Commit b45f325f authored by Ivan Tyagov's avatar Ivan Tyagov

Add key authentication plugin (preliminary work of FX) and extend tests to...

Add key authentication plugin (preliminary work of FX) and extend tests to basic cover it. This is a work in progress and needs improvements (see XXX) and better test coverage.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@34434 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent f8179b18
This diff is collapsed.
...@@ -25,6 +25,7 @@ import ERP5UserManager ...@@ -25,6 +25,7 @@ import ERP5UserManager
import ERP5GroupManager import ERP5GroupManager
import ERP5RoleManager import ERP5RoleManager
import ERP5UserFactory import ERP5UserFactory
import ERP5KeyAuthPlugin
def mergedLocalRoles(object): def mergedLocalRoles(object):
"""Returns a merging of object and its ancestors' """Returns a merging of object and its ancestors'
...@@ -58,6 +59,7 @@ registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type) ...@@ -58,6 +59,7 @@ registerMultiPlugin(ERP5UserManager.ERP5UserManager.meta_type)
registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type) registerMultiPlugin(ERP5GroupManager.ERP5GroupManager.meta_type)
registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type) registerMultiPlugin(ERP5RoleManager.ERP5RoleManager.meta_type)
registerMultiPlugin(ERP5UserFactory.ERP5UserFactory.meta_type) registerMultiPlugin(ERP5UserFactory.ERP5UserFactory.meta_type)
registerMultiPlugin(ERP5KeyAuthPlugin.ERP5KeyAuthPlugin.meta_type)
def initialize(context): def initialize(context):
...@@ -97,3 +99,12 @@ def initialize(context): ...@@ -97,3 +99,12 @@ def initialize(context):
, icon='www/portal.gif' , icon='www/portal.gif'
) )
context.registerClass( ERP5KeyAuthPlugin.ERP5KeyAuthPlugin
, permission=ManageUsers
, constructors=(
ERP5KeyAuthPlugin.manage_addERP5KeyAuthPluginForm,
ERP5KeyAuthPlugin.addERP5KeyAuthPlugin, )
, visibility=None
, icon='www/portal.gif'
)
...@@ -619,6 +619,56 @@ class TestLocalRoleManagement(ERP5TypeTestCase): ...@@ -619,6 +619,56 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
basic='guest:guest') basic='guest:guest')
self.assertEqual(response.getStatus(), 401) self.assertEqual(response.getStatus(), 401)
def testKeyAuthentication(self):
"""
Make sure that we can grant security using a key.
"""
# add key authentication PAS plugin
portal = self.portal
uf = portal.acl_users
uf.manage_addProduct['ERP5Security'].addERP5KeyAuthPlugin(
id="erp5_auth_key", \
title="ERP5 Auth key",\
encryption_key='fdgfhkfjhltylutyu',
cookie_name='__key',\
default_cookie_name='__ac')
erp5_auth_key_plugin = getattr(uf, "erp5_auth_key")
erp5_auth_key_plugin.manage_activateInterfaces(
interfaces=['IExtractionPlugin',
'IAuthenticationPlugin',
'ICredentialsUpdatePlugin',
'ICredentialsResetPlugin'])
self.stepTic()
reference = 'UserReferenceTextWhichShouldBeHardToGeneratedInAnyHumanOrComputerLanguage'
loginable_person = self.getPersonModule().newContent(portal_type='Person',
reference=reference,
password='guest')
assignment = loginable_person.newContent(portal_type='Assignment',
function='another_subcat')
assignment.open()
self.stepTic()
# encrypt & decrypt works
key = erp5_auth_key_plugin.encrypt(reference)
self.assertNotEquals(reference, key)
self.assertEquals(reference, erp5_auth_key_plugin.decrypt(key))
base_url = '%s/view' %portal.absolute_url(relative=1)
# without key we are Anonymous User so we should be redirected with proper HTML
# status code to login_form
response = self.publish(base_url)
self.assertEqual(response.getStatus(), 302)
self.assertTrue('location' in response.headers.keys())
self.assertTrue(response.headers['location'].endswith('login_form'))
# view front page we should be logged in if we use authentication key
response = self.publish('%s?__ac_key=%s' %(base_url, key))
self.assertEqual(response.getStatus(), 200)
self.assertTrue(reference in response.getBody())
def test_suite(): def test_suite():
suite = unittest.TestSuite() suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestUserManagement)) suite.addTest(unittest.makeSuite(TestUserManagement))
......
<h1 tal:replace="structure context/manage_page_header">PAGE HEADER</h1>
<h2 tal:define="form_title string:Add ERP5 Key Authentication PAS"
tal:replace="structure context/manage_form_title">FORM TITLE</h2>
<p class="form-help">Please input the configuration</p>
<form action="addERP5KeyAuthPlugin" method="POST">
<table cellspacing="0" cellpadding="2" border="0">
<tr>
<td align="left" valign="top">
<div class="form-label">
Id
</div>
</td>
<td align="left" valign="top">
<input type="text" name="id" size="40" />
</td>
</tr>
<tr>
<td align="left" valign="top">
<div class="form-label">
Title
</div>
</td>
<td align="left" valign="top">
<input type="text" name="title" size="40" />
</td>
</tr>
<tr>
<td align="left" valign="top">
<div class="form-label">
Encryption Key
</div>
</td>
<td align="left" valign="top">
<input type="text" name="encryption_key" size="40" />
</td>
</tr>
<tr>
<td align="left" valign="top">
<div class="form-label">
Cookie Name
</div>
</td>
<td align="left" valign="top">
<input type="text" name="cookie_name"
value="__key" size="40" />
</td>
</tr>
<tr>
<td align="left" valign="top">
<div class="form-label">
Default Cookie Name
</div>
</td>
<td align="left" valign="top">
<input type="text" name="default_cookie_name"
value="__ac" size="40" />
</td>
</tr>
<tr>
<td colspan="2"> <input type="submit" value="add plugin"/>
</td>
</tr>
</table>
</form>
<h1 tal:replace="structure context/manage_page_footer">PAGE FOOTER</h1>
<h1 tal:replace="structure context/manage_page_header">PAGE HEADER</h1>
<h2 tal:replace="structure here/manage_tabs"> TABS </h2>
<h2 tal:define="form_title string:Edit ERP5 Key Authentification Plugin"
tal:replace="structure context/manage_form_title">FORM TITLE</h2>
<p class="form-help">Please input the configuration for the radius host</p>
<form action="manage_editKeyAuthPlugin" method="POST">
<table tal:define="encryption_key request/encryption_key|context/encryption_key|string:;
default_cookie_name request/default_cookie_name|context/default_cookie_name|string:;
cookie_name request/cookie_name|context/cookie_name|string:;">
<tr>
<td> Encryption Key </td>
<td>
<input type="text" name="encryption_key" value=""
tal:attributes="value encryption_key;" />
</td>
</tr>
<tr>
<td> Cookie Name </td>
<td>
<input type="text" name="cookie_name" value=""
tal:attributes="value cookie_name;" />
</td>
</tr>
<tr>
<td> Default Cookie Name </td>
<td>
<input type="text" name="default_cookie_name" value=""
tal:attributes="value default_cookie_name;" />
</td>
</tr>
<tr>
<td colspan="2">
<input type="submit" value="save"/>
</td>
</tr>
</table>
</form>
<h1 tal:replace="structure context/manage_page_footer">PAGE FOOTER</h1>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment