Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Laurent S
erp5
Commits
2f5d9aaa
Commit
2f5d9aaa
authored
Jul 25, 2011
by
Ivan Tyagov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow showing a custom message what exactly is wrong with password.
Adjust test accordingly.
parent
8e4b1a28
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
222 additions
and
26 deletions
+222
-26
bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_isPasswordValid.xml
...skins/erp5_authentication_policy/Base_isPasswordValid.xml
+109
-0
bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_isPasswordValid.xml
...ins/erp5_authentication_policy/Person_isPasswordValid.xml
+11
-8
bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_notifyLoginFailure.xml
.../erp5_authentication_policy/Person_notifyLoginFailure.xml
+8
-0
bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_validatePasswordsMatch.xml
...5_authentication_policy/Person_validatePasswordsMatch.xml
+76
-0
bt5/erp5_authentication_policy/bt/revision
bt5/erp5_authentication_policy/bt/revision
+1
-1
product/ERP5/tests/testAuthenticationPolicy.py
product/ERP5/tests/testAuthenticationPolicy.py
+17
-17
No files found.
bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_isPasswordValid.xml
0 → 100644
View file @
2f5d9aaa
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"PythonScript"
module=
"Products.PythonScripts.PythonScript"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
Script_magic
</string>
</key>
<value>
<int>
3
</int>
</value>
</item>
<item>
<key>
<string>
_bind_names
</string>
</key>
<value>
<object>
<klass>
<global
name=
"NameAssignments"
module=
"Shared.DC.Scripts.Bindings"
/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key>
<string>
_asgns
</string>
</key>
<value>
<dictionary>
<item>
<key>
<string>
name_container
</string>
</key>
<value>
<string>
container
</string>
</value>
</item>
<item>
<key>
<string>
name_context
</string>
</key>
<value>
<string>
context
</string>
</value>
</item>
<item>
<key>
<string>
name_m_self
</string>
</key>
<value>
<string>
script
</string>
</value>
</item>
<item>
<key>
<string>
name_subpath
</string>
</key>
<value>
<string>
traverse_subpath
</string>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key>
<string>
_body
</string>
</key>
<value>
<string
encoding=
"cdata"
>
<![CDATA[
"""\n
Form validator which will check if password is valid for the user.\n
"""\n
from Products.ERP5Type.Document import newTempBase\n
from Products.Formulator.Errors import ValidationError\n
\n
portal = context.getPortalObject()\n
\n
message_dict = { 0: \'Unknown error\',\n
-1: \'Too short.\',\n
-2: \'Not complex enough.\',\n
-3: \'You have changed your password too recently.\',\n
-4: \'You have already used this password.\',\n
-5: \'You can not use any parts of your first and last name in password.\'}\n
\n
def doValidation(person, password):\n
# raise so Formulator shows proper message\n
result = person.Person_isPasswordValid(password)\n
if result<=0:\n
message = context.Base_translateString(message_dict[result])\n
raise ValidationError(\'external_validator_failed\', context, error_text=message)\n
\n
# do only for authenticated members\n
if not portal.portal_membership.isAnonymousUser():\n
# find Person object (or authenticated member) and validate it on it (password recovered for an existing account)\n
user_login = request.get(\'field_user_login\', None)\n
person = context.ERP5Site_getAuthenticatedMemberPersonValue(user_login)\n
if person is not None:\n
return doValidation(person, password)\n
\n
# use a temp object (new account created)\n
first_name = request.get(\'field_your_first_name\', None) \n
last_name = request.get(\'field_your_last_name\', None) \n
kw = {\'title\': \'%s %s\' %(first_name, last_name),\n
\'first_name\': first_name,\n
\'last_name\': last_name}\n
person = newTempBase(portal, kw[\'title\'], **kw)\n
\n
return doValidation(person, password)\n
]]>
</string>
</value>
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
password, request
</string>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
Base_isPasswordValid
</string>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_isPasswordValid.xml
View file @
2f5d9aaa
...
...
@@ -53,21 +53,24 @@
<value>
<string
encoding=
"cdata"
>
<![CDATA[
"""\n
Returns if password is valid or not.\n
Returns if password is valid or not. \n
If not valid return a negative code to indicate failure.\n
"""\n
import re
\n
from Products.Formulator.Errors import ValidationError
\n
from DateTime import DateTime\n
import re\n
\n
MARKER = [\'\', None]\n
\n
portal = context.getPortalObject()\n
request = context.REQUEST\n
is_temp_object = context.isTempObject()\n
min_password_length = portal.portal_preferences.getPreferredMinPasswordLength()\n
\n
# not long enough\n
if min_password_length is not None:\n
if len(password) < min_password_length:\n
return
0
\n
return
-1
\n
\n
# password contain X out of following Y regular expression groups ?\n
regular_expression_list = portal.portal_preferences.getPreferredRegularExpressionGroupList()\n
...
...
@@ -81,7 +84,7 @@ if regular_expression_list:\n
#context.log(\'%s %s %s %s\' %(password, group_counter, min_regular_expression_group_number, regular_expression_list))\n
if group_counter < min_regular_expression_group_number:\n
# not enough groups match\n
return
0
\n
return
-2
\n
\n
if not is_temp_object:\n
# not changed in last period ?\n
...
...
@@ -93,13 +96,13 @@ if not is_temp_object:\n
min_password_lifetime_duration is not None and \\\n
(last_password_modification_date + min_password_lifetime_duration*one_hour) >
now:\n
# too early to change password\n
return
0
\n
return
-3
\n
\n
# not already used before ?\n
preferred_number_of_last_password_to_check = portal.portal_preferences.getPreferredNumberOfLastPasswordToCheck()\n
if preferred_number_of_last_password_to_check not in [None, 0]:\n
if context.isPasswordAlreadyUsed(password):\n
return
0
\n
return
-4
\n
\n
# not contain the full name of the user in password or any parts of it (i.e. last and / or first name)\n
if portal.portal_preferences.isPrefferedForceUsernameCheckInPassword():\n
...
...
@@ -121,7 +124,7 @@ if portal.portal_preferences.isPrefferedForceUsernameCheckInPassword():\n
if (first_name not in MARKER and first_name in lower_password) or \\\n
(last_name not in MARKER and last_name in lower_password):\n
# user\'s name must not be contained in password\n
return
0
\n
return
-5
\n
\n
return 1\n
...
...
@@ -130,7 +133,7 @@ return 1\n
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
password
</string>
</value>
<value>
<string>
password
, request={}
</string>
</value>
</item>
<item>
<key>
<string>
_proxy_roles
</string>
</key>
...
...
bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_notifyLoginFailure.xml
View file @
2f5d9aaa
...
...
@@ -93,6 +93,14 @@ return session[key]\n
<key>
<string>
_params
</string>
</key>
<value>
<string></string>
</value>
</item>
<item>
<key>
<string>
_proxy_roles
</string>
</key>
<value>
<tuple>
<string>
Manager
</string>
</tuple>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
Person_notifyLoginFailure
</string>
</value>
...
...
bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_validatePasswordsMatch.xml
0 → 100644
View file @
2f5d9aaa
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"PythonScript"
module=
"Products.PythonScripts.PythonScript"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
Script_magic
</string>
</key>
<value>
<int>
3
</int>
</value>
</item>
<item>
<key>
<string>
_bind_names
</string>
</key>
<value>
<object>
<klass>
<global
name=
"NameAssignments"
module=
"Shared.DC.Scripts.Bindings"
/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key>
<string>
_asgns
</string>
</key>
<value>
<dictionary>
<item>
<key>
<string>
name_container
</string>
</key>
<value>
<string>
container
</string>
</value>
</item>
<item>
<key>
<string>
name_context
</string>
</key>
<value>
<string>
context
</string>
</value>
</item>
<item>
<key>
<string>
name_m_self
</string>
</key>
<value>
<string>
script
</string>
</value>
</item>
<item>
<key>
<string>
name_subpath
</string>
</key>
<value>
<string>
traverse_subpath
</string>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key>
<string>
_body
</string>
</key>
<value>
<string>
"""External Validator for Person_viewDetails/my_password\n
checks that password and confimation matches.\n
"""\n
# XXX: unify\n
password_confirm = request.get(\'field_your_password\',\n
request.get(\'your_password\'))\n
\n
if password_confirm == editor :\n
return 1\n
return 0\n
</string>
</value>
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
editor, request
</string>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
Person_validatePasswordsMatch
</string>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
bt5/erp5_authentication_policy/bt/revision
View file @
2f5d9aaa
6
\ No newline at end of file
7
\ No newline at end of file
product/ERP5/tests/testAuthenticationPolicy.py
View file @
2f5d9aaa
...
...
@@ -218,8 +218,8 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self
.
stepTic
()
self
.
_clearCache
()
self
.
assert
False
(
person
.
isPasswordValid
(
''
))
self
.
assert
False
(
person
.
isPasswordValid
(
'1234567'
))
self
.
assert
Equal
(
-
1
,
person
.
isPasswordValid
(
''
))
self
.
assert
Equal
(
-
1
,
person
.
isPasswordValid
(
'1234567'
))
self
.
assertTrue
(
person
.
isPasswordValid
(
'12345678'
))
# not changed in last x days
...
...
@@ -232,7 +232,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
person
.
setPassword
(
'12345678'
)
self
.
stepTic
()
self
.
assert
False
(
person
.
isPasswordValid
(
'87654321'
))
# if we try to change now we should fail with any password
self
.
assert
Equal
(
-
3
,
person
.
isPasswordValid
(
'87654321'
))
# if we try to change now we should fail with any password
preference
.
setPreferredMinPasswordLifetimeDuration
(
0
)
# remove restriction
self
.
stepTic
()
...
...
@@ -245,7 +245,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self
.
_clearCache
()
person
.
setPassword
(
'12345678'
)
self
.
stepTic
()
self
.
assert
False
(
person
.
isPasswordValid
(
'12345678'
))
# if we try to change now we should fail with this EXACT password
self
.
assert
Equal
(
-
4
,
person
.
isPasswordValid
(
'12345678'
))
# if we try to change now we should fail with this EXACT password
self
.
assertTrue
(
person
.
isPasswordValid
(
'12345678_'
))
# it's OK with another one not used yet
for
password
in
[
'a'
,
'b'
,
'c'
,
'd'
,
'e'
]:
person
.
setPassword
(
password
)
...
...
@@ -255,9 +255,9 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self
.
assertTrue
(
person
.
isPasswordValid
(
'a'
))
self
.
assertTrue
(
person
.
isPasswordValid
(
'b'
))
# only last 3 (including current one are invalid)
self
.
assert
False
(
person
.
isPasswordValid
(
'c'
))
self
.
assert
False
(
person
.
isPasswordValid
(
'd'
))
self
.
assert
False
(
person
.
isPasswordValid
(
'e'
))
self
.
assert
Equal
(
-
4
,
person
.
isPasswordValid
(
'c'
))
self
.
assert
Equal
(
-
4
,
person
.
isPasswordValid
(
'd'
))
self
.
assert
Equal
(
-
4
,
person
.
isPasswordValid
(
'e'
))
# if we remove restricted then all password are usable
preference
.
setPreferredNumberOfLastPasswordToCheck
(
None
)
...
...
@@ -274,7 +274,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self
.
stepTic
()
self
.
assertTrue
(
person
.
isPasswordValid
(
'c'
))
self
.
assertTrue
(
person
.
isPasswordValid
(
'd'
))
self
.
assert
False
(
person
.
isPasswordValid
(
'e'
))
self
.
assert
Equal
(
-
4
,
person
.
isPasswordValid
(
'e'
))
preference
.
setPreferredRegularExpressionGroupList
(
regular_expression_list
)
preference
.
setPreferredMinPasswordLength
(
7
)
...
...
