Forceauth backport #48 (#53)

RedTurtle · Jul 19, 2023 · e41df6c · e41df6c
1 parent ce25469
commit e41df6c
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,13 +2,15 @@
 pyvenv.cfg
 .python-version
 .coverage
+coverage.json
 *.egg-info
 *.log
 *.mo
 *.py?
 *.swp
 # dirs
 bin/
+share/
 buildout-cache/
 develop-eggs/
 eggs/

diff --git a/CHANGES.rst b/CHANGES.rst
@@ -4,6 +4,10 @@ Changelog
 4.0.5 (unreleased)
 ------------------
 
+- Add X-ForceAuth header and iw.rejectanonymous
+  backport from 5.0.0 #48
+  [mamico]
+
 - Remove twitter feeds.
   [folix-01]
 

diff --git a/README.rst b/README.rst
@@ -178,6 +178,14 @@ e poi lanciare il buildout con ``bin/buildout``.
 
 Successivamente va installato dal pannello di controllo di Plone.
 
+Forzare autenticazione
+----------------------
+
+Se le richieste arrivano con un header X-ForceAuth Plone forza l'autenticazione per quelle richieste,
+il meccanismo è utile ad esempiop se si vuole fare accedere alla ZMI o alle interfacce Plone legacy
+senza però esporle pubblicamente.
+
+
 Test con Volto standalone
 -------------------------
 

diff --git a/base.cfg b/base.cfg
@@ -99,6 +99,7 @@ mode = 755
 [versions]
 # Don't use a released version of design.plone.policy
 design.plone.policy =
+iw.rejectanonymous = 1.2.7
 
 [sources]
 # collective.volto.dropdownmenu = git https://github.com/collective/collective.volto.dropdownmenu.git pushurl=git@github.com:collective/collective.volto.dropdownmenu.git

diff --git a/setup.py b/setup.py
@@ -27,8 +27,8 @@
         "Framework :: Plone :: Addon",
         "Framework :: Plone :: 5.2",
         "Programming Language :: Python",
-        "Programming Language :: Python :: 3.6",
         "Programming Language :: Python :: 3.7",
+        "Programming Language :: Python :: 3.8",
         "Operating System :: OS Independent",
         "License :: OSI Approved :: GNU General Public License v2 (GPLv2)",
     ],
@@ -63,6 +63,7 @@
         "rer.customersatisfaction>=1.1.0",
         "redturtle.faq",
         "redturtle.rssservice",
+        "iw.rejectanonymous",
     ],
     extras_require={
         "test": [
@@ -79,7 +80,5 @@
     entry_points="""
     [z3c.autoinclude.plugin]
     target = plone
-    [console_scripts]
-    update_locale = design.plone.policy.locales.update:update_locale
     """,
 )
diff --git a/src/design/plone/policy/configure.zcml b/src/design/plone/policy/configure.zcml
@@ -43,4 +43,10 @@
       name="design.plone.policy-hiddenprofiles"
       />
 
+  <subscriber
+      for="Products.CMFCore.interfaces.ISiteRoot
+           zope.traversing.interfaces.IBeforeTraverseEvent"
+      handler=".rejectanonymous.insertRejectAnonymousHook"
+      />
+
 </configure>
diff --git a/src/design/plone/policy/rejectanonymous.py b/src/design/plone/policy/rejectanonymous.py
@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+from iw.rejectanonymous import rejectAnonymous
+
+
+def insertRejectAnonymousHook(portal, event):
+    """force authentication for request with X-ForceAuth header"""
+    if event.request.getHeader("X-ForceAuth"):
+        event.request.post_traverse(rejectAnonymous, (portal, event.request))