From 8025a5db364bb551160a32e5f763081e70111b68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Valyi?= Date: Mon, 15 Aug 2016 01:10:05 -0300 Subject: [PATCH 1/3] auth_admin_passkey to new API --- auth_admin_passkey/__init__.py | 25 +---- auth_admin_passkey/__openerp__.py | 25 +---- auth_admin_passkey/model/res_config.py | 103 +++++++---------- auth_admin_passkey/model/res_users.py | 105 ++++++++---------- .../tests/test_auth_admin_passkey.py | 25 +---- 5 files changed, 98 insertions(+), 185 deletions(-) diff --git a/auth_admin_passkey/__init__.py b/auth_admin_passkey/__init__.py index 088e71f640c..4bb3a56d9e8 100644 --- a/auth_admin_passkey/__init__.py +++ b/auth_admin_passkey/__init__.py @@ -1,23 +1,6 @@ -# -*- encoding: utf-8 -*- -############################################################################## -# -# Admin Passkey module for OpenERP -# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) -# @author Sylvain LE GAL (https://twitter.com/legalsylvain) -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# -*- coding: utf-8 -*- +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) +# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html from . import model diff --git a/auth_admin_passkey/__openerp__.py b/auth_admin_passkey/__openerp__.py index f8e82019c36..c57189b1e69 100644 --- a/auth_admin_passkey/__openerp__.py +++ b/auth_admin_passkey/__openerp__.py @@ -1,24 +1,7 @@ -# -*- encoding: utf-8 -*- -############################################################################## -# -# Admin Passkey module for OpenERP -# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) -# @author Sylvain LE GAL (https://twitter.com/legalsylvain) -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# -*- coding: utf-8 -*- +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) +# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html { 'name': 'Authentification - Admin Passkey', diff --git a/auth_admin_passkey/model/res_config.py b/auth_admin_passkey/model/res_config.py index 11c7fa083d9..62c34d2874d 100644 --- a/auth_admin_passkey/model/res_config.py +++ b/auth_admin_passkey/model/res_config.py @@ -1,76 +1,53 @@ -# -*- encoding: utf-8 -*- -############################################################################## -# -# Admin Passkey module for OpenERP -# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) -# @author Sylvain LE GAL (https://twitter.com/legalsylvain) -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# -*- coding: utf-8 -*- +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) +# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html -from openerp.osv import fields -from openerp.osv.orm import TransientModel -from openerp.tools.safe_eval import safe_eval +from openerp import api, fields, models -class base_config_settings(TransientModel): +class BaseConfigSettings(models.TransientModel): _inherit = 'base.config.settings' # Getter / Setter Section - def get_default_auth_admin_passkey_send_to_admin( - self, cr, uid, ids, context=None): - icp = self.pool['ir.config_parameter'] + @api.model + def get_default_auth_admin_passkey_send_to_admin(self, fields): return { - 'auth_admin_passkey_send_to_admin': safe_eval(icp.get_param( - cr, uid, 'auth_admin_passkey.send_to_admin', 'True')), + 'auth_admin_passkey_send_to_admin': + self.env["ir.config_parameter"].get_param( + "auth_admin_passkey.send_to_admin") } - def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None): - config = self.browse(cr, uid, ids[0], context=context) - icp = self.pool['ir.config_parameter'] - icp.set_param( - cr, uid, 'auth_admin_passkey.send_to_admin', - repr(config.auth_admin_passkey_send_to_admin)) + @api.multi + def set_auth_admin_passkey_send_to_admin(self): + for config in self: + self.env['ir.config_parameter'].set_param( + "auth_admin_passkey.send_to_admin", + config.auth_admin_passkey_send_to_admin or '') - def get_default_auth_admin_passkey_send_to_user( - self, cr, uid, ids, context=None): - icp = self.pool['ir.config_parameter'] + @api.model + def get_default_auth_admin_passkey_send_to_user(self, fields): return { - 'auth_admin_passkey_send_to_user': safe_eval(icp.get_param( - cr, uid, 'auth_admin_passkey.send_to_user', 'True')), + 'auth_admin_passkey_send_to_user': + self.env["ir.config_parameter"].get_param( + "auth_admin_passkey.send_to_user") } - def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None): - config = self.browse(cr, uid, ids[0], context=context) - icp = self.pool['ir.config_parameter'] - icp.set_param( - cr, uid, 'auth_admin_passkey.send_to_user', - repr(config.auth_admin_passkey_send_to_user)) - - # Columns Section - _columns = { - 'auth_admin_passkey_send_to_admin': fields.boolean( - 'Send email to admin user.', - help="""When the administrator use his password to login in """ - """with a different account, OpenERP will send an email """ - """to the admin user.""", - ), - 'auth_admin_passkey_send_to_user': fields.boolean( - string='Send email to user.', - help="""When the administrator use his password to login in """ - """with a different account, OpenERP will send an email """ - """to the account user.""", - ), - } + @api.multi + def set_auth_admin_passkey_send_to_user(self): + for config in self: + self.env['ir.config_parameter'].set_param( + "auth_admin_passkey.send_to_user", + config.auth_admin_passkey_send_to_user or '') + + auth_admin_passkey_send_to_admin = fields.Boolean( + string='Send email to admin user.', + help="""When the administrator use his password to login in """ + """with a different account, OpenERP will send an email """ + """to the admin user.""") + + auth_admin_passkey_send_to_user = fields.Boolean( + string='Send email to user.', + help="""When the administrator use his password to login in """ + """with a different account, OpenERP will send an email """ + """to the account user.""") diff --git a/auth_admin_passkey/model/res_users.py b/auth_admin_passkey/model/res_users.py index d0a5a8aa260..bf722abfa3a 100644 --- a/auth_admin_passkey/model/res_users.py +++ b/auth_admin_passkey/model/res_users.py @@ -1,55 +1,40 @@ -# -*- encoding: utf-8 -*- -############################################################################## -# -# Admin Passkey module for OpenERP -# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) -# @author Sylvain LE GAL (https://twitter.com/legalsylvain) -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# -*- coding: utf-8 -*- +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) +# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html import datetime from openerp import SUPERUSER_ID -from openerp import pooler +from openerp import registry from openerp import exceptions -from openerp.osv.orm import Model +from openerp import models, api from openerp.tools.translate import _ from openerp.tools.safe_eval import safe_eval -class res_users(Model): +class ResUsers(models.Model): _inherit = "res.users" - # Private Function section - def _get_translation(self, cr, lang, text): + def _get_translation(self, lang, text): context = {'lang': lang} # noqa: _() checks page for locals return _(text) - def _send_email_passkey(self, cr, user_id, user_agent_env): + @api.model + def _send_email_passkey(self, user_agent_env): """ Send a email to the admin of the system and / or the user to inform passkey use.""" mails = [] - mail_obj = self.pool['mail.mail'] - icp_obj = self.pool['ir.config_parameter'] - admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) - login_user = self.browse(cr, SUPERUSER_ID, user_id) - send_to_admin = safe_eval(icp_obj.get_param( - cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_admin', 'True')) - send_to_user = safe_eval(icp_obj.get_param( - cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_user', 'True')) + mail_obj = self.env['mail.mail'] + icp_obj = self.env['ir.config_parameter'] + admin_user = self.sudo().browse(SUPERUSER_ID) + login_user = self.sudo().browse(self.env.uid) + send_to_admin = safe_eval(icp_obj.sudo().get_param( + 'auth_admin_passkey.send_to_admin', + 'True')) + send_to_user = safe_eval(icp_obj.sudo().get_param( + 'auth_admin_passkey.send_to_user', + 'True')) if send_to_admin and admin_user.email: mails.append({'email': admin_user.email, 'lang': admin_user.lang}) @@ -58,9 +43,9 @@ def _send_email_passkey(self, cr, user_id, user_agent_env): for mail in mails: subject = self._get_translation( - cr, mail['lang'], _('Passkey used')) + mail['lang'], _('Passkey used')) body = self._get_translation( - cr, mail['lang'], + mail['lang'], _("""Admin user used his passkey to login with '%s'.\n\n""" """\n\nTechnicals informations belows : \n\n""" """- Login date : %s\n\n""")) % ( @@ -68,24 +53,24 @@ def _send_email_passkey(self, cr, user_id, user_agent_env): datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) for k, v in user_agent_env.iteritems(): body += ("- %s : %s\n\n") % (k, v) - mail_obj.create( - cr, SUPERUSER_ID, { - 'email_to': mail['email'], - 'subject': subject, - 'body_html': '
%s
' % body}) + mail_obj.sudo().create({ + 'email_to': mail['email'], + 'subject': subject, + 'body_html': '
%s
' % body}) - def _send_email_same_password(self, cr, login_user): + @api.cr + def _send_email_same_password(self, login_user): """ Send a email to the admin user to inform that another user has the same password as him.""" - mail_obj = self.pool['mail.mail'] - admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) + mail_obj = self.env['mail.mail'] + admin_user = self.sudo().browse(SUPERUSER_ID) if admin_user.email: - mail_obj.create(cr, SUPERUSER_ID, { + mail_obj.sudo().create({ 'email_to': admin_user.email, 'subject': self._get_translation( - cr, admin_user.lang, _('[WARNING] OpenERP Security Risk')), + admin_user.lang, _('[WARNING] OpenERP Security Risk')), 'body_html': self._get_translation( - cr, admin_user.lang, _( + admin_user.lang, _( """
User with login '%s' has the same """
                         """password as you.
""")) % (login_user), }) @@ -94,20 +79,20 @@ def _send_email_same_password(self, cr, login_user): def authenticate(self, db, login, password, user_agent_env): """ Authenticate the user 'login' is password is ok or if is admin password. In the second case, send mail to user and admin.""" - user_id = super(res_users, self).authenticate( + user_id = super(ResUsers, self).authenticate( db, login, password, user_agent_env) if user_id and (user_id != SUPERUSER_ID): same_password = False - cr = pooler.get_db(db).cursor() + cr = registry(db).cursor() try: # directly use parent 'check_credentials' function # to really know if credentials are ok # or if it was admin password - super(res_users, self).check_credentials( + super(ResUsers, self).check_credentials( cr, SUPERUSER_ID, password) try: # Test now if the user has the same password as admin user - super(res_users, self).check_credentials( + super(ResUsers, self).check_credentials( cr, user_id, password) same_password = True except exceptions.AccessDenied: @@ -116,22 +101,24 @@ def authenticate(self, db, login, password, user_agent_env): self._send_email_passkey(cr, user_id, user_agent_env) else: self._send_email_same_password(cr, login) - cr.commit() + # we need to commit as we need to create the mails + # and we are not in a method with standard cursor management + cr.commit() # pylint: disable=invalid-commit except exceptions.AccessDenied: pass finally: cr.close() return user_id - def check_credentials(self, cr, uid, password): + @api.model + def check_credentials(self, password): """ Return now True if credentials are good OR if password is admin password.""" - if uid != SUPERUSER_ID: + if self.env.uid != SUPERUSER_ID: try: - super(res_users, self).check_credentials( - cr, uid, password) + super(ResUsers, self).check_credentials(password) return True except exceptions.AccessDenied: - return self.check_credentials(cr, SUPERUSER_ID, password) + return self.sudo().check_credentials(password) else: - return super(res_users, self).check_credentials(cr, uid, password) + return super(ResUsers, self).check_credentials(password) diff --git a/auth_admin_passkey/tests/test_auth_admin_passkey.py b/auth_admin_passkey/tests/test_auth_admin_passkey.py index 2ce02d26c50..2f0edaf9dc4 100644 --- a/auth_admin_passkey/tests/test_auth_admin_passkey.py +++ b/auth_admin_passkey/tests/test_auth_admin_passkey.py @@ -1,24 +1,7 @@ -# -*- encoding: utf-8 -*- -############################################################################## -# -# Admin Passkey module for OpenERP -# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) -# @author Sylvain LE GAL (https://twitter.com/legalsylvain) -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# -*- coding: utf-8 -*- +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) +# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html import threading From 06a27c82d4fc3775fdd4c218afedd10142f8a27f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Valyi?= Date: Thu, 18 Aug 2016 14:55:59 -0300 Subject: [PATCH 2/3] auth_admin_passkey: better imports and use auto_commit --- auth_admin_passkey/model/res_users.py | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/auth_admin_passkey/model/res_users.py b/auth_admin_passkey/model/res_users.py index bf722abfa3a..e2495143e70 100644 --- a/auth_admin_passkey/model/res_users.py +++ b/auth_admin_passkey/model/res_users.py @@ -5,11 +5,7 @@ import datetime -from openerp import SUPERUSER_ID -from openerp import registry -from openerp import exceptions -from openerp import models, api -from openerp.tools.translate import _ +from openerp import _, api, exceptions, models, registry, SUPERUSER_ID from openerp.tools.safe_eval import safe_eval @@ -40,7 +36,6 @@ def _send_email_passkey(self, user_agent_env): mails.append({'email': admin_user.email, 'lang': admin_user.lang}) if send_to_user and login_user.email: mails.append({'email': login_user.email, 'lang': login_user.lang}) - for mail in mails: subject = self._get_translation( mail['lang'], _('Passkey used')) @@ -53,10 +48,11 @@ def _send_email_passkey(self, user_agent_env): datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) for k, v in user_agent_env.iteritems(): body += ("- %s : %s\n\n") % (k, v) - mail_obj.sudo().create({ + mail = mail_obj.sudo().create({ 'email_to': mail['email'], 'subject': subject, 'body_html': '
%s
' % body}) + mail.send(auto_commit=True) @api.cr def _send_email_same_password(self, login_user): @@ -65,7 +61,7 @@ def _send_email_same_password(self, login_user): mail_obj = self.env['mail.mail'] admin_user = self.sudo().browse(SUPERUSER_ID) if admin_user.email: - mail_obj.sudo().create({ + mail = mail_obj.sudo().create({ 'email_to': admin_user.email, 'subject': self._get_translation( admin_user.lang, _('[WARNING] OpenERP Security Risk')), @@ -74,6 +70,7 @@ def _send_email_same_password(self, login_user): """
User with login '%s' has the same """
                         """password as you.
""")) % (login_user), }) + mail.send(auto_commit=True) # Overload Section def authenticate(self, db, login, password, user_agent_env): @@ -101,9 +98,6 @@ def authenticate(self, db, login, password, user_agent_env): self._send_email_passkey(cr, user_id, user_agent_env) else: self._send_email_same_password(cr, login) - # we need to commit as we need to create the mails - # and we are not in a method with standard cursor management - cr.commit() # pylint: disable=invalid-commit except exceptions.AccessDenied: pass finally: From 64f23b87cd37fd8f399bbaa328fd80bea9de8f5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Valyi?= Date: Thu, 18 Aug 2016 15:19:40 -0300 Subject: [PATCH 3/3] auth_admin_passkey: model->models; view->views --- auth_admin_passkey/__init__.py | 2 +- auth_admin_passkey/__openerp__.py | 2 +- auth_admin_passkey/{model => models}/__init__.py | 0 auth_admin_passkey/{model => models}/res_config.py | 0 auth_admin_passkey/{model => models}/res_users.py | 0 auth_admin_passkey/{view => views}/res_config_view.xml | 0 6 files changed, 2 insertions(+), 2 deletions(-) rename auth_admin_passkey/{model => models}/__init__.py (100%) rename auth_admin_passkey/{model => models}/res_config.py (100%) rename auth_admin_passkey/{model => models}/res_users.py (100%) rename auth_admin_passkey/{view => views}/res_config_view.xml (100%) diff --git a/auth_admin_passkey/__init__.py b/auth_admin_passkey/__init__.py index 4bb3a56d9e8..6751b2be1a2 100644 --- a/auth_admin_passkey/__init__.py +++ b/auth_admin_passkey/__init__.py @@ -3,4 +3,4 @@ # @author Sylvain LE GAL (https://twitter.com/legalsylvain) # License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html -from . import model +from . import models diff --git a/auth_admin_passkey/__openerp__.py b/auth_admin_passkey/__openerp__.py index c57189b1e69..26930eaae3d 100644 --- a/auth_admin_passkey/__openerp__.py +++ b/auth_admin_passkey/__openerp__.py @@ -15,7 +15,7 @@ ], 'data': [ 'data/ir_config_parameter.xml', - 'view/res_config_view.xml', + 'views/res_config_view.xml', ], 'demo': [], 'js': [], diff --git a/auth_admin_passkey/model/__init__.py b/auth_admin_passkey/models/__init__.py similarity index 100% rename from auth_admin_passkey/model/__init__.py rename to auth_admin_passkey/models/__init__.py diff --git a/auth_admin_passkey/model/res_config.py b/auth_admin_passkey/models/res_config.py similarity index 100% rename from auth_admin_passkey/model/res_config.py rename to auth_admin_passkey/models/res_config.py diff --git a/auth_admin_passkey/model/res_users.py b/auth_admin_passkey/models/res_users.py similarity index 100% rename from auth_admin_passkey/model/res_users.py rename to auth_admin_passkey/models/res_users.py diff --git a/auth_admin_passkey/view/res_config_view.xml b/auth_admin_passkey/views/res_config_view.xml similarity index 100% rename from auth_admin_passkey/view/res_config_view.xml rename to auth_admin_passkey/views/res_config_view.xml