OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2221 Commits
13 Branches
0 Tags
45 MiB
Tree: 37aefca2cf
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '37aefca2cf'
${ noResults }
server-tools/password_security/controllers/main.py

95 lines
3.2 KiB
Raw Normal View History

[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
[MIG] password_security: Migrate to v10 * Bump versions * Installable to True * Add Usage section to ReadMe w/ Runbot link * `_crypt_context` now directly exposes the `CryptContext` * Change all instances of openerp to odoo
8 years ago
[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
[FIX] password_security: Fix password stored and token to reset password invalid (#859) * [FIX] password_security: Fix password stored * [REF] password_security: use a unified check_password private method to validate rules and history password
7 years ago
[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
[FIX] password_security: Fix password stored and token to reset password invalid (#859) * [FIX] password_security: Fix password stored * [REF] password_security: use a unified check_password private method to validate rules and history password
7 years ago
[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
[FIX] password_security: No login success with no params * Default the `login_success` parameter to False instead of True in order to mitigate lack of parameter existence due to unknown module. Fixes OCA#1081
7 years ago
[FIX] password_security: auth_totp compatibility * Modify overloaded web_login action to not trigger a password expiration check if the login process is not complete yet (e.g. due to auth_totp) * Add unit test for new logic * Fix warning caused by unrelated unit test
7 years ago
[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
[FIX] password_security: Force password reset * Add logic to overloaded web_login action to log out users with expired passwords, preventing the password reset from being ignored * Add unit test for new logic
7 years ago
[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
  1. # -*- coding: utf-8 -*-
  2. # Copyright 2015 LasLabs Inc.
  3. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
  5. import operator
  7. from odoo import http
  8. from odoo.http import request
  9. from odoo.addons.auth_signup.controllers.main import AuthSignupHome
  10. from odoo.addons.web.controllers.main import ensure_db, Session
  12. from ..exceptions import PassError
  15. class PasswordSecuritySession(Session):
  17. @http.route()
  18. def change_password(self, fields):
  19. new_password = operator.itemgetter('new_password')(
  20. dict(map(operator.itemgetter('name', 'value'), fields))
  21. )
  22. user_id = request.env.user
  23. user_id._check_password(new_password)
  24. return super(PasswordSecuritySession, self).change_password(fields)
  27. class PasswordSecurityHome(AuthSignupHome):
  29. def do_signup(self, qcontext):
  30. password = qcontext.get('password')
  31. user_id = request.env.user
  32. user_id._check_password(password)
  33. return super(PasswordSecurityHome, self).do_signup(qcontext)
  35. @http.route()
  36. def web_login(self, *args, **kw):
  37. ensure_db()
  38. response = super(PasswordSecurityHome, self).web_login(*args, **kw)
  39. login_success = request.params.get('login_success', False)
  40. if not request.httprequest.method == 'POST' or not login_success:
  41. return response
  42. uid = request.session.authenticate(
  43. request.session.db,
  44. request.params['login'],
  45. request.params['password']
  46. )
  47. if not uid:
  48. return response
  49. users_obj = request.env['res.users'].sudo()
  50. user_id = users_obj.browse(request.uid)
  51. if not user_id._password_has_expired():
  52. return response
  53. user_id.action_expire_password()
  54. request.session.logout(keep_db=True)
  55. redirect = user_id.partner_id.signup_url
  56. return http.redirect_with_hash(redirect)
  58. @http.route()
  59. def web_auth_signup(self, *args, **kw):
  60. try:
  61. return super(PasswordSecurityHome, self).web_auth_signup(
  62. *args, **kw
  63. )
  64. except PassError as e:
  65. qcontext = self.get_auth_signup_qcontext()
  66. qcontext['error'] = e.message
  67. return request.render('auth_signup.signup', qcontext)
  69. @http.route()
  70. def web_auth_reset_password(self, *args, **kw):
  71. """ It provides hook to disallow front-facing resets inside of min
  72. Unfortuantely had to reimplement some core logic here because of
  73. nested logic in parent
  74. """
  75. qcontext = self.get_auth_signup_qcontext()
  76. if (
  77. request.httprequest.method == 'POST' and
  78. qcontext.get('login') and
  79. 'error' not in qcontext and
  80. 'token' not in qcontext
  81. ):
  82. login = qcontext.get('login')
  83. user_ids = request.env.sudo().search(
  84. [('login', '=', login)],
  85. limit=1,
  86. )
  87. if not user_ids:
  88. user_ids = request.env.sudo().search(
  89. [('email', '=', login)],
  90. limit=1,
  91. )
  92. user_ids._validate_pass_reset()
  93. return super(PasswordSecurityHome, self).web_auth_reset_password(
  94. *args, **kw
  95. )