Commit 9ca9edce authored by Xiaowu Zhang's avatar Xiaowu Zhang

erp5_authentication_policy: prevent to create too much credential recovery

See merge request nexedi/erp5!1210
parents 7c72a354 6c0d018e
......@@ -25,12 +25,16 @@ recovery_list = portal.portal_catalog(
limit=1)
if recovery_list:
return
tag = 'credential_recovery_%s' %context.getReference()
if portal.portal_activities.countMessageWithTag(tag):
return
module = portal.getDefaultModule(portal_type='Credential Recovery')
credential_recovery = module.newContent(
portal_type="Credential Recovery",
reference=username,
destination_decision_value=user,
language=portal.Localizer.get_selected_language())
language=portal.Localizer.get_selected_language(),
activate_kw={'tag': tag})
context.serialize()
credential_recovery.submit()
......@@ -634,13 +634,16 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
basic=self.id() + ':password',
)
# User cannot login
# fire 5 requests, only 1 credential recovery should be created
for i in range(5):
response = publish()
self.assertTrue(response.getHeader("Location").endswith("login_form"))
self.tic()
# and a credential recovery is created automatically
credential_recovery, = person.getDestinationDecisionRelatedValueList(
credential_recovery_list = person.getDestinationDecisionRelatedValueList(
portal_type='Credential Recovery')
self.assertEqual(len(credential_recovery_list), 1)
# trying to login again does not create a new credential recovery
response = publish()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment