OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1703 Commits
13 Branches
0 Tags
45 MiB
Tree: 2c3776bd2e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2c3776bd2e'
${ noResults }
server-tools/password_security/controllers/main.py

94 lines
3.1 KiB
Raw Normal View History

[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
[MIG] password_security: Migrate to v10 * Bump versions * Installable to True * Add Usage section to ReadMe w/ Runbot link * `_crypt_context` now directly exposes the `CryptContext` * Change all instances of openerp to odoo
8 years ago
[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
[FIX] password_security: Fix password stored and token to reset password invalid (#859) * [FIX] password_security: Fix password stored * [REF] password_security: use a unified check_password private method to validate rules and history password
8 years ago
[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
[FIX] password_security: Fix password stored and token to reset password invalid (#859) * [FIX] password_security: Fix password stored * [REF] password_security: use a unified check_password private method to validate rules and history password
8 years ago
[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
[FIX] password_security: Force password reset * Add logic to overloaded web_login action to log out users with expired passwords, preventing the password reset from being ignored * Add unit test for new logic
7 years ago
[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
  1. # -*- coding: utf-8 -*-
  2. # Copyright 2015 LasLabs Inc.
  3. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
  5. import operator
  7. from odoo import http
  8. from odoo.http import request
  9. from odoo.addons.auth_signup.controllers.main import AuthSignupHome
  10. from odoo.addons.web.controllers.main import ensure_db, Session
  12. from ..exceptions import PassError
  15. class PasswordSecuritySession(Session):
  17. @http.route()
  18. def change_password(self, fields):
  19. new_password = operator.itemgetter('new_password')(
  20. dict(map(operator.itemgetter('name', 'value'), fields))
  21. )
  22. user_id = request.env.user
  23. user_id._check_password(new_password)
  24. return super(PasswordSecuritySession, self).change_password(fields)
  27. class PasswordSecurityHome(AuthSignupHome):
  29. def do_signup(self, qcontext):
  30. password = qcontext.get('password')
  31. user_id = request.env.user
  32. user_id._check_password(password)
  33. return super(PasswordSecurityHome, self).do_signup(qcontext)
  35. @http.route()
  36. def web_login(self, *args, **kw):
  37. ensure_db()
  38. response = super(PasswordSecurityHome, self).web_login(*args, **kw)
  39. if not request.httprequest.method == 'POST':
  40. return response
  41. uid = request.session.authenticate(
  42. request.session.db,
  43. request.params['login'],
  44. request.params['password']
  45. )
  46. if not uid:
  47. return response
  48. users_obj = request.env['res.users'].sudo()
  49. user_id = users_obj.browse(request.uid)
  50. if not user_id._password_has_expired():
  51. return response
  52. user_id.action_expire_password()
  53. request.session.logout(keep_db=True)
  54. redirect = user_id.partner_id.signup_url
  55. return http.redirect_with_hash(redirect)
  57. @http.route()
  58. def web_auth_signup(self, *args, **kw):
  59. try:
  60. return super(PasswordSecurityHome, self).web_auth_signup(
  61. *args, **kw
  62. )
  63. except PassError as e:
  64. qcontext = self.get_auth_signup_qcontext()
  65. qcontext['error'] = e.message
  66. return request.render('auth_signup.signup', qcontext)
  68. @http.route()
  69. def web_auth_reset_password(self, *args, **kw):
  70. """ It provides hook to disallow front-facing resets inside of min
  71. Unfortuantely had to reimplement some core logic here because of
  72. nested logic in parent
  73. """
  74. qcontext = self.get_auth_signup_qcontext()
  75. if (
  76. request.httprequest.method == 'POST' and
  77. qcontext.get('login') and
  78. 'error' not in qcontext and
  79. 'token' not in qcontext
  80. ):
  81. login = qcontext.get('login')
  82. user_ids = request.env.sudo().search(
  83. [('login', '=', login)],
  84. limit=1,
  85. )
  86. if not user_ids:
  87. user_ids = request.env.sudo().search(
  88. [('email', '=', login)],
  89. limit=1,
  90. )
  91. user_ids._validate_pass_reset()
  92. return super(PasswordSecurityHome, self).web_auth_reset_password(
  93. *args, **kw
  94. )