You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

98 lines
3.5 KiB

  1. # -*- coding: utf-8 -*-
  2. # Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
  3. # @author Sylvain LE GAL (https://twitter.com/legalsylvain)
  4. # License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html
  5. import datetime
  6. from odoo import SUPERUSER_ID, _, api, exceptions, models
  7. from odoo.tools.safe_eval import safe_eval
  8. class ResUsers(models.Model):
  9. _inherit = "res.users"
  10. @api.model
  11. def _send_email_passkey(self, user_id):
  12. """ Send a email to the admin of the system and / or the user
  13. to inform passkey use."""
  14. mail_obj = self.env['mail.mail'].sudo()
  15. icp_obj = self.env['ir.config_parameter']
  16. admin_user = self.browse(SUPERUSER_ID)
  17. login_user = self.browse(user_id)
  18. send_to_admin = safe_eval(
  19. icp_obj.get_param('auth_admin_passkey.send_to_admin')
  20. )
  21. send_to_user = safe_eval(
  22. icp_obj.get_param('auth_admin_passkey.send_to_user')
  23. )
  24. mails = []
  25. if send_to_admin and admin_user.email:
  26. mails.append({'email': admin_user.email, 'lang': admin_user.lang})
  27. if send_to_user and login_user.email:
  28. mails.append({'email': login_user.email, 'lang': login_user.lang})
  29. for mail in mails:
  30. subject = _('Passkey used')
  31. body = _(
  32. "Admin user used his passkey to login with '%s'.\n\n"
  33. "\n\nTechnicals informations belows : \n\n"
  34. "- Login date : %s\n\n"
  35. ) % (login_user.login,
  36. datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
  37. mail_obj.create({
  38. 'email_to': mail['email'],
  39. 'subject': subject,
  40. 'body_html': '<pre>%s</pre>' % body
  41. })
  42. @api.model
  43. def _send_email_same_password(self, login):
  44. """ Send an email to the admin user to inform that
  45. another user has the same password as him."""
  46. mail_obj = self.env['mail.mail'].sudo()
  47. admin_user = self.sudo().browse(SUPERUSER_ID)
  48. if admin_user.email:
  49. mail_obj.create({
  50. 'email_to': admin_user.email,
  51. 'subject': _('[WARNING] Odoo Security Risk'),
  52. 'body_html':
  53. _("<pre>User with login '%s' has the same "
  54. "password as you.</pre>") % (login),
  55. })
  56. @api.model
  57. def check_credentials(self, password):
  58. """ Despite using @api.model decorator, this method
  59. is always called by a res.users record"""
  60. try:
  61. super(ResUsers, self).check_credentials(password)
  62. # If credentials are ok, try to log with user password as admin
  63. # user and send email if they are equal
  64. if self._uid != SUPERUSER_ID:
  65. try:
  66. super(ResUsers, self).sudo().check_credentials(password)
  67. self._send_email_same_password(self.login)
  68. except exceptions.AccessDenied:
  69. pass
  70. except exceptions.AccessDenied:
  71. if self._uid == SUPERUSER_ID:
  72. raise
  73. # Just be sure that parent methods aren't wrong
  74. user = self.sudo().search([('id', '=', self._uid)])
  75. if not user:
  76. raise
  77. # Our user isn't using its own password, check if its admin one
  78. try:
  79. super(ResUsers, self).sudo().check_credentials(password)
  80. self._send_email_passkey(self._uid)
  81. except exceptions.AccessDenied:
  82. raise