Exemplo n.º 1
0
def get(userid=None, username=None):
    """Get a user.

    Plone provides both a unique, unchanging identifier for a user (the
    userid) and a username, which is the value a user types into the login
    form. In many cases, the values for each will be the same, but under some
    circumstances they will differ. Known instances of this behavior include:

     * using content-based members via membrane
     * users changing their email address when using email as login is enabled

    We provide the ability to look up users by either.

    :param userid: Userid of the user we want to get.
    :type userid: string
    :param username: Username of the user we want to get.
    :type username: string
    :returns: User
    :rtype: MemberData object
    :raises:
        MissingParameterError
    :Example: :ref:`user_get_example`
    """
    if userid is not None:
        portal_membership = portal.get_tool('portal_membership')
        return portal_membership.getMemberById(userid)

    return get_member_by_login_name(portal.get(),
                                    username,
                                    raise_exceptions=False)
Exemplo n.º 2
0
def get(userid=None, username=None):
    """Get a user.

    Plone provides both a unique, unchanging identifier for a user (the
    userid) and a username, which is the value a user types into the login
    form. In many cases, the values for each will be the same, but under some
    circumstances they will differ. Known instances of this behavior include:

     * using content-based members via membrane
     * users changing their email address when using email as login is enabled

    We provide the ability to look up users by either.

    :param userid: Userid of the user we want to get.
    :type userid: string
    :param username: Username of the user we want to get.
    :type username: string
    :returns: User
    :rtype: MemberData object
    :raises:
        MissingParameterError
    :Example: :ref:`user_get_example`
    """
    if userid is not None:
        portal_membership = portal.get_tool('portal_membership')
        return portal_membership.getMemberById(userid)

    return get_member_by_login_name(
        portal.get(),
        username,
        raise_exceptions=False,
    )
Exemplo n.º 3
0
def mailPassword(self, login, REQUEST):
    request = REQUEST or self.REQUEST
    portal = getToolByName(self, "portal_url").getPortalObject()
    member = get_member_by_login_name(self, login, raise_exceptions=False)

    # member.getUser gives us the wrong context for setting up a
    # SecurityManager.
    acl_users = getToolByName(portal, "acl_users")
    user = acl_users.getUserById(member.getId())

    orig_sm = getSecurityManager()
    try:
        newSecurityManager(request, user)
        tmp_sm = getSecurityManager()
        if not tmp_sm.checkPermission(SetOwnPassword, portal):

            # Re-use this ready-translated message for now
            exc = exc_class(_(u"Mailing forgotten passwords has been disabled."))

            # Work around bug in mail_password under Py>2.6
            if hasattr(exc, "message"):
                exc.message = exc.message
            raise exc
    finally:
        setSecurityManager(orig_sm)
    return self._original_mailPassword(login, REQUEST)
Exemplo n.º 4
0
 def getValidUser(self, userid):
     """Returns the member with 'userid' if available and None otherwise."""
     if get_member_by_login_name:
         props = getToolByName(self, 'portal_properties').site_properties
         if props.getProperty('use_email_as_login', False):
             return get_member_by_login_name(
                 self, userid, raise_exceptions=False)
     membertool = getToolByName(self, 'portal_membership')
     return membertool.getMemberById(userid)
Exemplo n.º 5
0
    def getValidUser(self, userid):
        """Returns the member with 'userid' if available and None otherwise."""
        if get_member_by_login_name:
            registry = getUtility(IRegistry)
            settings = registry.forInterface(ISecuritySchema, prefix='plone')

            if settings.use_email_as_login:
                return get_member_by_login_name(
                    self, userid, raise_exceptions=False)
        membertool = getToolByName(self, 'portal_membership')
        return membertool.getMemberById(userid)
Exemplo n.º 6
0
 def getValidUser(self, userid):
     """Returns the member with 'userid' if available and None otherwise."""
     if get_member_by_login_name:
         registry = getUtility(IRegistry)
         settings = registry.forInterface(ISecuritySchema, prefix='plone')
         if settings.use_email_as_login:
             return get_member_by_login_name(self,
                                             userid,
                                             raise_exceptions=False)
     membertool = getToolByName(self, 'portal_membership')
     return membertool.getMemberById(userid)
Exemplo n.º 7
0
def get_user(user_or_username):
    """Return Plone User

    :param user_or_username: Plone user or user id
    :returns: Plone MemberData
    """
    user = None
    if isinstance(user_or_username, MemberData):
        user = user_or_username
    if isinstance(user_or_username, basestring):
        user = get_member_by_login_name(get_portal(), user_or_username, False)
    return user
Exemplo n.º 8
0
    def resetPassword(self, userid, randomstring, password):
        """Set the password (in 'password') for the user who maps to
        the string in 'randomstring' iff the entered 'userid' is equal
        to the mapped userid. (This can be turned off with the
        'toggleUserCheck' method.)

        Note that this method will *not* check password validity: this
        must be done by the caller.

        Throws an 'ExpiredRequestError' if request is expired.
        Throws an 'InvalidRequestError' if no such record exists,
        or 'userid' is not in the record.
        """
        if get_member_by_login_name:
            found_member = get_member_by_login_name(self,
                                                    userid,
                                                    raise_exceptions=False)
            if found_member is not None:
                userid = found_member.getId()
        try:
            stored_user, expiry = self._requests[randomstring]
        except KeyError:
            raise InvalidRequestError

        if self.checkUser() and (userid != stored_user):
            raise InvalidRequestError
        if self.expired(expiry):
            del self._requests[randomstring]
            self._p_changed = 1
            raise ExpiredRequestError

        member = self.getValidUser(stored_user)
        if not member:
            raise InvalidRequestError

        # actually change password
        user = member.getUser()
        uf = getToolByName(self, 'acl_users')
        if getattr(uf, 'userSetPassword', None) is not None:
            uf.userSetPassword(user.getUserId(), password)  # GRUF 3
        else:
            try:
                user.changePassword(password)  # GRUF 2
            except AttributeError:
                # this sets __ directly (via MemberDataTool) which is the usual
                # (and stupid!) way to change a password in Zope
                member.setSecurityProfile(password=password)

        member.setMemberProperties(dict(must_change_password=0))

        # clean out the request
        del self._requests[randomstring]
        self._p_changed = 1
Exemplo n.º 9
0
    def resetPassword(self, userid, randomstring, password):
        """Set the password (in 'password') for the user who maps to
        the string in 'randomstring' iff the entered 'userid' is equal
        to the mapped userid. (This can be turned off with the
        'toggleUserCheck' method.)

        Note that this method will *not* check password validity: this
        must be done by the caller.

        Throws an 'ExpiredRequestError' if request is expired.
        Throws an 'InvalidRequestError' if no such record exists,
        or 'userid' is not in the record.
        """
        if get_member_by_login_name:
            props = getToolByName(self, 'portal_properties').site_properties
            if props.getProperty('use_email_as_login', False):
                found_member = get_member_by_login_name(self, userid)
                if found_member is not None:
                    userid = found_member.getId()
        try:
            stored_user, expiry = self._requests[randomstring]
        except KeyError:
            raise InvalidRequestError

        if self.checkUser() and (userid != stored_user):
            raise InvalidRequestError
        if self.expired(expiry):
            del self._requests[randomstring]
            self._p_changed = 1
            raise ExpiredRequestError

        member = self.getValidUser(stored_user)
        if not member:
            raise InvalidRequestError

        # actually change password
        user = member.getUser()
        uf = getToolByName(self, 'acl_users')
        if getattr(uf, 'userSetPassword', None) is not None:
            uf.userSetPassword(user.getUserId(), password)  # GRUF 3
        else:
            try:
                user.changePassword(password)  # GRUF 2
            except AttributeError:
                # this sets __ directly (via MemberDataTool) which is the usual
                # (and stupid!) way to change a password in Zope
                member.setSecurityProfile(password=password)

        member.setMemberProperties(dict(must_change_password=0))

        # clean out the request
        del self._requests[randomstring]
        self._p_changed = 1
Exemplo n.º 10
0
    def test_get_member_by_login_name(self):
        memship = self.portal.portal_membership
        context = self.portal
        member = memship.getMemberById(PloneTestCase.default_user)

        # Login name and user name start out the same
        found = get_member_by_login_name(context, PloneTestCase.default_user)
        self.assertEqual(member, found)

        # Change the login name:
        set_own_login_name(member, 'vanrees')
        # A member with this user name is still returned:
        found = get_member_by_login_name(context, PloneTestCase.default_user)
        self.assertEqual(member, found)
        # With the changed login name we can find the member:
        found = get_member_by_login_name(context, 'vanrees')
        self.assertEqual(member, found)

        # Demonstrate that we can find other members than just the
        # default user:
        found = get_member_by_login_name(context, SITE_OWNER_NAME)
        member = memship.getMemberById(SITE_OWNER_NAME)
        self.assertEqual(member, found)
Exemplo n.º 11
0
    def test_get_member_by_login_name(self):
        memship = self.portal.portal_membership
        context = self.portal
        member = memship.getMemberById(PloneTestCase.default_user)

        # Login name and user name start out the same
        found = get_member_by_login_name(context, PloneTestCase.default_user)
        self.assertEqual(member, found)

        # Change the login name:
        set_own_login_name(member, 'vanrees')
        # A member with this user name is still returned:
        found = get_member_by_login_name(context, PloneTestCase.default_user)
        self.assertEqual(member, found)
        # With the changed login name we can find the member:
        found = get_member_by_login_name(context, 'vanrees')
        self.assertEqual(member, found)

        # Demonstrate that we can find other members than just the
        # default user:
        found = get_member_by_login_name(context, SITE_OWNER_NAME)
        member = memship.getMemberById(SITE_OWNER_NAME)
        self.assertEqual(member, found)
Exemplo n.º 12
0
def validate_userid_pwreset(context, userid, randomstring):
    pwt = getToolByName(context, 'portal_password_reset')
    found_member = get_member_by_login_name(
        context, userid, raise_exceptions=False)
    if found_member is not None:
        userid = found_member.getId()
    else:
        return False
    try:
        stored_user, expiry = pwt._requests[randomstring]
    except KeyError:
        return False
    if userid != stored_user:
        return False
    member = pwt.getValidUser(stored_user)
    if not member:
        return False
    return True
Exemplo n.º 13
0
def get_user(user=None):
    """Get the user object

    :param user: A user id, memberdata object or None for the current user
    :returns: Plone User (PlonePAS) / Propertied User (PluggableAuthService)
    """
    if user is None:
        # Return the current authenticated user
        user = getSecurityManager().getUser()
    elif isinstance(user, MemberData):
        # MemberData wrapped user -> get the user object
        user = user.getUser()
    elif isinstance(user, basestring):
        # User ID -> get the user
        user = get_member_by_login_name(get_portal(), user, False)
        if user:
            user = user.getUser()
    return user
Exemplo n.º 14
0
    def resetPassword(self, userid, randomstring, password):
        """Set the password (in 'password') for the user who maps to
        the string in 'randomstring' iff the entered 'userid' is equal
        to the mapped userid. (This can be turned off with the
        'toggleUserCheck' method.)

        Note that this method will *not* check password validity: this
        must be done by the caller.

        Throws an 'ExpiredRequestError' if request is expired.
        Throws an 'InvalidRequestError' if no such record exists,
        or 'userid' is not in the record.
        """
        if get_member_by_login_name:
            found_member = get_member_by_login_name(
                self, userid, raise_exceptions=False)
            if found_member is not None:
                userid = found_member.getId()
        try:
            stored_user, expiry = self._requests[randomstring]
        except KeyError:
            raise InvalidRequestError

        if self.checkUser() and (userid != stored_user):
            raise InvalidRequestError
        if self.expired(expiry):
            del self._requests[randomstring]
            self._p_changed = 1
            raise ExpiredRequestError

        member = self.getValidUser(stored_user)
        if not member:
            raise InvalidRequestError

        # actually change password
        user = member.getUser()
        uf = getToolByName(self, 'acl_users')
        uf.userSetPassword(user.getUserId(), password)
        member.setMemberProperties(dict(must_change_password=0))

        # clean out the request
        del self._requests[randomstring]
        self._p_changed = 1
Exemplo n.º 15
0
    def _auto_login(self, userid, password):
        context = self.context
        aclu = getToolByName(context, 'acl_users')
        for name, plugin in aclu.plugins.listPlugins(ICredentialsUpdatePlugin):
            plugin.updateCredentials(
                self.request,
                self.request.response,
                userid,
                password
            )

        member = get_member_by_login_name(context, userid, False)

        if member:
            user = member.getUser()
        else:
            # Fallback in case we cannot find a user
            # with the given userid
            user = getSecurityManager().getUser()

        login_time = user.getProperty('login_time', None)
        if login_time is None:
            notify(UserInitialLoginInEvent(user))
        else:
            notify(UserLoggedInEvent(user))

        IStatusMessage(self.request).addStatusMessage(
            _(
                'password_reset_successful',
                default='Password reset successful, '
                        'you are logged in now!',
            ),
            'info',
        )
        url = INavigationRoot(self.context).absolute_url()
        self.request.response.redirect(url)
        return
Exemplo n.º 16
0
 def _get_user_by_login_name(self, user_id):
     return get_member_by_login_name(self.context,
                                     user_id,
                                     raise_exceptions=False)