Products.cmfplone: PLIP: Replace portal_skins-based login with a browserview-based one

This PLIP has been approved

@esteele @pbauer Would you be able to summarize what remains still missing after your Midsummer Sprint effort in July, and how your work could be tested already? https://github.com/plone/plone.login/commits/master

Is it possible already to use plone.login as an add-on or would it require merging into CMFPlone before testing/using and polishing?

@datakurre this basically works fine in 5.1. Only for self-registration to work you also need the branch plonelogin of plone.app.users. Give it a try!

The changes in CMFPlone are basically only removing the old templates and are not strictly needed to use is as an addon.

To make the PLIP mergeable we need to fix quite a number of tests (see http://jenkins.plone.org/view/PLIPs/job/plip-2092-login/). I will work on that when time allows.

I fixed a couple of bugs that I found when testing it.
In https://github.com/collective/demo.plone.de/pull/22 I use it in demo.plone.de.

Adding oauth-features like a integration with https://github.com/collective/pas.plugins.authomatic is out of the scope of this PLIP.

The old login supports External Logins.
I expect the new login to also support this feature. It is broadly used in larger companies.

@jensens True. Support for the existing settings external_login_url, external_logout_url and external_login_iframe is still missing.
@esteele Can you remember if we talked about that in Finnland or did we simply miss it?

external_login_iframe scares me, we may want to deprecate that ;)

Btw.: The current way providing these urls is not good. But its used and plone.login should provide feature parity.

Having a way to plugin a subform or subtemplate or whatever its is called in the shiny z3cform world would be probably better. Also we then would have better UX and the ability to support multiple login methods (like username-password and OAuth2 with google, twitter and facebook). But this can be done in a next enhancement step and its ok to have it outside this plip.

I implemented external-login in the old way. external iframe support is untested, but should work. pas.plugins.authomatic integration works, so should others.
More improvements needed, but could be done later.

Also template customization using z3c.jbot is now supported.

@agitator and I will do some field-testing of all this in customer projects.

Once found ready, it can be released as addon for Plone 5.1.

And, all code will be moved over to Products.CMFPlone in order to not introduce yet another package with some browser views. It can live side-by-side with password reset tool there, good place.

Ah, and i18n/l10n is missing. But there is a PR already (wip) https://github.com/plone/plone.login/pull/46

state: plone.login is ready now. I am mergin the code now into Products.CMFPlone (target 5.2 master).

to merge before standalone.

• [x] https://github.com/plone/plone.app.users/pull/74 (tests)
• [x] https://github.com/plone/plone.app.linkintegrity/pull/67 (tests)
• [x] https://github.com/plone/plone.app.portlets/pull/114 (tests)
• [x] https://github.com/plone/plone.app.robotframework/pull/81 (test keywords)
• [x] https://github.com/plone/plone.protect/pull/78 (tests)
• [x] https://github.com/plone/plone.app.discussion/pull/132 (tests)
• [x] https://github.com/plone/plone.app.theming/pull/144 (tests)

to merge together

• [x] Products.CMFPlone #2445 (plone login moved here)
• [x] plone/plone.app.upgrade#165 (remove skins)

for jenkins PR job

https://github.com/plone/Products.CMFPlone/pull/2445
https://github.com/plone/plone.app.upgrade/pull/165

Note: the po-files (there are already german translations in plone.login) are not moved to plone.app.locales for now.

plip job here https://jenkins.plone.org/view/PLIPs/job/plip-2092-login/

released https://pypi.org/project/plone.login/ for 5.1 (and probably 5.0 - untested) as rc1

Note: The external login of the merged plone.login does no longer provide the more or less hacky way to pass __ac cookie of wrong domain from some second Plone login site to the current site and use it as login credentials. At the Buschenschanksprint we decided its ok to remove this rarely used feature including its tests. If someone needs this, please create an addon supporting this. Better, SSO can be done easily with OAuth2/Shibboleth/SAML2 or others these days.

Ops and sorry - for 2 commits on master (plone.app.users/plone.app.portlets) - I just forgot I merged 'em already and branches were gone. But looks good so far.

All GREEN. I merge it now.