You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

95 lines
3.2 KiB

  1. # -*- coding: utf-8 -*-
  2. # Copyright 2015 LasLabs Inc.
  3. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
  4. import operator
  5. from openerp import http
  6. from openerp.http import request
  7. from openerp.addons.auth_signup.controllers.main import AuthSignupHome
  8. from openerp.addons.web.controllers.main import ensure_db, Session
  9. from ..exceptions import PassError
  10. class PasswordSecuritySession(Session):
  11. @http.route()
  12. def change_password(self, fields):
  13. new_password = operator.itemgetter('new_password')(
  14. dict(map(operator.itemgetter('name', 'value'), fields))
  15. )
  16. user_id = request.env.user
  17. user_id.check_password(new_password)
  18. return super(PasswordSecuritySession, self).change_password(fields)
  19. class PasswordSecurityHome(AuthSignupHome):
  20. def do_signup(self, qcontext):
  21. password = qcontext.get('password')
  22. user_id = request.env.user
  23. user_id.check_password(password)
  24. return super(PasswordSecurityHome, self).do_signup(qcontext)
  25. @http.route()
  26. def web_login(self, *args, **kw):
  27. ensure_db()
  28. response = super(PasswordSecurityHome, self).web_login(*args, **kw)
  29. login_success = request.params.get('login_success', True)
  30. if not request.httprequest.method == 'POST' or not login_success:
  31. return response
  32. uid = request.session.authenticate(
  33. request.session.db,
  34. request.params['login'],
  35. request.params['password']
  36. )
  37. if not uid:
  38. return response
  39. users_obj = request.env['res.users'].sudo()
  40. user_id = users_obj.browse(request.uid)
  41. if not user_id._password_has_expired():
  42. return response
  43. user_id.action_expire_password()
  44. request.session.logout(keep_db=True)
  45. redirect = user_id.partner_id.signup_url
  46. return http.redirect_with_hash(redirect)
  47. @http.route()
  48. def web_auth_signup(self, *args, **kw):
  49. try:
  50. return super(PasswordSecurityHome, self).web_auth_signup(
  51. *args, **kw
  52. )
  53. except PassError as e:
  54. qcontext = self.get_auth_signup_qcontext()
  55. qcontext['error'] = e.message
  56. return request.render('auth_signup.signup', qcontext)
  57. @http.route()
  58. def web_auth_reset_password(self, *args, **kw):
  59. """ It provides hook to disallow front-facing resets inside of min
  60. Unfortuantely had to reimplement some core logic here because of
  61. nested logic in parent
  62. """
  63. qcontext = self.get_auth_signup_qcontext()
  64. if (
  65. request.httprequest.method == 'POST' and
  66. qcontext.get('login') and
  67. 'error' not in qcontext and
  68. 'token' not in qcontext
  69. ):
  70. login = qcontext.get('login')
  71. user_ids = request.env.sudo().search(
  72. [('login', '=', login)],
  73. limit=1,
  74. )
  75. if not user_ids:
  76. user_ids = request.env.sudo().search(
  77. [('email', '=', login)],
  78. limit=1,
  79. )
  80. user_ids._validate_pass_reset()
  81. return super(PasswordSecurityHome, self).web_auth_reset_password(
  82. *args, **kw
  83. )