@@ -295,7 +295,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
for
password
in
four_group_password_list
:
self
.
assertTrue
(
person
.
isPasswordValid
(
password
))
for
password
in
three_group_password_list
+
two_group_password_list
+
one_group_password_list
:
self
.
assert
False
(
person
.
isPasswordValid
(
password
))
self
.
assert
Equal
(
-
2
,
person
.
isPasswordValid
(
password
))
# min 3 out of all groups
preference
.
setPreferredMinRegularExpressionGroupNumber
(
3
)
...
...
@@ -305,7 +305,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
for
password
in
four_group_password_list
+
three_group_password_list
:
self
.
assertTrue
(
person
.
isPasswordValid
(
password
))
for
password
in
two_group_password_list
+
one_group_password_list
:
self
.
assert
False
(
person
.
isPasswordValid
(
password
))
self
.
assert
Equal
(
-
2
,
person
.
isPasswordValid
(
password
))
# min 2 out of all groups
preference
.
setPreferredMinRegularExpressionGroupNumber
(
2
)
...
...
@@ -314,7 +314,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
for
password
in
four_group_password_list
+
three_group_password_list
+
two_group_password_list
:
self
.
assertTrue
(
person
.
isPasswordValid
(
password
))
for
password
in
one_group_password_list
:
self
.
assert
False
(
person
.
isPasswordValid
(
password
))
self
.
assert
Equal
(
-
2
,
person
.
isPasswordValid
(
password
))
# min 1 out of all groups
preference
.
setPreferredMinRegularExpressionGroupNumber
(
1
)
...
...
@@ -327,8 +327,8 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
preference
.
setPrefferedForceUsernameCheckInPassword
(
1
)
self
.
_clearCache
()
self
.
stepTic
()
self
.
assert
False
(
person
.
isPasswordValid
(
'abAB#12_%s'
%
person
.
getFirstName
()))
self
.
assert
False
(
person
.
isPasswordValid
(
'abAB#12_%s'
%
person
.
getLastName
()))
self
.
assert
Equal
(
-
5
,
person
.
isPasswordValid
(
'abAB#12_%s'
%
person
.
getFirstName
()))
self
.
assert
Equal
(
-
5
,
person
.
isPasswordValid
(
'abAB#12_%s'
%
person
.
getLastName
()))
preference
.
setPrefferedForceUsernameCheckInPassword
(
0
)
self
.
_clearCache
()
self
.
stepTic
()
...
...
@@ -348,7 +348,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self
.
_clearCache
()
self
.
stepTic
()
# in this case which is basically used in new account creation only length of password matters
self
.
assert
False
(
temp_person
.
Person_isPasswordValid
(
'onlyNine1'
))
self
.
assert
Equal
(
-
1
,
temp_person
.
Person_isPasswordValid
(
'onlyNine1'
))
self
.
assertTrue
(
temp_person
.
Person_isPasswordValid
(
'longEnough1'
))
# make sure re check works on temp as well ( i.e. min 3 out of all groups)
...
...
@@ -360,14 +360,14 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
for
password
in
four_group_password_list
+
three_group_password_list
:
self
.
assertTrue
(
temp_person
.
Person_isPasswordValid
(
password
))
for
password
in
two_group_password_list
+
one_group_password_list
:
self
.
assert
False
(
temp_person
.
Person_isPasswordValid
(
password
))
self
.
assert
Equal
(
-
2
,
temp_person
.
Person_isPasswordValid
(
password
))
# make sure peron's check on username works on temp as well (i.e. not contain the full name of the user)
preference
.
setPrefferedForceUsernameCheckInPassword
(
1
)
self
.
_clearCache
()
self
.
stepTic
()
self
.
assert
False
(
temp_person
.
Person_isPasswordValid
(
'abAB#12_%s'
%
first_name
))
self
.
assert
False
(
temp_person
.
Person_isPasswordValid
(
'abAB#12_%s'
%
last_name
))
self
.
assert
Equal
(
-
5
,
temp_person
.
Person_isPasswordValid
(
'abAB#12_%s'
%
first_name
))
self
.
assert
Equal
(
-
5
,
temp_person
.
Person_isPasswordValid
(
'abAB#12_%s'
%
last_name
))
preference
.
setPrefferedForceUsernameCheckInPassword
(
0
)
self
.
_clearCache
()
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment