Commit 0d8144ce authored by Ivan Tyagov's avatar Ivan Tyagov

Define an explicit preference if authentication policy should be enabled

or not and use it respectively in isauthenticationPolicyenabled API.
Fix interaction workflow to catch all kind of possible setters.
parent 238be699
......@@ -34,7 +34,7 @@
</item>
<item>
<key> <string>last_id</string> </key>
<value> <string>11</string> </value>
<value> <string>12</string> </value>
</item>
<item>
<key> <string>portal_type</string> </key>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Standard Property" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>categories</string> </key>
<value>
<tuple>
<string>elementary_type/boolean</string>
</tuple>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value> <string>If checked will enforce authentication policy rules site wide.</string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>preferred_authentication_policy_enabled_property</string> </value>
</item>
<item>
<key> <string>portal_type</string> </key>
<value> <string>Standard Property</string> </value>
</item>
<item>
<key> <string>preference</string> </key>
<value> <int>1</int> </value>
</item>
<item>
<key> <string>property_default</string> </key>
<value> <string>python: False</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -73,13 +73,12 @@ def doValidation(person, password):\n
if result<=0:\n
message = context.Base_translateString(message_dict[result])\n
raise ValidationError(\'external_validator_failed\', context, error_text=message)\n
return result\n
\n
# do only for authenticated members\n
if not portal.portal_membership.isAnonymousUser():\n
# find Person object (or authenticated member) and validate it on it (password recovered for an existing account)\n
user_login = request.get(\'field_user_login\', None)\n
person = context.ERP5Site_getAuthenticatedMemberPersonValue(user_login)\n
if person is not None:\n
user_login = request.get(\'field_user_login\', None)\n
# find Person object (or authenticated member) and validate it on it (password recovered for an existing account)\n
person = context.ERP5Site_getAuthenticatedMemberPersonValue(user_login)\n
if person is not None:\n
return doValidation(person, password)\n
\n
# use a temp object (new account created)\n
......@@ -99,6 +98,14 @@ return doValidation(person, password)\n
<key> <string>_params</string> </key>
<value> <string>password, request</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Base_isPasswordValid</string> </value>
......
......@@ -68,7 +68,7 @@ return 0\n
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Person_validatePasswordsMatch</string> </value>
<value> <string>Base_validatePasswordsMatch</string> </value>
</item>
</dictionary>
</pickle>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>"""\n
Determine if a security policy is enabled or not by reading System Preferences.\n
"""\n
from Products.ERP5Type.Cache import CachingMethod\n
\n
def _isAuthenticationPolicyEnabled():\n
portal = context.getPortalObject()\n
portal_preferences = portal.portal_preferences\n
return portal_preferences.getPreferredMaxAuthenticationFailure() or \\\n
portal_preferences.getPreferredMaxPasswordLifetimeDuration()\n
\n
_isAuthenticationPolicyEnabled = CachingMethod(_isAuthenticationPolicyEnabled,\n
id=\'Person_isAuthenticationPolicyEnabled\',\n
cache_factory=\'erp5_content_short\')\n
return _isAuthenticationPolicyEnabled()\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Site_isAuthenticationPolicyEnabled</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -61,7 +61,7 @@ request = context.REQUEST\n
portal = context.getPortalObject()\n
portal_preferences = portal.portal_preferences\n
\n
if not context.ERP5Site_isAuthenticationPolicyEnabled():\n
if not portal_preferences.isAuthenticationPolicyEnabled():\n
# no policy, no sense to block account\n
return 0\n
\n
......
......@@ -57,8 +57,9 @@
"""\n
from DateTime import DateTime\n
portal = context.getPortalObject()\n
portal_preferences = portal.portal_preferences\n
\n
if not context.ERP5Site_isAuthenticationPolicyEnabled():\n
if not portal_preferences.isAuthenticationPolicyEnabled():\n
# no policy, no sense to file failure\n
return 0\n
\n
......
......@@ -52,7 +52,7 @@
<key> <string>_body</string> </key>
<value> <string>portal = context.getPortalObject()\n
\n
if not portal.ERP5Site_isAuthenticationPolicyEnabled():\n
if not portal.portal_preferences.isAuthenticationPolicyEnabled():\n
# no policy, no sense to block account\n
return 0\n
\n
......
......@@ -79,6 +79,7 @@
<key> <string>left</string> </key>
<value>
<list>
<string>my_preferred_authentication_policy_enabled</string>
<string>my_preferred_max_authentication_failure</string>
<string>my_preferred_authentication_failure_check_duration</string>
<string>my_preferred_authentication_failure_block_duration</string>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>delegated_list</string> </key>
<value>
<list>
<string>title</string>
</list>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>my_preferred_authentication_policy_enabled</string> </value>
</item>
<item>
<key> <string>message_values</string> </key>
<value>
<dictionary>
<item>
<key> <string>external_validator_failed</string> </key>
<value> <string>The input failed the external validator.</string> </value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>overrides</string> </key>
<value>
<dictionary>
<item>
<key> <string>field_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>form_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>target</string> </key>
<value> <string></string> </value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>tales</string> </key>
<value>
<dictionary>
<item>
<key> <string>field_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>form_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>target</string> </key>
<value> <string></string> </value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>values</string> </key>
<value>
<dictionary>
<item>
<key> <string>field_id</string> </key>
<value> <string>my_checkbox</string> </value>
</item>
<item>
<key> <string>form_id</string> </key>
<value> <string>Base_viewFieldLibrary</string> </value>
</item>
<item>
<key> <string>target</string> </key>
<value> <string>Click to edit the target</string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string>Enable Authentication Policy</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -27,7 +27,9 @@
<item>
<key> <string>after_script_name</string> </key>
<value>
<tuple/>
<list>
<string>Person_changePassword</string>
</list>
</value>
</item>
<item>
......@@ -55,8 +57,10 @@
<value>
<list>
<string>setPassword</string>
<string>setEncodedPassword</string>
<string>_setPassword</string>
<string>_forceSetPassword</string>
<string>edit</string>
<string>setEncodedPassword</string>
</list>
</value>
</item>
......@@ -75,9 +79,7 @@
<item>
<key> <string>script_name</string> </key>
<value>
<list>
<string>Person_changePassword</string>
</list>
<tuple/>
</value>
</item>
<item>
......
......@@ -62,11 +62,11 @@ if number_of_last_password_to_check is not None and number_of_last_password_to_c
person.setLastPasswordModificationDate(DateTime())\n
old_password_list = person.getLastChangedPasswordValueList()\n
current_password = person.getPassword()\n
if current_password is not None:\n
if current_password is not None and current_password not in old_password_list:\n
# we care only if password is set\n
old_password_list.append(current_password)\n
person.setLastChangedPasswordValueList(old_password_list)\n
#context.log(\'%s %s %s\' %(person.getPassword(), person.getLastPasswordModificationDate(), old_password_list))\n
context.log(\'%s %s %s\' %(person.getPassword(), person.getLastPasswordModificationDate(), old_password_list))\n
</string> </value>
</item>
<item>
......
7
\ No newline at end of file
8
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment