From 6d7134bc0608b2be2ab13ae1768b0501406b3cd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Valyi?= Date: Wed, 17 Aug 2016 23:37:32 -0300 Subject: [PATCH] auth_admin_passkey: new API; set as installable --- auth_admin_passkey/__init__.py | 25 +---- auth_admin_passkey/__openerp__.py | 27 +---- auth_admin_passkey/model/res_config.py | 103 +++++++---------- auth_admin_passkey/model/res_users.py | 105 ++++++++---------- .../tests/test_auth_admin_passkey.py | 25 +---- 5 files changed, 99 insertions(+), 186 deletions(-) diff --git a/auth_admin_passkey/__init__.py b/auth_admin_passkey/__init__.py index 3757327cd06..4bb3a56d9e8 100644 --- a/auth_admin_passkey/__init__.py +++ b/auth_admin_passkey/__init__.py @@ -1,23 +1,6 @@ -# -*- encoding: utf-8 -*- -############################################################################## -# -# Admin Passkey module for Odoo -# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) -# @author Sylvain LE GAL (https://twitter.com/legalsylvain) -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# -*- coding: utf-8 -*- +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) +# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html from . import model diff --git a/auth_admin_passkey/__openerp__.py b/auth_admin_passkey/__openerp__.py index ac9194aadd4..c57189b1e69 100644 --- a/auth_admin_passkey/__openerp__.py +++ b/auth_admin_passkey/__openerp__.py @@ -1,24 +1,7 @@ -# -*- encoding: utf-8 -*- -############################################################################## -# -# Admin Passkey module for Odoo -# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) -# @author Sylvain LE GAL (https://twitter.com/legalsylvain) -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# -*- coding: utf-8 -*- +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) +# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html { 'name': 'Authentification - Admin Passkey', @@ -41,6 +24,6 @@ 'images': [], 'post_load': '', 'application': False, - 'installable': False, + 'installable': True, 'auto_install': False, } diff --git a/auth_admin_passkey/model/res_config.py b/auth_admin_passkey/model/res_config.py index 6be3b67e46a..62c34d2874d 100644 --- a/auth_admin_passkey/model/res_config.py +++ b/auth_admin_passkey/model/res_config.py @@ -1,76 +1,53 @@ -# -*- encoding: utf-8 -*- -############################################################################## -# -# Admin Passkey module for Odoo -# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) -# @author Sylvain LE GAL (https://twitter.com/legalsylvain) -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# -*- coding: utf-8 -*- +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) +# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html -from openerp.osv import fields -from openerp.osv.orm import TransientModel -from openerp.tools.safe_eval import safe_eval +from openerp import api, fields, models -class base_config_settings(TransientModel): +class BaseConfigSettings(models.TransientModel): _inherit = 'base.config.settings' # Getter / Setter Section - def get_default_auth_admin_passkey_send_to_admin( - self, cr, uid, ids, context=None): - icp = self.pool['ir.config_parameter'] + @api.model + def get_default_auth_admin_passkey_send_to_admin(self, fields): return { - 'auth_admin_passkey_send_to_admin': safe_eval(icp.get_param( - cr, uid, 'auth_admin_passkey.send_to_admin', 'True')), + 'auth_admin_passkey_send_to_admin': + self.env["ir.config_parameter"].get_param( + "auth_admin_passkey.send_to_admin") } - def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None): - config = self.browse(cr, uid, ids[0], context=context) - icp = self.pool['ir.config_parameter'] - icp.set_param( - cr, uid, 'auth_admin_passkey.send_to_admin', - repr(config.auth_admin_passkey_send_to_admin)) + @api.multi + def set_auth_admin_passkey_send_to_admin(self): + for config in self: + self.env['ir.config_parameter'].set_param( + "auth_admin_passkey.send_to_admin", + config.auth_admin_passkey_send_to_admin or '') - def get_default_auth_admin_passkey_send_to_user( - self, cr, uid, ids, context=None): - icp = self.pool['ir.config_parameter'] + @api.model + def get_default_auth_admin_passkey_send_to_user(self, fields): return { - 'auth_admin_passkey_send_to_user': safe_eval(icp.get_param( - cr, uid, 'auth_admin_passkey.send_to_user', 'True')), + 'auth_admin_passkey_send_to_user': + self.env["ir.config_parameter"].get_param( + "auth_admin_passkey.send_to_user") } - def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None): - config = self.browse(cr, uid, ids[0], context=context) - icp = self.pool['ir.config_parameter'] - icp.set_param( - cr, uid, 'auth_admin_passkey.send_to_user', - repr(config.auth_admin_passkey_send_to_user)) - - # Columns Section - _columns = { - 'auth_admin_passkey_send_to_admin': fields.boolean( - 'Send email to admin user.', - help="""When the administrator use his password to login in """ - """with a different account, Odoo will send an email """ - """to the admin user.""", - ), - 'auth_admin_passkey_send_to_user': fields.boolean( - string='Send email to user.', - help="""When the administrator use his password to login in """ - """with a different account, Odoo will send an email """ - """to the account user.""", - ), - } + @api.multi + def set_auth_admin_passkey_send_to_user(self): + for config in self: + self.env['ir.config_parameter'].set_param( + "auth_admin_passkey.send_to_user", + config.auth_admin_passkey_send_to_user or '') + + auth_admin_passkey_send_to_admin = fields.Boolean( + string='Send email to admin user.', + help="""When the administrator use his password to login in """ + """with a different account, OpenERP will send an email """ + """to the admin user.""") + + auth_admin_passkey_send_to_user = fields.Boolean( + string='Send email to user.', + help="""When the administrator use his password to login in """ + """with a different account, OpenERP will send an email """ + """to the account user.""") diff --git a/auth_admin_passkey/model/res_users.py b/auth_admin_passkey/model/res_users.py index d4ad3716ef9..bf722abfa3a 100644 --- a/auth_admin_passkey/model/res_users.py +++ b/auth_admin_passkey/model/res_users.py @@ -1,55 +1,40 @@ -# -*- encoding: utf-8 -*- -############################################################################## -# -# Admin Passkey module for Odoo -# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) -# @author Sylvain LE GAL (https://twitter.com/legalsylvain) -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# -*- coding: utf-8 -*- +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) +# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html import datetime from openerp import SUPERUSER_ID -from openerp import pooler +from openerp import registry from openerp import exceptions -from openerp.osv.orm import Model +from openerp import models, api from openerp.tools.translate import _ from openerp.tools.safe_eval import safe_eval -class res_users(Model): +class ResUsers(models.Model): _inherit = "res.users" - # Private Function section - def _get_translation(self, cr, lang, text): + def _get_translation(self, lang, text): context = {'lang': lang} # noqa: _() checks page for locals return _(text) - def _send_email_passkey(self, cr, user_id, user_agent_env): + @api.model + def _send_email_passkey(self, user_agent_env): """ Send a email to the admin of the system and / or the user to inform passkey use.""" mails = [] - mail_obj = self.pool['mail.mail'] - icp_obj = self.pool['ir.config_parameter'] - admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) - login_user = self.browse(cr, SUPERUSER_ID, user_id) - send_to_admin = safe_eval(icp_obj.get_param( - cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_admin', 'True')) - send_to_user = safe_eval(icp_obj.get_param( - cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_user', 'True')) + mail_obj = self.env['mail.mail'] + icp_obj = self.env['ir.config_parameter'] + admin_user = self.sudo().browse(SUPERUSER_ID) + login_user = self.sudo().browse(self.env.uid) + send_to_admin = safe_eval(icp_obj.sudo().get_param( + 'auth_admin_passkey.send_to_admin', + 'True')) + send_to_user = safe_eval(icp_obj.sudo().get_param( + 'auth_admin_passkey.send_to_user', + 'True')) if send_to_admin and admin_user.email: mails.append({'email': admin_user.email, 'lang': admin_user.lang}) @@ -58,9 +43,9 @@ def _send_email_passkey(self, cr, user_id, user_agent_env): for mail in mails: subject = self._get_translation( - cr, mail['lang'], _('Passkey used')) + mail['lang'], _('Passkey used')) body = self._get_translation( - cr, mail['lang'], + mail['lang'], _("""Admin user used his passkey to login with '%s'.\n\n""" """\n\nTechnicals informations belows : \n\n""" """- Login date : %s\n\n""")) % ( @@ -68,24 +53,24 @@ def _send_email_passkey(self, cr, user_id, user_agent_env): datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) for k, v in user_agent_env.iteritems(): body += ("- %s : %s\n\n") % (k, v) - mail_obj.create( - cr, SUPERUSER_ID, { - 'email_to': mail['email'], - 'subject': subject, - 'body_html': '
