Add support for Python 3 and Plone 5.2

.travis.yml

@@ -10,29 +10,14 @@ addons:
       libxslt-dev
       python-imaging
 python:
-  - 2.6
   - 2.7
+  - 3.7
+  - 3.8
 env:
-  - PLONE=4.1
-  - PLONE=4.2
-  - PLONE=4.3
-  - PLONE=5.0
-  - PLONE=5.1
-matrix:
-  exclude:
-    - python: 2.7
-      env: PLONE=4.1
-    - python: 2.6
-      env: PLONE=4.2
-    - python: 2.6
-      env: PLONE=4.3
-    - python: 2.6
-      env: PLONE=5.0
-    - python: 2.6
-      env: PLONE=5.1
+  - PLONE=5.2
+
 before_install:
-  - pip install --upgrade pip setuptools
-  - if [ $PLONE == 5.0 ]; then pip install --upgrade setuptools==21.0.0; fi
+  - pip install --upgrade pip setuptools==42.0.2
 install:
   - python bootstrap$(echo $PLONE | cut -f1 -d.).py -c test-$PLONE.x.cfg
   - bin/buildout -t 5 -Nc test-$PLONE.x.cfg

Products/AutoUserMakerPASPlugin/Extensions/Install.py

@@ -29,6 +29,7 @@ def install(portal, reinstall=False):
     pluginId = _firstIdOfClass(acl_users, ApacheAuthPluginHandler)
     if not pluginId:
         acl_users._setObject(PLUGIN_ID, ApacheAuthPluginHandler(PLUGIN_ID))
+        pluginId = _firstIdOfClass(acl_users, ApacheAuthPluginHandler)
 
     # Activate it:
     plugins = acl_users.plugins
@@ -49,18 +50,18 @@ def install(portal, reinstall=False):
             prop = "\n".join(acl_users.getProperty('aum_config'))
             #logger.info("aum_config = %s" % repr(prop))
             config = pickle.loads(prop)
-        except Exception, err:
+        except Exception as err:
             logger.info("error getting config: %s of %r" % (str(err), repr(err)))
         try:
             prop = "\n".join(acl_users.getProperty('aum_mappings'))
             #logger.info("aum_mappings = %s" % repr(prop))
             mappings = pickle.loads(prop)
-        except Exception, err:
+        except Exception as err:
             logger.info("error getting mappings: %s of %r" % (str(err), repr(err)))
         # Now restore the configuration
         #logger.info("config = %s" % repr(config))
         for prop in plugin.propertyMap():
-            if config.has_key(prop['id']):
+            if prop['id'] in config:
                 try:
                     val = config[prop['id']]['value']
                     if prop['type'] == 'lines':
@@ -75,7 +76,7 @@ def install(portal, reinstall=False):
                             pass
                     else:
                         plugin.manage_changeProperties({prop['id']: str(val)})
-                except Exception, err:
+                except Exception as err:
                     logger.info("error in install: %s" % str(err))
         # Now restore the mappings.
         #logger.info("settings mappings to %s" % str(mappings))

Products/AutoUserMakerPASPlugin/apache/Rewrite.py

@@ -21,7 +21,7 @@
 from mod_python import apache
 
 import re
-import urllib
+import six.moves.urllib.request, six.moves.urllib.parse, six.moves.urllib.error
 
 
 # Customize these
@@ -38,12 +38,12 @@ def fixuphandler(req):
         return apache.DECLINED
     # Make the REMOTE_USER value from Shibboleth available to zope.
     req.add_common_vars()
-    if req.subprocess_env.has_key('REMOTE_USER'):
+    if 'REMOTE_USER' in req.subprocess_env:
         req.headers_in['X_REMOTE_USER'] = req.subprocess_env['REMOTE_USER']
     # Build the reverse proxy request URL, and tell apache to use it.
     sHost = req.headers_in['Host']
     req.uri = "http://%s/VirtualHostBase/https/%s:443/%s/VirtualHostRoot%s" % \
-        (_dHosts[sHost], sHost, _dPaths[sHost], urllib.quote(req.uri))
+        (_dHosts[sHost], sHost, _dPaths[sHost], six.moves.urllib.parse.quote(req.uri))
     req.proxyreq = apache.PROXYREQ_REVERSE
     req.filename = "proxy:" + req.uri
     req.handler = 'proxy-server'

