def setupProxyMultiPlugins(context):
"""
install the Proxy Multi Plugins and activate the PAS services.
"""
if context.readDataFile('sitesadmin-proxy-required.txt') is None:
return
out = StringIO()
portal = context.getSite()
userFolder = getToolByName(portal, 'acl_users')
if 'sitesadmin_proxy' not in userFolder.objectIds():
product = userFolder.manage_addProduct['leocornus.sitesadmin']
product.manage_addProxyMultiPlugins('sitesadmin_proxy')
print >> out, "Added SitesAdmin Proxy Mutli Plugins"
# activate the plugin and
activatePluginInterfaces(portal, 'sitesadmin_proxy', out)
# We should deactivate all other authentication plugins.
userFolder.plugins.deactivatePlugin(IAuthenticationPlugin, 'session')
userFolder.plugins.deactivatePlugin(IAuthenticationPlugin,
'source_users')
# the proxy plugin should be the last choice!
plugins = userFolder.plugins
plugins.movePluginsDown(IAuthenticationPlugin, ['sitesadmin_proxy'])
def import_various(context):
"""
Install the PwExpiryPlugin
"""
if context.readDataFile('collective_pwexpiry_default.txt') is None:
return
portal = context.getSite()
ps = portal.portal_setup
acl = getToolByName(portal, 'acl_users')
installed = acl.objectIds()
if 'pwexpiry' not in installed:
addPwExpiryPlugin(acl, 'pwexpiry', 'PwExpiry Plugin')
activatePluginInterfaces(portal, 'pwexpiry')
for i in range(len(acl.plugins.listPluginIds(IChallengePlugin))):
acl.plugins.movePluginsUp(IChallengePlugin, ['pwexpiry'])
else:
logger.info('pwexpiry already installed')
if 'pwdisable' not in installed:
addPwDisablePlugin(acl, 'pwdisable', 'PwDisable Plugin')
activatePluginInterfaces(portal, 'pwdisable')
for i in range(len(acl.plugins.listPluginIds(IChallengePlugin))):
acl.plugins.movePluginsUp(IChallengePlugin, ['pwdisable'])
else:
logger.info('pwdisable already installed')
if not IS_PLONE_5:
profile = 'profile-collective.pwexpiry:plone4'
ps.runAllImportStepsFromProfile(profile)
def installPASPlugin(portal, name='cs-twitter-users'):
out = StringIO()
userFolder = portal['acl_users']
if name not in userFolder:
plugin = CSTwitterUsers(name, 'CS Twitter Users')
userFolder[name] = plugin
# Activate all interfaces
activatePluginInterfaces(portal, name, out)
# Move plugin to the top of the list for each active interface
plugins = userFolder['plugins']
for info in plugins.listPluginTypeInfo():
interface = info['interface']
if plugin.testImplements(interface):
active = list(plugins.listPluginIds(interface))
if name in active:
active.remove(name)
active.insert(0, name)
plugins._plugins[interface] = tuple(active)
return out.getvalue()
def import_various(context):
"""
Install the PwExpiryPlugin
"""
if context.readDataFile("collective_pwexpiry_default.txt") is None:
return
portal = context.getSite()
ps = portal.portal_setup
acl = getToolByName(portal, "acl_users")
installed = acl.objectIds()
if "pwexpiry" not in installed:
addPwExpiryPlugin(acl, "pwexpiry", "PwExpiry Plugin")
activatePluginInterfaces(portal, "pwexpiry")
for i in range(len(acl.plugins.listPluginIds(IChallengePlugin))):
acl.plugins.movePluginsUp(IChallengePlugin, ["pwexpiry"])
else:
logger.info("pwexpiry already installed")
if "pwdisable" not in installed:
addPwDisablePlugin(acl, "pwdisable", "PwDisable Plugin")
activatePluginInterfaces(portal, "pwdisable")
for i in range(len(acl.plugins.listPluginIds(IChallengePlugin))):
acl.plugins.movePluginsUp(IChallengePlugin, ["pwdisable"])
else:
logger.info("pwdisable already installed")
if not IS_PLONE_5:
profile = "profile-collective.pwexpiry:plone4"
ps.runAllImportStepsFromProfile(profile)
if not IS_PLONE_5_2:
profile = "profile-collective.pwexpiry:old_skins"
ps.runAllImportStepsFromProfile(profile)
def getCASPlugin():
"""Return CAS Plugin within acl_users, creating one if required."""
portal = getSite()
acl_users = getToolByName(portal, 'acl_users')
cas_auth_helpers = acl_users.objectValues(['CAS Auth Helper'])
if not cas_auth_helpers:
cas4pas = acl_users.manage_addProduct['CAS4PAS']
cas4pas.addCASAuthHelper('cas', 'CAS Auth Helper')
cas = acl_users['cas']
registry = getUtility(IRegistry)
casSettings = registry.forInterface(ICAS4PASPluginSchema)
#Load defaults from fields
fields = getFields(ICAS4PASPluginSchema)
for field in fields:
#Only set attributes the PAS plugin knows about
if hasattr(CASAuthHelper, field):
#Set from registry settings, which will pick up defaults
value = getattr(casSettings, field)
setattr(cas, field, value)
out = StringIO()
activatePluginInterfaces(portal, 'cas', out)
msg = 'Created CAS plugin. %s' % out.getvalue()
IStatusMessage(portal.REQUEST).addStatusMessage(msg, 'info')
else:
cas = cas_auth_helpers[0]
return cas
def upgrade_0011_to_0012(context):
context.runAllImportStepsFromProfile('profile-restarter.policy:upgrade_0011_to_0012')
portal = context.portal_url.getPortalObject()
name = 'facebook-users'
out = StringIO()
userFolder = portal['acl_users']
if name not in userFolder:
plugin = FacebookUsers(name, 'Facebook Users')
userFolder[name] = plugin
# Activate all interfaces
activatePluginInterfaces(portal, name, out)
# Move plugin to the top of the list for each active interface
plugins = userFolder['plugins']
for info in plugins.listPluginTypeInfo():
interface = info['interface']
if plugin.testImplements(interface):
active = list(plugins.listPluginIds(interface))
if name in active:
active.remove(name)
active.insert(0, name)
plugins._plugins[interface] = tuple(active)
return out.getvalue()
def installPASPlugin(portal, name='cs-facebook-users'):
out = StringIO()
userFolder = portal['acl_users']
if name not in userFolder:
plugin = CSFacebookUsers(name, 'CS Facebook Users')
userFolder[name] = plugin
# Activate all interfaces
activatePluginInterfaces(portal, name, out)
# Move plugin to the top of the list for each active interface
plugins = userFolder['plugins']
for info in plugins.listPluginTypeInfo():
interface = info['interface']
if plugin.testImplements(interface):
active = list(plugins.listPluginIds(interface))
if name in active:
active.remove(name)
active.insert(0, name)
plugins._plugins[interface] = tuple(active)
return out.getvalue()
def configureImpersonatorPlugin(context):
if context.readDataFile("collective.impersonator.txt") is None:
return # not our profile
site = getUtility(ISiteRoot)
pas = getToolByName(site, "acl_users")
if "impersonator" not in pas.objectIds():
factory = pas.manage_addProduct["collective.impersonator"]
factory.manage_addImpersonatorPlugin(
"impersonator",
"Impersonator Authentication Plugin"
)
activatePluginInterfaces(site, "impersonator")
# Make plugin the first in order:
try:
for i in range(len(pas.plugins.listPluginIds(IAuthenticationPlugin))):
pas.plugins.movePluginsUp(IAuthenticationPlugin, ("impersonator",))
except:
pass
sm = getSiteManager()
obj = pas["impersonator"]
sm.registerUtility(aq_base(obj), IImpersonatorPlugin)
def installPASPlugin(portal, name, klass, title):
userFolder = portal['acl_users']
if name not in userFolder:
plugin = klass(name, title)
userFolder[name] = plugin
# Activate all interfaces
if PLONE4:
activatePluginInterfaces(portal, name)
else:
from StringIO import StringIO
activatePluginInterfaces(portal, name, StringIO())
# Move plugin to the top of the list for each active interface
plugins = userFolder['plugins']
for info in plugins.listPluginTypeInfo():
interface = info['interface']
if plugin.testImplements(interface):
active = list(plugins.listPluginIds(interface))
if name in active:
active.remove(name)
active.insert(0, name)
plugins._plugins[interface] = tuple(active)
logger.info('%s plugin created' % title)
def installPASPlugin(portal, name, klass, title):
userFolder = portal['acl_users']
if name not in userFolder:
plugin = klass(name, title)
userFolder[name] = plugin
# Activate all interfaces
if PLONE4:
activatePluginInterfaces(portal, name)
else:
from StringIO import StringIO
activatePluginInterfaces(portal, name, StringIO())
# Move plugin to the top of the list for each active interface
plugins = userFolder['plugins']
for info in plugins.listPluginTypeInfo():
interface = info['interface']
if plugin.testImplements(interface):
active = list(plugins.listPluginIds(interface))
if name in active:
active.remove(name)
active.insert(0, name)
plugins._plugins[interface] = tuple(active)
logger.info('%s plugin created' % title)
def install( portal ):
out = StringIO()
print >> out, "Installing %s:" % PROJECTNAME
pas = getToolByName(portal, 'acl_users')
registry = pas.plugins
existing = pas.objectIds()
if PLUGIN_ID not in existing:
onetimetokenpas = pas.manage_addProduct[PROJECTNAME]
onetimetokenpas.manage_addOneTimeTokenPlugin(PLUGIN_ID, 'One Time Token Plugin')
print >> out, "Adding %s to PAS." % PLUGIN_ID
activatePluginInterfaces(portal, PLUGIN_ID, out)
# we want to be fully compatible with old Plone versions
setuptool = getToolByName(portal, 'portal_setup')
importcontext = 'profile-Products.%s:default' % PROJECTNAME
if getattr(setuptool, 'runAllImportStepsFromProfile', None) is not None:
# Plone 4+, maybe 3
setuptool.runAllImportStepsFromProfile(importcontext)
else:
setuptool.setImportContext(importcontext)
setuptool.runAllImportSteps()
print >> out, "Successfully installed %s." % PROJECTNAME
return out.getvalue()
def createLocalPas(self):
"""Create PAS acl_users else login_form does not work"""
# need Manager role to add an acl_users object
remove_role = False
if not getSecurityManager().checkPermission(permissions.ManagePortal, self):
portal_membership = getToolByName(self, "portal_membership")
current_user = portal_membership.getAuthenticatedMember()
current_userid = current_user.getId()
self.manage_addLocalRoles(userid=current_userid, roles=["Manager"])
remove_role = True
# Re-use code in PlonePAS install
addPluggableAuthService(self)
out = StringIO()
try:
challenge_chooser_setup(self)
except TypeError:
# BBB needed for Plone 3.3.5
challenge_chooser_setup(self, out)
registerPluginTypes(self.acl_users)
try:
setupPlugins(self)
except TypeError:
# BBB needed for Plone 3.3.5
setupPlugins(self, out)
# Recreate mutable_properties but specify fields
uf = self.acl_users
uf.manage_addProduct["PluggableAuthService"]
plone_pas = uf.manage_addProduct["PlonePAS"]
plone_pas.manage_delObjects("mutable_properties")
plone_pas.manage_addZODBMutablePropertyProvider("mutable_properties", fullname="", key="", email_sent="")
activatePluginInterfaces(self, "mutable_properties", out)
if remove_role:
self.manage_delLocalRoles(userids=[current_userid])
def configureTaskQueueAuthPlugin(context):
if context.readDataFile("collective.taskqueue.taskauth.txt") is None:
return # not our profile
site = getUtility(ISiteRoot)
pas = getToolByName(site, "acl_users")
if "taskauth" not in pas.objectIds():
factory = pas.manage_addProduct["collective.taskqueue.pasplugin"]
taskauthplugin.manage_addTaskQueueAuthPlugin(
factory,
"taskauth",
"Task Queue PAS plugin"
)
activatePluginInterfaces(site, "taskauth")
# Make plugin the first one in order:
try:
for i in range(len(pas.plugins.listPluginIds(IExtractionPlugin))):
pas.plugins.movePluginsUp(IExtractionPlugin, ("taskauth",))
except:
pass
try:
for i in range(len(pas.plugins.listPluginIds(IAuthenticationPlugin))):
pas.plugins.movePluginsUp(IAuthenticationPlugin, ("taskauth",))
except:
pass
def import_various(context):
"""
Install the PwExpiryPlugin
"""
if context.readDataFile('collective_pwexpiry_default.txt') is None:
return
portal = context.getSite()
ps = portal.portal_setup
acl = getToolByName(portal, 'acl_users')
installed = acl.objectIds()
if 'pwexpiry' not in installed:
addPwExpiryPlugin(acl, 'pwexpiry', 'PwExpiry Plugin')
activatePluginInterfaces(portal, 'pwexpiry')
for i in range(len(acl.plugins.listPluginIds(IChallengePlugin))):
acl.plugins.movePluginsUp(IChallengePlugin, ['pwexpiry'])
else:
logger.info('pwexpiry already installed')
if 'pwdisable' not in installed:
addPwDisablePlugin(acl, 'pwdisable', 'PwDisable Plugin')
activatePluginInterfaces(portal, 'pwdisable')
for i in range(len(acl.plugins.listPluginIds(IChallengePlugin))):
acl.plugins.movePluginsUp(IChallengePlugin, ['pwdisable'])
else:
logger.info('pwdisable already installed')
if not IS_PLONE_5:
profile = 'profile-collective.pwexpiry:plone4'
ps.runAllImportStepsFromProfile(profile)
def configureImpersonatorPlugin(context):
if context.readDataFile("collective.impersonator.txt") is None:
return # not our profile
site = getUtility(ISiteRoot)
pas = getToolByName(site, "acl_users")
if "impersonator" not in pas.objectIds():
factory = pas.manage_addProduct["collective.impersonator"]
factory.manage_addImpersonatorPlugin(
"impersonator", "Impersonator Authentication Plugin")
activatePluginInterfaces(site, "impersonator")
# Make plugin the first in order:
try:
for i in range(len(pas.plugins.listPluginIds(IAuthenticationPlugin))):
pas.plugins.movePluginsUp(IAuthenticationPlugin,
("impersonator", ))
except:
pass
sm = getSiteManager()
obj = pas["impersonator"]
sm.registerUtility(aq_base(obj), IImpersonatorPlugin)
def _install_replacement_plugin(portal, uf, out, name='enhanced_localroles'):
installed = uf.objectIds()
if name not in installed:
manage_addEnhancedWorkspaceLRM(uf, name)
activatePluginInterfaces(portal, name)
print >> out, 'Installed %s PAS local role plugin' % name
else:
print >> out, '%s PAS local role plugin already installed' % name
def install_mock_pas_plugin():
out = io.BytesIO()
pp = ZODBMutablePropertyProvider(TESTING_PLUGIN_ID,
'Mock LDAP',
schema=(('email', 'string', NO_VALUE), ))
pp.meta_type = 'Mock External PAS Users'
acl_users = api.portal.get_tool('acl_users')
acl_users[TESTING_PLUGIN_ID] = pp
activatePluginInterfaces(api.portal.get(), TESTING_PLUGIN_ID, out)
def install_mock_pas_plugin():
out = io.BytesIO()
pp = ZODBMutablePropertyProvider(TESTING_PLUGIN_ID,
'Mock LDAP',
schema=(('email', 'string', NO_VALUE), ))
pp.meta_type = 'Mock External PAS Users'
acl_users = api.portal.get_tool('acl_users')
acl_users[TESTING_PLUGIN_ID] = pp
activatePluginInterfaces(api.portal.get(), TESTING_PLUGIN_ID, out)
def setup_plugin(self, portal, out):
""" Create the virtual anonymous group """
uf = getToolByName(portal, 'acl_users')
existing = uf.objectIds()
if PLUGINID not in existing:
addTokenRole(uf, PLUGINID)
activatePluginInterfaces(portal, PLUGINID, out)
else:
print >> out, "%s already installed" % PLUGINID
def setup_pas(context):
if context.readDataFile('collective.workspace.txt') is None:
return
site = getSite()
if 'workspace_groups' not in site.acl_users:
site.acl_users.manage_addProduct[
'collective.workspace'].addWorkspaceGroupManager(
'workspace_groups', 'collective.workspace Groups',
)
activatePluginInterfaces(site, 'workspace_groups')
def post_install(context):
"""
- sets an acl user group to hold all intranet users
- setup the dynamic groups plugin
- sets the addable types for the ploneintranet policy
"""
marker = 'ploneintranet-workspace.marker'
if context.readDataFile(marker) is None:
return
portal = api.portal.get()
# Set up a group to hold all intranet users
if api.group.get(groupname=INTRANET_USERS_GROUP_ID) is None:
api.group.create(groupname=INTRANET_USERS_GROUP_ID)
# All users have Reader role on portal root
api.group.grant_roles(groupname=INTRANET_USERS_GROUP_ID,
roles=['Reader', ],
obj=portal)
# Set up dynamic groups plugin to put all users into the above group
pas = api.portal.get_tool('acl_users')
if DYNAMIC_GROUPS_PLUGIN_ID not in pas.objectIds():
addDynamicGroupsPlugin(
pas,
DYNAMIC_GROUPS_PLUGIN_ID,
"ploneintranet.workspace Dynamic Groups"
)
plugin = pas[DYNAMIC_GROUPS_PLUGIN_ID]
plugin.addGroup(
group_id=INTRANET_USERS_GROUP_ID,
predicate='python: True',
title='All Intranet Users',
description='',
active=True,
)
# activate the plugin (all interfaces)
activatePluginInterfaces(portal, DYNAMIC_GROUPS_PLUGIN_ID)
# deactivate the enumerate groups interface for collective.workspace
activatePluginInterfaces(portal, 'workspace_groups',
disable=['IGroupEnumerationPlugin'])
# Set up the ploneintranet policy for all addable types
default_types = []
types = api.portal.get_tool('portal_types')
for type_info in types.listTypeInfo():
if type_info.global_allow:
default_types.append(type_info.getId())
if default_types:
pwftool = api.portal.get_tool('portal_placeful_workflow')
policy = pwftool['ploneintranet_policy']
policy.setChainForPortalTypes(default_types, ('(Default)',))
def setup_plugin(self, portal, out):
""" Create the virtual anonymous group """
uf = getToolByName(portal, 'acl_users')
existing = uf.objectIds()
if PLUGINID not in existing:
addTokenRole(uf, PLUGINID)
activatePluginInterfaces(portal, PLUGINID, out)
else:
print >> out, "%s already installed" % PLUGINID
def setup_pas(context):
if context.readDataFile('collective.workspace.txt') is None:
return
site = getSite()
if 'workspace_groups' not in site.acl_users:
site.acl_users.manage_addProduct[
'collective.workspace'].addWorkspaceGroupManager(
'workspace_groups',
'collective.workspace Groups',
)
activatePluginInterfaces(site, 'workspace_groups')
def addAutoGroupToPAS(context):
from Products.PlonePAS.Extensions.Install import activatePluginInterfaces
portal = getToolByName(context, 'portal_url').getPortalObject()
sout = StringIO()
if not portal.acl_users.objectIds(['Automatic Group Plugin']):
from Products.PlonePAS.plugins.autogroup import manage_addAutoGroup
manage_addAutoGroup(portal.acl_users, 'auto_group',
'Automatic Group Provider',
'AuthenticatedUsers', "Logged-in users (Virtual Group)")
activatePluginInterfaces(portal, "auto_group", sout)
logger.info("Added automatic group PAS plugin")
def import_various(context):
if context.readDataFile('{}_various.txt'.format(PACKAGE_NAME)) is None:
return
portal = context.getSite()
acl_users = api.portal.get_tool('acl_users')
if PLUGIN_ID not in acl_users.objectIds():
plugin = AnotherDynamicGroupsPlugin(id=PLUGIN_ID,
title=PLUGIN_ID.replace(
'-', ' ').title())
acl_users._setObject(PLUGIN_ID, plugin)
activatePluginInterfaces(portal, PLUGIN_ID, StringIO())
def import_various(context):
if context.readDataFile('{}_various.txt'.format(PACKAGE_NAME)) is None:
return
portal = context.getSite()
acl_users = api.portal.get_tool('acl_users')
if PLUGIN_ID not in acl_users.objectIds():
plugin = AnotherDynamicGroupsPlugin(
id=PLUGIN_ID,
title=PLUGIN_ID.replace('-', ' ').title()
)
acl_users._setObject(PLUGIN_ID, plugin)
activatePluginInterfaces(portal, PLUGIN_ID, StringIO())
def installPlugin(portal):
''' Install the StrengthenedPasswordPlugin plugin
'''
out = StringIO()
uf = getToolByName(portal, 'acl_users')
zope_pas = portal.getPhysicalRoot().acl_users
installed = uf.objectIds()
if PLUGIN_ID not in installed:
annotations = IAnnotations(portal)
annotations['rohberg.doorman.password_policies'] =\
annotations.get('rohberg.doorman.password_policies', None) or DEFAULT_POLICIES
annotations['rohberg.doorman.password_duration'] =\
annotations.get('rohberg.doorman.password_duration', None) or 0
addStrengthenedPasswordPlugin(uf, PLUGIN_ID, 'StrengthenedPassword PAS')
# if portal is already annotated with custom password policy, then use it
plugin = uf.get(PLUGIN_ID, None)
if plugin:
password_policies = annotations.get('rohberg.doorman.password_policies', DEFAULT_POLICIES)
plugin.updatePasswordPolicies(password_policies)
password_duration = annotations.get('rohberg.doorman.password_duration', 0)
plugin.setPasswordDuration(password_duration)
# plugins = uf.plugins
# plugins.activatePlugin(IValidationPlugin, 'source_users')
activatePluginInterfaces(portal, PLUGIN_ID, out)
# define which interfaces need to be moved to top of plugin list
move_to_top_interfaces = [
# (uf, 'IAuthenticationPlugin'),
(uf, 'IChallengePlugin'),
# zope_pas: '******',
]
for (pas, interface) in move_to_top_interfaces:
movePluginToTop(pas, PLUGIN_ID, interface, out)
print >> out, "moved %s to top" % interface
print >> out, 'strengthenedpasswordpasplugin installed'
else:
print >> out, 'strengthenedpasswordpasplugin already installed'
# # source_users deaktivieren, da sonst alle User durchgewunken werden
# plugins = uf.plugins
# plugins.deactivatePlugin(IAuthenticationPlugin, 'source_users')
print out.getvalue()
def addParrotPasswordPolicy(self):
# remove default policy
uf = self.portal.acl_users
for policy in uf.objectIds(['Default Plone Password Policy']):
uf.plugins.deactivatePlugin(IValidationPlugin, policy)
obj = DeadParrotPassword('test')
uf._setObject(obj.getId(), obj)
obj = uf[obj.getId()]
activatePluginInterfaces(self.portal, obj.getId())
portal = getUtility(ISiteRoot)
pas_instance = portal.acl_users
plugins = pas_instance._getOb('plugins')
validators = plugins.listPlugins(IValidationPlugin)
assert validators
def setup_localrole_plugin(portal):
"""Install and prioritize the local-role PAS plug-in
"""
out = StringIO()
uf = getToolByName(portal, 'acl_users')
existing = uf.objectIds()
if LOCALROLE_PLUGIN_NAME not in existing:
manage_addWorkspaceLocalRoleManager(uf, LOCALROLE_PLUGIN_NAME)
activatePluginInterfaces(portal, LOCALROLE_PLUGIN_NAME, out)
else:
print >> out, "%s already installed" % LOCALROLE_PLUGIN_NAME
return out.getvalue()
def importVarius(context):
''' Install the EmulabPAS plugin
'''
out = StringIO()
portal = context.getSite()
uf = getToolByName(portal, 'acl_users')
installed = uf.objectIds()
if 'emulabpas' not in installed:
addEmulabPlugin(uf, 'emulabpas', 'Emulab PAS')
activatePluginInterfaces(portal, 'emulabpas', out)
else:
print >> out, 'emulabpas already installed'
print out.getvalue()
def configureWindowsAuthPlugin(context):
marker = 'netsight.windowsauthplugin.profiles_mixed.marker'
if context.readDataFile(marker) is None:
return
site = context.getSite()
pas = getToolByName(site, 'acl_users')
if "spnego_auth" not in pas.objectIds():
factory = pas.manage_addProduct["netsight.windowsauthplugin"]
factory.manage_add_windowsauthplugin_helper(
"spnego_auth", "Windows authentication plugin")
# Activate all but Challenge-plugin in mixed environments:
activatePluginInterfaces(site, "spnego_auth", disable=['IChallengePlugin'])
def addParrotPasswordPolicy(self):
# remove default policy
uf = self.portal.acl_users
for policy in uf.objectIds(['Default Plone Password Policy']):
uf.plugins.deactivatePlugin(IValidationPlugin, policy)
obj = DeadParrotPassword('test')
uf._setObject(obj.getId(), obj)
obj = uf[obj.getId()]
activatePluginInterfaces(self.portal, obj.getId())
portal = getUtility(ISiteRoot)
pas_instance = portal.acl_users
plugins = pas_instance._getOb('plugins')
validators = plugins.listPlugins(IValidationPlugin)
assert validators
def import_various(context):
"""
Install the PwExpiryPlugin
"""
portal = context.getSite()
acl = getToolByName(portal, 'acl_users')
installed = acl.objectIds()
if 'pwexpiry' not in installed:
addPwExpiryPlugin(acl, 'pwexpiry', 'PwExpiry Plugin')
activatePluginInterfaces(portal, 'pwexpiry')
for i in range(len(acl.plugins.listPluginIds(IChallengePlugin))):
acl.plugins.movePluginsUp(IChallengePlugin, ['pwexpiry'])
else:
logger.info('pwexpiry already installed')
def setupSsouserPlugins(portal, out):
"""
install plugin products and activate the plugins.
"""
userFolder = portal.acl_users
print >> out, "sitesadmin single sign on Plugin Setup ..."
# add the plugin if it's not exist.
found = userFolder.objectIds([SsouserPlugins.meta_type])
if not found:
sso = userFolder.manage_addProduct['leocornus.sitesadmin']
sso.manage_addSsouserPlugins('ssouser')
print >> out, "Added sitesadmin single sign on user Plugin"
# activate plugin interfaces for the specified plugins.
activatePluginInterfaces(portal, 'ssouser', out)
# using the default credentials_cookie_auth for challenge and reset.
#userFolder.plugins.activatePlugin(IChallengePlugin, 'credentials_cookie_auth')
