def configureTaskQueueAuthPlugin(context):
if context.readDataFile("collective.taskqueue.taskauth.txt") is None:
return # not our profile
site = getUtility(ISiteRoot)
pas = getToolByName(site, "acl_users")
if "taskauth" not in pas.objectIds():
factory = pas.manage_addProduct["collective.taskqueue.pasplugin"]
factory.manage_addTaskQueueAuthPlugin("taskauth",
"Task Queue PAS plugin")
activatePluginInterfaces(site, "taskauth")
# Make plugin the first one in order:
try:
for i in range(len(pas.plugins.listPluginIds(IExtractionPlugin))):
pas.plugins.movePluginsUp(IExtractionPlugin, ("taskauth", ))
except:
pass
try:
for i in range(len(pas.plugins.listPluginIds(IAuthenticationPlugin))):
pas.plugins.movePluginsUp(IAuthenticationPlugin, ("taskauth", ))
except:
pass
def setup_pas_plugin(place):
logger.info("Setting up Queue's PAS plugin ...")
pas = place.acl_users
if PAS_PLUGIN_ID not in pas.objectIds():
plugin = QueueAuthPlugin(title="SENAITE Queue PAS plugin")
plugin.id = PAS_PLUGIN_ID
pas._setObject(PAS_PLUGIN_ID, plugin) # noqa
logger.info("Created {} in acl_users".format(PAS_PLUGIN_ID))
plugin = getattr(pas, PAS_PLUGIN_ID)
if not isinstance(plugin, QueueAuthPlugin):
raise ValueError(
"PAS plugin {} is not a QueueAuthPlugin".format(PAS_PLUGIN_ID))
# Activate all supported interfaces for this plugin
activatePluginInterfaces(place, PAS_PLUGIN_ID)
# Make our plugin the first one for some interfaces
top_interfaces = ["IExtractionPlugin", "IAuthenticationPlugin"]
plugins = pas.plugins
for info in pas.plugins.listPluginTypeInfo():
interface_name = info["id"]
if interface_name in top_interfaces:
iface = plugins._getInterfaceFromName(interface_name) # noqa
for obj in plugins.listPlugins(iface):
plugins.movePluginsUp(iface, [PAS_PLUGIN_ID])
logger.info("Moved {} to top of {}".format(
PAS_PLUGIN_ID, interface_name))
logger.info("Setting up Queue's PAS plugin [DONE]")
def setup_pas(context):
if context.readDataFile("collective.workspace.txt") is None:
return
site = getSite()
if "workspace_groups" not in site.acl_users:
site.acl_users.manage_addProduct[
"collective.workspace"].addWorkspaceGroupManager(
"workspace_groups",
"collective.workspace Groups",
)
activatePluginInterfaces(site, "workspace_groups")
def installPASPlugin(portal):
pas = api.portal.get_tool('acl_users')
if PAS_ID not in pas:
plugin = DisableUserPlugin(PAS_ID, PAS_TITLE)
pas[PAS_ID] = plugin
activatePluginInterfaces(portal, PAS_ID)
# We need this plugin to be on top, otherwise the REST API JWT
# will have preference and the Unauthorized won't fire.
iface = pas.plugins._getInterfaceFromName('IAuthenticationPlugin')
no_of_steps = len(pas.plugins.listPlugins(iface)) - 1
for i in range(no_of_steps):
pas.plugins.movePluginsUp(iface, [plugin.getId()])
def addParrotPasswordPolicy(portal):
# remove default policy
uf = portal.acl_users
for policy in uf.objectIds(['Default Plone Password Policy']):
uf.plugins.deactivatePlugin(IValidationPlugin, policy)
obj = DeadParrotPassword('test')
uf._setObject(obj.getId(), obj)
obj = uf[obj.getId()]
activatePluginInterfaces(portal, obj.getId())
# portal = getUtility(ISiteRoot)
plugins = uf._getOb('plugins')
validators = plugins.listPlugins(IValidationPlugin)
assert validators
commit()
def addParrotPasswordPolicy(portal):
# remove default policy
uf = portal.acl_users
for policy in uf.objectIds(['Default Plone Password Policy']):
uf.plugins.deactivatePlugin(IValidationPlugin, policy)
obj = DeadParrotPassword('test')
uf._setObject(obj.getId(), obj)
obj = uf[obj.getId()]
activatePluginInterfaces(portal, obj.getId())
# portal = getUtility(ISiteRoot)
plugins = uf._getOb('plugins')
validators = plugins.listPlugins(IValidationPlugin)
assert validators
commit()
def setup_localrole_plugin(portal):
"""Install and prioritize the local-role PAS plug-in
"""
out = StringIO()
uf = getToolByName(portal, 'acl_users')
existing = uf.objectIds()
if LOCALROLE_PLUGIN_NAME not in existing:
manage_addWorkspaceLocalRoleManager(uf, LOCALROLE_PLUGIN_NAME)
activatePluginInterfaces(portal, LOCALROLE_PLUGIN_NAME, out)
else:
print >> out, "%s already installed" % LOCALROLE_PLUGIN_NAME
return out.getvalue()
def setup_localrole_plugin(portal):
"""Install and prioritize the local-role PAS plug-in
"""
out = StringIO()
uf = getToolByName(portal, 'acl_users')
existing = uf.objectIds()
if LOCALROLE_PLUGIN_NAME not in existing:
manage_addWorkspaceLocalRoleManager(uf, LOCALROLE_PLUGIN_NAME)
activatePluginInterfaces(portal, LOCALROLE_PLUGIN_NAME, out)
else:
print("%s already installed" % LOCALROLE_PLUGIN_NAME, file=out)
return out.getvalue()
def install_acl_users(app, event):
logger = event.commit
uf = app.acl_users
found = uf.objectIds(['Plone Session Plugin'])
if not found:
# new root acl user implementation not installed yet
migrate_root_uf(app)
uf = app.acl_users # need to get new acl_users
plone_pas = uf.manage_addProduct['PlonePAS']
manage_addSessionPlugin(plone_pas, 'session')
activatePluginInterfaces(app, "session")
cookie_auth = uf.credentials_cookie_auth
cookie_auth.login_path = u'/@@secure-login'
uf.plugins.activatePlugin(
IChallengePlugin,
'credentials_cookie_auth'
)
# also delete basic auth
uf.manage_delObjects(['credentials_basic_auth'])
# for some reason, we need to install the initial user...
if not api.env.test_mode():
try:
uf.users.manage_addUser('admin', 'admin', 'admin', 'admin')
uf.roles.assignRoleToPrincipal('Manager', 'admin')
except KeyError:
pass # already a user
if logger is not None:
logger('Updated acl users')
km = getattr(app, 'key_manager', None)
if km is None:
km = KeyManager()
app.key_manager = km
app._p_changed = 1
if logger is not None:
logger('adding key manager')
sm = getGlobalSiteManager()
sm.registerUtility(km, IKeyManager)
def enable_autologin_as(self, *args):
"""Add and configure DomainAuthHelper PAS-plugin to login
all anonymous users from localhost as a special *Remote User* with
one or more given roles. Examples of use::
Enable autologin as Manager
Enable autologin as Site Administrator
Enable autologin as Member Contributor
"""
disableCSRFProtection()
if 'robot_login' in self.acl_users.objectIds():
self.acl_users.robot_login._domain_map.clear()
else:
DomainAuthHelper.manage_addDomainAuthHelper(
self.acl_users, 'robot_login')
activatePluginInterfaces(self, 'robot_login')
user = '******'.join(sorted(args))
self.acl_users.robot_login.manage_addMapping(match_type='regex',
match_string='.*',
roles=args,
username=user)
def activateDefaultPasswordPolicy(portal):
uf = portal.acl_users
for policy in uf.objectIds(['Default Plone Password Policy']):
activatePluginInterfaces(portal, policy)
def activateDefaultPasswordPolicy(portal):
uf = portal.acl_users
for policy in uf.objectIds(['Default Plone Password Policy']):
activatePluginInterfaces(portal, policy)