Commit 55c89b74 authored by Rafael Monnerat's avatar Rafael Monnerat

ERP5Security: External Auhentication Plugin accepts Login portal type list

   This allow the administrator define which Login portal types are searched.
parent 7bec363d
...@@ -41,11 +41,11 @@ manage_addERP5ExternalAuthenticationPluginForm = PageTemplateFile( ...@@ -41,11 +41,11 @@ manage_addERP5ExternalAuthenticationPluginForm = PageTemplateFile(
'www/ERP5Security_addERP5ExternalAuthenticationPlugin', globals(), 'www/ERP5Security_addERP5ExternalAuthenticationPlugin', globals(),
__name__='manage_addERP5ExternalAuthenticationPluginForm') __name__='manage_addERP5ExternalAuthenticationPluginForm')
def addERP5ExternalAuthenticationPlugin(dispatcher, id, title=None, user_id_key='', def addERP5ExternalAuthenticationPlugin(dispatcher, id, title=None, user_id_key='',
REQUEST=None): login_portal_type_list=None, REQUEST=None):
""" Add a ERP5ExternalAuthenticationPlugin to a Pluggable Auth Service. """ """ Add a ERP5ExternalAuthenticationPlugin to a Pluggable Auth Service. """
plugin = ERP5ExternalAuthenticationPlugin(id, title, user_id_key) plugin = ERP5ExternalAuthenticationPlugin(id, title, user_id_key, login_portal_type_list)
dispatcher._setObject(plugin.getId(), plugin) dispatcher._setObject(plugin.getId(), plugin)
if REQUEST is not None: if REQUEST is not None:
...@@ -76,16 +76,28 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin): ...@@ -76,16 +76,28 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin):
'mode':'w', 'mode':'w',
'label':'HTTP request header key where the user_id is stored' 'label':'HTTP request header key where the user_id is stored'
}, },
{'id': 'login_portal_type_list',
'type':'lines',
'mode':'w',
'label': 'List of Login Portal Types to search'
},
) )
+ BasePlugin._properties[:] + BasePlugin._properties[:]
) )
def __init__(self, id, title=None, user_id_key=''): def __init__(self, id, title=None, user_id_key='', login_portal_type_list=None):
#Register value #Register value
self._setId(id) self._setId(id)
self.title = title self.title = title
self.user_id_key = user_id_key self.user_id_key = user_id_key
if login_portal_type_list is None:
# Keep at least one portal type as Login
login_portal_type_list = ["ERP5 Login"]
self.login_portal_type_list = login_portal_type_list
#################################### ####################################
#ILoginPasswordHostExtractionPlugin# #ILoginPasswordHostExtractionPlugin#
#################################### ####################################
...@@ -97,9 +109,10 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin): ...@@ -97,9 +109,10 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin):
if getHeader is None: if getHeader is None:
# use get_header instead for Zope-2.8 # use get_header instead for Zope-2.8
getHeader = request.get_header getHeader = request.get_header
user_id = getHeader(self.user_id_key) external_login = getHeader(self.user_id_key)
if user_id is not None: if external_login is not None:
creds['external_login'] = user_id creds['external_login'] = external_login
creds['login_portal_type'] = self.login_portal_type_list
else: else:
# fallback to default way # fallback to default way
return DumbHTTPExtractor().extractCredentials(request) return DumbHTTPExtractor().extractCredentials(request)
...@@ -125,7 +138,7 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin): ...@@ -125,7 +138,7 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin):
__name__='manage_editERP5ExternalAuthenticationPluginForm') __name__='manage_editERP5ExternalAuthenticationPluginForm')
security.declareProtected(ManageUsers, 'manage_editERP5ExternalAuthenticationPlugin') security.declareProtected(ManageUsers, 'manage_editERP5ExternalAuthenticationPlugin')
def manage_editERP5ExternalAuthenticationPlugin(self, user_id_key, RESPONSE=None): def manage_editERP5ExternalAuthenticationPlugin(self, user_id_key, login_portal_type_list, RESPONSE=None):
"""Edit the object""" """Edit the object"""
error_message = '' error_message = ''
...@@ -135,6 +148,11 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin): ...@@ -135,6 +148,11 @@ class ERP5ExternalAuthenticationPlugin(BasePlugin):
else: else:
self.user_id_key = user_id_key self.user_id_key = user_id_key
if login_portal_type_list == '' or login_portal_type_list is None:
error_message += 'Invalid portal type value '
else:
self.login_portal_type_list = login_portal_type_list
#Redirect #Redirect
if RESPONSE is not None: if RESPONSE is not None:
if error_message != '': if error_message != '':
......
...@@ -36,6 +36,17 @@ ...@@ -36,6 +36,17 @@
<input type="text" name="user_id_key" size="40" /> <input type="text" name="user_id_key" size="40" />
</td> </td>
</tr> </tr>
<tr>
<td align="left" valign="top">
<div class="form-label">
List of Login Portal Types (One per line)
</div>
</td>
<td align="left" valign="top">
<textarea name="login_portal_type_list:lines" rows="6" cols="35">ERP5 Login
</textarea>
</td>
</tr>
<tr> <tr>
<td colspan="2"> <input type="submit" value="add plugin"/> <td colspan="2"> <input type="submit" value="add plugin"/>
</td> </td>
......
...@@ -7,7 +7,9 @@ ...@@ -7,7 +7,9 @@
<form action="manage_editERP5ExternalAuthenticationPlugin" method="POST"> <form action="manage_editERP5ExternalAuthenticationPlugin" method="POST">
<table tal:define="user_id_key request/user_id_key|context/user_id_key|string:;"> <table tal:define="user_id_key request/user_id_key|context/user_id_key|string:;
login_portal_type_list_ request/login_portal_type_list|context/login_portal_type_list|string:;
login_portal_type_list python: '\n'.join(login_portal_type_list_)">
<tr> <tr>
<td>HTTP request header key where the user_id is stored</td> <td>HTTP request header key where the user_id is stored</td>
...@@ -16,6 +18,14 @@ ...@@ -16,6 +18,14 @@
tal:attributes="value user_id_key;" /> tal:attributes="value user_id_key;" />
</td> </td>
</tr> </tr>
<tr>
<td>List of Login Portal Types (One per Line)</td>
<td>
<textarea name="login_portal_type_list:lines" rows="6" cols="35"
tal:content="login_portal_type_list">
</textarea>
</td>
</tr>
<tr> <tr>
<td colspan="2"> <td colspan="2">
<input type="submit" value="save"/> <input type="submit" value="save"/>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment