Fetch security settings from the registry instead of portal properties

[jcerjak]

All security settings are now looked up from the plone registry instead of portal properties. This work is related to plone/Products.CMFPlone#216 .

Additionally, some of the security related tests from plone.app.controlpanel [1] were converted to unit/integration tests and moved to this package, since they were basically testing the @@new-user form with generate_user_id and generate_login_name methods, based on the security settings in the registry. So I think the various cases are better tested here, while the more general browser tests for the security panel will be implemented as robot tests in CMFPlone, where the security panel will be moved.

This PR also contains a fix for plone/Products.CMFPlone#261 , discovered when adding additional tests.

[1] https://github.com/plone/plone.app.controlpanel/blob/master/plone/app/controlpanel/tests/security.txt

[jcerjak]

To make the existing doctests pass, I needed to do some changes, which I'm not sure about:

1. Before the login name field on the login form changed from 'Login Name' to 'Email' if the use_email_as_login was enabled. Now it is always labeled 'Login Name'. Is this the intended behavior?

   -> see changes in duplicate_email.rst and email_login.rst: jcerjak@fd8a298#diff-6a734c193d260cbd33e5bd975e81c299L29

2. Before when you registered, the message "Welcome! You have been registered"
   was displayed, now there is no message displayed.

   -> see changes in flexible_user_registration.rst: jcerjak@fd8a298#diff-8b730820f6f81c99db089a973a16c58aL139

3. Before when you registered, there was an option to login immediatelly
   ('Click the button to log in immediately.'). Now there is no such option
   displayed.

   -> see changes in email_login.rst: jcerjak@fd8a298#diff-84da8edf0b0acee13e834f4274d01694L49

[tisto]

@jcerjak Is this pull request needed in order to make the security panel stuff work?

[gforcada]

@jcerjak Just a small note on this: I'm working on moving tests to plone.app.testing, so the less you have to change them the less trouble I will have merging it later on :)

[jcerjak]

@gforcada , noted, I won't touch them anymore :)

@tisto , merging this should fix some of the failing tests, but there are some broken tests that I haven't run when working on the security panel (e.g. Products/CMFPlone/tests/csrf.txt). I'll investigate.

[jcerjak]

Regarding 1.) from #22 (comment) :

'Email' should be displayed instead of 'Login Name', if use_email_as_login is enabled. The problem is off course that the setting in login_form.cpt is read from site properties instead of the registry.

@tisto , is there a recommended way to fetch the settings from the registry inside a skin template? Or should I just wait for the login forms to be converted to z3cform as well? Not sure what's the status of plone.login though.

[lentinj]

Waiting for plone.login would seem the sensible move, from what I've seen of it.

[jcerjak]

I've checked 2.) and 3.) from #22 (comment) , here we have two issues:

• "Welcome! You have been registered" and "Click the button to log in immediately." are displayed on the registration success page (Products/CMFPlone/skins/plone_login/registered.pt), but that page is never shown when using the normal registration form in an overlay.
• If you register by going manually to the @@register form, then the success page is displayed, but not correctly. We have a similar problem as with 1.): context.validate_email is used instead of enable_user_pwd_choice from the registry.

Since login upgrade is not listed as a blocker for Plone 5 (see plone/Products.CMFPlone#184), we should probably fix this instead of waiting for plone.login?