slapos_cloud&slap_tool: Get user from its Certificate Login

  Now we dont rely on the document reference anymore.
  Invoke generateCertificate on tests else the user isnt valid.
  Note:  Login name returns the Certificate Login reference, to keep
    backward compatibility with the API (and current usage) it user
    the actual user reference, so it is easier to identify which document
    set the access status.

master/bt5/slapos_cloud/MixinTemplateItem/portal_components/mixin.erp5.SlapOSCacheMixin.py

@@ -109,8 +109,8 @@ class SlapOSCacheMixin:
     return self._setAccessStatus("%s %s" % (BUILDING, text), state, reindex)
 
   def _setAccessStatus(self, text, state="", reindex=0):
-    user_reference = self.getPortalObject().portal_membership.getAuthenticatedMember()\
-                                                   .getUserName()
+    user = self.getPortalObject().portal_membership.getAuthenticatedMember()\
+                                                   .getUserValue()
 
     previous = self._getCachedAccessInfo()
     created_at = rfc1123_date(DateTime())
@@ -125,6 +125,11 @@ class SlapOSCacheMixin:
       if state == "":
         state = previous_json.get("state", "")
 
+    if user is not None:
+      user_reference = user.getReference()
+    else:
+      user_reference = self.getPortalObject().portal_membership.getAuthenticatedMember()\
+                                                   .getUserName()
     value = json.dumps({
       'user': '%s' % user_reference,
       'created_at': '%s' % created_at,

master/bt5/slapos_cloud/MixinTemplateItem/portal_components/mixin.erp5.SlapOSComputeNodeMixin.py

@@ -157,8 +157,14 @@ class SlapOSComputeNodeMixin(object):
 
   def _getComputeNodeInformation(self, user, refresh_etag):
     portal = self.getPortalObject()
-    user_document = _assertACI(portal.portal_catalog.unrestrictedGetResultValue(
-      reference=user, portal_type=['Person', 'Compute Node', 'Software Instance']))
+    login = portal.portal_catalog.unrestrictedGetResultValue(
+      reference=user, portal_type="Certificate Login",
+      parent_portal_type=['Person', 'Compute Node', 'Software Instance'])
+
+    if not login:
+      raise Unauthorized('User %s not found!' % user)
+
+    user_document = _assertACI(login.getParentValue())
     user_type = user_document.getPortalType()
 
     if user_type in ('Compute Node', 'Person'):

master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5DefaultScenario.py

@@ -18,6 +18,7 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 #
 ##############################################################################
+
 from erp5.component.test.SlapOSTestCaseDefaultScenarioMixin import DefaultScenarioMixin
 from DateTime import DateTime
 import re
@@ -48,6 +49,7 @@ class TestSlapOSDefaultScenario(DefaultScenarioMixin):
     self.setAccessToMemcached(public_server)
     self.assertNotEqual(None, public_server)
     self.setServerOpenPublic(public_server)
+    public_server.generateCertificate()
 
     personal_server_title = 'Personal Server for %s' % owner_reference
     personal_server_id = self.requestComputeNode(personal_server_title)
@@ -56,6 +58,7 @@ class TestSlapOSDefaultScenario(DefaultScenarioMixin):
     self.setAccessToMemcached(personal_server)
     self.assertNotEqual(None, personal_server)
     self.setServerOpenPersonal(personal_server)
+    personal_server.generateCertificate()
 
     # and install some software on them
     public_server_software = self.generateNewSoftwareReleaseUrl()

master/bt5/slapos_slap_tool/ToolComponentTemplateItem/portal_components/tool.erp5.SlapTool.py

@@ -173,9 +173,9 @@ class SlapTool(BaseTool):
     Reuses slap library for easy marshalling.
     """
     portal = self.getPortalObject()
-    user = portal.portal_membership.getAuthenticatedMember().getUserName()
-    if str(user) == computer_id:
-      compute_node = portal.portal_membership.getAuthenticatedMember().getUserValue()
+    user_value = portal.portal_membership.getAuthenticatedMember().getUserValue()
+    if user_value is not None and user_value.getReference() == computer_id:
+      compute_node = user_value
       compute_node.setAccessStatus(computer_id)
     else:
       # Don't use getDocument because we don't want use _assertACI here, but
@@ -186,11 +186,18 @@ class SlapTool(BaseTool):
 
     refresh_etag = compute_node._calculateRefreshEtag()
 
+    user = portal.portal_membership.getAuthenticatedMember().getUserName()
     # Keep compatibility with older clients that relies on marshalling.
     # This code is an adaptation of SlapOSComputeNodeMixin._getComputeNodeInformation
     # To comply with cache capability.
-    user_document = _assertACI(portal.portal_catalog.unrestrictedGetResultValue(
-      reference=user, portal_type=['Person', 'Compute Node', 'Software Instance']))
+    login = portal.portal_catalog.unrestrictedGetResultValue(
+      reference=user, portal_type="Certificate Login",
+      parent_portal_type=['Person', 'Compute Node', 'Software Instance'])
+
+    if not login:
+      raise Unauthorized('User %s not found!' % user)
+
+    user_document = _assertACI(login.getParentValue())
     user_type = user_document.getPortalType()
     if user_type in ('Compute Node', 'Person'):
       if not compute_node._isTestRun():

master/bt5/slapos_subscription_request/TestTemplateItem/portal_components/test.erp5.testSlapOSSubscriptionScenario.py

@@ -1186,6 +1186,9 @@ return dict(vads_url_already_registered="%s/already_registered" % (payment_trans
     # format the compute_nodes
     self.formatComputeNode(subscription_server)
 
+    # Without certificate computer isnt a user yet.
+    subscription_server.generateCertificate()
+
     self.tic()
     self.logout()
     return subscription_server