Support PluggableAuthService 1.10.0

See merge request nexedi/erp5!1405

bt5/erp5_advanced_ecommerce_test/SkinTemplateItem/portal_skins/erp5_advanced_ecommerce_test/ERP5Site_createSuperUser.py

@@ -6,5 +6,12 @@ if not acl_users.getUserById('super_user'):
       password='super_user',
       confirm='super_user',
   )
-  acl_users.zodb_roles.assignRoleToPrincipal('Manager', 'super_user')
+  # BBB for PAS 1.9.0 we pass a response and undo the redirect
+  response = container.REQUEST.RESPONSE
+  acl_users.zodb_roles.manage_assignRoleToPrincipals(
+      'Manager',
+      ('super_user',),
+      RESPONSE=response)
+  response.setStatus(200)
+
 return 'Done'

bt5/erp5_officejs_support_request_ui_test/SkinTemplateItem/portal_skins/erp5_officejs_support_request_test/ERP5Site_addManagerAclUserIfNotExisting.py

@@ -6,5 +6,11 @@ if not acl_users.getUserById('user_logout_test'):
       password='user_logout_test',
       confirm='user_logout_test',
   )
-  acl_users.zodb_roles.assignRoleToPrincipal('Manager', 'user_logout_test')
+  # BBB for PAS 1.9.0 we pass a response and undo the redirect
+  response = container.REQUEST.RESPONSE
+  acl_users.zodb_roles.manage_assignRoleToPrincipals(
+      'Manager',
+      ('user_logout_test',),
+      RESPONSE=response)
+  response.setStatus(200)
 return 'done'

bt5/erp5_tiosafe_core/SkinTemplateItem/portal_skins/erp5_integration/IntegrationModule_generateSynchronizationObjects.py

@@ -11,7 +11,13 @@ if not acl_users.getUserById('tiosafe_sync_user'):
       password='tiosafe_sync_user',
       confirm='tiosafe_sync_user',
   )
-  acl_users.zodb_roles.assignRoleToPrincipal('Manager', 'tiosafe_sync_user')
+  # BBB for PAS 1.9.0 we pass a response and undo the redirect
+  response = container.REQUEST.RESPONSE
+  acl_users.zodb_roles.manage_assignRoleToPrincipals(
+      'Manager',
+      ('tiosafe_sync_user',),
+      RESPONSE=response)
+  response.setStatus(200)
 
 node_list = ['invoiced_person_module', 'person_module', 'organisation_module']
 resource_list = ['product_module',]

bt5/erp5_tiosafe_core/SkinTemplateItem/portal_skins/erp5_integration/IntegrationSite_regenerateSynchronizationObjects.py

@@ -11,7 +11,13 @@ if not acl_users.getUserById('tiosafe_sync_user'):
       password='tiosafe_sync_user',
       confirm='tiosafe_sync_user',
   )
-  acl_users.zodb_roles.assignRoleToPrincipal('Manager', 'tiosafe_sync_user')
+  # BBB for PAS 1.9.0 we pass a response and undo the redirect
+  response = container.REQUEST.RESPONSE
+  acl_users.zodb_roles.manage_assignRoleToPrincipals(
+      'Manager',
+      ('tiosafe_sync_user',),
+      RESPONSE=response)
+  response.setStatus(200)
 
 node_list = ['person_module', 'organisation_module']
 resource_list = ['product_module',]

bt5/erp5_tiosafe_core/SkinTemplateItem/portal_skins/erp5_integration/IntegrationSite_updateSynchronizationURL.py

@@ -8,7 +8,13 @@ if not acl_users.getUserById('tiosafe_sync_user'):
       password='tiosafe_sync_user',
       confirm='tiosafe_sync_user',
   )
-  acl_users.zodb_roles.assignRoleToPrincipal('Manager', 'tiosafe_sync_user')
+  # BBB for PAS 1.9.0 we pass a response and undo the redirect
+  response = container.REQUEST.RESPONSE
+  acl_users.zodb_roles.manage_assignRoleToPrincipals(
+      'Manager',
+      ('tiosafe_sync_user',),
+      RESPONSE=response)
+  response.setStatus(200)
 
 
 for im in context.objectValues(portal_type="Integration Module"):

bt5/erp5_tiosafe_core/SkinTemplateItem/portal_skins/erp5_integration/IntegrationTool_createIntegrationSite.py

@@ -14,7 +14,13 @@ if not acl_users.getUserById('tiosafe_sync_user'):
       password='tiosafe_sync_user',
       confirm='tiosafe_sync_user',
   )
-  acl_users.zodb_roles.assignRoleToPrincipal('Manager', 'tiosafe_sync_user')
+  # BBB for PAS 1.9.0 we pass a response and undo the redirect
+  response = container.REQUEST.RESPONSE
+  acl_users.zodb_roles.manage_assignRoleToPrincipals(
+      'Manager',
+      ('tiosafe_sync_user',),
+      RESPONSE=response)
+  response.setStatus(200)
 
 # this dict map the portal type with their type
 mapping_type_dict = {

bt5/erp5_user_tutorial_ui_test/SkinTemplateItem/portal_skins/erp5_user_tutorial_ui_test/Zuite_createAnotherFunctionalTestUser.py

@@ -30,7 +30,13 @@ if person is None:
   login.validate()
 
   # XXX (lucas): These tests must be able to run on an instance without security.
+  # BBB for PAS 1.9.0 we pass a response and undo the redirect
+  response = container.REQUEST.RESPONSE
   for role in ('Assignee', 'Assignor', 'Associate', 'Auditor', 'Owner'):
-    portal.acl_users.zodb_roles.assignRoleToPrincipal(role, person.Person_getUserId())
+    portal.acl_users.zodb_roles.manage_assignRoleToPrincipals(
+        role,
+        (person.Person_getUserId(),),
+        RESPONSE=response)
+    response.setStatus(200)
 
 return 'Done.'

bt5/erp5_user_tutorial_ui_test/SkinTemplateItem/portal_skins/erp5_user_tutorial_ui_test/Zuite_createFunctionalTestUser.py

@@ -30,7 +30,13 @@ if person is None:
   login.validate()
 
   # XXX (lucas): These tests must be able to run on an instance without security.
+  # BBB for PAS 1.9.0 we pass a response and undo the redirect
+  response = container.REQUEST.RESPONSE
   for role in ('Assignee', 'Assignor', 'Associate', 'Auditor', 'Owner'):
-    portal.acl_users.zodb_roles.assignRoleToPrincipal(role, person.Person_getUserId())
+    portal.acl_users.zodb_roles.manage_assignRoleToPrincipals(
+        role,
+        (person.Person_getUserId(),),
+        RESPONSE=response)
+    response.setStatus(200)
 
 return 'Done.'

bt5/erp5_web_renderjs_ui_test/SkinTemplateItem/portal_skins/erp5_web_renderjs_ui_test/ERP5Site_createPersonWhoHasPermissionToAccess.py

@@ -6,5 +6,11 @@ if not acl_users.getUserById('user_logout_test'):
       password='user_logout_test',
       confirm='user_logout_test',
   )
-  acl_users.zodb_roles.assignRoleToPrincipal('Manager', 'user_logout_test')
+  # BBB for PAS 1.9.0 we pass a response and undo the redirect
+  response = container.REQUEST.RESPONSE
+  acl_users.zodb_roles.manage_assignRoleToPrincipals(
+      'Manager',
+      ('user_logout_test',),
+      RESPONSE=response)
+  response.setStatus(200)
 return 'done'

product/ERP5Security/ERP5LoginUserManager.py

@@ -303,5 +303,16 @@ class ERP5LoginUserManager(BasePlugin):
       })
     return tuple(result)
 
