collective / dexterity.membrane Goto Github PK

enables dexterity content items to be used as users and groups in Plone sites

Python 98.81% Shell 1.19%

dexterity.membrane's Introduction

Introduction

dexterity.membrane enables dexterity content items to be used as users and groups in Plone sites and integrates with Products.membrane.

Compatibility

This package is currently tested and developed for Plone 5.2+ and python>=3.7.

With Plone 5.2+, Products.membrane 5 or higher is needed.

With Plone 6.0+ we recommend Products.membrane >= 6.0.

User id

As user id we use the uuid that is generated for the content item. See the definition of getUserId in the user.py behavior.

Email as login name

This package contains a member content type that has an email field. This is used as login name by the behavior. See getUserName. Other implementations are possible, so we do not force you to use the email address as the login name in your site.

By default, this is on, but you can switch it off in our control panel. The setting is saved in the Plone registry.

Aside from this, it is probably a good idea to also switch on the use_email_as_login property of Plone itself. The only effect this has as far as this package is concerned, is that some text in login forms is changed: you see email address as label instead of login name, mostly. To enable this, you can put this in propertiestool.xml (Plone 4), possibly in a custom package for your project:

<?xml version="1.0"?>
<object name="portal_properties" meta_type="Plone Properties Tool">
  <object name="site_properties" meta_type="Plone Property Sheet">
    <property name="use_email_as_login" type="boolean">True</property>
  </object>
</object>

Warning about changing settings

It is best to configure the settings once, and then not touch them anymore. If you change the settings when you already have created members, some reindexing may be needed. If there are just a few members, editing and saving them all will be the easiest way. If you have dozens or hundreds of members this is not very practical. Future versions might automate this. If you are interested in helping, a pull request would be nice.

Member content type

This package defines a member content type, but this may be considered an example; feel free to create a different type and only use the behaviors or create your own adaptations of them.

Behaviors

dexterity.membrane.user: this makes the content behave as a membrane user, defining a way to get the user id (getUserId) and login name (getUserName).
dexterity.membrane.provide_password: adds a password and confirmation field to your dexterity content. This is used during authentication.
dexterity.membrane.group: this makes the content behave as a membrane group, defining a way to get the group id (getGroupId) and group name (getGroupName).
dexterity.membrane.name_from_fullname: use member fullname to make the object id

Membrane implementation

Products.membrane.interfaces.IMembraneUserAuth: we implement authentication using the email field and the password field.
Products.membrane.interfaces import IMembraneUserProperties: we provide a read-only mapping from the first and last name fields of our own IMember schema to the fullname user property. We have a read-write mapping for the email, home_page/homepage and description/bio properties/fields for IMember.

Local roles

This package defines a local role provider. It makes sure a logged in user gets the local Reader, Editor and Creator roles on the membrane object that belongs to that user.

Workflow

We define a simple workflow with pending/approved states. A user can only login when in the approved state.

Encryption

As of 1.1.0b3, dexterity.membrane uses bcrypt to encrypt new passwords. This change maintains support for existing SSHA passwords.

dexterity.membrane's People

Contributors

Stargazers

Watchers

Forkers

saily nexiles maartenkling gagaro jean sixfeetup 2silver ksuess nazrulworld mikejmets classesover jamdevco jowent mobasherah12

dexterity.membrane's Issues

Accidentally pushed commits

Sorry! I just saw I accidentally pushed commits to this repo.... I must have been half asleep!! What's the best way of reversing them? @mauritsvanrees ?

AttributeError: 'tuple' object has no attribute 'strip'

Error

Module Products.PlonePAS.sheet, line 110, in setProperty
Module Products.membrane.plugins.propertymanager, line 103, in setPropertiesForUser
Module dexterity.membrane.behavior.user, line 184, in setPropertiesForUser
AttributeError: 'tuple' object has no attribute 'strip'

Cause

My userschema.xml has a tuple (iterable value):

    <field name="knowledge_base" type="zope.schema.List" marshal:primary="true" users:forms="In User Profile">
        <description></description>
        <required>False</required>
        <title>Knowledge base is used to demonstrate your knowledge, skills and any other subject area you are verse in.</title>
        <value_type type="zope.schema.Choice">
        <vocabulary>cvocabularies.knowledge_base</vocabulary>
        </value_type>
        <form:widget type="plone.app.z3cform.widget.AjaxSelectFieldWidget"/>
    </field>