# deactivate other plugin interfaces' implementation.
# suppose we are working on a Plone site with default acl_users setting.
# by default credentials_cookie_auth only has active status for challenge and
# extraction plugins we need keep challenge plugin and take off extraction!
userFolder.plugins.deactivatePlugin(IAuthenticationPlugin, 'session')
userFolder.plugins.deactivatePlugin(IAuthenticationPlugin, 'source_users')
userFolder.plugins.deactivatePlugin(IUserEnumerationPlugin, 'source_users')
userFolder.plugins.deactivatePlugin(IUserEnumerationPlugin,
'mutable_properties')
userFolder.plugins.deactivatePlugin(IUserFactoryPlugin, 'user_factory')
userFolder.plugins.deactivatePlugin(IPropertiesPlugin,
'mutable_properties')
userFolder.plugins.deactivatePlugin(IExtractionPlugin, 'session')
userFolder.plugins.deactivatePlugin(IExtractionPlugin,
'credentials_cookie_auth')
userFolder.plugins.deactivatePlugin(IExtractionPlugin,
'credentials_basic_auth')
userFolder.plugins.deactivatePlugin(ICredentialsUpdatePlugin, 'session')
userFolder.plugins.deactivatePlugin(ICredentialsResetPlugin, 'session')
userFolder.plugins.deactivatePlugin(IChallengePlugin,
'credentials_basic_auth')
def setupVarious(context):
""" Install the UserDeletedEventPlugin
"""
if context.readDataFile("pas.plugins.userdeletedevent_various.txt") is None:
return
out = StringIO()
portal = context.getSite()
uf = getToolByName(portal, "acl_users")
installed = uf.objectIds()
if PLUGIN_ID not in installed:
addUserDeletedEventPlugin(uf, PLUGIN_ID, PLUGIN_TITLE)
activatePluginInterfaces(portal, PLUGIN_ID, out)
else:
print >> out, "%s already installed" % PLUGIN_ID
print out.getvalue()
def importVarious(context):
""" Install the Clear Two Factor Session Plugin
"""
portal = context.getSite()
uf = getToolByName(portal, 'acl_users')
installed = uf.objectIds()
if 'twofactor' not in installed:
addClearTwoFactorPlugin(uf, 'twofactor', 'Example PAS')
activatePluginInterfaces(portal, 'twofactor')
logging.info("Clear Two Factor Session Plugin installed successfully")
else:
logging.info("Clear Two Factor Session Plugin was already installed")
logging.info("Done.")
def setupVarious(context):
""" Install the UserDeletedEventPlugin
"""
if context.readDataFile('pas.plugins.userdeletedevent_various.txt') is None:
return
out = StringIO()
portal = context.getSite()
uf = getToolByName(portal, 'acl_users')
installed = uf.objectIds()
if PLUGIN_ID not in installed:
addUserDeletedEventPlugin(uf, PLUGIN_ID, PLUGIN_TITLE)
activatePluginInterfaces(portal,PLUGIN_ID, out)
else:
print >> out, '%s already installed' % PLUGIN_ID
print out.getvalue()
def installPASPlugin(portal, name='spdo_plugin'):
out=StringIO()
acl = portal['acl_users']
if name not in acl:
plugin = SPDOPASPlugin(name, title="SPDO PAS Plugin")
acl[name] = plugin
activatePluginInterfaces(portal, name, out)
plugins = acl['plugins']
for info in plugins.listPluginTypeInfo():
interface = info['interface']
if plugin.testImplements(interface):
active = list(plugins.listPluginIds(interface))
if name in active:
active.remove(name)
active.insert(0, name)
plugins._plugins[interface] = tuple(active)
return out.getvalue()
def installPASPlugin(portal, name='spdo_plugin'):
out = StringIO()
acl = portal['acl_users']
if name not in acl:
plugin = SPDOPASPlugin(name, title="SPDO PAS Plugin")
acl[name] = plugin
activatePluginInterfaces(portal, name, out)
plugins = acl['plugins']
for info in plugins.listPluginTypeInfo():
interface = info['interface']
if plugin.testImplements(interface):
active = list(plugins.listPluginIds(interface))
if name in active:
active.remove(name)
active.insert(0, name)
plugins._plugins[interface] = tuple(active)
return out.getvalue()
def addAutoGroupToPAS(portal, out):
from Products.PlonePAS.Extensions.Install import activatePluginInterfaces
from StringIO import StringIO
sout = StringIO()
if not portal.acl_users.objectIds(["Automatic Group Plugin"]):
from Products.PlonePAS.plugins.autogroup import manage_addAutoGroup
manage_addAutoGroup(
portal.acl_users,
"auto_group",
"Automatic Group Provider",
"AuthenticatedUsers",
"Logged-in users (Virtual Group)",
)
activatePluginInterfaces(portal, "auto_group", sout)
out.append("Added automatic group PAS plugin")
def post_install(context):
"""Post install script"""
site = getSite()
gsm = getSiteManager(site)
uf = site.acl_users
LOG.debug("\ncollective.odoo.pas Plugin setup")
odoo_pas = uf.manage_addProduct['collective.odoo.pas']
found = uf.objectIds(['OdooPAS plugin'])
if not found:
odoo_pas.addOdooPASPlugin('odoo_pas', 'OdooPAS plugin')
activatePluginInterfaces(site, 'odoo_pas')
try:
site.acl_users.odoo_pas.ZCacheable_setManagerId('RAMCache')
except:
LOG.info('unable to set RAMCache as default cache for Odoo PAS')
pass
def post_install(context):
"""Post install script"""
site = getSite()
gsm = getSiteManager(site)
uf = site.acl_users
LOG.debug("\ncollective.odoo.pas Plugin setup")
odoo_pas = uf.manage_addProduct['collective.odoo.pas']
found = uf.objectIds(['OdooPAS plugin'])
if not found:
odoo_pas.addOdooPASPlugin('odoo_pas', 'OdooPAS plugin')
activatePluginInterfaces(site, 'odoo_pas')
try:
site.acl_users.odoo_pas.ZCacheable_setManagerId('RAMCache')
except:
LOG.info('unable to set RAMCache as default cache for Odoo PAS')
pass
def uninstallVarious(context):
if context.readDataFile('raptus.securelogin_uninstall.txt') is None:
return
portal = context.getSite()
cp = getToolByName(portal, 'portal_controlpanel')
if 'SecureLoginSettings' in cp:
cp.unregisterConfiglet('SecureLoginSettings')
acl = getToolByName(portal, 'acl_users')
if acl.objectIds(['Secure Login Authentication']):
acl.manage_delObjects(['securelogin_credentials_cookie_auth'])
disable=['ICredentialsResetPlugin', 'ICredentialsUpdatePlugin']
activatePluginInterfaces(portal, 'credentials_cookie_auth',
disable=disable)
def installCookieAuth(context):
portal = context.getSite()
uf = portal.acl_users
login_path = 'require_login'
logout_path = 'logged_out'
cookie_name = '__ac'
from Products.CMFCore.utils import getToolByName
crumbler = getToolByName(portal, 'cookie_authentication', None)
if crumbler is not None:
login_path = crumbler.auto_login_page
logout_path = crumbler.logout_page
cookie_name = crumbler.auth_cookie
found = uf.objectIds(['Signed Cookie Auth Helper'])
if not found:
openplans = uf.manage_addProduct['OpenPlans']
openplans.manage_addSignedCookieAuthHelper('credentials_signed_cookie_auth',
cookie_name=cookie_name)
from Products.PlonePAS.Extensions.Install import activatePluginInterfaces
import sys
activatePluginInterfaces(portal, 'credentials_signed_cookie_auth', sys.stdout)
signed_cookie_auth = uf._getOb('credentials_signed_cookie_auth')
if 'login_form' in signed_cookie_auth.objectIds():
signed_cookie_auth.manage_delObjects(ids=['login_form'])
signed_cookie_auth.cookie_name = cookie_name
signed_cookie_auth.login_path = login_path
old_cookie_auth = uf._getOb('credentials_cookie_auth', None)
if old_cookie_auth is not None:
old_cookie_auth.manage_activateInterfaces([])
from Products.PluggableAuthService.interfaces.plugins import IChallengePlugin
plugins = uf._getOb('plugins', None)
if plugins is not None:
plugins.movePluginsUp(IChallengePlugin,
['credentials_signed_cookie_auth'],)
def setupPlugin(portal):
"""Install and prioritize the password history PAS plug-in
"""
out = StringIO()
uf = getToolByName(portal, 'acl_users')
passwordhistory = uf.manage_addProduct['collective.passwordhistory']
existing = uf.objectIds()
if PLUGIN_NAME not in existing:
passwordhistory.manage_addPasswordHistory(PLUGIN_NAME)
activatePluginInterfaces(portal, PLUGIN_NAME, out)
uf.plugins.movePluginsUp(IUserAdderPlugin, [PLUGIN_NAME])
uf.plugins.movePluginsUp(IUserManagement, [PLUGIN_NAME])
else:
print >> out, "%s already installed" % PLUGIN_NAME
return out.getvalue()
def createLocalPas(self):
"""Create PAS acl_users else login_form does not work"""
# need Manager role to add an acl_users object
remove_role = False
if not getSecurityManager().checkPermission(permissions.ManagePortal,
self):
portal_membership = getToolByName(self, 'portal_membership')
current_user = portal_membership.getAuthenticatedMember()
current_userid = current_user.getId()
self.manage_addLocalRoles(userid=current_userid,
roles=[
'Manager',
])
remove_role = True
# Re-use code in PlonePAS install
addPluggableAuthService(self)
out = StringIO()
try:
challenge_chooser_setup(self)
except TypeError:
# BBB needed for Plone 3.3.5
challenge_chooser_setup(self, out)
registerPluginTypes(self.acl_users)
try:
setupPlugins(self)
except TypeError:
# BBB needed for Plone 3.3.5
setupPlugins(self, out)
# Recreate mutable_properties but specify fields
uf = self.acl_users
uf.manage_addProduct['PluggableAuthService']
plone_pas = uf.manage_addProduct['PlonePAS']
plone_pas.manage_delObjects('mutable_properties')
plone_pas.manage_addZODBMutablePropertyProvider('mutable_properties',
fullname='',
key='',
email_sent='')
activatePluginInterfaces(self, 'mutable_properties', out)
if remove_role:
self.manage_delLocalRoles(userids=[
current_userid,
])
def installPASPlugin(portal, name='tokenlogin'):
out = StringIO()
userFolder = portal['acl_users']
if name not in userFolder:
plugin = TokenAuthenticator(name, 'tokenlogin authenticator')
userFolder[name] = plugin
activatePluginInterfaces(portal, name, out)
print >> out, 'tokenlogin authenticator added'
plugins = userFolder['plugins']
for info in plugins.listPluginTypeInfo():
interface = info['interface']
if plugin.testImplements(interface):
active = list(plugins.listPluginIds(interface))
if name in active:
active.remove(name)
active.insert(0, name)
plugins._plugins[interface] = tuple(active)
return out.getvalue()
def enable_autologin_as(self, *args):
"""Add and configure DomainAuthHelper PAS-plugin to login
all anonymous users from localhost as a special *Remote User* with
one or more given roles. Examples of use::
Enable autologin as Manager
Enable autologin as Site Administrator
Enable autologin as Member Contributor
"""
if "robot_login" in self.acl_users.objectIds():
self.acl_users.robot_login._domain_map.clear()
else:
DomainAuthHelper.manage_addDomainAuthHelper(
self.acl_users, "robot_login")
activatePluginInterfaces(self, "robot_login")
user = "******".join(sorted(args))
self.acl_users.robot_login.manage_addMapping(
match_type="regex", match_string=".*", roles=args, username=user)
def configureWindowsAuthPlugin(context):
marker = 'netsight.windowsauthplugin.profiles_mixed.marker'
if context.readDataFile(marker) is None:
return
site = context.getSite()
pas = getToolByName(site, 'acl_users')
if "spnego_auth" not in pas.objectIds():
factory = pas.manage_addProduct["netsight.windowsauthplugin"]
factory.manage_add_windowsauthplugin_helper(
"spnego_auth",
"Windows authentication plugin"
)
# Activate all but Challenge-plugin in mixed environments:
activatePluginInterfaces(site, "spnego_auth",
disable=['IChallengePlugin'])
def importVarious(context):
''' Install the Disabled User plugin
'''
# Only run step if a flag file is present (e.g. not an extension profile)
if context.readDataFile('collective-disableduser.txt') is None:
return
out = StringIO()
portal = context.getSite()
uf = getToolByName(portal, 'acl_users')
installed = uf.objectIds()
if 'disableduserpas' not in installed:
addDisabledUserPlugin(uf, 'disableduserpas', 'Disabled User PAS')
activatePluginInterfaces(portal, 'disableduserpas', out)
else:
print >> out, 'disableduserpas already installed'
print out.getvalue()
def enable_autologin_as(self, *args):
"""Add and configure DomainAuthHelper PAS-plugin to login
all anonymous users from localhost as a special *Remote User* with
one or more given roles. Examples of use::
Enable autologin as Manager
Enable autologin as Site Administrator
Enable autologin as Member Contributor
"""
if 'robot_login' in self.acl_users.objectIds():
self.acl_users.robot_login._domain_map.clear()
else:
DomainAuthHelper.manage_addDomainAuthHelper(
self.acl_users, 'robot_login')
activatePluginInterfaces(self, 'robot_login')
user = '******'.join(sorted(args))
self.acl_users.robot_login.manage_addMapping(match_type='regex',
match_string='.*',
roles=args,
username=user)
def updatePASPlugins(context):
from Products.PlonePAS.Extensions.Install import activatePluginInterfaces
portal = getToolByName(context, 'portal_url').getPortalObject()
activatePluginInterfaces(portal, 'mutable_properties')
activatePluginInterfaces(portal, 'source_users')
activatePluginInterfaces(portal, 'credentials_cookie_auth',
disable=['ICredentialsResetPlugin', 'ICredentialsUpdatePlugin'])
if not portal.acl_users.objectIds(['Plone Session Plugin']):
from plone.session.plugins.session import manage_addSessionPlugin
manage_addSessionPlugin(portal.acl_users, 'session')
activatePluginInterfaces(portal, "session")
logger.info("Added Plone Session Plugin.")
def install_plugin(portal, name='collective-pas-oauth'):
out = StringIO()
userFolder = portal['acl_users']
if name not in userFolder:
plugin = OauthPluginBase(name, 'Oauth Plugin Base')
userFolder[name] = plugin
activatePluginInterfaces(portal, name, out)
# Move plugin to the top of the list for each active interface
plugins = userFolder['plugins']
for info in plugins.listPluginTypeInfo():
interface = info['interface']
if plugin.testImplements(interface):
active = list(plugins.listPluginIds(interface))
if name in active:
active.remove(name)
active.insert(0, name)
plugins._plugins[interface] = tuple(active)
return out.getvalue()
def setup_pas(context):
if context.readDataFile('collective.workspace.txt') is None:
return
site = getSite()
if 'workspace_groups' not in site.acl_users:
site.acl_users.manage_addProduct[
'collective.workspace'].addWorkspaceGroupManager(
'workspace_groups',
'collective.workspace Groups',
)
activatePluginInterfaces(site, 'workspace_groups')
# make sure our properties plugin is above mutable_properties
plugins = list(site.acl_users.plugins._getPlugins(IPropertiesPlugin))
try:
target_index = plugins.index('mutable_properties')
except ValueError:
target_index = 0
plugins.remove('workspace_groups')
plugins.insert(target_index, 'workspace_groups')
site.acl_users.plugins._plugins[IPropertiesPlugin] = tuple(plugins)
def _setupPlugins(portal, out):
"""
Install and prioritize the membrane PAS plug-ins.
"""
uf = getToolByName(portal, 'acl_users')
plugins = uf.plugins
membrane = uf.manage_addProduct['membrane']
existing = uf.objectIds()
if 'membrane_users' not in existing:
membrane.addMembraneUserManager('membrane_users')
print >> out, "Added User Manager."
activatePluginInterfaces(portal, 'membrane_users', out)
if 'membrane_groups' not in existing:
membrane.addMembraneGroupManager('membrane_groups')
print >> out, "Added Group Manager."
activatePluginInterfaces(portal, 'membrane_groups', out)
plugins.movePluginsUp(IGroupsPlugin, ['membrane_groups'])
if 'membrane_roles' not in existing:
membrane.addMembraneRoleManager('membrane_roles')
print >> out, "Added Role Manager."
activatePluginInterfaces(portal, 'membrane_roles', out)
if 'membrane_properties' not in existing:
membrane.addMembranePropertyManager('membrane_properties')
print >> out, "Added Property Manager."
activatePluginInterfaces(portal, 'membrane_properties', out)
plugins.movePluginsUp(IPropertiesPlugin, ['membrane_properties'])
plugins.movePluginsUp(IPropertiesPlugin, ['membrane_properties'])
if 'membrane_user_factory' not in existing:
membrane.addMembraneUserFactory('membrane_user_factory')
print >> out, "Added User Factory."
activatePluginInterfaces(portal, 'membrane_user_factory', out)
plugins.movePluginsUp(IUserFactoryPlugin, ['membrane_user_factory'])