+  security.declarePrivate('updateUser')
+  def updateUser(self, user_id, login_name):
+    # Operation not supported here
+    return False
+
+  security.declarePrivate('updateEveryLoginName')
+  def updateEveryLoginName(self, quit_on_first_error=True):
+    # Operation not supported here
+    raise NotImplementedError()
+
+
 classImplements(ERP5LoginUserManager, IAuthenticationPlugin, IUserEnumerationPlugin)
 InitializeClass(ERP5LoginUserManager)

product/ERP5Security/ERP5UserManager.py

@@ -278,6 +278,16 @@ class ERP5UserManager(BasePlugin):
       for user in user_list
     ])
 
+  security.declarePrivate( 'updateUser' )
+  def updateUser(self, user_id, login_name):
+    # Operation not supported here
+    return False
+
+  security.declarePrivate( 'updateEveryLoginName' )
+  def updateEveryLoginName(self, quit_on_first_error=True):
+    # Operation not supported here
+    raise NotImplementedError()
+
   def getUserByLogin(self, login, exact_match=True):
     # Search the Catalog for login and return a list of person objects
     # login can be a string or a list of strings

product/ERP5Security/tests/testERP5Security.py

@@ -744,6 +744,45 @@ class TestPASAPI(UserManagementTestCase):
     verifyClass(IAuthenticationPlugin, ERP5UserManager)
     verifyClass(IUserEnumerationPlugin, ERP5UserManager)
 
+  def test_LoginUserManagerInterfaces(self):
+    """Tests login user manager plugin respects interfaces."""
+    from Products.PluggableAuthService.interfaces.plugins import\
+                IAuthenticationPlugin, IUserEnumerationPlugin
+    from Products.ERP5Security.ERP5LoginUserManager import ERP5LoginUserManager
+    verifyClass(IAuthenticationPlugin, ERP5LoginUserManager)
+    verifyClass(IUserEnumerationPlugin, ERP5LoginUserManager)
+
+  def test_ERP5AccessTokenExtractionPluginInterfaces(self):
+    """Tests access token extraction plugin respects interfaces."""
+    from Products.PluggableAuthService.interfaces.plugins import\
+                IAuthenticationPlugin, ILoginPasswordHostExtractionPlugin
+    from Products.ERP5Security.ERP5AccessTokenExtractionPlugin import\
+                ERP5AccessTokenExtractionPlugin
+    verifyClass(IAuthenticationPlugin, ERP5AccessTokenExtractionPlugin)
+    verifyClass(ILoginPasswordHostExtractionPlugin, ERP5AccessTokenExtractionPlugin)
+
+  def test_ERP5BearerExtractionPluginInterfaces(self):
+    """Tests bearer extraction plugin respects interfaces."""
+    from Products.PluggableAuthService.interfaces.plugins import\
+                ILoginPasswordHostExtractionPlugin
+    from Products.ERP5Security.ERP5BearerExtractionPlugin import\
+                ERP5BearerExtractionPlugin
+    verifyClass(ILoginPasswordHostExtractionPlugin, ERP5BearerExtractionPlugin)
+
+  def test_ERP5DumbHTTPExtractionPluginInterfaces(self):
+    """Tests dumb HTTP extraction plugin respects interfaces."""
+    from Products.PluggableAuthService.interfaces.plugins import\
+                ILoginPasswordHostExtractionPlugin
+    from Products.ERP5Security.ERP5DumbHTTPExtractionPlugin import\
+                ERP5DumbHTTPExtractionPlugin
+    verifyClass(ILoginPasswordHostExtractionPlugin, ERP5DumbHTTPExtractionPlugin)
+
+  def test_RoleManagerInterfaces(self):
+    """Tests role manager plugin respects interfaces."""
+    from Products.PluggableAuthService.interfaces.plugins import IRolesPlugin
+    from Products.ERP5Security.ERP5RoleManager import ERP5RoleManager
+    verifyClass(IRolesPlugin, ERP5RoleManager)
+
   def test_UserFolder(self):
     """Tests user folder has correct meta type."""
     self.assertTrue(isinstance(self.getUserFolder(),