Skip to content

auth_admin_passkey to new API #518

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
rvalyi wants to merge 1 commit into from
Closed

auth_admin_passkey to new API #518

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 35 additions & 41 deletions auth_admin_passkey/model/res_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,57 +20,51 @@
#
##############################################################################

from openerp.osv import fields
from openerp.osv.orm import TransientModel
from openerp.tools.safe_eval import safe_eval
from openerp import api, fields, models


class base_config_settings(TransientModel):
class base_config_settings(models.TransientModel):
_inherit = 'base.config.settings'

# Getter / Setter Section
def get_default_auth_admin_passkey_send_to_admin(
self, cr, uid, ids, context=None):
icp = self.pool['ir.config_parameter']
@api.model
def get_default_auth_admin_passkey_send_to_admin(self, fields):
return {
'auth_admin_passkey_send_to_admin': safe_eval(icp.get_param(
cr, uid, 'auth_admin_passkey.send_to_admin', 'True')),
'auth_admin_passkey_send_to_admin':
self.env["ir.config_parameter"].get_param(
"auth_admin_passkey.send_to_admin")
}

def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None):
config = self.browse(cr, uid, ids[0], context=context)
icp = self.pool['ir.config_parameter']
icp.set_param(
cr, uid, 'auth_admin_passkey.send_to_admin',
repr(config.auth_admin_passkey_send_to_admin))
@api.multi
def set_auth_admin_passkey_send_to_admin(self):
for config in self:
self.env['ir.config_parameter'].set_param(
"auth_admin_passkey.send_to_admin",
config.auth_admin_passkey_send_to_admin or '')

def get_default_auth_admin_passkey_send_to_user(
self, cr, uid, ids, context=None):
icp = self.pool['ir.config_parameter']
@api.model
def get_default_auth_admin_passkey_send_to_user(self, fields):
return {
'auth_admin_passkey_send_to_user': safe_eval(icp.get_param(
cr, uid, 'auth_admin_passkey.send_to_user', 'True')),
'auth_admin_passkey_send_to_user':
self.env["ir.config_parameter"].get_param(
"auth_admin_passkey.send_to_user")
}

def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None):
config = self.browse(cr, uid, ids[0], context=context)
icp = self.pool['ir.config_parameter']
icp.set_param(
cr, uid, 'auth_admin_passkey.send_to_user',
repr(config.auth_admin_passkey_send_to_user))
@api.multi
def set_auth_admin_passkey_send_to_user(self):
for config in self:
self.env['ir.config_parameter'].set_param(
"auth_admin_passkey.send_to_user",
config.auth_admin_passkey_send_to_user or '')

# Columns Section
_columns = {
'auth_admin_passkey_send_to_admin': fields.boolean(
'Send email to admin user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the admin user.""",
),
'auth_admin_passkey_send_to_user': fields.boolean(
string='Send email to user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the account user.""",
),
}
auth_admin_passkey_send_to_admin = fields.Boolean(
string='Send email to admin user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the admin user.""")

auth_admin_passkey_send_to_user = fields.Boolean(
string='Send email to user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the account user.""")
87 changes: 36 additions & 51 deletions auth_admin_passkey/model/res_users.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,55 +1,40 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html

import datetime

from openerp import SUPERUSER_ID
from openerp import pooler
from openerp import registry
from openerp import exceptions
from openerp.osv.orm import Model
from openerp import models, api
from openerp.tools.translate import _
from openerp.tools.safe_eval import safe_eval


class res_users(Model):
class res_users(models.Model):
_inherit = "res.users"

# Private Function section
def _get_translation(self, cr, lang, text):
def _get_translation(self, lang, text):
context = {'lang': lang} # noqa: _() checks page for locals
return _(text)

def _send_email_passkey(self, cr, user_id, user_agent_env):
@api.model
def _send_email_passkey(self, user_agent_env):
""" Send a email to the admin of the system and / or the user
to inform passkey use."""
mails = []
mail_obj = self.pool['mail.mail']
icp_obj = self.pool['ir.config_parameter']
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
login_user = self.browse(cr, SUPERUSER_ID, user_id)
send_to_admin = safe_eval(icp_obj.get_param(
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_admin', 'True'))
send_to_user = safe_eval(icp_obj.get_param(
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_user', 'True'))
mail_obj = self.env['mail.mail']
icp_obj = self.env['ir.config_parameter']
admin_user = self.sudo().browse(SUPERUSER_ID)
login_user = self.sudo().browse(self.env.uid)
send_to_admin = safe_eval(icp_obj.sudo().get_param(
'auth_admin_passkey.send_to_admin',
'True'))
send_to_user = safe_eval(icp_obj.sudo().get_param(
'auth_admin_passkey.send_to_user',
'True'))

if send_to_admin and admin_user.email:
mails.append({'email': admin_user.email, 'lang': admin_user.lang})
Expand All @@ -58,34 +43,34 @@ def _send_email_passkey(self, cr, user_id, user_agent_env):

for mail in mails:
subject = self._get_translation(
cr, mail['lang'], _('Passkey used'))
mail['lang'], _('Passkey used'))
body = self._get_translation(
cr, mail['lang'],
mail['lang'],
_("""Admin user used his passkey to login with '%s'.\n\n"""
"""\n\nTechnicals informations belows : \n\n"""
"""- Login date : %s\n\n""")) % (
login_user.login,
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
for k, v in user_agent_env.iteritems():
body += ("- %s : %s\n\n") % (k, v)
mail_obj.create(
cr, SUPERUSER_ID, {
mail_obj.sudo().create({
'email_to': mail['email'],
'subject': subject,
'body_html': '<pre>%s</pre>' % body})

def _send_email_same_password(self, cr, login_user):
@api.cr
def _send_email_same_password(self, login_user):
""" Send a email to the admin user to inform that another user has the
same password as him."""
mail_obj = self.pool['mail.mail']
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
mail_obj = self.env['mail.mail']
admin_user = self.sudo().browse(SUPERUSER_ID)
if admin_user.email:
mail_obj.create(cr, SUPERUSER_ID, {
mail_obj.sudo().create({
'email_to': admin_user.email,
'subject': self._get_translation(
cr, admin_user.lang, _('[WARNING] OpenERP Security Risk')),
admin_user.lang, _('[WARNING] OpenERP Security Risk')),
'body_html': self._get_translation(
cr, admin_user.lang, _(
admin_user.lang, _(
"""<pre>User with login '%s' has the same """
"""password as you.</pre>""")) % (login_user),
})
Expand All @@ -98,7 +83,7 @@ def authenticate(self, db, login, password, user_agent_env):
db, login, password, user_agent_env)
if user_id and (user_id != SUPERUSER_ID):
same_password = False
cr = pooler.get_db(db).cursor()
cr = registry(db).cursor()
try:
# directly use parent 'check_credentials' function
# to really know if credentials are ok
Expand All @@ -123,15 +108,15 @@ def authenticate(self, db, login, password, user_agent_env):
cr.close()
return user_id

def check_credentials(self, cr, uid, password):
@api.model
def check_credentials(self, password):
""" Return now True if credentials are good OR if password is admin
password."""
if uid != SUPERUSER_ID:
if self.env.uid != SUPERUSER_ID:
try:
super(res_users, self).check_credentials(
cr, uid, password)
super(res_users, self).check_credentials(password)
return True
except exceptions.AccessDenied:
return self.check_credentials(cr, SUPERUSER_ID, password)
return self.sudo().check_credentials(password)
else:
return super(res_users, self).check_credentials(cr, uid, password)
return super(res_users, self).check_credentials(password)