Products/AutoUserMakerPASPlugin/auth.py

@@ -8,6 +8,7 @@
 from persistent.list import PersistentList
 from Products.CMFCore.utils import getToolByName
 from Products.CMFPlone.utils import safeToInt
+from Products.CMFPlone.utils import safe_nativestring
 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
 from Products.PluggableAuthService.interfaces.plugins import IAuthenticationPlugin
 from Products.PluggableAuthService.interfaces.plugins import IChallengePlugin
@@ -27,11 +28,14 @@
 import re
 import string
 import time
+import six
+from six.moves import range
+from six.moves import zip
 
 
 try:
     # Zope >= 2.12
-    from App.class_init import InitializeClass
+    from AccessControl.class_init import InitializeClass
     InitializeClass  # make pyflakes happy ...
 except ImportError:  # pragma: no cover
     # Zope < 2.12
@@ -68,13 +72,14 @@ def safeWrite(obj, request):
 challengeHeaderNameKey = 'challenge_header_name'
 defaultRolesKey = 'default_roles'
 
-PWCHARS = string.letters + string.digits + string.punctuation
+PWCHARS = string.ascii_letters + string.digits + string.punctuation
 
 _defaultChallengePattern = 'http://(.*)'
 _defaultChallengeReplacement = r'https://\1'
 
 LAST_UPDATE_USER_PROPERTY_KEY = 'last_autousermaker_update'
 
+
 class AutoUserMakerPASPlugin(BasePlugin):
     """ An authentication plugin that creates member objects
 
@@ -167,16 +172,16 @@ def authenticateCredentials(self, credentials):
                 for role in defaultRoles:
                     roles[role] = True
                 groups = []
-                if credentials.has_key('filters'):
+                if 'filters' in credentials:
                     for role in mappings:
                         # for each source given in authz_mappings
-                        for ii in role['values'].iterkeys():
+                        for ii in six.iterkeys(role['values']):
                             assignRole = False
                             # if the authz_mappings pattern is not set, assume ok
                             if not role['values'][ii]:
                                 assignRole = True
                             # if the source exists in the environment
-                            elif credentials['filters'].has_key(ii):
+                            elif ii in credentials['filters']:
                                 try:
                                     # compile the pattern from authz_mappings
                                     oRe = re.compile(role['values'][ii])
@@ -194,7 +199,7 @@ def authenticateCredentials(self, credentials):
                         # either there was no pattern or the pattern matched
                         # for every mapping, so add specified roles or groups.
                         if assignRole:
-                            for ii in role['roles'].iterkeys():
+                            for ii in six.iterkeys(role['roles']):
                                 if role['roles'][ii] == 'on':
                                     roles[ii] = True
                             for ii in role['groupid']:
@@ -203,7 +208,7 @@ def authenticateCredentials(self, credentials):
                 # Map the given roles to the user using all available
                 # IRoleAssignerPlugins (just like doAddUser does for some reason):
                 for curAssignerId, curAssigner in roleAssigners:
-                    for role in roles.iterkeys():
+                    for role in six.iterkeys(roles):
                         try:
                             curAssigner.doAssignRoleToPrincipal(user.getId(), role)
                         except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
@@ -312,8 +317,8 @@ class ExtractionPlugin(BasePlugin, PropertyManager):
     it out.
     >>> from Products.AutoUserMakerPASPlugin.auth import ExtractionPlugin
     >>> handler = ExtractionPlugin()
-    >>> handler.extractCredentials(request)
-    {'_defaultRoles': ('Member',), 'user_id': 'foobar', 'description': None, 'location': '', 'filters': {}, 'fullname': None, '_getMappings': [], 'email': None}
+    >>> sorted(handler.extractCredentials(request).items())
+    [('_defaultRoles', ('Member',)), ('_getMappings', []), ('description', None), ('email', None), ('filters', {}), ('fullname', None), ('location', ''), ('user_id', 'foobar')]
 
