Define an explicit preference if authentication policy should be enabled

or not and use it respectively in isauthenticationPolicyenabled API. Fix interaction workflow to catch all kind of possible setters.

Define an explicit preference if authentication policy should be enabled
or not and use it respectively in isauthenticationPolicyenabled API. Fix interaction workflow to catch all kind of possible setters.
0d8144ce · Ivan Tyagov · 238be699 · 0d8144ce · 0d8144ce · 0d8144ce
Commit 0d8144ce authored Jul 27, 2011 by Ivan Tyagov
13 changed files
--- a/bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference.xml
+++ b/bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference.xml
@@ -34,7 +34,7 @@
        </item>
        <item>
            <key> <string>last_id</string> </key>
-            <value> <string>11</string> </value>
+            <value> <string>12</string> </value>
        </item>
        <item>
            <key> <string>portal_type</string> </key>

--- a/bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference/preferred_authentication_policy_enabled_property.xml
+++ b/bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference/preferred_authentication_policy_enabled_property.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Standard Property" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>elementary_type/boolean</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string>If checked will enforce authentication policy rules site wide.</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>preferred_authentication_policy_enabled_property</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Standard Property</string> </value>
+        </item>
+        <item>
+            <key> <string>preference</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+        <item>
+            <key> <string>property_default</string> </key>
+            <value> <string>python: False</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_isPasswordValid.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_isPasswordValid.xml
@@ -73,14 +73,13 @@ def doValidation(person, password):\n
  if result<=0:\n
    message = context.Base_translateString(message_dict[result])\n
    raise ValidationError(\'external_validator_failed\', context, error_text=message)\n
+  return result\n
 \n
-# do only for authenticated members\n
-if not portal.portal_membership.isAnonymousUser():\n
-  # find Person object (or authenticated member) and validate it on it (password recovered for an existing account)\n
-  user_login = request.get(\'field_user_login\', None)\n
-  person = context.ERP5Site_getAuthenticatedMemberPersonValue(user_login)\n
-  if person is not None:\n
-    return doValidation(person, password)\n
+user_login = request.get(\'field_user_login\', None)\n
+# find Person object (or authenticated member) and validate it on it (password recovered for an existing account)\n
+person = context.ERP5Site_getAuthenticatedMemberPersonValue(user_login)\n
+if person is not None:\n
+  return doValidation(person, password)\n
 \n
 # use a temp object (new account created)\n
 first_name = request.get(\'field_your_first_name\', None) \n
@@ -99,6 +98,14 @@ return doValidation(person, password)\n
            <key> <string>_params</string> </key>
            <value> <string>password, request</string> </value>
        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
        <item>
            <key> <string>id</string> </key>
            <value> <string>Base_isPasswordValid</string> </value>

--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_validatePasswordsMatch.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_validatePasswordsMatch.xml
@@ -68,7 +68,7 @@ return 0\n
        </item>
        <item>
            <key> <string>id</string> </key>
-            <value> <string>Person_validatePasswordsMatch</string> </value>
+            <value> <string>Base_validatePasswordsMatch</string> </value>
        </item>
      </dictionary>
    </pickle>

--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/ERP5Site_isAuthenticationPolicyEnabled.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/ERP5Site_isAuthenticationPolicyEnabled.xml
-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>Script_magic</string> </key>
-            <value> <int>3</int> </value>
-        </item>
-        <item>
-            <key> <string>_bind_names</string> </key>
-            <value>
-              <object>
-                <klass>
-                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
-                </klass>
-                <tuple/>
-                <state>
-                  <dictionary>
-                    <item>
-                        <key> <string>_asgns</string> </key>
-                        <value>
-                          <dictionary>
-                            <item>
-                                <key> <string>name_container</string> </key>
-                                <value> <string>container</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_context</string> </key>
-                                <value> <string>context</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_m_self</string> </key>
-                                <value> <string>script</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_subpath</string> </key>
-                                <value> <string>traverse_subpath</string> </value>
-                            </item>
-                          </dictionary>
-                        </value>
-                    </item>
-                  </dictionary>
-                </state>
-              </object>
-            </value>
-        </item>
-        <item>
-            <key> <string>_body</string> </key>
-            <value> <string>"""\n
-  Determine if a security policy is enabled or not by reading System Preferences.\n
-"""\n
-from Products.ERP5Type.Cache import CachingMethod\n
-\n
-def _isAuthenticationPolicyEnabled():\n
-  portal = context.getPortalObject()\n
-  portal_preferences = portal.portal_preferences\n
-  return portal_preferences.getPreferredMaxAuthenticationFailure() or \\\n
-         portal_preferences.getPreferredMaxPasswordLifetimeDuration()\n
-\n
-_isAuthenticationPolicyEnabled = CachingMethod(_isAuthenticationPolicyEnabled,\n
-                                               id=\'Person_isAuthenticationPolicyEnabled\',\n
-                                               cache_factory=\'erp5_content_short\')\n
-return _isAuthenticationPolicyEnabled()\n
-</string> </value>
-        </item>
-        <item>
-            <key> <string>_params</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>ERP5Site_isAuthenticationPolicyEnabled</string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>
--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_isLoginBlocked.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_isLoginBlocked.xml
@@ -61,7 +61,7 @@ request = context.REQUEST\n
 portal = context.getPortalObject()\n
 portal_preferences = portal.portal_preferences\n
 \n
-if not context.ERP5Site_isAuthenticationPolicyEnabled():\n
+if not portal_preferences.isAuthenticationPolicyEnabled():\n
  # no policy, no sense to block account\n
  return 0\n
 \n

--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_notifyLoginFailure.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_notifyLoginFailure.xml
@@ -57,8 +57,9 @@
 """\n
 from DateTime import DateTime\n
 portal = context.getPortalObject()\n
+portal_preferences = portal.portal_preferences\n
 \n
-if not context.ERP5Site_isAuthenticationPolicyEnabled():\n
+if not portal_preferences.isAuthenticationPolicyEnabled():\n
  # no policy, no sense to file failure\n
  return 0\n
 \n

--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_unblockLogin.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_unblockLogin.xml
@@ -52,7 +52,7 @@
            <key> <string>_body</string> </key>
            <value> <string>portal = context.getPortalObject()\n
 \n
-if not portal.ERP5Site_isAuthenticationPolicyEnabled():\n
+if not portal.portal_preferences.isAuthenticationPolicyEnabled():\n
  # no policy, no sense to block account\n
  return 0\n
 \n

--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy.xml
@@ -79,6 +79,7 @@
                    <key> <string>left</string> </key>
                    <value>
                      <list>
+                        <string>my_preferred_authentication_policy_enabled</string>
                        <string>my_preferred_max_authentication_failure</string>
                        <string>my_preferred_authentication_failure_check_duration</string>
                        <string>my_preferred_authentication_failure_block_duration</string>

--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy/my_preferred_authentication_policy_enabled.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy/my_preferred_authentication_policy_enabled.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>delegated_list</string> </key>
+            <value>
+              <list>
+                <string>title</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>my_preferred_authentication_policy_enabled</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string>my_checkbox</string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string>Base_viewFieldLibrary</string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string>Click to edit the target</string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string>Enable Authentication Policy</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/interactions/changePassword.xml
+++ b/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/interactions/changePassword.xml
@@ -27,7 +27,9 @@
        <item>
            <key> <string>after_script_name</string> </key>
            <value>
-              <tuple/>
+              <list>
+                <string>Person_changePassword</string>
+              </list>
            </value>
        </item>
        <item>
@@ -55,8 +57,10 @@
            <value>
              <list>
                <string>setPassword</string>
-                <string>setEncodedPassword</string>
+                <string>_setPassword</string>
                <string>_forceSetPassword</string>
+                <string>edit</string>
+                <string>setEncodedPassword</string>
              </list>
            </value>
        </item>
@@ -75,9 +79,7 @@
        <item>
            <key> <string>script_name</string> </key>
            <value>
-              <list>
-                <string>Person_changePassword</string>
-              </list>
+              <tuple/>
            </value>
        </item>
        <item>

--- a/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/Person_changePassword.xml
+++ b/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/Person_changePassword.xml
@@ -62,11 +62,11 @@ if number_of_last_password_to_check is not None and number_of_last_password_to_c
  person.setLastPasswordModificationDate(DateTime())\n
  old_password_list = person.getLastChangedPasswordValueList()\n
  current_password = person.getPassword()\n
-  if current_password is not None:\n
+  if current_password is not None and current_password not in old_password_list:\n
    # we care only if password is set\n
    old_password_list.append(current_password)\n
-  person.setLastChangedPasswordValueList(old_password_list)\n
-  #context.log(\'%s %s %s\' %(person.getPassword(), person.getLastPasswordModificationDate(), old_password_list))\n
+    person.setLastChangedPasswordValueList(old_password_list)\n
+    context.log(\'%s %s %s\' %(person.getPassword(), person.getLastPasswordModificationDate(), old_password_list))\n
 </string> </value>
        </item>
        <item>

--- a/bt5/erp5_authentication_policy/bt/revision
+++ b/bt5/erp5_authentication_policy/bt/revision
-7
\ No newline at end of file
+8
\ No newline at end of file