[Erp5-report] r42094 rafael - /erp5/trunk/products/ERP5Configurator/Tool/ConfiguratorTool.py

nobody at svn.erp5.org nobody at svn.erp5.org
Thu Jan 6 21:33:05 CET 2011 

Author: rafael
Date: Thu Jan  6 21:33:05 2011
New Revision: 42094

URL: http://svn.erp5.org?rev=42094&view=rev
Log:
Implement Basic Configurator Key Validation.

Modified:
    erp5/trunk/products/ERP5Configurator/Tool/ConfiguratorTool.py

Modified: erp5/trunk/products/ERP5Configurator/Tool/ConfiguratorTool.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Configurator/Tool/ConfiguratorTool.py?rev=42094&r1=42093&r2=42094&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Configurator/Tool/ConfiguratorTool.py [utf8] (original)
+++ erp5/trunk/products/ERP5Configurator/Tool/ConfiguratorTool.py [utf8] Thu Jan  6 21:33:05 2011
@@ -33,6 +33,7 @@ from Products.ERP5Type.Globals import DT
 from Products.ERP5Type.Accessor.Constant import PropertyGetter as \
     ConstantGetter
 from Products.ERP5Type.Tool.BaseTool import BaseTool
+from Products.ERP5Type.Cache import CachingMethod
 from Products.ERP5Type import Permissions
 from Products.ERP5Configurator import _dtmldir
 from Products.CMFCore.utils import getToolByName
@@ -145,7 +146,8 @@ class ConfiguratorTool(BaseTool):
   def login(self, REQUEST):
     """ Login client and show next form. """
     password = REQUEST.get('field_my_ac_key', '')
-    if self._isCorrectConfigurationKey(password):
+    bc = REQUEST.get('field_your_business_configuration')
+    if self._isCorrectConfigurationKey(password, bc):
       # set user preferred configuration language
       user_preferred_language = REQUEST.get(
           'field_my_user_preferred_language', None)
@@ -165,7 +167,6 @@ class ConfiguratorTool(BaseTool):
                                  __ac_key,
                                  expires = expires)
       REQUEST.set('__ac_key', __ac_key)
-      bc = REQUEST.get('field_your_business_configuration')
       REQUEST.RESPONSE.setCookie(BUSINESS_CONFIGURATION_COOKIE_NAME, 
                                  bc, 
                                  expires = expires)
@@ -176,12 +177,26 @@ class ConfiguratorTool(BaseTool):
                    self.Base_translateString('Incorrect Configuration Key'))
       return self.view()
 
-  def _isCorrectConfigurationKey(self, password=None):
+  def _isCorrectConfigurationKey(self, password=None,
+                                       business_configuration=None):
     """ Is configuration key correct """
     if password is None:
       password = self.REQUEST.get('__ac_key', None)
+    else:
+      password = quote(encodestring(password))
     # Not still not finished yet.
-    return 1
+    if business_configuration is None:
+      business_configuration = self.REQUEST.get(BUSINESS_CONFIGURATION_COOKIE_NAME, None)
+    if None not in [password, business_configuration]:
+      def is_key_valid(password, business_configuration):
+        bc = self.getPortalObject().unrestrictedTraverse(business_configuration)
+        return quote(encodestring(bc.getReference(''))) == password
+      return CachingMethod(is_key_valid, 
+                           "ConfiguratorTool_is_key_valid", 
+                           cache_factory='erp5_content_long')(
+                                     password, business_configuration)
+    return False
+
 
   #security.declareProtected(Permissions.ModifyPortalContent, 'next')
   def next(self, REQUEST):

More information about the Erp5-report mailing list