword)... # other methods (setEncodedPassword)...
login.setEncodedPassword(b'123456789-3') login.setEncodedPassword('123456789-3')
self.tic() self.tic()
old_password4 = login.getPassword().decode() old_password4 = login.getPassword()
self.assertSameSet([old_password4, old_password3, old_password2, old_password1, old_password], \ self.assertSameSet([old_password4, old_password3, old_password2, old_password1, old_password], \
[x.getPassword() for x in self._getPasswordEventList(login)]) [x.getPassword() for x in self._getPasswordEventList(login)])
# other methods (edit)... # other methods (edit)...
login.edit(password = '123456789-4') login.edit(password='123456789-4')
self.tic() self.tic()
old_password5 = login.getPassword().decode() old_password5 = login.getPassword()
self.assertSameSet([old_password5, old_password4, old_password3, old_password2, old_password1, old_password], \ self.assertSameSet([old_password5, old_password4, old_password3, old_password2, old_password1, old_password], \
[x.getPassword() for x in self._getPasswordEventList(login)]) [x.getPassword() for x in self._getPasswordEventList(login)])
......
...@@ -36,10 +36,12 @@ from Acquisition import aq_base ...@@ -36,10 +36,12 @@ from Acquisition import aq_base
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from erp5.component.interface.IEncryptedPassword import IEncryptedPassword from erp5.component.interface.IEncryptedPassword import IEncryptedPassword
from Products.ERP5Type.Globals import PersistentMapping from Products.ERP5Type.Globals import PersistentMapping
from Products.ERP5Type.Utils import bytes2str
from Products.CMFCore.utils import _checkPermission from Products.CMFCore.utils import _checkPermission
from Products.CMFCore.exceptions import AccessControl_Unauthorized from Products.CMFCore.exceptions import AccessControl_Unauthorized
from six import string_types as basestring from six import string_types as basestring
@zope.interface.implementer(IEncryptedPassword,) @zope.interface.implementer(IEncryptedPassword,)
class EncryptedPasswordMixin(object): class EncryptedPasswordMixin(object):
"""Encrypted Password Mixin """Encrypted Password Mixin
...@@ -82,8 +84,6 @@ class EncryptedPasswordMixin(object): ...@@ -82,8 +84,6 @@ class EncryptedPasswordMixin(object):
value, value,
format='default', # pylint: disable=redefined-builtin format='default', # pylint: disable=redefined-builtin
): ):
if value is not None and not isinstance(value, bytes):
value = value.encode()
password = getattr(aq_base(self), 'password', None) password = getattr(aq_base(self), 'password', None)
if password is None or isinstance(password, basestring): if password is None or isinstance(password, basestring):
password = self.password = PersistentMapping() password = self.password = PersistentMapping()
...@@ -105,7 +105,7 @@ class EncryptedPasswordMixin(object): ...@@ -105,7 +105,7 @@ class EncryptedPasswordMixin(object):
# workflows on this method. # workflows on this method.
self.password = PersistentMapping() self.password = PersistentMapping()
if value: if value:
self._setEncodedPassword(pw_encrypt(value)) self._setEncodedPassword(bytes2str(pw_encrypt(value)))
def _setPassword(self, value): def _setPassword(self, value):
self.checkPasswordValueAcceptable(value) self.checkPasswordValueAcceptable(value)
......
...@@ -35,7 +35,7 @@ for portal_type in related_portal_type: ...@@ -35,7 +35,7 @@ for portal_type in related_portal_type:
context.CredentialRequest_updateLocalRolesOnSecurityGroups() context.CredentialRequest_updateLocalRolesOnSecurityGroups()
if password is not None: if password is not None:
if password.startswith(b'{SSHA}'): if password.startswith('{SSHA}'):
#password is encoded, set it to None to script witch send the password to user #password is encoded, set it to None to script witch send the password to user
password = None password = None
# Send notification in activities # Send notification in activities
......
# type: () -> bytes # type: () -> str
if context.getId() == 'test_ERP5_Logo_Encrypted_PDF': if context.getId() == 'test_ERP5_Logo_Encrypted_PDF':
return 'secret' return 'secret'
return context.skinSuper('erp5_dms_ui_test', 'PDF_getContentPassword')(REQUEST=REQUEST) return context.skinSuper('erp5_dms_ui_test', 'PDF_getContentPassword')(REQUEST=REQUEST)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment