You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

94 lines
3.2 KiB

  1. # -*- coding: utf-8 -*-
  2. # Copyright 2015 LasLabs Inc.
  3. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
  4. import operator
  5. from openerp import http
  6. from openerp.http import request
  7. from openerp.addons.auth_signup.controllers.main import AuthSignupHome
  8. from openerp.addons.web.controllers.main import ensure_db, Session
  9. from ..exceptions import PassError
  10. class PasswordSecuritySession(Session):
  11. @http.route()
  12. def change_password(self, fields):
  13. new_password = operator.itemgetter('new_password')(
  14. dict(map(operator.itemgetter('name', 'value'), fields))
  15. )
  16. user_id = request.env.user
  17. user_id.check_password(new_password)
  18. return super(PasswordSecuritySession, self).change_password(fields)
  19. class PasswordSecurityHome(AuthSignupHome):
  20. def do_signup(self, qcontext):
  21. password = qcontext.get('password')
  22. user_id = request.env.user
  23. user_id.check_password(password)
  24. return super(PasswordSecurityHome, self).do_signup(qcontext)
  25. @http.route()
  26. def web_login(self, *args, **kw):
  27. ensure_db()
  28. response = super(PasswordSecurityHome, self).web_login(*args, **kw)
  29. if not request.httprequest.method == 'POST':
  30. return response
  31. uid = request.session.authenticate(
  32. request.session.db,
  33. request.params['login'],
  34. request.params['password']
  35. )
  36. if not uid:
  37. return response
  38. users_obj = request.env['res.users'].sudo()
  39. user_id = users_obj.browse(request.uid)
  40. if not user_id._password_has_expired():
  41. return response
  42. user_id.action_expire_password()
  43. request.session.logout(keep_db=True)
  44. redirect = user_id.partner_id.signup_url
  45. return http.redirect_with_hash(redirect)
  46. @http.route()
  47. def web_auth_signup(self, *args, **kw):
  48. try:
  49. return super(PasswordSecurityHome, self).web_auth_signup(
  50. *args, **kw
  51. )
  52. except PassError as e:
  53. qcontext = self.get_auth_signup_qcontext()
  54. qcontext['error'] = e.message
  55. return request.render('auth_signup.signup', qcontext)
  56. @http.route()
  57. def web_auth_reset_password(self, *args, **kw):
  58. """ It provides hook to disallow front-facing resets inside of min
  59. Unfortuantely had to reimplement some core logic here because of
  60. nested logic in parent
  61. """
  62. qcontext = self.get_auth_signup_qcontext()
  63. if (
  64. request.httprequest.method == 'POST' and
  65. qcontext.get('login') and
  66. 'error' not in qcontext and
  67. 'token' not in qcontext
  68. ):
  69. login = qcontext.get('login')
  70. user_ids = request.env.sudo().search(
  71. [('login', '=', login)],
  72. limit=1,
  73. )
  74. if not user_ids:
  75. user_ids = request.env.sudo().search(
  76. [('email', '=', login)],
  77. limit=1,
  78. )
  79. user_ids._validate_pass_reset()
  80. return super(PasswordSecurityHome, self).web_auth_reset_password(
  81. *args, **kw
  82. )