The error occurs when I try to update the user info:

user.setMemberProperties(mapping=dict(knowledge_base=('Python, 'Plone')})

new release?

could you please make a new release so we can deploy this easily on a new site?

portal properties or registry?

the package documentation states: "To enable this, you can put this (Email as login name) in propertiestool.xml..."

but in the code you will find that we're looking for this on the registry

do we need to fix the documentation or this is an error from the reverted commits?

Python 3 compatibility

Does dexterity.membrane already support Python 3? @ale-rt you were working on this, can you tell what is the current status?

E-Mail addresses should be case-sensitive

Regarding this issue: https://dev.plone.org/ticket/12187 we should care on this in dexterity.membrane.

Option to create a member content type object from the Users and Groups controlpanel

I noticed that when I add a new user via Users and Group control panel, there's no dexterity Member object created.

This will a problem for sites that allows their users to self-registered.

Therefore, we need bi-directional creation for the Member and User objects, i.e.

Add Member -> Add User
Add User -> Add Member

My Hack

For the site I'm working on, I created a form and authorized the unauthorized creation of my dexterity.membrane.JaDMember and override the http://plone.site/register view with the form for JaDMember, which is open to anyone.

        with api.env.adopt_roles('Manager'):
            api.content.create(
                type='dexterity.membrane.JaDMember',
                container=portal,
                id=name,
                first_name=first_name,
                last_name=last_name,
                email=data.get("email"),
                password=data.get("password"),
                safe_id=True
            )

I don't like this solution because it might introduce security issues.

Possible Solution

Add an event listener for user objects that will create the Member object if the Id does not exist
Add an option for existing users to generate their Member object after registration

User = Plone user
Member = Dexterity content type that is based on a Plone user

Security

I don't think this should be accessible via URL:

username is actually userid

The provided username field is is actually used as userid. When using dx.membrane with use_email_as_login but without use_uuid_as_userid user objects get improperly indexed. Will issue PR.

Cannot login when `AuthEncoding` version >= 5

And if you want to do bin/instance adduser admin admin you get a traceback:

Traceback (most recent call last):
  File "/Users/peterm/workspace/fischereiverband/parts/instance/bin/interpreter", line 333, in <module>
    exec(_val)
  File "<string>", line 1, in <module>
  File "/Users/peterm/workspace/fischereiverband/eggs/Products.PlonePAS-7.0.0-py3.11.egg/Products/PlonePAS/pas.py", line 92, in _doAddUser
    retval = _old_doAddUser(login, password, roles, domains)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/peterm/workspace/fischereiverband/eggs/Products.PluggableAuthService-2.8.1-py3.11.egg/Products/PluggableAuthService/PluggableAuthService.py", line 916, in _doAddUser
    if useradder.doAddUser(login, password):
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/peterm/workspace/fischereiverband/eggs/Products.PluggableAuthService-2.8.1-py3.11.egg/Products/PluggableAuthService/plugins/ZODBUserManager.py", line 228, in doAddUser
    self.addUser(login, login, password)
  File "/Users/peterm/workspace/fischereiverband/eggs/Products.PluggableAuthService-2.8.1-py3.11.egg/Products/PluggableAuthService/plugins/ZODBUserManager.py", line 286, in addUser
    self._user_passwords[user_id] = self._pw_encrypt(password)
                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/peterm/workspace/fischereiverband/eggs/Products.PluggableAuthService-2.8.1-py3.11.egg/Products/PluggableAuthService/plugins/ZODBUserManager.py", line 401, in _pw_encrypt
    if AuthEncoding.is_encrypted(password):
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/peterm/workspace/fischereiverband/eggs/AuthEncoding-5.0-py3.11.egg/AuthEncoding/AuthEncoding.py", line 287, in is_encrypted
    for id, prefix, scheme in _getSortedSchemes():
                              ^^^^^^^^^^^^^^^^^^^
  File "/Users/peterm/workspace/fischereiverband/eggs/AuthEncoding-5.0-py3.11.egg/AuthEncoding/AuthEncoding.py", line 110, in _getSortedSchemes
    return sorted(_schemes, reverse=True)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: '<' not supported between instances of 'str' and 'bytes'

plone.app.z3cform.wysiwyg.WysiwygFieldWidget is deprecated

The following error is reported on bio field in IMember

DeprecationWarning: plone.app.z3cform.wysiwyg.WysiwygFieldWidget is deprecated and will be removed in Plone 5.1

