diff --git a/CHANGES.txt b/CHANGES.txt index 73fac50..509dd25 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,7 +1,9 @@ CHANGES ======= -1.7.2 - (unrelease) +1.8 - (unrelease) ------------------- +- Switch to modern GenericSetup install + - Fix Plone 5 CSRF issues diff --git a/Products/WebServerAuth/Extensions/Install.py b/Products/WebServerAuth/Extensions/Install.py deleted file mode 100644 index cbb0868..0000000 --- a/Products/WebServerAuth/Extensions/Install.py +++ /dev/null @@ -1,48 +0,0 @@ -from Products.CMFCore.utils import getToolByName -from Products.PluggableAuthService.interfaces.plugins import IChallengePlugin -from Products.WebServerAuth.plugin import MultiPlugin, implementedInterfaces -from Products.WebServerAuth.utils import firstIdOfClass - -def install(portal, reinstall=False): - if not reinstall: - acl_users = getToolByName(portal, 'acl_users') - - # Put a WebServerAuth multiplugin in the acl_users folder, if there isn't one: - id = firstIdOfClass(acl_users, MultiPlugin) - if not id: - id = 'web_server_auth' - constructors = acl_users.manage_addProduct['WebServerAuth'] # http://wiki.zope.org/zope2/ObjectManager - constructors.manage_addWebServerAuth(id, title='WebServerAuth Plugin') - - # Activate it: - plugins = acl_users['plugins'] - for interface in implementedInterfaces: - plugins.activatePlugin(interface, id) # plugins is a PluginRegistry - - # Make the Challenge plugin the first in the list: - for i in range(list(plugins.listPluginIds(IChallengePlugin)).index(id)): - plugins.movePluginsUp(IChallengePlugin, [id]) - - # Set up login link: - user_actions = getToolByName(portal, 'portal_actions')['user'] - user_actions['login']._updateProperty('url_expr', "python:here.acl_users.web_server_auth.loginUrl(request.ACTUAL_URL)") - - # Override login_form with a redirect: - setupTool = getToolByName(portal, 'portal_setup') - setupTool.runAllImportStepsFromProfile('profile-Products.WebServerAuth:default') - -def uninstall(portal, reinstall=False): - if not reinstall: - # Delete the multiplugin instance: - acl_users = getToolByName(portal, 'acl_users') - id = firstIdOfClass(acl_users, MultiPlugin) - if id: - acl_users.manage_delObjects(ids=[id]) # implicitly deactivates - - # Revert login link to its stock setting: - user_actions = getToolByName(portal, 'portal_actions')['user'] - user_actions['login']._updateProperty('url_expr', "string:${portal_url}/login_form") - - # Remove login_form redirect: - setupTool = getToolByName(portal, 'portal_setup') - setupTool.runAllImportStepsFromProfile('profile-Products.WebServerAuth:uninstall') diff --git a/Products/WebServerAuth/__init__.py b/Products/WebServerAuth/__init__.py index ff3e91d..0226d17 100644 --- a/Products/WebServerAuth/__init__.py +++ b/Products/WebServerAuth/__init__.py @@ -15,30 +15,6 @@ registerDirectory('skins', globals()) # Without this, portal_skins/webserverauth shows up, but it's empty. def initialize(context): - # If we're running under Plone, register the GenericSetup profiles that let us replace login_form: - try: - from Products.GenericSetup import EXTENSION, profile_registry - from Products.CMFPlone.interfaces import IPloneSiteRoot - except ImportError: - pass # We're not running under Plone. Let the user use the PAS plugin without all the inapplicable login_form overriding. - else: - profile_registry.registerProfile( - "default", - "WebServerAuth", - "Delegates authentication to the web server.", - "profiles/default", - product="Products.WebServerAuth", - profile_type=EXTENSION, - for_=IPloneSiteRoot) - profile_registry.registerProfile( - "uninstall", - "WebServerAuth Uninstall", - "Removes the login_form redirection.", - "profiles/uninstall", - product="Products.WebServerAuth", - profile_type=EXTENSION, - for_=IPloneSiteRoot) - context.registerClass(MultiPlugin, permission=add_user_folders, constructors=(manage_addWebServerAuthForm, diff --git a/Products/WebServerAuth/configure.zcml b/Products/WebServerAuth/configure.zcml new file mode 100644 index 0000000..8bfcad8 --- /dev/null +++ b/Products/WebServerAuth/configure.zcml @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + diff --git a/Products/WebServerAuth/profiles/default/WebServerAuth-install.txt b/Products/WebServerAuth/profiles/default/WebServerAuth-install.txt new file mode 100644 index 0000000..ed0d26d --- /dev/null +++ b/Products/WebServerAuth/profiles/default/WebServerAuth-install.txt @@ -0,0 +1 @@ +Install WebServerAuth diff --git a/Products/WebServerAuth/profiles/uninstall/WebServerAuth-uninstall.txt b/Products/WebServerAuth/profiles/uninstall/WebServerAuth-uninstall.txt new file mode 100644 index 0000000..57088d4 --- /dev/null +++ b/Products/WebServerAuth/profiles/uninstall/WebServerAuth-uninstall.txt @@ -0,0 +1 @@ +Uninstall WebServerAuth diff --git a/Products/WebServerAuth/setuphandlers.py b/Products/WebServerAuth/setuphandlers.py new file mode 100644 index 0000000..8a998f7 --- /dev/null +++ b/Products/WebServerAuth/setuphandlers.py @@ -0,0 +1,65 @@ +""" +Install WebServerAuth into or uninstall from a given portal. +""" + +from Products.CMFCore.utils import getToolByName + +from Products.PluggableAuthService.interfaces.plugins import IChallengePlugin + +from Products.WebServerAuth.plugin import MultiPlugin, implementedInterfaces +from Products.WebServerAuth.utils import firstIdOfClass +from Products.WebServerAuth import zmi + + +def install(context): + """ + Install WebServerAuth into a given portal. + """ + if context.readDataFile('WebServerAuth-install.txt') is None: + return + portal = context.getSite() + + acl_users = getToolByName(portal, 'acl_users') + + # Put a WebServerAuth multiplugin in the acl_users folder, if there isn't + # one: + id = firstIdOfClass(acl_users, MultiPlugin) + if not id: + id = 'web_server_auth' + zmi.manage_addWebServerAuth( + acl_users, id, title='WebServerAuth Plugin') + + # Activate it: + plugins = acl_users['plugins'] + for interface in implementedInterfaces: + plugins.activatePlugin(interface, id) # plugins is a PluginRegistry + + # Make the Challenge plugin the first in the list: + for i in range(list(plugins.listPluginIds(IChallengePlugin)).index(id)): + plugins.movePluginsUp(IChallengePlugin, [id]) + + # Set up login link: + user_actions = getToolByName(portal, 'portal_actions')['user'] + user_actions['login']._updateProperty( + 'url_expr', + "python:here.acl_users.web_server_auth.loginUrl(request.ACTUAL_URL)") + + +def uninstall(context): + """ + Uninstall WebServerAuth from a given portal. + """ + if context.readDataFile('WebServerAuth-uninstall.txt') is None: + return + portal = context.getSite() + + # Delete the multiplugin instance: + acl_users = getToolByName(portal, 'acl_users') + id = firstIdOfClass(acl_users, MultiPlugin) + if id: + acl_users.manage_delObjects(ids=[id]) # implicitly deactivates + + # Revert login link to its stock setting: + user_actions = getToolByName(portal, 'portal_actions')['user'] + user_actions['login']._updateProperty( + 'url_expr', "string:${portal_url}/login_form") diff --git a/Products/WebServerAuth/version.txt b/Products/WebServerAuth/version.txt index 943f9cb..6259340 100644 --- a/Products/WebServerAuth/version.txt +++ b/Products/WebServerAuth/version.txt @@ -1 +1 @@ -1.7.1 +1.8