[Erp5-report] r25609 - in /erp5/trunk/products/ERP5: Document/Person.py Tool/PasswordTool.py

Wed Feb 18 16:40:10 CET 2009

Author: vincent
Date: Wed Feb 18 16:40:09 2009
New Revision: 25609

URL: http://svn.erp5.org?rev=25609&view=rev
Log:
Change Person's password into a PersistentMapping. This allows storing multiple representations of the same password. This is required to interface with foreign applications without storing the password in plaintext.
Update PasswordTool to not encode the password at its level.

Modified:
    erp5/trunk/products/ERP5/Document/Person.py
    erp5/trunk/products/ERP5/Tool/PasswordTool.py

Modified: erp5/trunk/products/ERP5/Document/Person.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/Document/Person.py?rev=25609&r1=25608&r2=25609&view=diff
==============================================================================

--- erp5/trunk/products/ERP5/Document/Person.py [utf8] (original)
+++ erp5/trunk/products/ERP5/Document/Person.py [utf8] Wed Feb 18 16:40:09 2009
@@ -31,6 +31,8 @@
 from Products.CMFCore.utils import getToolByName
 from Products.CMFCore.utils import _checkPermission
 from Products.CMFCore.exceptions import AccessControl_Unauthorized
+from Globals import PersistentMapping
+from Acquisition import aq_base
 
 #from Products.ERP5.Core.Node import Node
 
@@ -185,6 +187,26 @@
         return pw_validate(self.getPassword(), value)
       return False
 
+    def _setEncodedPassword(self, value, format='default'):
+      password = getattr(aq_base(self), 'password', None)
+      if password is None:
+        password = self.password = PersistentMapping()
+      self.password[format] = value
+
+    security.declarePublic('setPassword')
+    def setEncodedPassword(self, value, format='default'):
+      """
+        Set an already encoded password.
+      """
+      if not _checkPermission(Permissions.SetOwnPassword, self):
+        raise AccessControl_Unauthorized('setEncodedPassword')
+      self._setEncodedPassword(value, format=format)
+      self.reindexObject()
+
+    def _setPassword(self, value):
+      self.password = PersistentMapping()
+      self._setEncodedPassword(pw_encrypt(value))
+
     security.declarePublic('setPassword')
     def setPassword(self, value) :
       """
@@ -193,8 +215,39 @@
       if value is not None:
         if not _checkPermission(Permissions.SetOwnPassword, self):
           raise AccessControl_Unauthorized('setPassword')
-        self._setPassword(pw_encrypt(value))
+        self._setPassword(value)
         self.reindexObject()
+
+    security.declareProtected(Permissions.AccessContentsInformation, 'getPassword')
+    def getPassword(self, *args, **kw):
+      """
+        Retrieve password in desired format.
+
+        getPassword([default], [format='default'])
+
+        default (anything)
+          Value to return if no passord is set on context.
+          Default: no default, raises AttributeError if property is not set.
+        format (string)
+          String defining the format in which the password is expected.
+          If passowrd is not available in that format, KeyError will be
+          raised.
+          Default: 'default'
+      """
+      password = getattr(aq_base(self), 'password', *args)
+      format = kw.get('format', 'default')
+      try:
+        # Backward compatibility: if it's not a PersistentMapping instance,
+        # assume it's a monovalued string, which corresponds to default
+        # password encoding.
+        if isinstance(password, PersistentMapping):
+          password = password[format]
+        else:
+          if format != 'default':
+            raise KeyError
+      except KeyError:
+        raise KeyError, 'Password is not available in %r format.' % (format, )
+      return password
 
     # Time management
     security.declareProtected(Permissions.AccessContentsInformation, 

Modified: erp5/trunk/products/ERP5/Tool/PasswordTool.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/Tool/PasswordTool.py?rev=25609&r1=25608&r2=25609&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/Tool/PasswordTool.py [utf8] (original)
+++ erp5/trunk/products/ERP5/Tool/PasswordTool.py [utf8] Wed Feb 18 16:40:09 2009
@@ -39,7 +39,6 @@
 from Products.ERP5Type.Message import translateString
 from Acquisition import aq_base
 from BTrees.OOBTree import OOBTree
-from Products.ERP5.Document.Person import pw_encrypt
 
 class PasswordTool(BaseTool):
   """
@@ -190,7 +189,7 @@
     self.password_request_dict.pop(password_key)
     persons = self.acl_users.erp5_users.getUserByLogin(user_login)              
     person = persons[0]
-    person._setPassword(pw_encrypt(password))
+    person._setPassword(password)
     person.reindexObject()
     if REQUEST is not None:
       msg = translateString("Password changed.")


