Commit 376191e9 authored by Ivan Tyagov's avatar Ivan Tyagov

Add new preference which allows site admin to control

password generation (either system sets it(default) or system generates
a Credential Recovery process which allows user set it through one time
active link)
parent c0cfadf6
...@@ -30,7 +30,7 @@ ...@@ -30,7 +30,7 @@
</item> </item>
<item> <item>
<key> <string>last_id</string> </key> <key> <string>last_id</string> </key>
<value> <string>3</string> </value> <value> <string>4</string> </value>
</item> </item>
<item> <item>
<key> <string>portal_type</string> </key> <key> <string>portal_type</string> </key>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Standard Property" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>categories</string> </key>
<value>
<tuple>
<string>elementary_type/boolean</string>
</tuple>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value> <string>If checked system will automatically generate password else user will be allowed to set it through a Credential Recovery.</string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>preferred_system_generate_password_property</string> </value>
</item>
<item>
<key> <string>portal_type</string> </key>
<value> <string>Standard Property</string> </value>
</item>
<item>
<key> <string>preference</string> </key>
<value> <int>1</int> </value>
</item>
<item>
<key> <string>property_default</string> </key>
<value> <string>python: True</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
...@@ -50,15 +50,20 @@ ...@@ -50,15 +50,20 @@
</item> </item>
<item> <item>
<key> <string>_body</string> </key> <key> <string>_body</string> </key>
<value> <string>"""For a credential request as context, we set the related person informations,\n <value> <string>"""\n
the assignments of the person and send notificaiton email\n For a credential request as context, we set the related person informations,\n
Proxy:\n the assignments of the person and send notificaiton email\n
Auditor -- allow to get credential request informations"""\n Proxy:\n
Auditor -- allow to get credential request informations\n
"""\n
\n \n
# check the script is not called from a url\n # check the script is not called from a url\n
if REQUEST is not None:\n if REQUEST is not None:\n
return None\n return None\n
\n \n
portal = context.getPortalObject()\n
portal_preferences = context.portal_preferences\n
\n
# XXX by default we don\'t want to automatically create/update organisation\n # XXX by default we don\'t want to automatically create/update organisation\n
# Someone should confirm this informations before creating the organisation\n # Someone should confirm this informations before creating the organisation\n
#if context.getOrganisationTitle():\n #if context.getOrganisationTitle():\n
...@@ -83,8 +88,10 @@ login, password = context.CredentialRequest_createUser()\n ...@@ -83,8 +88,10 @@ login, password = context.CredentialRequest_createUser()\n
# Update Local Roles\n # Update Local Roles\n
context.CredentialRequest_updateLocalRolesOnSecurityGroups()\n context.CredentialRequest_updateLocalRolesOnSecurityGroups()\n
\n \n
# Send notification in activities\n if portal_preferences.isPreferredSystemGeneratePassword():\n
context.activate(activity=\'SQLQueue\').CredentialRequest_sendAcceptedNotification(login, password)\n # Send notification in activities only if we already generated and set password\n
# else a Credential Recovery process will take care\n
context.activate(activity=\'SQLQueue\').CredentialRequest_sendAcceptedNotification(login, password)\n
</string> </value> </string> </value>
</item> </item>
<item> <item>
......
...@@ -50,13 +50,18 @@ ...@@ -50,13 +50,18 @@
</item> </item>
<item> <item>
<key> <string>_body</string> </key> <key> <string>_body</string> </key>
<value> <string>"""Set reference and password to create a user. Create a global user if SSO enable.\n <value> <string>"""\n
Proxy:\n Set reference and password to create a user. Create a global user if SSO enable.\n
Manager -- allow to set password on all account"""\n Proxy:\n
Manager -- allow to set password on all account\n
"""\n
\n
#Don\'t allow to call from url\n #Don\'t allow to call from url\n
if REQUEST:\n if REQUEST:\n
raise ValueError, "You can not call this script from the url"\n raise ValueError, "You can not call this script from the url"\n
\n \n
portal = context.getPortalObject()\n
portal_preferences = context.portal_preferences\n
person = context.getDestinationDecisionValue(portal_type="Person")\n person = context.getDestinationDecisionValue(portal_type="Person")\n
\n \n
# Create user of the person only if not exist\n # Create user of the person only if not exist\n
...@@ -80,9 +85,20 @@ if not person.getPassword():\n ...@@ -80,9 +85,20 @@ if not person.getPassword():\n
password = context.getPassword()\n password = context.getPassword()\n
person.setEncodedPassword(password)\n person.setEncodedPassword(password)\n
else:\n else:\n
#We should generate a password\n if not portal_preferences.isPreferredSystemGeneratePassword():\n
password = context.Person_generatePassword(alpha=5, numeric=3)\n # user will set it trough a credential recovery process\n
person.setPassword(password)\n password = None\n
module = portal.getDefaultModule(portal_type=\'Credential Recovery\')\n
credential_recovery = module.newContent(\n
portal_type="Credential Recovery",\n
reference=login,\n
destination_decision=person.getRelativeUrl(),\n
language=portal.Localizer.get_selected_language())\n
credential_recovery.submit()\n
else:\n
# system should generate a password\n
password = context.Person_generatePassword(alpha=5, numeric=3)\n
person.setPassword(password)\n
\n \n
# create a global account\n # create a global account\n
if context.ERP5Site_isSingleSignOnEnable():\n if context.ERP5Site_isSingleSignOnEnable():\n
...@@ -95,7 +111,7 @@ else:\n ...@@ -95,7 +111,7 @@ else:\n
#Check assignment for the current instance\n #Check assignment for the current instance\n
person.Person_validateGlobalUserAccount()\n person.Person_validateGlobalUserAccount()\n
\n \n
if password.startswith(\'{SSHA}\'):\n if password is not None and password.startswith(\'{SSHA}\'):\n
#password is encoded, set it to None to script witch send the password to user\n #password is encoded, set it to None to script witch send the password to user\n
password = None\n password = None\n
\n \n
......
...@@ -50,13 +50,15 @@ ...@@ -50,13 +50,15 @@
</item> </item>
<item> <item>
<key> <string>_body</string> </key> <key> <string>_body</string> </key>
<value> <string>"""Send an email after accept a credential request\n <value> <string>"""\n
Proxy: Assignee, Assignor, Member -- allow to send notification by mail\n Send an email after accept a credential request\n
Proxy: Assignee, Assignor, Member -- allow to send notification by mail\n
\n \n
Example of notification message:\n Example of notification message:\n
Congratulation, the creation of you new Instance Name account \'${login_name}\' is finished.\\nYour password is \'${login_password}\'\\nThank you"))\n Congratulation, the creation of you new Instance Name account \'${login_name}\' is finished.\\nYour password is \'${login_password}\'\\nThank you"))\n
Congratulation, the creation of you new Instance Name account \'${user_id}\' is finished.\\n\\nThank you",\n Congratulation, the creation of you new Instance Name account \'${user_id}\' is finished.\\n\\nThank you",\n
"""\n """\n
\n
portal = context.getPortalObject()\n portal = context.getPortalObject()\n
recipient = context.getDestinationDecisionValue(portal_type="Person")\n recipient = context.getDestinationDecisionValue(portal_type="Person")\n
\n \n
......
...@@ -50,11 +50,12 @@ ...@@ -50,11 +50,12 @@
</item> </item>
<item> <item>
<key> <string>_body</string> </key> <key> <string>_body</string> </key>
<value> <string>\'\'\'\n <value> <string>"""\n
This script is used to create the new credential recovery\n This script is used to create the new credential recovery\n
Proxy : Manager proxy role is required to make possible for \n Proxy : Manager proxy role is required to make possible for \n
anonymous to create a new Credential Recovery\n anonymous to create a new Credential Recovery\n
\'\'\'\n """\n
\n
def createCredentialRecovery(**kw):\n def createCredentialRecovery(**kw):\n
module = portal.getDefaultModule(portal_type=\'Credential Recovery\')\n module = portal.getDefaultModule(portal_type=\'Credential Recovery\')\n
credential_recovery = module.newContent(\n credential_recovery = module.newContent(\n
......
...@@ -112,6 +112,7 @@ ...@@ -112,6 +112,7 @@
<list> <list>
<string>my_preferred_ask_credential_question</string> <string>my_preferred_ask_credential_question</string>
<string>my_preferred_email_verification_check</string> <string>my_preferred_email_verification_check</string>
<string>my_preferred_system_generate_password</string>
</list> </list>
</value> </value>
</item> </item>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>delegated_list</string> </key>
<value>
<list>
<string>title</string>
</list>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>my_preferred_system_generate_password</string> </value>
</item>
<item>
<key> <string>message_values</string> </key>
<value>
<dictionary>
<item>
<key> <string>external_validator_failed</string> </key>
<value> <string>The input failed the external validator.</string> </value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>overrides</string> </key>
<value>
<dictionary>
<item>
<key> <string>field_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>form_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>target</string> </key>
<value> <string></string> </value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>tales</string> </key>
<value>
<dictionary>
<item>
<key> <string>field_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>form_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>target</string> </key>
<value> <string></string> </value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>values</string> </key>
<value>
<dictionary>
<item>
<key> <string>field_id</string> </key>
<value> <string>my_checkbox</string> </value>
</item>
<item>
<key> <string>form_id</string> </key>
<value> <string>Base_viewFieldLibrary</string> </value>
</item>
<item>
<key> <string>target</string> </key>
<value> <string>Click to edit the target</string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string>System Generate Password</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
380 381
\ No newline at end of file \ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment