You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

110 lines
4.9 KiB

  1. # -*- encoding: utf-8 -*-
  2. ################################################################################
  3. # See __openerp__.py file for Copyright and Licence Informations.
  4. ################################################################################
  5. import datetime
  6. from ast import literal_eval
  7. from openerp import SUPERUSER_ID
  8. from openerp import pooler
  9. from openerp import exceptions
  10. from openerp.osv.orm import Model
  11. from openerp.tools.translate import _
  12. class res_users(Model):
  13. _inherit = "res.users"
  14. ### Private Function section
  15. def _get_translation(self, cr, lang, text):
  16. context = {'lang': lang}
  17. return _(text)
  18. def _send_email_passkey(self, cr, user_id, user_agent_env):
  19. """ Send a email to the admin of the system and / or the user
  20. to inform passkey use """
  21. mails = []
  22. mail_obj = self.pool['mail.mail']
  23. icp_obj = self.pool['ir.config_parameter']
  24. admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
  25. login_user = self.browse(cr, SUPERUSER_ID, user_id)
  26. send_to_admin = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,
  27. 'auth_admin_passkey.send_to_admin', 'True'))
  28. send_to_user = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,
  29. 'auth_admin_passkey.send_to_user', 'True'))
  30. if send_to_admin and admin_user.email:
  31. mails.append({'email': admin_user.email, 'lang': admin_user.lang,})
  32. if send_to_user and login_user.email:
  33. mails.append({'email': login_user.email, 'lang': login_user.lang,})
  34. for mail in mails:
  35. subject = self._get_translation(cr, mail['lang'], _('Passkey used'))
  36. body = self._get_translation(cr, mail['lang'],
  37. _("""Admin user used his passkey to login with '%s'.\n\n"""\
  38. """\n\nTechnicals informations belows : \n\n"""\
  39. """- Login date : %s\n\n""")) %(login_user.login,
  40. datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
  41. for k, v in user_agent_env.iteritems():
  42. body +=("- %s : %s\n\n") % (k, v)
  43. mail_obj.create(cr, SUPERUSER_ID, {
  44. 'email_to': mail['email'],
  45. 'subject': subject,
  46. 'body_html': '<pre>%s</pre>' % body})
  47. def _send_email_same_password(self, cr, login_user):
  48. """ Send a email to the admin user to inform that another user has the
  49. same password as him"""
  50. mail_obj = self.pool['mail.mail']
  51. admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
  52. if admin_user.email:
  53. mail_obj.create(cr, SUPERUSER_ID, {
  54. 'email_to': admin_user.email,
  55. 'subject': self._get_translation(cr, admin_user.lang,
  56. _('[WARNING] OpenERP Security Risk')),
  57. 'body_html': self._get_translation(cr, admin_user.lang,
  58. _("""<pre>User with login '%s' has the same """\
  59. """password as you.</pre>""")) %(login_user),
  60. })
  61. ### Overload Section
  62. def authenticate(self, db, login, password, user_agent_env):
  63. """ Authenticate the user 'login' is password is ok or if
  64. is admin password. In the second case, send mail to user and admin."""
  65. user_id = super(res_users, self).authenticate(db, login, password,\
  66. user_agent_env)
  67. if user_id != SUPERUSER_ID:
  68. same_password = False
  69. cr = pooler.get_db(db).cursor()
  70. try:
  71. # directly use parent 'check_credentials' function
  72. # to really know if credentials are ok or if it was admin password
  73. super(res_users, self).check_credentials(cr, SUPERUSER_ID, password)
  74. try:
  75. # Test now if the user has the same password as admin user
  76. super(res_users, self).check_credentials(cr, user_id, password)
  77. same_password = True
  78. except exceptions.AccessDenied:
  79. pass
  80. if not same_password:
  81. self._send_email_passkey(cr, user_id, user_agent_env)
  82. else:
  83. self._send_email_same_password(cr, login)
  84. cr.commit()
  85. except exceptions.AccessDenied:
  86. pass
  87. finally:
  88. cr.close()
  89. return user_id
  90. def check_credentials(self, cr, uid, password):
  91. """ Return now True if credentials are good OR if password is admin
  92. password"""
  93. if uid != SUPERUSER_ID:
  94. try:
  95. self.check_credentials(cr, SUPERUSER_ID, password)
  96. return True
  97. except exceptions.AccessDenied:
  98. return super(res_users, self).check_credentials(cr, uid, password)
  99. else:
  100. return super(res_users, self).check_credentials(cr, uid, password)