diff --git a/auth_admin_passkey/__init__.py b/auth_admin_passkey/__init__.py
new file mode 100644
index 000000000..088e71f64
--- /dev/null
+++ b/auth_admin_passkey/__init__.py
@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+##############################################################################
+#
+# Admin Passkey module for OpenERP
+# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
+# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
+##############################################################################
+
+from . import model
diff --git a/auth_admin_passkey/__openerp__.py b/auth_admin_passkey/__openerp__.py
new file mode 100644
index 000000000..86ee3aae3
--- /dev/null
+++ b/auth_admin_passkey/__openerp__.py
@@ -0,0 +1,66 @@
+# -*- encoding: utf-8 -*-
+##############################################################################
+#
+# Admin Passkey module for OpenERP
+# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
+# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
+##############################################################################
+
+{
+ 'name': 'Authentification - Admin Passkey',
+ 'version': '2.1',
+ 'category': 'base',
+ 'description': """
+Admin password become a passkey for all active logins
+=====================================================
+
+Functionality :
+---------------
+ * Administrator has now the possibility to login in with any login;
+ * By default, OpenERP will send a mail to user and admin to indicate them;
+ * If a user and the admin have the same password, admin will be informed;
+
+Technical information :
+-----------------------
+ * Create two ir_config_parameter to enable / disable mail sending;
+
+Copyright, Author and Licence :
+-------------------------------
+ * Copyright : 2014, Groupement Régional Alimentaire de Proximité;
+ * Author : Sylvain LE GAL (https://twitter.com/legalsylvain);
+ * Licence : AGPL-3 (http://www.gnu.org/licenses/)
+ """,
+ 'author': 'GRAP',
+ 'website': 'http://www.grap.coop',
+ 'license': 'AGPL-3',
+ 'depends': [
+ 'mail',
+ ],
+ 'data': [
+ 'data/ir_config_parameter.xml',
+ 'view/res_config_view.xml',
+ ],
+ 'demo': [],
+ 'js': [],
+ 'css': [],
+ 'qweb': [],
+ 'images': [],
+ 'post_load': '',
+ 'application': False,
+ 'installable': True,
+ 'auto_install': False,
+}
diff --git a/auth_admin_passkey/data/ir_config_parameter.xml b/auth_admin_passkey/data/ir_config_parameter.xml
new file mode 100644
index 000000000..7c7f3625d
--- /dev/null
+++ b/auth_admin_passkey/data/ir_config_parameter.xml
@@ -0,0 +1,34 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ auth_admin_passkey.send_to_admin
+ True
+
+
+
+ auth_admin_passkey.send_to_user
+ True
+
+
+
+
diff --git a/auth_admin_passkey/i18n/auth_admin_passkey.pot b/auth_admin_passkey/i18n/auth_admin_passkey.pot
new file mode 100644
index 000000000..04b30e9a5
--- /dev/null
+++ b/auth_admin_passkey/i18n/auth_admin_passkey.pot
@@ -0,0 +1,101 @@
+##############################################################################
+#
+# Admin Passkey module for OpenERP
+# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
+# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
+##############################################################################
+# Translation of OpenERP Server.
+# This file contains the translation of the following modules:
+# * auth_admin_passkey
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: OpenERP Server 7.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2014-03-23 20:41+0000\n"
+"PO-Revision-Date: 2014-03-23 20:41+0000\n"
+"Last-Translator: <>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_admin_passkey
+#: code:addons/auth_admin_passkey/model/res_users.py:66
+#, python-format
+msgid "
User with login '%s' has the same password as you.
"
+msgstr ""
+
+#. module: auth_admin_passkey
+#: code:addons/auth_admin_passkey/model/res_users.py:44
+#, python-format
+msgid "Admin user used his passkey to login with '%s'.\n"
+"\n"
+"\n"
+"\n"
+"Technicals informations belows : \n"
+"\n"
+"- Login date : %s\n"
+"\n"
+""
+msgstr ""
+
+#. module: auth_admin_passkey
+#: view:base.config.settings:0
+msgid "Passkey"
+msgstr ""
+
+#. module: auth_admin_passkey
+#: code:addons/auth_admin_passkey/model/res_users.py:42
+#, python-format
+msgid "Passkey used"
+msgstr ""
+
+#. module: auth_admin_passkey
+#: field:base.config.settings,auth_admin_passkey_send_to_admin:0
+msgid "Send email to admin user."
+msgstr ""
+
+#. module: auth_admin_passkey
+#: field:base.config.settings,auth_admin_passkey_send_to_user:0
+msgid "Send email to user."
+msgstr ""
+
+#. module: auth_admin_passkey
+#: code:_description:0
+#: model:ir.model,name:auth_admin_passkey.model_res_users
+#, python-format
+msgid "Users"
+msgstr ""
+
+#. module: auth_admin_passkey
+#: help:base.config.settings,auth_admin_passkey_send_to_user:0
+msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the account user."
+msgstr ""
+
+#. module: auth_admin_passkey
+#: help:base.config.settings,auth_admin_passkey_send_to_admin:0
+msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the admin user."
+msgstr ""
+
+#. module: auth_admin_passkey
+#: code:addons/auth_admin_passkey/model/res_users.py:64
+#, python-format
+msgid "[WARNING] OpenERP Security Risk"
+msgstr ""
+
diff --git a/auth_admin_passkey/i18n/fr.po b/auth_admin_passkey/i18n/fr.po
new file mode 100644
index 000000000..67d137867
--- /dev/null
+++ b/auth_admin_passkey/i18n/fr.po
@@ -0,0 +1,108 @@
+##############################################################################
+#
+# Admin Passkey module for OpenERP
+# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
+# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
+##############################################################################
+# Translation of OpenERP Server.
+# This file contains the translation of the following modules:
+# * auth_admin_passkey
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: OpenERP Server 7.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2014-03-23 20:38+0000\n"
+"PO-Revision-Date: 2014-03-23 20:38+0000\n"
+"Last-Translator: <>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_admin_passkey
+#: code:addons/auth_admin_passkey/model/res_users.py:66
+#, python-format
+msgid "
User with login '%s' has the same password as you.
"
+msgstr "
L'utilisateur dont l'identifiant est '%s' a le même mot de passe que vous.
"
+
+#. module: auth_admin_passkey
+#: code:addons/auth_admin_passkey/model/res_users.py:44
+#, python-format
+msgid "Admin user used his passkey to login with '%s'.\n"
+"\n"
+"\n"
+"\n"
+"Technicals informations belows : \n"
+"\n"
+"- Login date : %s\n"
+"\n"
+""
+msgstr "L'administrateur a utilisé son mot de passe \"bris de glace\" pour s'identifier avec l'identifiant '%s'.\n"
+"\n"
+"\n"
+"\n"
+"Informations techniques ci-dessous : \n"
+"\n"
+"- Date d'authentification : %s\n"
+"\n"
+""
+
+#. module: auth_admin_passkey
+#: view:base.config.settings:0
+msgid "Passkey"
+msgstr "Mot de passe \"bris de glace\""
+
+#. module: auth_admin_passkey
+#: code:addons/auth_admin_passkey/model/res_users.py:42
+#, python-format
+msgid "Passkey used"
+msgstr "Mot de passe \"bris de glace\" utilisé"
+
+#. module: auth_admin_passkey
+#: field:base.config.settings,auth_admin_passkey_send_to_admin:0
+msgid "Send email to admin user."
+msgstr "Envoyer un email à l'administrateur."
+
+#. module: auth_admin_passkey
+#: field:base.config.settings,auth_admin_passkey_send_to_user:0
+msgid "Send email to user."
+msgstr "Envoyer un email à l'utilisateur."
+
+#. module: auth_admin_passkey
+#: code:_description:0
+#: model:ir.model,name:auth_admin_passkey.model_res_users
+#, python-format
+msgid "Users"
+msgstr "Utilisateurs"
+
+#. module: auth_admin_passkey
+#: help:base.config.settings,auth_admin_passkey_send_to_user:0
+msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the account user."
+msgstr "Quand l'administrateur utilise son mot de passe pour s'authentifier avec un compte différent, OpenERP lui enverra un mail."
+
+#. module: auth_admin_passkey
+#: help:base.config.settings,auth_admin_passkey_send_to_admin:0
+msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the admin user."
