Example #1
0
def configureTaskQueueAuthPlugin(context):
    if context.readDataFile("collective.taskqueue.taskauth.txt") is None:
        return  # not our profile

    site = getUtility(ISiteRoot)
    pas = getToolByName(site, "acl_users")

    if "taskauth" not in pas.objectIds():
        factory = pas.manage_addProduct["collective.taskqueue.pasplugin"]
        factory.manage_addTaskQueueAuthPlugin("taskauth",
                                              "Task Queue PAS plugin")

    activatePluginInterfaces(site, "taskauth")

    # Make plugin the first one in order:
    try:
        for i in range(len(pas.plugins.listPluginIds(IExtractionPlugin))):
            pas.plugins.movePluginsUp(IExtractionPlugin, ("taskauth", ))
    except:
        pass
    try:
        for i in range(len(pas.plugins.listPluginIds(IAuthenticationPlugin))):
            pas.plugins.movePluginsUp(IAuthenticationPlugin, ("taskauth", ))
    except:
        pass
Example #2
0
def setup_pas_plugin(place):
    logger.info("Setting up Queue's PAS plugin ...")

    pas = place.acl_users
    if PAS_PLUGIN_ID not in pas.objectIds():
        plugin = QueueAuthPlugin(title="SENAITE Queue PAS plugin")
        plugin.id = PAS_PLUGIN_ID
        pas._setObject(PAS_PLUGIN_ID, plugin)  # noqa
        logger.info("Created {} in acl_users".format(PAS_PLUGIN_ID))

    plugin = getattr(pas, PAS_PLUGIN_ID)
    if not isinstance(plugin, QueueAuthPlugin):
        raise ValueError(
            "PAS plugin {} is not a QueueAuthPlugin".format(PAS_PLUGIN_ID))

    # Activate all supported interfaces for this plugin
    activatePluginInterfaces(place, PAS_PLUGIN_ID)

    # Make our plugin the first one for some interfaces
    top_interfaces = ["IExtractionPlugin", "IAuthenticationPlugin"]
    plugins = pas.plugins
    for info in pas.plugins.listPluginTypeInfo():
        interface_name = info["id"]
        if interface_name in top_interfaces:
            iface = plugins._getInterfaceFromName(interface_name)  # noqa
            for obj in plugins.listPlugins(iface):
                plugins.movePluginsUp(iface, [PAS_PLUGIN_ID])
                logger.info("Moved {} to top of {}".format(
                    PAS_PLUGIN_ID, interface_name))

    logger.info("Setting up Queue's PAS plugin [DONE]")
def setup_pas(context):
    if context.readDataFile("collective.workspace.txt") is None:
        return

    site = getSite()
    if "workspace_groups" not in site.acl_users:
        site.acl_users.manage_addProduct[
            "collective.workspace"].addWorkspaceGroupManager(
                "workspace_groups",
                "collective.workspace Groups",
            )
        activatePluginInterfaces(site, "workspace_groups")
def installPASPlugin(portal):
    pas = api.portal.get_tool('acl_users')
    if PAS_ID not in pas:
        plugin = DisableUserPlugin(PAS_ID, PAS_TITLE)
        pas[PAS_ID] = plugin
        activatePluginInterfaces(portal, PAS_ID)

        # We need this plugin to be on top, otherwise the REST API JWT
        # will have preference and the Unauthorized won't fire.
        iface = pas.plugins._getInterfaceFromName('IAuthenticationPlugin')
        no_of_steps = len(pas.plugins.listPlugins(iface)) - 1
        for i in range(no_of_steps):
            pas.plugins.movePluginsUp(iface, [plugin.getId()])
Example #5
0
def addParrotPasswordPolicy(portal):
    # remove default policy
    uf = portal.acl_users
    for policy in uf.objectIds(['Default Plone Password Policy']):
        uf.plugins.deactivatePlugin(IValidationPlugin, policy)

    obj = DeadParrotPassword('test')
    uf._setObject(obj.getId(), obj)
    obj = uf[obj.getId()]
    activatePluginInterfaces(portal, obj.getId())

    # portal = getUtility(ISiteRoot)
    plugins = uf._getOb('plugins')
    validators = plugins.listPlugins(IValidationPlugin)
    assert validators
    commit()
Example #6
0
def addParrotPasswordPolicy(portal):
    # remove default policy
    uf = portal.acl_users
    for policy in uf.objectIds(['Default Plone Password Policy']):
        uf.plugins.deactivatePlugin(IValidationPlugin, policy)

    obj = DeadParrotPassword('test')
    uf._setObject(obj.getId(), obj)
    obj = uf[obj.getId()]
    activatePluginInterfaces(portal, obj.getId())

    # portal = getUtility(ISiteRoot)
    plugins = uf._getOb('plugins')
    validators = plugins.listPlugins(IValidationPlugin)
    assert validators
    commit()
Example #7
0
def setup_localrole_plugin(portal):
    """Install and prioritize the local-role PAS plug-in
    """
    out = StringIO()

    uf = getToolByName(portal, 'acl_users')

    existing = uf.objectIds()

    if LOCALROLE_PLUGIN_NAME not in existing:
        manage_addWorkspaceLocalRoleManager(uf, LOCALROLE_PLUGIN_NAME)
        activatePluginInterfaces(portal, LOCALROLE_PLUGIN_NAME, out)
    else:
        print >> out, "%s already installed" % LOCALROLE_PLUGIN_NAME

    return out.getvalue()
Example #8
0
def setup_localrole_plugin(portal):
    """Install and prioritize the local-role PAS plug-in
    """
    out = StringIO()

    uf = getToolByName(portal, 'acl_users')

    existing = uf.objectIds()

    if LOCALROLE_PLUGIN_NAME not in existing:
        manage_addWorkspaceLocalRoleManager(uf, LOCALROLE_PLUGIN_NAME)
        activatePluginInterfaces(portal, LOCALROLE_PLUGIN_NAME, out)
    else:
        print("%s already installed" % LOCALROLE_PLUGIN_NAME, file=out)

    return out.getvalue()
Example #9
0
def install_acl_users(app, event):
    logger = event.commit
    uf = app.acl_users
    found = uf.objectIds(['Plone Session Plugin'])
    if not found:
        # new root acl user implementation not installed yet
        migrate_root_uf(app)
        uf = app.acl_users  # need to get new acl_users

        plone_pas = uf.manage_addProduct['PlonePAS']
        manage_addSessionPlugin(plone_pas, 'session')
        activatePluginInterfaces(app, "session")

        cookie_auth = uf.credentials_cookie_auth
        cookie_auth.login_path = u'/@@secure-login'

        uf.plugins.activatePlugin(
            IChallengePlugin,
            'credentials_cookie_auth'
        )

        # also delete basic auth
        uf.manage_delObjects(['credentials_basic_auth'])

        # for some reason, we need to install the initial user...
        if not api.env.test_mode():
            try:
                uf.users.manage_addUser('admin', 'admin', 'admin', 'admin')
                uf.roles.assignRoleToPrincipal('Manager', 'admin')
            except KeyError:
                pass  # already a user

        if logger is not None:
            logger('Updated acl users')

    km = getattr(app, 'key_manager', None)
    if km is None:
        km = KeyManager()
        app.key_manager = km
        app._p_changed = 1
        if logger is not None:
            logger('adding key manager')

    sm = getGlobalSiteManager()
    sm.registerUtility(km, IKeyManager)
    def enable_autologin_as(self, *args):
        """Add and configure DomainAuthHelper PAS-plugin to login
        all anonymous users from localhost as a special *Remote User* with
        one or more given roles. Examples of use::

            Enable autologin as  Manager
            Enable autologin as  Site Administrator
            Enable autologin as  Member  Contributor

        """
        disableCSRFProtection()
        if 'robot_login' in self.acl_users.objectIds():
            self.acl_users.robot_login._domain_map.clear()
        else:
            DomainAuthHelper.manage_addDomainAuthHelper(
                self.acl_users, 'robot_login')
            activatePluginInterfaces(self, 'robot_login')
        user = '******'.join(sorted(args))
        self.acl_users.robot_login.manage_addMapping(match_type='regex',
                                                     match_string='.*',
                                                     roles=args,
                                                     username=user)
Example #11
0
def activateDefaultPasswordPolicy(portal):
    uf = portal.acl_users
    for policy in uf.objectIds(['Default Plone Password Policy']):
        activatePluginInterfaces(portal, policy)
Example #12
0
def activateDefaultPasswordPolicy(portal):
    uf = portal.acl_users
    for policy in uf.objectIds(['Default Plone Password Policy']):
        activatePluginInterfaces(portal, policy)