Commit a416d12c authored by Jérome Perrin's avatar Jérome Perrin

authentication_policy: do not depend on immediate reindex

Instead of forcing immediate reindex of password reset event, we can
create the document with a given activity tag, then if we find
activities with this tag, we can assume password reset was just created.

authentication_policy already uses this pattern for
Login_notifyLoginFailure and Login_isLoginBlocked
parent 52ef9d1a
......@@ -7,18 +7,22 @@ from Products.ERP5Type.Cache import CachingMethod
request = context.REQUEST
portal = context.getPortalObject()
def _isPasswordExpired():
def _isPasswordExpired(username):
from DateTime import DateTime
one_hour = 1/24.0
now = DateTime()
max_password_lifetime_duration = portal.portal_preferences.getPreferredMaxPasswordLifetimeDuration()
password_lifetime_expire_warning_duration = portal.portal_preferences.getPreferredPasswordLifetimeExpireWarningDuration()
expire_date_warning = 0
# if password was just changed, login is not expired
# ( password_interaction_workflow/scripts/afterChangePassword reindexes with this tag)
if portal.portal_activities.countMessageWithTag('password_event_%s' % username):
return False, expire_date_warning
last_password_event = portal.portal_catalog.getResultValue(
portal_type = 'Password Event',
default_destination_uid = context.getUid(),
validation_state = 'confirmed',
sort_on = (('creation_date', 'DESC',),))
expire_date_warning = 0
if last_password_event is not None:
last_password_modification_date = last_password_event.getCreationDate()
expire_date = last_password_modification_date + max_password_lifetime_duration*one_hour
......@@ -34,9 +38,9 @@ def _isPasswordExpired():
return False, expire_date_warning
_isPasswordExpired = CachingMethod(_isPasswordExpired,
id='Person_isPasswordExpired_%s' %context.getReference(),
id='Person_isPasswordExpired',
cache_factory='erp5_content_short')
is_password_expired, expire_date = _isPasswordExpired()
is_password_expired, expire_date = _isPasswordExpired(context.getReference())
request.set('is_user_account_password_expired', is_password_expired)
request.set('is_user_account_password_expired_expire_date', expire_date)
......
......@@ -13,6 +13,6 @@ if portal.portal_preferences.getPreferredNumberOfLastPasswordToCheck() or \
destination_value=login,
password=current_password)
password_event.confirm()
# Person_isPasswordExpired cache the wrong result if document is not in catalog.
# As the document is created in the same transaction, it is possible to force reindexation
password_event.immediateReindexObject()
# reindex with a tag that will be checked in Login_isPasswordExpired
password_event.reindexObject(
activate_kw={'tag': 'password_event_%s' % login.getReference()})
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment