Commit 780a2570 authored by Jérome Perrin's avatar Jérome Perrin

core: display login in caption

user_id are technical things that should not be displayed to users.

In the case of tokens, for now we show "something that's not user id / not the
token secret". That's not ideal but as far as I know whe don't really have use
cases of tokens to show a page where user caption would be displayed.
parent 714520cf
Pipeline #11026 passed with stage
in 0 seconds
......@@ -31,6 +31,8 @@ from ZPublisher.HTTPRequest import HTTPRequest
from ZPublisher.HTTPResponse import HTTPResponse
from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlugin
from DateTime import DateTime
import urllib
import httplib
import base64
import StringIO
import mock
......@@ -124,6 +126,30 @@ class TestERP5AccessTokenSkins(AccessTokenTestCase):
# this is also what will appear in Z2.log
_setUserNameForAccessLog.assert_called_once_with(login, self.portal.REQUEST)
def test_user_caption(self):
person = self._createPerson(self.new_id)
access_url = "%s/Base_getUserCaption" % self.portal.absolute_url()
access_method = "GET"
access_token = self._createRestrictedAccessToken(
self.new_id,
person,
access_method,
access_url)
access_token.validate()
self.tic()
response = self.publish('/%s/Base_getUserCaption?%s' % (
self.portal.getId(),
urllib.urlencode({
'access_token': access_token.getId(),
'access_token_secret': access_token.getReference()})))
self.assertEqual(response.getStatus(), httplib.OK)
# XXX caption currently shows plugin id and relative URL of the token,
# that's not ideal.
self.assertEqual(
response.getBody(),
'erp5_access_token_plugin=%s' % access_token.getRelativeUrl())
def test_bad_token(self):
person = self._createPerson(self.new_id)
access_url = "http://exemple.com/foo"
......
......@@ -190,6 +190,9 @@ class TestGoogleLogin(GoogleLoginTestCase):
self.assertEqual(person.getUserId(), user_id)
self.assertEqual(getUserId(None), login)
self.login(user_id)
self.assertEqual(self.portal.Base_getUserCaption(), login)
def test_auth_cookie(self):
request = self.portal.REQUEST
response = request.RESPONSE
......
# Proxy roles: Manager in case user cannot access their own document.
user = context.getPortalObject().portal_membership.getAuthenticatedMember()
user_value = user.getUserValue()
try:
return user_value.getReference()
except AttributeError:
return user.getId()
return context.getPortalObject().portal_membership.getAuthenticatedMember().getUserName()
\ No newline at end of file
......@@ -52,14 +52,6 @@
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Base_getUserCaption</string> </value>
......
......@@ -811,9 +811,6 @@ class TestUserManagementExternalAuthentication(TestUserManagement):
"""
_, login, _ = self._makePerson()
pas_user, = self.portal.acl_users.searchUsers(login=login, exact_match=True)
reference = self.portal.restrictedTraverse(pas_user['path']).getReference()
base_url = self.portal.absolute_url(relative=1)
# without key we are Anonymous User so we should be redirected with proper HTML
......@@ -828,7 +825,8 @@ class TestUserManagementExternalAuthentication(TestUserManagement):
# view front page we should be logged in if we use authentication key
response = self.publish(base_url, env={self.user_id_key.replace('-', '_').upper(): login})
self.assertEqual(response.getStatus(), 200)
self.assertTrue(reference in response.getBody())
self.assertIn('Logged In', response.getBody())
self.assertIn(login, response.getBody())
class TestLocalRoleManagement(RoleManagementTestCase):
......@@ -1363,3 +1361,19 @@ class TestReindexObjectSecurity(UserManagementTestCase):
check(['immediateReindexObject'] * (len(person) + 1))
self.tic()
class TestUserCaption(UserManagementTestCase):
def test_zodb_user(self):
self.login()
self.assertEqual(self.portal.Base_getUserCaption(), 'ERP5TypeTestCase')
def test_anonymous_user(self):
self.logout()
self.assertEqual(self.portal.Base_getUserCaption(), 'Anonymous User')
def test_erp5_login(self):
user_id, login, _ = self._makePerson()
self.tic()
self.login(user_id)
self.assertEqual(self.portal.Base_getUserCaption(), login)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment