def BrowserID_checkUserExistence(self): hash = self.REQUEST.get('__ac_browser_id_hash') try: user_dict = BrowserID_getServerToken(self, hash) except KeyError: return False user = user_dict['login'] tag = '%s_user_creation_in_progress' % user person_list = getUserByLogin(self.getPortalObject(), user) if len(person_list) == 0: if self.getPortalObject().portal_activities.countMessageWithTag(tag) == 0: user_entry = {'reference': user, 'email': user[4:], 'first_name': None, 'last_name': None} self.Base_createOauth2User(tag, **user_entry) return False else: return True
"""Returns the name of the owner of current document """ owner_id_list = [i[0] for i in context.get_local_roles() if 'Owner' in i[1]] if owner_id_list: from Products.ERP5Security.ERP5UserManager import getUserByLogin found_user_list = getUserByLogin(context.getPortalObject(), tuple(owner_id_list)) if found_user_list: return found_user_list[0].getTitle() return owner_id_list[0]
"""Find and returns Person object for current logged in user. Returns None if no corresponding person, for example when not using ERP5Security.ERP5UserManager. """ portal = context.getPortalObject() if user_name is None: user_name = portal.portal_membership.getAuthenticatedMember() from Products.ERP5Security.ERP5UserManager import getUserByLogin found_user_list = getUserByLogin(portal, str(user_name)) if len(found_user_list) == 1: return found_user_list[0]
from DateTime import DateTime from Products.ERP5Security.ERP5UserManager import getUserByLogin person_list = getUserByLogin(context, login) if not person_list: return False, [] person = person_list[0] if person.getPassword(format='palo_md5') != password: return False, [] now = DateTime() group_set = set() for assignment in person.contentValues(portal_type='Assignment'): if assignment.getValidationState() == 'open' and ( assignment.getStartDate() is None or assignment.getStartDate() <= now <= assignment.getStopDate()): # XXX below is sample implementation, as it must match the groups defined in PALO if assignment.isMemberOf("function/palo"): group_set.add(assignment.getGroupReference()) if assignment.isMemberOf("function/palo_admin"): group_set.add("admin") return True, list(group_set)
def extractCredentials(self, request): """ Extract Oauth2 credentials from the request header. """ Base_createOauth2User = getattr(self.getPortalObject(), 'Base_createOauth2User', None) if Base_createOauth2User is None: LOG('ERP5ExternalOauth2ExtractionPlugin', INFO, 'No Base_createOauth2User script available, install ' 'erp5_credential_oauth2, disabled authentication.') return DumbHTTPExtractor().extractCredentials(request) creds = {} token = None if request._auth is not None: # 1st - try to fetch from Authorization header if self.header_string.lower() in request._auth.lower(): l = request._auth.split() if len(l) == 2: token = l[1] if token is None: # no token return DumbHTTPExtractor().extractCredentials(request) # token is available user = None user_entry = None try: user = self.getToken(self.prefix + token) except KeyError: user_entry = self.getUserEntry(token) if user_entry is not None: user = user_entry['reference'] if user is None: # fallback to default way return DumbHTTPExtractor().extractCredentials(request) tag = '%s_user_creation_in_progress' % user.encode('hex') if self.getPortalObject().portal_activities.countMessageWithTag(tag) > 0: self.REQUEST['USER_CREATION_IN_PROGRESS'] = user else: # create the user if not found person_list = getUserByLogin(self.getPortalObject(), user) if len(person_list) == 0: sm = getSecurityManager() if sm.getUser().getId() != SUPER_USER: newSecurityManager(self, self.getUser(SUPER_USER)) try: self.REQUEST['USER_CREATION_IN_PROGRESS'] = user if user_entry is None: user_entry = self.getUserEntry(token) try: self.Base_createOauth2User(tag, **user_entry) except Exception: LOG('ERP5ExternalOauth2ExtractionPlugin', ERROR, 'Issue while calling creation script:', error=True) raise finally: setSecurityManager(sm) try: self.setToken(self.prefix + token, user) except KeyError: # allow to work w/o cache pass creds['external_login'] = user creds['remote_host'] = request.get('REMOTE_HOST', '') try: creds['remote_address'] = request.getClientAddr() except AttributeError: creds['remote_address'] = request.get('REMOTE_ADDR', '') return creds