     """
     security = ClassSecurityInfo()
@@ -354,29 +359,33 @@ def getConfig(self):
          'use_custom_redirection': False}
 
         """
+        lines_type = 'ulines'
+        if six.PY2:
+            lines_type = 'lines'
+
         config = (
             (stripDomainNamesKey, 'int', 'w', 1),
-            (stripDomainNamesListKey, 'lines', 'w', []),
-            (httpRemoteUserKey, 'lines', 'w', ['HTTP_X_REMOTE_USER',]),
-            (httpCommonnameKey, 'lines', 'w', ['HTTP_SHIB_PERSON_COMMONNAME',]),
-            (httpDescriptionKey, 'lines', 'w', ['HTTP_SHIB_ORGPERSON_TITLE',]),
-            (httpEmailKey, 'lines', 'w', ['HTTP_SHIB_INETORGPERSON_MAIL',]),
-            (httpLocalityKey, 'lines', 'w', ['HTTP_SHIB_ORGPERSON_LOCALITY',]),
-            (httpStateKey, 'lines', 'w', ['HTTP_SHIB_ORGPERSON_STATE',]),
-            (httpCountryKey, 'lines', 'w', ['HTTP_SHIB_ORGPERSON_C',]),
+            (stripDomainNamesListKey, lines_type, 'w', []),
+            (httpRemoteUserKey, lines_type, 'w', ['HTTP_X_REMOTE_USER',]),
+            (httpCommonnameKey, lines_type, 'w', ['HTTP_SHIB_PERSON_COMMONNAME',]),
+            (httpDescriptionKey, lines_type, 'w', ['HTTP_SHIB_ORGPERSON_TITLE',]),
+            (httpEmailKey, lines_type, 'w', ['HTTP_SHIB_INETORGPERSON_MAIL',]),
+            (httpLocalityKey, lines_type, 'w', ['HTTP_SHIB_ORGPERSON_LOCALITY',]),
+            (httpStateKey, lines_type, 'w', ['HTTP_SHIB_ORGPERSON_STATE',]),
+            (httpCountryKey, lines_type, 'w', ['HTTP_SHIB_ORGPERSON_C',]),
             (autoUpdateUserPropertiesKey, 'int', 'w', 0),
             (autoUpdateUserPropertiesIntervalKey, 'int', 'w', 24*60*60),
-            (httpAuthzTokensKey, 'lines', 'w', []),
-            (httpSharingTokensKey, 'lines', 'w', []),
-            (httpSharingLabelsKey, 'lines', 'w', []),
-            ('required_roles', 'lines', 'wd', []),
-            ('login_users', 'lines', 'wd', []),
+            (httpAuthzTokensKey, lines_type, 'w', []),
+            (httpSharingTokensKey, lines_type, 'w', []),
+            (httpSharingLabelsKey, lines_type, 'w', []),
+            ('required_roles', lines_type, 'wd', []),
+            ('login_users', lines_type, 'wd', []),
             (useCustomRedirectionKey, 'boolean', 'w', False),
             (challengePatternKey, 'string', 'w', _defaultChallengePattern),
             (challengeReplacementKey, 'string', 'w', _defaultChallengeReplacement),
             (challengeHeaderEnabledKey, 'boolean', 'w', False),
             (challengeHeaderNameKey, 'string', 'w', ""),
-            (defaultRolesKey, 'lines', 'w', ['Member']))
+            (defaultRolesKey, lines_type, 'w', ['Member']))
         # Create any missing properties
         ids = set()
         for prop in config:
@@ -397,26 +406,34 @@ def getConfig(self):
                 self.manage_delProperties(prop['id'])
 
