Add erp_change_password web service

extra/modules/configuration.py

@@ -6,6 +6,10 @@ for schema in (String('xmlrpc_registration_url',
             N_('XMLRPC Neogia registration URL'),
             default = '',
             presentation_hint = { 'args': { 'size': 100 }}),
+        String('erp_secret',
+            N_('Shared secret with the ERP'),
+            default = '',
+            presentation_hint = { 'args': { 'size': 100 }}),
         String('cnil_text',
             N_("Texte d'information CNIL"),
             default = '',

extra/modules/root.ptl

@@ -51,7 +51,7 @@ def check_classification(classification):
     return classification_ok
 
 class IfefRootDirectory(authentic.root.RootDirectory):
-    _q_exports = authentic.root.RootDirectory._q_exports + [ 'register2' ]
+    _q_exports = authentic.root.RootDirectory._q_exports + [ 'register2', 'erp_change_password' ]
 
     def _q_traverse(self, path):
 	request = get_request()
@@ -250,5 +250,60 @@ RecaptchaOptions = { "theme" : "white", "lang" : "fr" };
                     url, htmltext(_('Log on %s') % label))
         '</ul>'
 
+    def erp_change_password_get [html] (self):
+        template.html_top(title = _('ERP Change Password'))
+        '<p>This service expects a POST-ed form with the following fields'
+        '<dl>'
+        '<dt>secret</dtd><dd>The secret giving access to this service</dd>'
+        '<dt>uid</dtd><dd>The uid for which we want to change password</dd>'
+        '<dt>password</dt><dd>(optional) the password to set</dd>'
+        '</dl>'
+        '<h2>Behaviour</h2>'
+        '<p>If secret or uid are missing or if an unknown field is given, an error 400 is returned.</p>'
+        '<p>If secret is wrong, an error 403 is returned,</p>'
+        '<p>If uid is unknown, an error 400 is returned.</p>'
+        '<p>If a password is given, it is set and sent by mail, if the account has an email.</p>'
+        '<p>If no password is given, one is generated and sent by mail.</p>'
+        '<p>If no password is given and no email is present, an error 400 is returned.</p>'
+        '<h2>Result</h2>'
+        '<p>If no error occured, a document containing the string "ok" of content-type text/plain is returned</p>'
+
+    def erp_change_password(self):
+        request = get_request()
+        store = identities.get_store()
+        if request.get_method() != 'POST':
+            return self.erp_change_password_get()
+        form = request.form
+        if 'secret' not in form or 'uid' not in form:
+            raise errors.QueryError('%s' % form)
+        secret = form['secret']
+        uid = form['uid']
+        password = form.get('password')
+        # Verify the secret
+        if secret != configuration.get_configuration('identities').get('erp_secret'):
+            raise errors.AccessError()
+        # Check the uid exists
+        identity = identities.get_store().get_identity_for_username(uid)
+        if not identity:
+            raise errors.QueryError('User %r not found' % uid)
+        # Suppose there is only one account object
+        account = identity.accounts[0]
+        if password:
+            # Check the password is acceptable
+            pass
+        else:
+            # Check that the identity has an email
+            if not identity.email:
+                raise errors.QueryError('User %r has no email, we cannot generate a new password' % uid)
+            password = store.create_password(for_account=uid)
+        if identity.email:
+            self.email_password(identity, password=password)
+        account.password = store.hash_password(password)
+        store.save(identity)
+        response = get_response()
+        response.set_content_type('text/plain')
+        return 'ok'
+
+
 from qommon.publisher import get_publisher_class
 get_publisher_class().root_directory_class = IfefRootDirectory