[Erp5-report] r40385 kazuhiko - in /erp5/trunk/products/ERP5Security: ./ tests/
nobody at svn.erp5.org
nobody at svn.erp5.org
Thu Nov 18 16:59:30 CET 2010
Author: kazuhiko
Date: Thu Nov 18 16:59:29 2010
New Revision: 40385
URL: http://svn.erp5.org?rev=40385&view=rev
Log:
* passed header key should be converted here, i.e. openAMid -> HTTP_OPENAMID, so 'literal=True' should be removed.
* no need to inherit CookieAuthHelper class.
* use 'external_login' instead of 'login' so that both extract part and authentication part of this plugin should be used, and not used in other authentication plugins.
Modified:
erp5/trunk/products/ERP5Security/ERP5ExternalAuthenticationPlugin.py
erp5/trunk/products/ERP5Security/tests/testERP5Security.py
Modified: erp5/trunk/products/ERP5Security/ERP5ExternalAuthenticationPlugin.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Security/ERP5ExternalAuthenticationPlugin.py?rev=40385&r1=40384&r2=40385&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Security/ERP5ExternalAuthenticationPlugin.py [utf8] (original)
+++ erp5/trunk/products/ERP5Security/ERP5ExternalAuthenticationPlugin.py [utf8] Thu Nov 18 16:59:29 2010
@@ -41,7 +41,6 @@ from Products.PluggableAuthService.inter
from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.permissions import ManageUsers
from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
-from Products.PluggableAuthService.plugins.CookieAuthHelper import CookieAuthHelper
from Products.ERP5Type.Cache import CachingMethod
from Products.ERP5Security.ERP5UserManager import ERP5UserManager,\
@@ -66,7 +65,7 @@ def addERP5ExternalAuthenticationPlugin(
'ERP5ExternalAuthenticationPlugin+added.'
% dispatcher.absolute_url())
-class ERP5ExternalAuthenticationPlugin(ERP5UserManager, CookieAuthHelper):
+class ERP5ExternalAuthenticationPlugin(ERP5UserManager):
"""
External authentification PAS plugin which extracts the user id from HTTP
request header, like REMOTE_USER, openAMid, etc.
@@ -82,6 +81,15 @@ class ERP5ExternalAuthenticationPlugin(E
+ BasePlugin.manage_options[:]
)
+ _properties = (({'id':'user_id_key',
+ 'type':'string',
+ 'mode':'w',
+ 'label':'HTTP request header key where the user_id is stored'
+ },
+ )
+ + BasePlugin._properties[:]
+ )
+
def __init__(self, id, title=None, user_id_key=''):
#Register value
self._setId(id)
@@ -95,9 +103,9 @@ class ERP5ExternalAuthenticationPlugin(E
def extractCredentials(self, request):
""" Extract credentials from the request header. """
creds = {}
- user_id = request.getHeader(self.user_id_key, literal=True)
+ user_id = request.getHeader(self.user_id_key)
if user_id is not None:
- creds['login'] = user_id
+ creds['external_login'] = user_id
#Complete credential with some informations
if creds:
@@ -115,7 +123,7 @@ class ERP5ExternalAuthenticationPlugin(E
security.declarePrivate('authenticateCredentials')
def authenticateCredentials( self, credentials ):
"""Authentificate with credentials"""
- login = credentials.get('login', None)
+ login = credentials.get('external_login', None)
# Forbidden the usage of the super user.
if login == SUPER_USER:
return None
Modified: erp5/trunk/products/ERP5Security/tests/testERP5Security.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Security/tests/testERP5Security.py?rev=40385&r1=40384&r2=40385&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Security/tests/testERP5Security.py [utf8] (original)
+++ erp5/trunk/products/ERP5Security/tests/testERP5Security.py [utf8] Thu Nov 18 16:59:29 2010
@@ -763,7 +763,7 @@ class TestLocalRoleManagement(ERP5TypeTe
# self.assertTrue(response.headers['location'].endswith('login_form'))
# view front page we should be logged in if we use authentication key
- response = self.publish(base_url, env={user_id_key:reference})
+ response = self.publish(base_url, env={user_id_key.replace('-', '_').upper():reference})
self.assertEqual(response.getStatus(), 200)
self.assertTrue(reference in response.getBody())
More information about the Erp5-report
mailing list