         return {
-            stripDomainNamesKey: self.getProperty(stripDomainNamesKey),
-            stripDomainNamesListKey: self.getProperty(stripDomainNamesListKey),
-            httpRemoteUserKey: self.getProperty(httpRemoteUserKey),
-            httpCommonnameKey: self.getProperty(httpCommonnameKey),
-            httpDescriptionKey: self.getProperty(httpDescriptionKey),
-            httpEmailKey: self.getProperty(httpEmailKey),
-            httpLocalityKey: self.getProperty(httpLocalityKey),
-            httpStateKey: self.getProperty(httpStateKey),
-            httpCountryKey: self.getProperty(httpCountryKey),
-            autoUpdateUserPropertiesKey: self.getProperty(autoUpdateUserPropertiesKey),
-            autoUpdateUserPropertiesIntervalKey: self.getProperty(autoUpdateUserPropertiesIntervalKey),
-            httpAuthzTokensKey: self.getProperty(httpAuthzTokensKey),
-            httpSharingTokensKey: self.getProperty(httpSharingTokensKey),
-            httpSharingLabelsKey: self.getProperty(httpSharingLabelsKey),
-            useCustomRedirectionKey : self.getProperty(useCustomRedirectionKey),
-            challengePatternKey: self.getProperty(challengePatternKey),
-            challengeReplacementKey: self.getProperty(challengeReplacementKey),
-            challengeHeaderEnabledKey: self.getProperty(challengeHeaderEnabledKey),
-            challengeHeaderNameKey: self.getProperty(challengeHeaderNameKey),
-            defaultRolesKey: self.getProperty(defaultRolesKey)}
+            stripDomainNamesKey: self.safe_prop(stripDomainNamesKey),
+            stripDomainNamesListKey: self.safe_prop(stripDomainNamesListKey),
+            httpRemoteUserKey: self.safe_prop(httpRemoteUserKey),
+            httpCommonnameKey: self.safe_prop(httpCommonnameKey),
+            httpDescriptionKey: self.safe_prop(httpDescriptionKey),
+            httpEmailKey: self.safe_prop(httpEmailKey),
+            httpLocalityKey: self.safe_prop(httpLocalityKey),
+            httpStateKey: self.safe_prop(httpStateKey),
+            httpCountryKey: self.safe_prop(httpCountryKey),
+            autoUpdateUserPropertiesKey: self.safe_prop(autoUpdateUserPropertiesKey),
+            autoUpdateUserPropertiesIntervalKey: self.safe_prop(autoUpdateUserPropertiesIntervalKey),
+            httpAuthzTokensKey: self.safe_prop(httpAuthzTokensKey),
+            httpSharingTokensKey: self.safe_prop(httpSharingTokensKey),
+            httpSharingLabelsKey: self.safe_prop(httpSharingLabelsKey),
+            useCustomRedirectionKey: self.safe_prop(useCustomRedirectionKey),
+            challengePatternKey: self.safe_prop(challengePatternKey),
+            challengeReplacementKey: self.safe_prop(challengeReplacementKey),
+            challengeHeaderEnabledKey: self.safe_prop(challengeHeaderEnabledKey),
+            challengeHeaderNameKey: self.safe_prop(challengeHeaderNameKey),
+            defaultRolesKey: self.safe_prop(defaultRolesKey)}
+
+    def safe_prop(self, key):
+        val = self.getProperty(key)
+        if isinstance(val, (six.text_type, six.binary_type)):
+            val = safe_nativestring(val)
+        if isinstance(val, tuple):
+            val = tuple(safe_nativestring(i) for i in val)
+        return val
 
     security.declarePublic('getSharingConfig')
     def getSharingConfig(self):
@@ -590,13 +607,13 @@ def extractCredentials(self, request):
             except KeyError:
                 continue
             # for each source given in authz_mappings
-            for ii in role['values'].iterkeys():
+            for ii in six.iterkeys(role['values']):
                 assignRole = False
                 # if the authz_mappings pattern is not set, assume ok
                 if not role['values'][ii]:
                     assignRole = True
                 # if the source exists in the environment
-                elif user['filters'].has_key(ii):
+                elif ii in user['filters']:
                     # compile the pattern from authz_mappings
                     oRe = re.compile(role['values'][ii])
                     # and compare the pattern to the environment value
@@ -757,7 +774,7 @@ def manage_changeConfig(self, REQUEST=None):
             for ii in self.getMappings():
                 saveVals = {}
                 for jj in formTokens:
-                    if ii['values'].has_key(jj):
+                    if jj in ii['values']:
                         saveVals[jj] = ii['values'][jj]
                     else:
                         saveVals[jj] = ''
@@ -808,7 +825,7 @@ def manage_changeMapping(self, REQUEST=None):
         # as the amount of input. This sort of handles somebody adding or
         # deleting a mapping from underneath somebody else.
         sets = []
-        for ii in REQUEST.form.iterkeys():
+        for ii in six.iterkeys(REQUEST.form):
             match = self.rKey.match(ii)
             if not match:
                 continue
@@ -835,7 +852,7 @@ def manage_changeMapping(self, REQUEST=None):
                 for ii in REQUEST.form[ii]:
                     if ii in groups:
                         sets[index]['groupid'].append(ii)
-            elif sets[index]['roles'].has_key(match.group(1)):
+            elif match.group(1) in sets[index]['roles']:
                 sets[index]['roles'][match.group(1)] = REQUEST.form[ii]
         if len(sets) != len(authz):
             return REQUEST.RESPONSE.redirect('%s/manage_authz' %

Products/AutoUserMakerPASPlugin/tests/AutoUserMakerPASPlugin.txt

@@ -115,9 +115,7 @@ If we add the user ID to ``login_users``, he can log in again.
 
 Handy output function:
     >>> def inOrder(config):
-    ...     keys = config.keys()
-    ...     keys.sort()
-    ...     for ii in keys: print "'%s':%s" % (ii, str(config[ii]))
+    ...     for ii in sorted(config.keys()): print("'%s':%s" % (ii, str(config[ii])))
 
 Now let's fudge an apache header with a full set of information comming from
 Shibboleth. When this is provided, AutoUserMakerPASPlugin will populate more

Products/AutoUserMakerPASPlugin/tests/TestBrowers.txt

@@ -15,14 +15,15 @@ We need a custom token here because the authenticated user `TEST_USER_NAME `
 is not the user we call the view with `SITE_OWNER_NAME`:
 
     >>> import hmac
+    >>> from Products.CMFPlone.utils import safe_encode
     >>> def getAuth():
     ...     try:
     ...         from plone.protect import authenticator
     ...         from hashlib import sha1
     ...         user = SITE_OWNER_NAME
     ...         ring = authenticator._getKeyring(user)
     ...         secret = ring.random()
-    ...         return hmac.new(secret, user, sha1).hexdigest()
+    ...         return hmac.new(safe_encode(secret), safe_encode(user), sha1).hexdigest()
     ...     except (ImportError, AttributeError):  # no or old plone.protect auto csrf, so no worries
     ...         return ''
 
@@ -140,9 +141,9 @@ Make sure we only have 3 users.
     >>> try:
     ...     browser.getControl(name='auth-3:list').value
     ... except LookupError:
-    ...     print 'good'
+    ...     print('good')
     ... else:
-    ...     print 'bad'
+    ...     print('bad')
     good
 
 And finally delete a row.

Products/AutoUserMakerPASPlugin/tests/base.py

@@ -14,12 +14,11 @@ class ProductsAutousermakerpaspluginLayer(PloneSandboxLayer):
 
     def setUpZope(self, app, configurationContext):
         import Products.AutoUserMakerPASPlugin
-        self.loadZCML(package=Products.AutoUserMakerPASPlugin)
-        z2.installProduct(app, 'Products.AutoUserMakerPASPlugin')
+        # self.loadZCML(package=Products.AutoUserMakerPASPlugin)
 
     def setUpPloneSite(self, portal):
         quickinstaller = api.portal.get_tool(name='portal_quickinstaller')
-        quickinstaller.installProduct('Products.AutoUserMakePASPlugin')
+        quickinstaller.installProduct('Products.AutoUserMakerPASPlugin')
 
 
 AUTOUSERMAKERPASPLUGIN_FIXTURE = ProductsAutousermakerpaspluginLayer()