Commit cfe42150 authored by Jérome Perrin's avatar Jérome Perrin

only fill the cache if authentication is successful


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@27234 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent b9270ed5
...@@ -57,6 +57,14 @@ def addERP5UserManager(dispatcher, id, title=None, REQUEST=None): ...@@ -57,6 +57,14 @@ def addERP5UserManager(dispatcher, id, title=None, REQUEST=None):
'ERP5UserManager+added.' 'ERP5UserManager+added.'
% dispatcher.absolute_url()) % dispatcher.absolute_url())
class _AuthenticationFailure(Exception):
"""Raised when authentication failed, to prevent caching the fact that a user
does not exist (yet), which happens when someone try to login before the user
account is ready (like when the indexing not finished, an assignment not open
etc...)
"""
class ERP5UserManager(BasePlugin): class ERP5UserManager(BasePlugin):
""" PAS plugin for managing users in ERP5 """ PAS plugin for managing users in ERP5
""" """
...@@ -91,7 +99,7 @@ class ERP5UserManager(BasePlugin): ...@@ -91,7 +99,7 @@ class ERP5UserManager(BasePlugin):
user_list = self.getUserByLogin(login) user_list = self.getUserByLogin(login)
if not user_list: if not user_list:
return None raise _AuthenticationFailure()
user = user_list[0] user = user_list[0]
...@@ -118,16 +126,18 @@ class ERP5UserManager(BasePlugin): ...@@ -118,16 +126,18 @@ class ERP5UserManager(BasePlugin):
return login, login # use same for user_id and login return login, login # use same for user_id and login
finally: finally:
setSecurityManager(sm) setSecurityManager(sm)
raise _AuthenticationFailure()
return None
_authenticateCredentials = CachingMethod(_authenticateCredentials, _authenticateCredentials = CachingMethod(_authenticateCredentials,
id='ERP5UserManager_authenticateCredentials', id='ERP5UserManager_authenticateCredentials',
cache_factory='erp5_content_short') cache_factory='erp5_content_short')
try:
return _authenticateCredentials( return _authenticateCredentials(
login=credentials.get('login'), login=credentials.get('login'),
password=credentials.get('password'), password=credentials.get('password'),
path=self.getPhysicalPath()) path=self.getPhysicalPath())
except _AuthenticationFailure:
return None
# #
# IUserEnumerationPlugin implementation # IUserEnumerationPlugin implementation
...@@ -163,6 +173,7 @@ class ERP5UserManager(BasePlugin): ...@@ -163,6 +173,7 @@ class ERP5UserManager(BasePlugin):
return tuple(user_info) return tuple(user_info)
# XXX is this cache usefull ???
_enumerateUsers = CachingMethod(_enumerateUsers, _enumerateUsers = CachingMethod(_enumerateUsers,
id='ERP5UserManager_enumerateUsers', id='ERP5UserManager_enumerateUsers',
cache_factory='erp5_content_short') cache_factory='erp5_content_short')
...@@ -249,12 +260,20 @@ class ERP5UserManager(BasePlugin): ...@@ -249,12 +260,20 @@ class ERP5UserManager(BasePlugin):
# LIMIT 1000 # LIMIT 1000
# "bar OR foo" because of ZSQLCatalog tokenizing searched sgtrings # "bar OR foo" because of ZSQLCatalog tokenizing searched sgtrings
# by default (feature). # by default (feature).
return [x.path for x in result if (not exact_match) or x['reference'] in login] result = [x.path for x in result if (not exact_match)
or x['reference'] in login]
if not result:
raise _AuthenticationFailure()
return result
_getUserByLogin = CachingMethod(_getUserByLogin, _getUserByLogin = CachingMethod(_getUserByLogin,
id='ERP5UserManager_getUserByLogin', id='ERP5UserManager_getUserByLogin',
cache_factory='erp5_content_short') cache_factory='erp5_content_short')
result = _getUserByLogin(login, exact_match) try:
return [portal.unrestrictedTraverse(x) for x in result] return [portal.unrestrictedTraverse(x) for x in
_getUserByLogin(login, exact_match)]
except _AuthenticationFailure:
return []
classImplements( ERP5UserManager classImplements( ERP5UserManager
, IAuthenticationPlugin , IAuthenticationPlugin
......
...@@ -285,6 +285,23 @@ class TestUserManagement(ERP5TypeTestCase): ...@@ -285,6 +285,23 @@ class TestUserManagement(ERP5TypeTestCase):
assi.close() assi.close()
self._assertUserDoesNotExists('the_user', 'secret') self._assertUserDoesNotExists('the_user', 'secret')
def test_PersonNotIndexedNotCached(self):
pers = self._makePerson(password='secret',)
pers.setReference('the_user')
# not indexed yet
self._assertUserDoesNotExists('the_user', 'secret')
transaction.commit()
self.tic()
self._assertUserExists('the_user', 'secret')
def test_PersonNotValidNotCached(self):
pers = self._makePerson(reference='the_user', password='other',)
self._assertUserDoesNotExists('the_user', 'secret')
pers.setPassword('secret')
self._assertUserExists('the_user', 'secret')
def test_AssignmentWithDate(self): def test_AssignmentWithDate(self):
"""Tests a person with an assignment with correct date is a valid user.""" """Tests a person with an assignment with correct date is a valid user."""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment