Commit ab9fe586 authored by Fabien Morin's avatar Fabien Morin

We may want to use password related methods in other class than Person. And

 password is not specific to Person so move them in a separate mixin.

Reviewed by Jérome


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@35683 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent bd02f2b1
...@@ -30,15 +30,12 @@ ...@@ -30,15 +30,12 @@
import zope.interface import zope.interface
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from Products.CMFCore.utils import getToolByName from Products.CMFCore.utils import getToolByName
from Products.CMFCore.utils import _checkPermission
from Products.CMFCore.exceptions import AccessControl_Unauthorized
from Products.ERP5Type.Globals import PersistentMapping
from Acquisition import aq_base
#from Products.ERP5.Core.Node import Node #from Products.ERP5.Core.Node import Node
from Products.ERP5Type import Permissions, PropertySheet, interfaces from Products.ERP5Type import Permissions, PropertySheet, interfaces
from Products.ERP5Type.XMLObject import XMLObject from Products.ERP5Type.XMLObject import XMLObject
from Products.ERP5.mixin.encrypted_password import EncryptedPasswordMixin
try: try:
from Products import PluggableAuthService from Products import PluggableAuthService
...@@ -46,19 +43,8 @@ try: ...@@ -46,19 +43,8 @@ try:
except ImportError: except ImportError:
PluggableAuthService = None PluggableAuthService = None
try:
from AccessControl.AuthEncoding import pw_encrypt
except ImportError:
pw_encrypt = lambda pw:pw
try:
from AccessControl.AuthEncoding import pw_validate
except ImportError:
pw_validate = lambda reference, attempt: reference == attempt
#class Person(Node, XMLObject): #class Person(Node, XMLObject):
class Person(XMLObject): class Person(EncryptedPasswordMixin, XMLObject):
""" """
An Person object holds the information about An Person object holds the information about
an person (ex. you, me, someone in the company, an person (ex. you, me, someone in the company,
...@@ -202,90 +188,6 @@ class Person(XMLObject): ...@@ -202,90 +188,6 @@ class Person(XMLObject):
portal_caches = getToolByName(self.getPortalObject(), 'portal_caches') portal_caches = getToolByName(self.getPortalObject(), 'portal_caches')
portal_caches.clearCache(cache_factory_list=('erp5_content_short', )) portal_caches.clearCache(cache_factory_list=('erp5_content_short', ))
security.declareProtected(Permissions.SetOwnPassword, 'checkPassword')
def checkPassword(self, value) :
"""
Check the password, usefull when changing password
"""
if value is not None :
return pw_validate(self.getPassword(), value)
return False
def _setEncodedPassword(self, value, format='default'):
password = getattr(aq_base(self), 'password', None)
if password is None:
password = self.password = PersistentMapping()
self.password[format] = value
security.declarePublic('setEncodedPassword')
def setEncodedPassword(self, value, format='default'):
"""
Set an already encoded password.
"""
if not _checkPermission(Permissions.SetOwnPassword, self):
raise AccessControl_Unauthorized('setEncodedPassword')
self._setEncodedPassword(value, format=format)
self.reindexObject()
# Because both _setPassword and setPassword are considered as
# public method(They are callable from user directly or through edit method)
# _setPasswordByForce is needed to reset password without security check
# by Password Tool.
def __setPasswordByForce(self, value):
self.password = PersistentMapping()
self._setEncodedPassword(pw_encrypt(value))
def _setPassword(self, value):
if not _checkPermission(Permissions.SetOwnPassword, self):
raise AccessControl_Unauthorized('setPassword')
else:
self.__setPasswordByForce(value)
security.declarePublic('setPassword')
def setPassword(self, value) :
"""
Set the password, only if the password is not empty.
"""
if value is not None:
self._setPassword(value)
self.reindexObject()
security.declareProtected(Permissions.AccessContentsInformation, 'getPassword')
def getPassword(self, *args, **kw):
"""
Retrieve password in desired format.
getPassword([default], [format='default'])
default (anything)
Value to return if no password is set on context.
Default: None
format (string)
String defining the format in which the password is expected.
If passowrd is not available in that format, KeyError will be
raised.
Default: 'default'
"""
marker = []
if len(args):
default_password = args[0]
else:
default_password = None
password = getattr(aq_base(self), 'password', marker)
if password is marker:
password = default_password
else:
format = kw.get('format', 'default')
# Backward compatibility: if it's not a PersistentMapping instance,
# assume it's a monovalued string, which corresponds to default
# password encoding.
if isinstance(password, PersistentMapping):
password = password.get(format, default_password)
else:
if format != 'default':
password = default_password
return password
# Time management # Time management
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
'getAvailableTime') 'getAvailableTime')
......
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2010 Nexedi SA and Contributors. All Rights Reserved.
# Fabien Morin <fabien@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from zope.interface import Interface
class IEncryptedPassword(Interface):
"""
Encrypted Password interface specification
Documents which implement IEncryptedPassword can have get set and check
encrypted password.
"""
def checkPassword(self, value):
"""
Check the password, usefull when changing password
"""
def setEncodedPassword(self, value, format='default'):
"""
Set an already encoded password.
"""
def setPassword(self, value) :
"""
Set the password, only if the password is not empty.
"""
def getPassword(self, *args, **kw):
"""
Retrieve password in desired format.
getPassword([default], [format='default'])
default (anything)
Value to return if no password is set on context.
Default: None
format (string)
String defining the format in which the password is expected.
If passowrd is not available in that format, KeyError will be
raised.
Default: 'default'
"""
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2010 Nexedi SA and Contributors. All Rights Reserved.
# Fabien Morin <fabien@nexedi.com>
# Jean-Paul Smets-Solanes <jp@nexedi.com>
# Kevin Deldycke <kevin_AT_nexedi_DOT_com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import zope.interface
from AccessControl import ClassSecurityInfo
from Acquisition import aq_base
from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Globals import PersistentMapping
from Products.CMFCore.utils import _checkPermission
from Products.CMFCore.exceptions import AccessControl_Unauthorized
try:
from AccessControl.AuthEncoding import pw_encrypt
except ImportError:
pw_encrypt = lambda pw:pw
try:
from AccessControl.AuthEncoding import pw_validate
except ImportError:
pw_validate = lambda reference, attempt: reference == attempt
class EncryptedPasswordMixin:
# Declarative security
security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation)
# Declarative interfaces
zope.interface.implements(interfaces.IEncryptedPassword,)
security.declareProtected(Permissions.SetOwnPassword, 'checkPassword')
def checkPassword(self, value) :
"""
"""
if value is not None :
return pw_validate(self.getPassword(), value)
return False
def _setEncodedPassword(self, value, format='default'):
password = getattr(aq_base(self), 'password', None)
if password is None:
password = self.password = PersistentMapping()
self.password[format] = value
security.declarePublic('setEncodedPassword')
def setEncodedPassword(self, value, format='default'):
"""
"""
if not _checkPermission(Permissions.SetOwnPassword, self):
raise AccessControl_Unauthorized('setEncodedPassword')
self._setEncodedPassword(value, format=format)
self.reindexObject()
# Because both _setPassword and setPassword are considered as
# public method(They are callable from user directly or through edit method)
# _setPasswordByForce is needed to reset password without security check
# by Password Tool.
def __setPasswordByForce(self, value):
self.password = PersistentMapping()
self._setEncodedPassword(pw_encrypt(value))
def _setPassword(self, value):
if not _checkPermission(Permissions.SetOwnPassword, self):
raise AccessControl_Unauthorized('setPassword')
else:
self.__setPasswordByForce(value)
security.declarePublic('setPassword')
def setPassword(self, value) :
"""
"""
if value is not None:
self._setPassword(value)
self.reindexObject()
security.declareProtected(Permissions.AccessContentsInformation, 'getPassword')
def getPassword(self, *args, **kw):
"""
"""
marker = []
if len(args):
default_password = args[0]
else:
default_password = None
password = getattr(aq_base(self), 'password', marker)
if password is marker:
password = default_password
else:
format = kw.get('format', 'default')
# Backward compatibility: if it's not a PersistentMapping instance,
# assume it's a monovalued string, which corresponds to default
# password encoding.
if isinstance(password, PersistentMapping):
password = password.get(format, default_password)
else:
if format != 'default':
password = default_password
return password
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment