[REF] Pep8.
Sylvain LE GAL
parent
dbbef72026
commit
80a2e93c8d
|
|
@ -28,11 +28,11 @@
|
|||
Admin password become a passkey for all active logins
|
||||
=====================================================
|
||||
|
||||
Functionnality :
|
||||
----------------
|
||||
Functionality :
|
||||
---------------
|
||||
* Administrator has now the possibility to login in with any login;
|
||||
* By default, OpenERP will send a mail to user and admin to indicate them;
|
||||
* If a user has the same password as the admin, OpenERP will inform the admin;
|
||||
* If a user and the admin has the same password, admin will be informed;
|
||||
|
||||
Technical information :
|
||||
-----------------------
|
||||
|
|
|
|||
|
|
@ -24,50 +24,53 @@ from openerp.osv import fields
|
|||
from openerp.osv.orm import TransientModel
|
||||
from openerp.tools.safe_eval import safe_eval
|
||||
|
||||
|
||||
class base_config_settings(TransientModel):
|
||||
_inherit = 'base.config.settings'
|
||||
|
||||
### Getter / Setter Section
|
||||
def get_default_auth_admin_passkey_send_to_admin(self, cr, uid, ids,
|
||||
context=None):
|
||||
# Getter / Setter Section
|
||||
def get_default_auth_admin_passkey_send_to_admin(
|
||||
self, cr, uid, ids, context=None):
|
||||
icp = self.pool['ir.config_parameter']
|
||||
return {
|
||||
'auth_admin_passkey_send_to_admin' : safe_eval(icp.get_param(cr,
|
||||
uid, 'auth_admin_passkey.send_to_admin', 'True')),
|
||||
'auth_admin_passkey_send_to_admin': safe_eval(icp.get_param(
|
||||
cr, uid, 'auth_admin_passkey.send_to_admin', 'True')),
|
||||
}
|
||||
|
||||
def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None):
|
||||
config = self.browse(cr, uid, ids[0], context=context)
|
||||
icp = self.pool['ir.config_parameter']
|
||||
icp.set_param(cr, uid, 'auth_admin_passkey.send_to_admin',
|
||||
icp.set_param(
|
||||
cr, uid, 'auth_admin_passkey.send_to_admin',
|
||||
repr(config.auth_admin_passkey_send_to_admin))
|
||||
|
||||
def get_default_auth_admin_passkey_send_to_user(self, cr, uid, ids,
|
||||
context=None):
|
||||
def get_default_auth_admin_passkey_send_to_user(
|
||||
self, cr, uid, ids, context=None):
|
||||
icp = self.pool['ir.config_parameter']
|
||||
return {
|
||||
'auth_admin_passkey_send_to_user' : safe_eval(icp.get_param(cr,
|
||||
uid, 'auth_admin_passkey.send_to_user', 'True')),
|
||||
'auth_admin_passkey_send_to_user': safe_eval(icp.get_param(
|
||||
cr, uid, 'auth_admin_passkey.send_to_user', 'True')),
|
||||
}
|
||||
|
||||
def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None):
|
||||
config = self.browse(cr, uid, ids[0], context=context)
|
||||
icp = self.pool['ir.config_parameter']
|
||||
icp.set_param(cr, uid, 'auth_admin_passkey.send_to_user',
|
||||
icp.set_param(
|
||||
cr, uid, 'auth_admin_passkey.send_to_user',
|
||||
repr(config.auth_admin_passkey_send_to_user))
|
||||
|
||||
### Columns Section
|
||||
# Columns Section
|
||||
_columns = {
|
||||
'auth_admin_passkey_send_to_admin': fields.boolean(
|
||||
'Send email to admin user.',
|
||||
help="When the administrator use his password to login in "\
|
||||
"with a different account, OpenERP will send an email "\
|
||||
"to the admin user.",
|
||||
help="""When the administrator use his password to login in """
|
||||
"""with a different account, OpenERP will send an email """
|
||||
"""to the admin user.""",
|
||||
),
|
||||
'auth_admin_passkey_send_to_user': fields.boolean(
|
||||
string='Send email to user.',
|
||||
help="When the administrator use his password to login in "\
|
||||
"with a different account, OpenERP will send an email "\
|
||||
"to the account user.",
|
||||
help="""When the administrator use his password to login in """
|
||||
"""with a different account, OpenERP will send an email """
|
||||
"""to the account user.""",
|
||||
),
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,77 +29,86 @@ from openerp import exceptions
|
|||
from openerp.osv.orm import Model
|
||||
from openerp.tools.translate import _
|
||||
|
||||
|
||||
class res_users(Model):
|
||||
_inherit = "res.users"
|
||||
|
||||
### Private Function section
|
||||
# Private Function section
|
||||
def _get_translation(self, cr, lang, text):
|
||||
context = {'lang': lang}
|
||||
return _(text)
|
||||
|
||||
def _send_email_passkey(self, cr, user_id, user_agent_env):
|
||||
""" Send a email to the admin of the system and / or the user
|
||||
to inform passkey use """
|
||||
to inform passkey use."""
|
||||
mails = []
|
||||
mail_obj = self.pool['mail.mail']
|
||||
icp_obj = self.pool['ir.config_parameter']
|
||||
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
|
||||
login_user = self.browse(cr, SUPERUSER_ID, user_id)
|
||||
send_to_admin = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,
|
||||
'auth_admin_passkey.send_to_admin', 'True'))
|
||||
send_to_user = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,
|
||||
'auth_admin_passkey.send_to_user', 'True'))
|
||||
send_to_admin = literal_eval(icp_obj.get_param(
|
||||
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_admin', 'True'))
|
||||
send_to_user = literal_eval(icp_obj.get_param(
|
||||
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_user', 'True'))
|
||||
|
||||
if send_to_admin and admin_user.email:
|
||||
mails.append({'email': admin_user.email, 'lang': admin_user.lang,})
|
||||
mails.append({'email': admin_user.email, 'lang': admin_user.lang})
|
||||
if send_to_user and login_user.email:
|
||||
mails.append({'email': login_user.email, 'lang': login_user.lang,})
|
||||
mails.append({'email': login_user.email, 'lang': login_user.lang})
|
||||
|
||||
for mail in mails:
|
||||
subject = self._get_translation(cr, mail['lang'], _('Passkey used'))
|
||||
body = self._get_translation(cr, mail['lang'],
|
||||
_("""Admin user used his passkey to login with '%s'.\n\n"""\
|
||||
"""\n\nTechnicals informations belows : \n\n"""\
|
||||
"""- Login date : %s\n\n""")) %(login_user.login,
|
||||
subject = self._get_translation(
|
||||
cr, mail['lang'], _('Passkey used'))
|
||||
body = self._get_translation(
|
||||
cr, mail['lang'],
|
||||
_("""Admin user used his passkey to login with '%s'.\n\n"""
|
||||
"""\n\nTechnicals informations belows : \n\n"""
|
||||
"""- Login date : %s\n\n""")) % (
|
||||
login_user.login,
|
||||
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
|
||||
for k, v in user_agent_env.iteritems():
|
||||
body += ("- %s : %s\n\n") % (k, v)
|
||||
mail_obj.create(cr, SUPERUSER_ID, {
|
||||
mail_obj.create(
|
||||
cr, SUPERUSER_ID, {
|
||||
'email_to': mail['email'],
|
||||
'subject': subject,
|
||||
'body_html': '<pre>%s</pre>' % body})
|
||||
|
||||
def _send_email_same_password(self, cr, login_user):
|
||||
""" Send a email to the admin user to inform that another user has the
|
||||
same password as him"""
|
||||
same password as him."""
|
||||
mail_obj = self.pool['mail.mail']
|
||||
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
|
||||
if admin_user.email:
|
||||
mail_obj.create(cr, SUPERUSER_ID, {
|
||||
'email_to': admin_user.email,
|
||||
'subject': self._get_translation(cr, admin_user.lang,
|
||||
_('[WARNING] OpenERP Security Risk')),
|
||||
'body_html': self._get_translation(cr, admin_user.lang,
|
||||
_("""<pre>User with login '%s' has the same """\
|
||||
'subject': self._get_translation(
|
||||
cr, admin_user.lang, _('[WARNING] OpenERP Security Risk')),
|
||||
'body_html': self._get_translation(
|
||||
cr, admin_user.lang, _(
|
||||
"""<pre>User with login '%s' has the same """
|
||||
"""password as you.</pre>""")) % (login_user),
|
||||
})
|
||||
|
||||
### Overload Section
|
||||
# Overload Section
|
||||
def authenticate(self, db, login, password, user_agent_env):
|
||||
""" Authenticate the user 'login' is password is ok or if
|
||||
is admin password. In the second case, send mail to user and admin."""
|
||||
user_id = super(res_users, self).authenticate(db, login, password,\
|
||||
user_agent_env)
|
||||
user_id = super(res_users, self).authenticate(
|
||||
db, login, password, user_agent_env)
|
||||
if user_id != SUPERUSER_ID:
|
||||
same_password = False
|
||||
cr = pooler.get_db(db).cursor()
|
||||
try:
|
||||
# directly use parent 'check_credentials' function
|
||||
# to really know if credentials are ok or if it was admin password
|
||||
super(res_users, self).check_credentials(cr, SUPERUSER_ID, password)
|
||||
# to really know if credentials are ok
|
||||
# or if it was admin password
|
||||
super(res_users, self).check_credentials(
|
||||
cr, SUPERUSER_ID, password)
|
||||
try:
|
||||
# Test now if the user has the same password as admin user
|
||||
super(res_users, self).check_credentials(cr, user_id, password)
|
||||
super(res_users, self).check_credentials(
|
||||
cr, user_id, password)
|
||||
same_password = True
|
||||
except exceptions.AccessDenied:
|
||||
pass
|
||||
|
|
@ -116,12 +125,13 @@ class res_users(Model):
|
|||
|
||||
def check_credentials(self, cr, uid, password):
|
||||
""" Return now True if credentials are good OR if password is admin
|
||||
password"""
|
||||
password."""
|
||||
if uid != SUPERUSER_ID:
|
||||
try:
|
||||
self.check_credentials(cr, SUPERUSER_ID, password)
|
||||
return True
|
||||
except exceptions.AccessDenied:
|
||||
return super(res_users, self).check_credentials(cr, uid, password)
|
||||
return super(res_users, self).check_credentials(
|
||||
cr, uid, password)
|
||||
else:
|
||||
return super(res_users, self).check_credentials(cr, uid, password)
|
||||
|
|
|
|||
Loading…
Reference in New Issue