OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1140 Commits
13 Branches
0 Tags
45 MiB
Tree: 791489eb6d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '791489eb6d'
${ noResults }
server-tools/password_security/controllers/main.py

93 lines
3.1 KiB
Raw Normal View History

[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
  1. # -*- coding: utf-8 -*-
  2. # Copyright 2015 LasLabs Inc.
  3. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
  5. import operator
  7. from openerp import http
  8. from openerp.http import request
  9. from openerp.addons.auth_signup.controllers.main import AuthSignupHome
  10. from openerp.addons.web.controllers.main import ensure_db, Session
  12. from ..exceptions import PassError
  15. class PasswordSecuritySession(Session):
  17. @http.route()
  18. def change_password(self, fields):
  19. new_password = operator.itemgetter('new_password')(
  20. dict(map(operator.itemgetter('name', 'value'), fields))
  21. )
  22. user_id = request.env.user
  23. user_id.check_password(new_password)
  24. return super(PasswordSecuritySession, self).change_password(fields)
  27. class PasswordSecurityHome(AuthSignupHome):
  29. def do_signup(self, qcontext):
  30. password = qcontext.get('password')
  31. user_id = request.env.user
  32. user_id.check_password(password)
  33. return super(PasswordSecurityHome, self).do_signup(qcontext)
  35. @http.route()
  36. def web_login(self, *args, **kw):
  37. ensure_db()
  38. response = super(PasswordSecurityHome, self).web_login(*args, **kw)
  39. if not request.httprequest.method == 'POST':
  40. return response
  41. uid = request.session.authenticate(
  42. request.session.db,
  43. request.params['login'],
  44. request.params['password']
  45. )
  46. if not uid:
  47. return response
  48. users_obj = request.env['res.users'].sudo()
  49. user_id = users_obj.browse(request.uid)
  50. if not user_id._password_has_expired():
  51. return response
  52. user_id.action_expire_password()
  53. redirect = user_id.partner_id.signup_url
  54. return http.redirect_with_hash(redirect)
  56. @http.route()
  57. def web_auth_signup(self, *args, **kw):
  58. try:
  59. return super(PasswordSecurityHome, self).web_auth_signup(
  60. *args, **kw
  61. )
  62. except PassError as e:
  63. qcontext = self.get_auth_signup_qcontext()
  64. qcontext['error'] = e.message
  65. return request.render('auth_signup.signup', qcontext)
  67. @http.route()
  68. def web_auth_reset_password(self, *args, **kw):
  69. """ It provides hook to disallow front-facing resets inside of min
  70. Unfortuantely had to reimplement some core logic here because of
  71. nested logic in parent
  72. """
  73. qcontext = self.get_auth_signup_qcontext()
  74. if (
  75. request.httprequest.method == 'POST' and
  76. qcontext.get('login') and
  77. 'error' not in qcontext and
  78. 'token' not in qcontext
  79. ):
  80. login = qcontext.get('login')
  81. user_ids = request.env.sudo().search(
  82. [('login', '=', login)],
  83. limit=1,
  84. )
  85. if not user_ids:
  86. user_ids = request.env.sudo().search(
  87. [('email', '=', login)],
  88. limit=1,
  89. )
  90. user_ids._validate_pass_reset()
  91. return super(PasswordSecurityHome, self).web_auth_reset_password(
  92. *args, **kw
  93. )