def setupProxyMultiPlugins(context): """ install the Proxy Multi Plugins and activate the PAS services. """ if context.readDataFile('sitesadmin-proxy-required.txt') is None: return out = StringIO() portal = context.getSite() userFolder = getToolByName(portal, 'acl_users') if 'sitesadmin_proxy' not in userFolder.objectIds(): product = userFolder.manage_addProduct['leocornus.sitesadmin'] product.manage_addProxyMultiPlugins('sitesadmin_proxy') print >> out, "Added SitesAdmin Proxy Mutli Plugins" # activate the plugin and activatePluginInterfaces(portal, 'sitesadmin_proxy', out) # We should deactivate all other authentication plugins. userFolder.plugins.deactivatePlugin(IAuthenticationPlugin, 'session') userFolder.plugins.deactivatePlugin(IAuthenticationPlugin, 'source_users') # the proxy plugin should be the last choice! plugins = userFolder.plugins plugins.movePluginsDown(IAuthenticationPlugin, ['sitesadmin_proxy'])
def import_various(context): """ Install the PwExpiryPlugin """ if context.readDataFile('collective_pwexpiry_default.txt') is None: return portal = context.getSite() ps = portal.portal_setup acl = getToolByName(portal, 'acl_users') installed = acl.objectIds() if 'pwexpiry' not in installed: addPwExpiryPlugin(acl, 'pwexpiry', 'PwExpiry Plugin') activatePluginInterfaces(portal, 'pwexpiry') for i in range(len(acl.plugins.listPluginIds(IChallengePlugin))): acl.plugins.movePluginsUp(IChallengePlugin, ['pwexpiry']) else: logger.info('pwexpiry already installed') if 'pwdisable' not in installed: addPwDisablePlugin(acl, 'pwdisable', 'PwDisable Plugin') activatePluginInterfaces(portal, 'pwdisable') for i in range(len(acl.plugins.listPluginIds(IChallengePlugin))): acl.plugins.movePluginsUp(IChallengePlugin, ['pwdisable']) else: logger.info('pwdisable already installed') if not IS_PLONE_5: profile = 'profile-collective.pwexpiry:plone4' ps.runAllImportStepsFromProfile(profile)
def installPASPlugin(portal, name='cs-twitter-users'): out = StringIO() userFolder = portal['acl_users'] if name not in userFolder: plugin = CSTwitterUsers(name, 'CS Twitter Users') userFolder[name] = plugin # Activate all interfaces activatePluginInterfaces(portal, name, out) # Move plugin to the top of the list for each active interface plugins = userFolder['plugins'] for info in plugins.listPluginTypeInfo(): interface = info['interface'] if plugin.testImplements(interface): active = list(plugins.listPluginIds(interface)) if name in active: active.remove(name) active.insert(0, name) plugins._plugins[interface] = tuple(active) return out.getvalue()
def import_various(context): """ Install the PwExpiryPlugin """ if context.readDataFile("collective_pwexpiry_default.txt") is None: return portal = context.getSite() ps = portal.portal_setup acl = getToolByName(portal, "acl_users") installed = acl.objectIds() if "pwexpiry" not in installed: addPwExpiryPlugin(acl, "pwexpiry", "PwExpiry Plugin") activatePluginInterfaces(portal, "pwexpiry") for i in range(len(acl.plugins.listPluginIds(IChallengePlugin))): acl.plugins.movePluginsUp(IChallengePlugin, ["pwexpiry"]) else: logger.info("pwexpiry already installed") if "pwdisable" not in installed: addPwDisablePlugin(acl, "pwdisable", "PwDisable Plugin") activatePluginInterfaces(portal, "pwdisable") for i in range(len(acl.plugins.listPluginIds(IChallengePlugin))): acl.plugins.movePluginsUp(IChallengePlugin, ["pwdisable"]) else: logger.info("pwdisable already installed") if not IS_PLONE_5: profile = "profile-collective.pwexpiry:plone4" ps.runAllImportStepsFromProfile(profile) if not IS_PLONE_5_2: profile = "profile-collective.pwexpiry:old_skins" ps.runAllImportStepsFromProfile(profile)
def getCASPlugin(): """Return CAS Plugin within acl_users, creating one if required.""" portal = getSite() acl_users = getToolByName(portal, 'acl_users') cas_auth_helpers = acl_users.objectValues(['CAS Auth Helper']) if not cas_auth_helpers: cas4pas = acl_users.manage_addProduct['CAS4PAS'] cas4pas.addCASAuthHelper('cas', 'CAS Auth Helper') cas = acl_users['cas'] registry = getUtility(IRegistry) casSettings = registry.forInterface(ICAS4PASPluginSchema) #Load defaults from fields fields = getFields(ICAS4PASPluginSchema) for field in fields: #Only set attributes the PAS plugin knows about if hasattr(CASAuthHelper, field): #Set from registry settings, which will pick up defaults value = getattr(casSettings, field) setattr(cas, field, value) out = StringIO() activatePluginInterfaces(portal, 'cas', out) msg = 'Created CAS plugin. %s' % out.getvalue() IStatusMessage(portal.REQUEST).addStatusMessage(msg, 'info') else: cas = cas_auth_helpers[0] return cas
def upgrade_0011_to_0012(context): context.runAllImportStepsFromProfile('profile-restarter.policy:upgrade_0011_to_0012') portal = context.portal_url.getPortalObject() name = 'facebook-users' out = StringIO() userFolder = portal['acl_users'] if name not in userFolder: plugin = FacebookUsers(name, 'Facebook Users') userFolder[name] = plugin # Activate all interfaces activatePluginInterfaces(portal, name, out) # Move plugin to the top of the list for each active interface plugins = userFolder['plugins'] for info in plugins.listPluginTypeInfo(): interface = info['interface'] if plugin.testImplements(interface): active = list(plugins.listPluginIds(interface)) if name in active: active.remove(name) active.insert(0, name) plugins._plugins[interface] = tuple(active) return out.getvalue()
def installPASPlugin(portal, name='cs-facebook-users'): out = StringIO() userFolder = portal['acl_users'] if name not in userFolder: plugin = CSFacebookUsers(name, 'CS Facebook Users') userFolder[name] = plugin # Activate all interfaces activatePluginInterfaces(portal, name, out) # Move plugin to the top of the list for each active interface plugins = userFolder['plugins'] for info in plugins.listPluginTypeInfo(): interface = info['interface'] if plugin.testImplements(interface): active = list(plugins.listPluginIds(interface)) if name in active: active.remove(name) active.insert(0, name) plugins._plugins[interface] = tuple(active) return out.getvalue()
def configureImpersonatorPlugin(context): if context.readDataFile("collective.impersonator.txt") is None: return # not our profile site = getUtility(ISiteRoot) pas = getToolByName(site, "acl_users") if "impersonator" not in pas.objectIds(): factory = pas.manage_addProduct["collective.impersonator"] factory.manage_addImpersonatorPlugin( "impersonator", "Impersonator Authentication Plugin" ) activatePluginInterfaces(site, "impersonator") # Make plugin the first in order: try: for i in range(len(pas.plugins.listPluginIds(IAuthenticationPlugin))): pas.plugins.movePluginsUp(IAuthenticationPlugin, ("impersonator",)) except: pass sm = getSiteManager() obj = pas["impersonator"] sm.registerUtility(aq_base(obj), IImpersonatorPlugin)
def installPASPlugin(portal, name, klass, title): userFolder = portal['acl_users'] if name not in userFolder: plugin = klass(name, title) userFolder[name] = plugin # Activate all interfaces if PLONE4: activatePluginInterfaces(portal, name) else: from StringIO import StringIO activatePluginInterfaces(portal, name, StringIO()) # Move plugin to the top of the list for each active interface plugins = userFolder['plugins'] for info in plugins.listPluginTypeInfo(): interface = info['interface'] if plugin.testImplements(interface): active = list(plugins.listPluginIds(interface)) if name in active: active.remove(name) active.insert(0, name) plugins._plugins[interface] = tuple(active) logger.info('%s plugin created' % title)
def install( portal ): out = StringIO() print >> out, "Installing %s:" % PROJECTNAME pas = getToolByName(portal, 'acl_users') registry = pas.plugins existing = pas.objectIds() if PLUGIN_ID not in existing: onetimetokenpas = pas.manage_addProduct[PROJECTNAME] onetimetokenpas.manage_addOneTimeTokenPlugin(PLUGIN_ID, 'One Time Token Plugin') print >> out, "Adding %s to PAS." % PLUGIN_ID activatePluginInterfaces(portal, PLUGIN_ID, out) # we want to be fully compatible with old Plone versions setuptool = getToolByName(portal, 'portal_setup') importcontext = 'profile-Products.%s:default' % PROJECTNAME if getattr(setuptool, 'runAllImportStepsFromProfile', None) is not None: # Plone 4+, maybe 3 setuptool.runAllImportStepsFromProfile(importcontext) else: setuptool.setImportContext(importcontext) setuptool.runAllImportSteps() print >> out, "Successfully installed %s." % PROJECTNAME return out.getvalue()
def createLocalPas(self): """Create PAS acl_users else login_form does not work""" # need Manager role to add an acl_users object remove_role = False if not getSecurityManager().checkPermission(permissions.ManagePortal, self): portal_membership = getToolByName(self, "portal_membership") current_user = portal_membership.getAuthenticatedMember() current_userid = current_user.getId() self.manage_addLocalRoles(userid=current_userid, roles=["Manager"]) remove_role = True # Re-use code in PlonePAS install addPluggableAuthService(self) out = StringIO() try: challenge_chooser_setup(self) except TypeError: # BBB needed for Plone 3.3.5 challenge_chooser_setup(self, out) registerPluginTypes(self.acl_users) try: setupPlugins(self) except TypeError: # BBB needed for Plone 3.3.5 setupPlugins(self, out) # Recreate mutable_properties but specify fields uf = self.acl_users uf.manage_addProduct["PluggableAuthService"] plone_pas = uf.manage_addProduct["PlonePAS"] plone_pas.manage_delObjects("mutable_properties") plone_pas.manage_addZODBMutablePropertyProvider("mutable_properties", fullname="", key="", email_sent="") activatePluginInterfaces(self, "mutable_properties", out) if remove_role: self.manage_delLocalRoles(userids=[current_userid])
def configureTaskQueueAuthPlugin(context): if context.readDataFile("collective.taskqueue.taskauth.txt") is None: return # not our profile site = getUtility(ISiteRoot) pas = getToolByName(site, "acl_users") if "taskauth" not in pas.objectIds(): factory = pas.manage_addProduct["collective.taskqueue.pasplugin"] taskauthplugin.manage_addTaskQueueAuthPlugin( factory, "taskauth", "Task Queue PAS plugin" ) activatePluginInterfaces(site, "taskauth") # Make plugin the first one in order: try: for i in range(len(pas.plugins.listPluginIds(IExtractionPlugin))): pas.plugins.movePluginsUp(IExtractionPlugin, ("taskauth",)) except: pass try: for i in range(len(pas.plugins.listPluginIds(IAuthenticationPlugin))): pas.plugins.movePluginsUp(IAuthenticationPlugin, ("taskauth",)) except: pass
def configureImpersonatorPlugin(context): if context.readDataFile("collective.impersonator.txt") is None: return # not our profile site = getUtility(ISiteRoot) pas = getToolByName(site, "acl_users") if "impersonator" not in pas.objectIds(): factory = pas.manage_addProduct["collective.impersonator"] factory.manage_addImpersonatorPlugin( "impersonator", "Impersonator Authentication Plugin") activatePluginInterfaces(site, "impersonator") # Make plugin the first in order: try: for i in range(len(pas.plugins.listPluginIds(IAuthenticationPlugin))): pas.plugins.movePluginsUp(IAuthenticationPlugin, ("impersonator", )) except: pass sm = getSiteManager() obj = pas["impersonator"] sm.registerUtility(aq_base(obj), IImpersonatorPlugin)
def _install_replacement_plugin(portal, uf, out, name='enhanced_localroles'): installed = uf.objectIds() if name not in installed: manage_addEnhancedWorkspaceLRM(uf, name) activatePluginInterfaces(portal, name) print >> out, 'Installed %s PAS local role plugin' % name else: print >> out, '%s PAS local role plugin already installed' % name
def install_mock_pas_plugin(): out = io.BytesIO() pp = ZODBMutablePropertyProvider(TESTING_PLUGIN_ID, 'Mock LDAP', schema=(('email', 'string', NO_VALUE), )) pp.meta_type = 'Mock External PAS Users' acl_users = api.portal.get_tool('acl_users') acl_users[TESTING_PLUGIN_ID] = pp activatePluginInterfaces(api.portal.get(), TESTING_PLUGIN_ID, out)
def setup_plugin(self, portal, out): """ Create the virtual anonymous group """ uf = getToolByName(portal, 'acl_users') existing = uf.objectIds() if PLUGINID not in existing: addTokenRole(uf, PLUGINID) activatePluginInterfaces(portal, PLUGINID, out) else: print >> out, "%s already installed" % PLUGINID
def setup_pas(context): if context.readDataFile('collective.workspace.txt') is None: return site = getSite() if 'workspace_groups' not in site.acl_users: site.acl_users.manage_addProduct[ 'collective.workspace'].addWorkspaceGroupManager( 'workspace_groups', 'collective.workspace Groups', ) activatePluginInterfaces(site, 'workspace_groups')
def post_install(context): """ - sets an acl user group to hold all intranet users - setup the dynamic groups plugin - sets the addable types for the ploneintranet policy """ marker = 'ploneintranet-workspace.marker' if context.readDataFile(marker) is None: return portal = api.portal.get() # Set up a group to hold all intranet users if api.group.get(groupname=INTRANET_USERS_GROUP_ID) is None: api.group.create(groupname=INTRANET_USERS_GROUP_ID) # All users have Reader role on portal root api.group.grant_roles(groupname=INTRANET_USERS_GROUP_ID, roles=['Reader', ], obj=portal) # Set up dynamic groups plugin to put all users into the above group pas = api.portal.get_tool('acl_users') if DYNAMIC_GROUPS_PLUGIN_ID not in pas.objectIds(): addDynamicGroupsPlugin( pas, DYNAMIC_GROUPS_PLUGIN_ID, "ploneintranet.workspace Dynamic Groups" ) plugin = pas[DYNAMIC_GROUPS_PLUGIN_ID] plugin.addGroup( group_id=INTRANET_USERS_GROUP_ID, predicate='python: True', title='All Intranet Users', description='', active=True, ) # activate the plugin (all interfaces) activatePluginInterfaces(portal, DYNAMIC_GROUPS_PLUGIN_ID) # deactivate the enumerate groups interface for collective.workspace activatePluginInterfaces(portal, 'workspace_groups', disable=['IGroupEnumerationPlugin']) # Set up the ploneintranet policy for all addable types default_types = [] types = api.portal.get_tool('portal_types') for type_info in types.listTypeInfo(): if type_info.global_allow: default_types.append(type_info.getId()) if default_types: pwftool = api.portal.get_tool('portal_placeful_workflow') policy = pwftool['ploneintranet_policy'] policy.setChainForPortalTypes(default_types, ('(Default)',))
def addAutoGroupToPAS(context): from Products.PlonePAS.Extensions.Install import activatePluginInterfaces portal = getToolByName(context, 'portal_url').getPortalObject() sout = StringIO() if not portal.acl_users.objectIds(['Automatic Group Plugin']): from Products.PlonePAS.plugins.autogroup import manage_addAutoGroup manage_addAutoGroup(portal.acl_users, 'auto_group', 'Automatic Group Provider', 'AuthenticatedUsers', "Logged-in users (Virtual Group)") activatePluginInterfaces(portal, "auto_group", sout) logger.info("Added automatic group PAS plugin")
def import_various(context): if context.readDataFile('{}_various.txt'.format(PACKAGE_NAME)) is None: return portal = context.getSite() acl_users = api.portal.get_tool('acl_users') if PLUGIN_ID not in acl_users.objectIds(): plugin = AnotherDynamicGroupsPlugin(id=PLUGIN_ID, title=PLUGIN_ID.replace( '-', ' ').title()) acl_users._setObject(PLUGIN_ID, plugin) activatePluginInterfaces(portal, PLUGIN_ID, StringIO())
def import_various(context): if context.readDataFile('{}_various.txt'.format(PACKAGE_NAME)) is None: return portal = context.getSite() acl_users = api.portal.get_tool('acl_users') if PLUGIN_ID not in acl_users.objectIds(): plugin = AnotherDynamicGroupsPlugin( id=PLUGIN_ID, title=PLUGIN_ID.replace('-', ' ').title() ) acl_users._setObject(PLUGIN_ID, plugin) activatePluginInterfaces(portal, PLUGIN_ID, StringIO())
def installPlugin(portal): ''' Install the StrengthenedPasswordPlugin plugin ''' out = StringIO() uf = getToolByName(portal, 'acl_users') zope_pas = portal.getPhysicalRoot().acl_users installed = uf.objectIds() if PLUGIN_ID not in installed: annotations = IAnnotations(portal) annotations['rohberg.doorman.password_policies'] =\ annotations.get('rohberg.doorman.password_policies', None) or DEFAULT_POLICIES annotations['rohberg.doorman.password_duration'] =\ annotations.get('rohberg.doorman.password_duration', None) or 0 addStrengthenedPasswordPlugin(uf, PLUGIN_ID, 'StrengthenedPassword PAS') # if portal is already annotated with custom password policy, then use it plugin = uf.get(PLUGIN_ID, None) if plugin: password_policies = annotations.get('rohberg.doorman.password_policies', DEFAULT_POLICIES) plugin.updatePasswordPolicies(password_policies) password_duration = annotations.get('rohberg.doorman.password_duration', 0) plugin.setPasswordDuration(password_duration) # plugins = uf.plugins # plugins.activatePlugin(IValidationPlugin, 'source_users') activatePluginInterfaces(portal, PLUGIN_ID, out) # define which interfaces need to be moved to top of plugin list move_to_top_interfaces = [ # (uf, 'IAuthenticationPlugin'), (uf, 'IChallengePlugin'), # zope_pas: '******', ] for (pas, interface) in move_to_top_interfaces: movePluginToTop(pas, PLUGIN_ID, interface, out) print >> out, "moved %s to top" % interface print >> out, 'strengthenedpasswordpasplugin installed' else: print >> out, 'strengthenedpasswordpasplugin already installed' # # source_users deaktivieren, da sonst alle User durchgewunken werden # plugins = uf.plugins # plugins.deactivatePlugin(IAuthenticationPlugin, 'source_users') print out.getvalue()
def addParrotPasswordPolicy(self): # remove default policy uf = self.portal.acl_users for policy in uf.objectIds(['Default Plone Password Policy']): uf.plugins.deactivatePlugin(IValidationPlugin, policy) obj = DeadParrotPassword('test') uf._setObject(obj.getId(), obj) obj = uf[obj.getId()] activatePluginInterfaces(self.portal, obj.getId()) portal = getUtility(ISiteRoot) pas_instance = portal.acl_users plugins = pas_instance._getOb('plugins') validators = plugins.listPlugins(IValidationPlugin) assert validators
def setup_localrole_plugin(portal): """Install and prioritize the local-role PAS plug-in """ out = StringIO() uf = getToolByName(portal, 'acl_users') existing = uf.objectIds() if LOCALROLE_PLUGIN_NAME not in existing: manage_addWorkspaceLocalRoleManager(uf, LOCALROLE_PLUGIN_NAME) activatePluginInterfaces(portal, LOCALROLE_PLUGIN_NAME, out) else: print >> out, "%s already installed" % LOCALROLE_PLUGIN_NAME return out.getvalue()
def importVarius(context): ''' Install the EmulabPAS plugin ''' out = StringIO() portal = context.getSite() uf = getToolByName(portal, 'acl_users') installed = uf.objectIds() if 'emulabpas' not in installed: addEmulabPlugin(uf, 'emulabpas', 'Emulab PAS') activatePluginInterfaces(portal, 'emulabpas', out) else: print >> out, 'emulabpas already installed' print out.getvalue()
def configureWindowsAuthPlugin(context): marker = 'netsight.windowsauthplugin.profiles_mixed.marker' if context.readDataFile(marker) is None: return site = context.getSite() pas = getToolByName(site, 'acl_users') if "spnego_auth" not in pas.objectIds(): factory = pas.manage_addProduct["netsight.windowsauthplugin"] factory.manage_add_windowsauthplugin_helper( "spnego_auth", "Windows authentication plugin") # Activate all but Challenge-plugin in mixed environments: activatePluginInterfaces(site, "spnego_auth", disable=['IChallengePlugin'])
def import_various(context): """ Install the PwExpiryPlugin """ portal = context.getSite() acl = getToolByName(portal, 'acl_users') installed = acl.objectIds() if 'pwexpiry' not in installed: addPwExpiryPlugin(acl, 'pwexpiry', 'PwExpiry Plugin') activatePluginInterfaces(portal, 'pwexpiry') for i in range(len(acl.plugins.listPluginIds(IChallengePlugin))): acl.plugins.movePluginsUp(IChallengePlugin, ['pwexpiry']) else: logger.info('pwexpiry already installed')
def setupSsouserPlugins(portal, out): """ install plugin products and activate the plugins. """ userFolder = portal.acl_users print >> out, "sitesadmin single sign on Plugin Setup ..." # add the plugin if it's not exist. found = userFolder.objectIds([SsouserPlugins.meta_type]) if not found: sso = userFolder.manage_addProduct['leocornus.sitesadmin'] sso.manage_addSsouserPlugins('ssouser') print >> out, "Added sitesadmin single sign on user Plugin" # activate plugin interfaces for the specified plugins. activatePluginInterfaces(portal, 'ssouser', out) # using the default credentials_cookie_auth for challenge and reset. #userFolder.plugins.activatePlugin(IChallengePlugin, 'credentials_cookie_auth') # deactivate other plugin interfaces' implementation. # suppose we are working on a Plone site with default acl_users setting. # by default credentials_cookie_auth only has active status for challenge and # extraction plugins we need keep challenge plugin and take off extraction! userFolder.plugins.deactivatePlugin(IAuthenticationPlugin, 'session') userFolder.plugins.deactivatePlugin(IAuthenticationPlugin, 'source_users') userFolder.plugins.deactivatePlugin(IUserEnumerationPlugin, 'source_users') userFolder.plugins.deactivatePlugin(IUserEnumerationPlugin, 'mutable_properties') userFolder.plugins.deactivatePlugin(IUserFactoryPlugin, 'user_factory') userFolder.plugins.deactivatePlugin(IPropertiesPlugin, 'mutable_properties') userFolder.plugins.deactivatePlugin(IExtractionPlugin, 'session') userFolder.plugins.deactivatePlugin(IExtractionPlugin, 'credentials_cookie_auth') userFolder.plugins.deactivatePlugin(IExtractionPlugin, 'credentials_basic_auth') userFolder.plugins.deactivatePlugin(ICredentialsUpdatePlugin, 'session') userFolder.plugins.deactivatePlugin(ICredentialsResetPlugin, 'session') userFolder.plugins.deactivatePlugin(IChallengePlugin, 'credentials_basic_auth')
def setupVarious(context): """ Install the UserDeletedEventPlugin """ if context.readDataFile("pas.plugins.userdeletedevent_various.txt") is None: return out = StringIO() portal = context.getSite() uf = getToolByName(portal, "acl_users") installed = uf.objectIds() if PLUGIN_ID not in installed: addUserDeletedEventPlugin(uf, PLUGIN_ID, PLUGIN_TITLE) activatePluginInterfaces(portal, PLUGIN_ID, out) else: print >> out, "%s already installed" % PLUGIN_ID print out.getvalue()
def importVarious(context): """ Install the Clear Two Factor Session Plugin """ portal = context.getSite() uf = getToolByName(portal, 'acl_users') installed = uf.objectIds() if 'twofactor' not in installed: addClearTwoFactorPlugin(uf, 'twofactor', 'Example PAS') activatePluginInterfaces(portal, 'twofactor') logging.info("Clear Two Factor Session Plugin installed successfully") else: logging.info("Clear Two Factor Session Plugin was already installed") logging.info("Done.")
def setupVarious(context): """ Install the UserDeletedEventPlugin """ if context.readDataFile('pas.plugins.userdeletedevent_various.txt') is None: return out = StringIO() portal = context.getSite() uf = getToolByName(portal, 'acl_users') installed = uf.objectIds() if PLUGIN_ID not in installed: addUserDeletedEventPlugin(uf, PLUGIN_ID, PLUGIN_TITLE) activatePluginInterfaces(portal,PLUGIN_ID, out) else: print >> out, '%s already installed' % PLUGIN_ID print out.getvalue()
def installPASPlugin(portal, name='spdo_plugin'): out=StringIO() acl = portal['acl_users'] if name not in acl: plugin = SPDOPASPlugin(name, title="SPDO PAS Plugin") acl[name] = plugin activatePluginInterfaces(portal, name, out) plugins = acl['plugins'] for info in plugins.listPluginTypeInfo(): interface = info['interface'] if plugin.testImplements(interface): active = list(plugins.listPluginIds(interface)) if name in active: active.remove(name) active.insert(0, name) plugins._plugins[interface] = tuple(active) return out.getvalue()
def installPASPlugin(portal, name='spdo_plugin'): out = StringIO() acl = portal['acl_users'] if name not in acl: plugin = SPDOPASPlugin(name, title="SPDO PAS Plugin") acl[name] = plugin activatePluginInterfaces(portal, name, out) plugins = acl['plugins'] for info in plugins.listPluginTypeInfo(): interface = info['interface'] if plugin.testImplements(interface): active = list(plugins.listPluginIds(interface)) if name in active: active.remove(name) active.insert(0, name) plugins._plugins[interface] = tuple(active) return out.getvalue()
def addAutoGroupToPAS(portal, out): from Products.PlonePAS.Extensions.Install import activatePluginInterfaces from StringIO import StringIO sout = StringIO() if not portal.acl_users.objectIds(["Automatic Group Plugin"]): from Products.PlonePAS.plugins.autogroup import manage_addAutoGroup manage_addAutoGroup( portal.acl_users, "auto_group", "Automatic Group Provider", "AuthenticatedUsers", "Logged-in users (Virtual Group)", ) activatePluginInterfaces(portal, "auto_group", sout) out.append("Added automatic group PAS plugin")
def post_install(context): """Post install script""" site = getSite() gsm = getSiteManager(site) uf = site.acl_users LOG.debug("\ncollective.odoo.pas Plugin setup") odoo_pas = uf.manage_addProduct['collective.odoo.pas'] found = uf.objectIds(['OdooPAS plugin']) if not found: odoo_pas.addOdooPASPlugin('odoo_pas', 'OdooPAS plugin') activatePluginInterfaces(site, 'odoo_pas') try: site.acl_users.odoo_pas.ZCacheable_setManagerId('RAMCache') except: LOG.info('unable to set RAMCache as default cache for Odoo PAS') pass
def uninstallVarious(context): if context.readDataFile('raptus.securelogin_uninstall.txt') is None: return portal = context.getSite() cp = getToolByName(portal, 'portal_controlpanel') if 'SecureLoginSettings' in cp: cp.unregisterConfiglet('SecureLoginSettings') acl = getToolByName(portal, 'acl_users') if acl.objectIds(['Secure Login Authentication']): acl.manage_delObjects(['securelogin_credentials_cookie_auth']) disable=['ICredentialsResetPlugin', 'ICredentialsUpdatePlugin'] activatePluginInterfaces(portal, 'credentials_cookie_auth', disable=disable)
def installCookieAuth(context): portal = context.getSite() uf = portal.acl_users login_path = 'require_login' logout_path = 'logged_out' cookie_name = '__ac' from Products.CMFCore.utils import getToolByName crumbler = getToolByName(portal, 'cookie_authentication', None) if crumbler is not None: login_path = crumbler.auto_login_page logout_path = crumbler.logout_page cookie_name = crumbler.auth_cookie found = uf.objectIds(['Signed Cookie Auth Helper']) if not found: openplans = uf.manage_addProduct['OpenPlans'] openplans.manage_addSignedCookieAuthHelper('credentials_signed_cookie_auth', cookie_name=cookie_name) from Products.PlonePAS.Extensions.Install import activatePluginInterfaces import sys activatePluginInterfaces(portal, 'credentials_signed_cookie_auth', sys.stdout) signed_cookie_auth = uf._getOb('credentials_signed_cookie_auth') if 'login_form' in signed_cookie_auth.objectIds(): signed_cookie_auth.manage_delObjects(ids=['login_form']) signed_cookie_auth.cookie_name = cookie_name signed_cookie_auth.login_path = login_path old_cookie_auth = uf._getOb('credentials_cookie_auth', None) if old_cookie_auth is not None: old_cookie_auth.manage_activateInterfaces([]) from Products.PluggableAuthService.interfaces.plugins import IChallengePlugin plugins = uf._getOb('plugins', None) if plugins is not None: plugins.movePluginsUp(IChallengePlugin, ['credentials_signed_cookie_auth'],)
def setupPlugin(portal): """Install and prioritize the password history PAS plug-in """ out = StringIO() uf = getToolByName(portal, 'acl_users') passwordhistory = uf.manage_addProduct['collective.passwordhistory'] existing = uf.objectIds() if PLUGIN_NAME not in existing: passwordhistory.manage_addPasswordHistory(PLUGIN_NAME) activatePluginInterfaces(portal, PLUGIN_NAME, out) uf.plugins.movePluginsUp(IUserAdderPlugin, [PLUGIN_NAME]) uf.plugins.movePluginsUp(IUserManagement, [PLUGIN_NAME]) else: print >> out, "%s already installed" % PLUGIN_NAME return out.getvalue()
def createLocalPas(self): """Create PAS acl_users else login_form does not work""" # need Manager role to add an acl_users object remove_role = False if not getSecurityManager().checkPermission(permissions.ManagePortal, self): portal_membership = getToolByName(self, 'portal_membership') current_user = portal_membership.getAuthenticatedMember() current_userid = current_user.getId() self.manage_addLocalRoles(userid=current_userid, roles=[ 'Manager', ]) remove_role = True # Re-use code in PlonePAS install addPluggableAuthService(self) out = StringIO() try: challenge_chooser_setup(self) except TypeError: # BBB needed for Plone 3.3.5 challenge_chooser_setup(self, out) registerPluginTypes(self.acl_users) try: setupPlugins(self) except TypeError: # BBB needed for Plone 3.3.5 setupPlugins(self, out) # Recreate mutable_properties but specify fields uf = self.acl_users uf.manage_addProduct['PluggableAuthService'] plone_pas = uf.manage_addProduct['PlonePAS'] plone_pas.manage_delObjects('mutable_properties') plone_pas.manage_addZODBMutablePropertyProvider('mutable_properties', fullname='', key='', email_sent='') activatePluginInterfaces(self, 'mutable_properties', out) if remove_role: self.manage_delLocalRoles(userids=[ current_userid, ])
def installPASPlugin(portal, name='tokenlogin'): out = StringIO() userFolder = portal['acl_users'] if name not in userFolder: plugin = TokenAuthenticator(name, 'tokenlogin authenticator') userFolder[name] = plugin activatePluginInterfaces(portal, name, out) print >> out, 'tokenlogin authenticator added' plugins = userFolder['plugins'] for info in plugins.listPluginTypeInfo(): interface = info['interface'] if plugin.testImplements(interface): active = list(plugins.listPluginIds(interface)) if name in active: active.remove(name) active.insert(0, name) plugins._plugins[interface] = tuple(active) return out.getvalue()
def enable_autologin_as(self, *args): """Add and configure DomainAuthHelper PAS-plugin to login all anonymous users from localhost as a special *Remote User* with one or more given roles. Examples of use:: Enable autologin as Manager Enable autologin as Site Administrator Enable autologin as Member Contributor """ if "robot_login" in self.acl_users.objectIds(): self.acl_users.robot_login._domain_map.clear() else: DomainAuthHelper.manage_addDomainAuthHelper( self.acl_users, "robot_login") activatePluginInterfaces(self, "robot_login") user = "******".join(sorted(args)) self.acl_users.robot_login.manage_addMapping( match_type="regex", match_string=".*", roles=args, username=user)
def configureWindowsAuthPlugin(context): marker = 'netsight.windowsauthplugin.profiles_mixed.marker' if context.readDataFile(marker) is None: return site = context.getSite() pas = getToolByName(site, 'acl_users') if "spnego_auth" not in pas.objectIds(): factory = pas.manage_addProduct["netsight.windowsauthplugin"] factory.manage_add_windowsauthplugin_helper( "spnego_auth", "Windows authentication plugin" ) # Activate all but Challenge-plugin in mixed environments: activatePluginInterfaces(site, "spnego_auth", disable=['IChallengePlugin'])
def importVarious(context): ''' Install the Disabled User plugin ''' # Only run step if a flag file is present (e.g. not an extension profile) if context.readDataFile('collective-disableduser.txt') is None: return out = StringIO() portal = context.getSite() uf = getToolByName(portal, 'acl_users') installed = uf.objectIds() if 'disableduserpas' not in installed: addDisabledUserPlugin(uf, 'disableduserpas', 'Disabled User PAS') activatePluginInterfaces(portal, 'disableduserpas', out) else: print >> out, 'disableduserpas already installed' print out.getvalue()
def enable_autologin_as(self, *args): """Add and configure DomainAuthHelper PAS-plugin to login all anonymous users from localhost as a special *Remote User* with one or more given roles. Examples of use:: Enable autologin as Manager Enable autologin as Site Administrator Enable autologin as Member Contributor """ if 'robot_login' in self.acl_users.objectIds(): self.acl_users.robot_login._domain_map.clear() else: DomainAuthHelper.manage_addDomainAuthHelper( self.acl_users, 'robot_login') activatePluginInterfaces(self, 'robot_login') user = '******'.join(sorted(args)) self.acl_users.robot_login.manage_addMapping(match_type='regex', match_string='.*', roles=args, username=user)
def updatePASPlugins(context): from Products.PlonePAS.Extensions.Install import activatePluginInterfaces portal = getToolByName(context, 'portal_url').getPortalObject() activatePluginInterfaces(portal, 'mutable_properties') activatePluginInterfaces(portal, 'source_users') activatePluginInterfaces(portal, 'credentials_cookie_auth', disable=['ICredentialsResetPlugin', 'ICredentialsUpdatePlugin']) if not portal.acl_users.objectIds(['Plone Session Plugin']): from plone.session.plugins.session import manage_addSessionPlugin manage_addSessionPlugin(portal.acl_users, 'session') activatePluginInterfaces(portal, "session") logger.info("Added Plone Session Plugin.")
def install_plugin(portal, name='collective-pas-oauth'): out = StringIO() userFolder = portal['acl_users'] if name not in userFolder: plugin = OauthPluginBase(name, 'Oauth Plugin Base') userFolder[name] = plugin activatePluginInterfaces(portal, name, out) # Move plugin to the top of the list for each active interface plugins = userFolder['plugins'] for info in plugins.listPluginTypeInfo(): interface = info['interface'] if plugin.testImplements(interface): active = list(plugins.listPluginIds(interface)) if name in active: active.remove(name) active.insert(0, name) plugins._plugins[interface] = tuple(active) return out.getvalue()
def setup_pas(context): if context.readDataFile('collective.workspace.txt') is None: return site = getSite() if 'workspace_groups' not in site.acl_users: site.acl_users.manage_addProduct[ 'collective.workspace'].addWorkspaceGroupManager( 'workspace_groups', 'collective.workspace Groups', ) activatePluginInterfaces(site, 'workspace_groups') # make sure our properties plugin is above mutable_properties plugins = list(site.acl_users.plugins._getPlugins(IPropertiesPlugin)) try: target_index = plugins.index('mutable_properties') except ValueError: target_index = 0 plugins.remove('workspace_groups') plugins.insert(target_index, 'workspace_groups') site.acl_users.plugins._plugins[IPropertiesPlugin] = tuple(plugins)
def _setupPlugins(portal, out): """ Install and prioritize the membrane PAS plug-ins. """ uf = getToolByName(portal, 'acl_users') plugins = uf.plugins membrane = uf.manage_addProduct['membrane'] existing = uf.objectIds() if 'membrane_users' not in existing: membrane.addMembraneUserManager('membrane_users') print >> out, "Added User Manager." activatePluginInterfaces(portal, 'membrane_users', out) if 'membrane_groups' not in existing: membrane.addMembraneGroupManager('membrane_groups') print >> out, "Added Group Manager." activatePluginInterfaces(portal, 'membrane_groups', out) plugins.movePluginsUp(IGroupsPlugin, ['membrane_groups']) if 'membrane_roles' not in existing: membrane.addMembraneRoleManager('membrane_roles') print >> out, "Added Role Manager." activatePluginInterfaces(portal, 'membrane_roles', out) if 'membrane_properties' not in existing: membrane.addMembranePropertyManager('membrane_properties') print >> out, "Added Property Manager." activatePluginInterfaces(portal, 'membrane_properties', out) plugins.movePluginsUp(IPropertiesPlugin, ['membrane_properties']) plugins.movePluginsUp(IPropertiesPlugin, ['membrane_properties']) if 'membrane_user_factory' not in existing: membrane.addMembraneUserFactory('membrane_user_factory') print >> out, "Added User Factory." activatePluginInterfaces(portal, 'membrane_user_factory', out) plugins.movePluginsUp(IUserFactoryPlugin, ['membrane_user_factory'])