Note: you need plone.app.z3cform >= 3.0.7 to see that error otherwise you see this

Traceback (most recent call last):
  File "/usr/lib/python2.7/logging/__init__.py", line 868, in emit
    msg = self.format(record)
  File "/usr/lib/python2.7/logging/__init__.py", line 741, in format
    return fmt.format(record)
  File "/usr/lib/python2.7/logging/__init__.py", line 465, in format
    record.message = record.getMessage()
  File "/usr/lib/python2.7/logging/__init__.py", line 329, in getMessage
    msg = msg % self.args
TypeError: not all arguments converted during string formatting
Logged from file widget.py, line 49

Can we use RichText from plone.app.textfield.widget instead? Or is it more complicated than that? (I imagine backwards compatibility might be an issue)

IUserAdder plugin implementation

Products.remember was implementing IUserAdder Plugin so that a user could be added from standard registration form / plone control panel.

Does it make sense to make dexterity.membrane works the same way covering this use case?

I can work on this actually.

alessandro.

how does a user set/reset his password?

When using the example type there's a Membership fieldset which contains
the initial password. However, this is visible on creation time only.

How is a user supposed to change his password?

Also, the fieldset is easily missed -- and after a save there's no obvious
way to set the password.

@@change_password not working when use_uuid_as_userid is enabled.

This happens, because @@change_password validates current password through testCurrentPassword in Products/PlonePAS/tools/membership.py.

userid=self.getAuthenticatedMember().getUserId() gives the UUID not username and therefore the following authentication plugins / adapters will fail or return False.

i did some deep debugging, but didn't find a workaround :-(

dexterity.membrane 0.2 release is broken

Traceback:

Getting distribution for 'dexterity.membrane'.
Running easy_install:
/Users/davisagli/Work/mountaineers/bin/python "-c" "from setuptools.command.easy_install import main;main()" "-mUNxd" "/Users/davisagli/.buildout/eggs/tmpcNmLY1" "-q" "/Users/davisagli/.buildout/downloads/dist/dexterity.membrane-0.2.tar.gz"
path=/Users/davisagli/.buildout/eggs/setuptools-0.6c11-py2.7.egg

error: README.txt: No such file or directory
An error occurred when trying to install dexterity.membrane 0.2. Look above this message for any errors that were output by easy_install.
While:
  Installing client1.
  Getting distribution for 'dexterity.membrane'.
Error: Couldn't install: dexterity.membrane 0.2

Fix username support

Currently, if use_email_as_username registry setting is set to False, anything that is based on DxUserObject but does not provid a username attribute, will fail: see line 81 of DxUserObject class implementation.

As such, the bug affects also the example Member type that is provided by this package.

Assuming there are no downsides I've missed, I'll submit a PR containing:

additional IUserName schema (with just the username field)
modified IMember that inherits from IUsername (in addition to IEmail)

Can we drop Plone 4.2 support?

If so, is it sufficient to deactivate Travis run for Plone 4.2 and add a note in README?

Could we remove collective.indexing

Collective.indexing goal is to improve performance by change the way Plone's catalog is working. It has nothing to do with membrane.

This is not a dependency but it's better to use because membrane use a lot the catalog. So I believe this is a project decision to use collective.indexing but not an addon decision.

With the version 2.0 of indexing there is not anymore issues while removing it.

I have tagged this issue with question because I want opinion. And with bug because this is not a dependency.

rename profiles?

just to keep consistency I think it should be a good idea to rename the profiles: behavior should be default and default should be something like... example?

whatever the name be, it should start with a letter > d because of the known limitations of Generic Setup on installation profiles.

Upgrade from 0.4 to 1.1.0b2

I have a package that uses version 0.4 and recently we created another addon with version 1.1.0b2, what makes me need to upgrade the first package to make both work on same buildout.

I noticed that for this upgrade this interface changed from:

dexterity.membrane.behavior.membraneuser.INameFromFullName
dexterity.membrane.behavior.membraneuser.NameFromFullName

to:

dexterity.membrane.behavior.user.INameFromFullName
dexterity.membrane.behavior.user.NameFromFullName

What is the best way to achive this upgrade?

Bad user behavior registration

The registration of the user behavior is currently for IEmail. Shouldnt't it be on IMember instead?

The fix may break existing code that depends on current registration so a warning should be added to git commit message & package changelog.

Instances of example (user) content type cannot be added

On Plone 4.3.7 (debian), with dexterity.membrane 1.1.0, when trying to add:

2015-11-23T08:48:11 ERROR Zope.SiteErrorLog 1448261291.70.0769201380383 http://services/toinen/++add++dexterity.membrane.member
Traceback (innermost last):
  Module ZPublisher.Publish, line 138, in publish
  Module ZPublisher.mapply, line 77, in mapply
  Module ZPublisher.Publish, line 48, in call_object
  Module plone.z3cform.layout, line 66, in __call__
  Module plone.z3cform.layout, line 50, in update
  Module plone.dexterity.browser.add, line 117, in update
  Module plone.z3cform.fieldsets.extensible, line 59, in update
  Module plone.z3cform.patch, line 30, in GroupForm_update
  Module z3c.form.group, line 145, in update
  Module plone.app.z3cform.csrf, line 21, in execute
  Module z3c.form.action, line 98, in execute
  Module z3c.form.button, line 315, in __call__
  Module z3c.form.button, line 170, in __call__
  Module plone.dexterity.browser.add, line 100, in handleAdd
  Module z3c.form.form, line 250, in createAndAdd
  Module plone.dexterity.browser.add, line 75, in add
  Module plone.dexterity.utils, line 185, in addContentToContainer
  Module Products.BTreeFolder2.BTreeFolder2, line 455, in _setObject
  Module zope.event, line 31, in notify
  Module zope.component.event, line 24, in dispatch
  Module zope.component._api, line 136, in subscribers
  Module zope.component.registry, line 321, in subscribers
  Module zope.interface.adapter, line 585, in subscribers
  Module zope.component.event, line 32, in objectEventNotify
  Module zope.component._api, line 136, in subscribers
  Module zope.component.registry, line 321, in subscribers
  Module zope.interface.adapter, line 585, in subscribers
  Module plone.app.referenceablebehavior.uidcatalog, line 25, in added_handler
  Module Products.Archetypes.UIDCatalog, line 227, in catalog_object
  Module Products.ZCatalog.ZCatalog, line 476, in catalog_object
  Module Products.ZCatalog.Catalog, line 353, in catalogObject
  Module Products.PluginIndexes.common.UnIndex, line 224, in index_object
  Module Products.PluginIndexes.common.UnIndex, line 251, in _index_object
  Module Products.PluginIndexes.common.UnIndex, line 199, in insertForwardIndexEntry
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 8: ordinal not in range(128)

Approve & notify fails on mixed case emails

Password reset doesn't work with emails like [email protected]

integrate dexterity.membrane into Products.membrane

and get rid of this layer

KeyError on membranepassword.IProvidePasswords

I upgraded a site to plone 4.3.10 and dex.membrane 1.1.1 and changed all references to IProvidePasswords in a local addon from membranepassword to password. If I create a new object that refers to a membrane actor it works fine but when I modify an existing object that refers to a membrane actor I get a key error on save.
...

Module zc.relation.catalog, line 556, in unindex_doc
Module zc.relation.catalog, line 621, in _remove
KeyError: <class 'dexterity.membrane.behavior.membranepassword.IProvidePasswords'>

I don't see any upgrade steps in d.membrane. I did rebuild the catalog and tried a few other trick to no avail. Is there an upgrade step that I'm missing? As a workaround, I created a fork with an import of IProvidesPasswords from password in membranepassword.

Missing / broken Membrane (user-) group support

wrong group behavior factory in configure.zcml
there is no adapter from IMembraneGroup to IGroup