+msgstr "Quand l'administrateur utilise son mot de passe pour s'authentifier avec un compte différent, OpenERP enverra un mail à l'utilisateur."
+
+#. module: auth_admin_passkey
+#: code:addons/auth_admin_passkey/model/res_users.py:64
+#, python-format
+msgid "[WARNING] OpenERP Security Risk"
+msgstr "[WARNING] Faille de sécurité sur OpenERP"
diff --git a/auth_admin_passkey/model/__init__.py b/auth_admin_passkey/model/__init__.py
new file mode 100644
index 000000000..60c3790aa
--- /dev/null
+++ b/auth_admin_passkey/model/__init__.py
@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+##############################################################################
+#
+# Admin Passkey module for OpenERP
+# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
+# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
+##############################################################################
+
+from . import res_config
+from . import res_users
diff --git a/auth_admin_passkey/model/res_config.py b/auth_admin_passkey/model/res_config.py
new file mode 100644
index 000000000..11c7fa083
--- /dev/null
+++ b/auth_admin_passkey/model/res_config.py
@@ -0,0 +1,76 @@
+# -*- encoding: utf-8 -*-
+##############################################################################
+#
+# Admin Passkey module for OpenERP
+# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
+# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
+##############################################################################
+
+from openerp.osv import fields
+from openerp.osv.orm import TransientModel
+from openerp.tools.safe_eval import safe_eval
+
+
+class base_config_settings(TransientModel):
+ _inherit = 'base.config.settings'
+
+ # Getter / Setter Section
+ def get_default_auth_admin_passkey_send_to_admin(
+ self, cr, uid, ids, context=None):
+ icp = self.pool['ir.config_parameter']
+ return {
+ 'auth_admin_passkey_send_to_admin': safe_eval(icp.get_param(
+ cr, uid, 'auth_admin_passkey.send_to_admin', 'True')),
+ }
+
+ def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None):
+ config = self.browse(cr, uid, ids[0], context=context)
+ icp = self.pool['ir.config_parameter']
+ icp.set_param(
+ cr, uid, 'auth_admin_passkey.send_to_admin',
+ repr(config.auth_admin_passkey_send_to_admin))
+
+ def get_default_auth_admin_passkey_send_to_user(
+ self, cr, uid, ids, context=None):
+ icp = self.pool['ir.config_parameter']
+ return {
+ 'auth_admin_passkey_send_to_user': safe_eval(icp.get_param(
+ cr, uid, 'auth_admin_passkey.send_to_user', 'True')),
+ }
+
+ def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None):
+ config = self.browse(cr, uid, ids[0], context=context)
+ icp = self.pool['ir.config_parameter']
+ icp.set_param(
+ cr, uid, 'auth_admin_passkey.send_to_user',
+ repr(config.auth_admin_passkey_send_to_user))
+
+ # Columns Section
+ _columns = {
+ 'auth_admin_passkey_send_to_admin': fields.boolean(
+ 'Send email to admin user.',
+ help="""When the administrator use his password to login in """
+ """with a different account, OpenERP will send an email """
+ """to the admin user.""",
+ ),
+ 'auth_admin_passkey_send_to_user': fields.boolean(
+ string='Send email to user.',
+ help="""When the administrator use his password to login in """
+ """with a different account, OpenERP will send an email """
+ """to the account user.""",
+ ),
+ }
diff --git a/auth_admin_passkey/model/res_users.py b/auth_admin_passkey/model/res_users.py
new file mode 100644
index 000000000..f41554e9e
--- /dev/null
+++ b/auth_admin_passkey/model/res_users.py
@@ -0,0 +1,137 @@
+# -*- encoding: utf-8 -*-
+##############################################################################
+#
+# Admin Passkey module for OpenERP
+# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
+# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
+##############################################################################
+
+import datetime
+
+from openerp import SUPERUSER_ID
+from openerp import pooler
+from openerp import exceptions
+from openerp.osv.orm import Model
+from openerp.tools.translate import _
+from openerp.tools.safe_eval import safe_eval
+
+
+class res_users(Model):
+ _inherit = "res.users"
+
+ # Private Function section
+ def _get_translation(self, cr, lang, text):
+ context = {'lang': lang}
+ return _(text)
+
+ def _send_email_passkey(self, cr, user_id, user_agent_env):
+ """ Send a email to the admin of the system and / or the user
+ to inform passkey use."""
+ mails = []
+ mail_obj = self.pool['mail.mail']
+ icp_obj = self.pool['ir.config_parameter']
+ admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
+ login_user = self.browse(cr, SUPERUSER_ID, user_id)
+ send_to_admin = safe_eval(icp_obj.get_param(
+ cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_admin', 'True'))
+ send_to_user = safe_eval(icp_obj.get_param(
+ cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_user', 'True'))
+
+ if send_to_admin and admin_user.email:
+ mails.append({'email': admin_user.email, 'lang': admin_user.lang})
+ if send_to_user and login_user.email:
+ mails.append({'email': login_user.email, 'lang': login_user.lang})
+
+ for mail in mails:
+ subject = self._get_translation(
+ cr, mail['lang'], _('Passkey used'))
+ body = self._get_translation(
+ cr, mail['lang'],
+ _("""Admin user used his passkey to login with '%s'.\n\n"""
+ """\n\nTechnicals informations belows : \n\n"""
+ """- Login date : %s\n\n""")) % (
+ login_user.login,
+ datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
+ for k, v in user_agent_env.iteritems():
+ body += ("- %s : %s\n\n") % (k, v)
+ mail_obj.create(
+ cr, SUPERUSER_ID, {
+ 'email_to': mail['email'],
+ 'subject': subject,
+ 'body_html': '
%s
' % body})
+
+ def _send_email_same_password(self, cr, login_user):
+ """ Send a email to the admin user to inform that another user has the
+ same password as him."""
+ mail_obj = self.pool['mail.mail']
+ admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
+ if admin_user.email:
+ mail_obj.create(cr, SUPERUSER_ID, {
+ 'email_to': admin_user.email,
+ 'subject': self._get_translation(
+ cr, admin_user.lang, _('[WARNING] OpenERP Security Risk')),
+ 'body_html': self._get_translation(
+ cr, admin_user.lang, _(
+ """
User with login '%s' has the same """
+ """password as you.
""")) % (login_user),
+ })
+
+ # Overload Section
+ def authenticate(self, db, login, password, user_agent_env):
+ """ Authenticate the user 'login' is password is ok or if
+ is admin password. In the second case, send mail to user and admin."""
+ user_id = super(res_users, self).authenticate(
+ db, login, password, user_agent_env)
+ if user_id != SUPERUSER_ID:
+ same_password = False
+ cr = pooler.get_db(db).cursor()
+ try:
+ # directly use parent 'check_credentials' function
+ # to really know if credentials are ok
+ # or if it was admin password
+ super(res_users, self).check_credentials(
+ cr, SUPERUSER_ID, password)
+ try:
+ # Test now if the user has the same password as admin user
+ super(res_users, self).check_credentials(
+ cr, user_id, password)
+ same_password = True
+ except exceptions.AccessDenied:
+ pass
+ if not same_password:
+ self._send_email_passkey(cr, user_id, user_agent_env)
+ else:
+ self._send_email_same_password(cr, login)
+ cr.commit()
+ except exceptions.AccessDenied:
+ pass
+ finally:
+ cr.close()
+ return user_id
+
+ def check_credentials(self, cr, uid, password):
+ """ Return now True if credentials are good OR if password is admin
+password."""
+ if uid != SUPERUSER_ID:
+ try:
+ super(res_users, self).check_credentials(
+ cr, uid, password)
+ return True
+ except exceptions.AccessDenied:
+ return self.check_credentials(cr, SUPERUSER_ID, password)
+ else:
+ return super(res_users, self).check_credentials(cr, uid, password)
diff --git a/auth_admin_passkey/static/src/img/icon.png b/auth_admin_passkey/static/src/img/icon.png
new file mode 100644
index 000000000..490879d9f
Binary files /dev/null and b/auth_admin_passkey/static/src/img/icon.png differ
diff --git a/auth_admin_passkey/view/res_config_view.xml b/auth_admin_passkey/view/res_config_view.xml
new file mode 100644
index 000000000..990729705
--- /dev/null
+++ b/auth_admin_passkey/view/res_config_view.xml
@@ -0,0 +1,47 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ base.config.settings.view
+ base.config.settings
+
+
+
+
+
+