%s
' % body}) + mail_obj.sudo().create({ + 'email_to': mail['email'], + 'subject': subject, + 'body_html': '
%s
' % body}) - def _send_email_same_password(self, cr, login_user): + @api.cr + def _send_email_same_password(self, login_user): """ Send a email to the admin user to inform that another user has the same password as him.""" - mail_obj = self.pool['mail.mail'] - admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) + mail_obj = self.env['mail.mail'] + admin_user = self.sudo().browse(SUPERUSER_ID) if admin_user.email: - mail_obj.create(cr, SUPERUSER_ID, { + mail_obj.sudo().create({ 'email_to': admin_user.email, 'subject': self._get_translation( - cr, admin_user.lang, _('[WARNING] Odoo Security Risk')), + admin_user.lang, _('[WARNING] OpenERP Security Risk')), 'body_html': self._get_translation( - cr, admin_user.lang, _( + admin_user.lang, _( """
User with login '%s' has the same """
                         """password as you.
""")) % (login_user), }) @@ -94,20 +79,20 @@ def _send_email_same_password(self, cr, login_user): def authenticate(self, db, login, password, user_agent_env): """ Authenticate the user 'login' is password is ok or if is admin password. In the second case, send mail to user and admin.""" - user_id = super(res_users, self).authenticate( + user_id = super(ResUsers, self).authenticate( db, login, password, user_agent_env) if user_id and (user_id != SUPERUSER_ID): same_password = False - cr = pooler.get_db(db).cursor() + cr = registry(db).cursor() try: # directly use parent 'check_credentials' function # to really know if credentials are ok # or if it was admin password - super(res_users, self).check_credentials( + super(ResUsers, self).check_credentials( cr, SUPERUSER_ID, password) try: # Test now if the user has the same password as admin user - super(res_users, self).check_credentials( + super(ResUsers, self).check_credentials( cr, user_id, password) same_password = True except exceptions.AccessDenied: @@ -116,22 +101,24 @@ def authenticate(self, db, login, password, user_agent_env): self._send_email_passkey(cr, user_id, user_agent_env) else: self._send_email_same_password(cr, login) - cr.commit() + # we need to commit as we need to create the mails + # and we are not in a method with standard cursor management + cr.commit() # pylint: disable=invalid-commit except exceptions.AccessDenied: pass finally: cr.close() return user_id - def check_credentials(self, cr, uid, password): + @api.model + def check_credentials(self, password): """ Return now True if credentials are good OR if password is admin password.""" - if uid != SUPERUSER_ID: + if self.env.uid != SUPERUSER_ID: try: - super(res_users, self).check_credentials( - cr, uid, password) + super(ResUsers, self).check_credentials(password) return True except exceptions.AccessDenied: - return self.check_credentials(cr, SUPERUSER_ID, password) + return self.sudo().check_credentials(password) else: - return super(res_users, self).check_credentials(cr, uid, password) + return super(ResUsers, self).check_credentials(password) diff --git a/auth_admin_passkey/tests/test_auth_admin_passkey.py b/auth_admin_passkey/tests/test_auth_admin_passkey.py index a8919f43975..2f0edaf9dc4 100644 --- a/auth_admin_passkey/tests/test_auth_admin_passkey.py +++ b/auth_admin_passkey/tests/test_auth_admin_passkey.py @@ -1,24 +1,7 @@ -# -*- encoding: utf-8 -*- -############################################################################## -# -# Admin Passkey module for Odoo -# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) -# @author Sylvain LE GAL (https://twitter.com/legalsylvain) -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# -*- coding: utf-8 -*- +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) +# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html import threading