Browse Source

[ADD] auth_admin_passkey that allows admin user (uid=1) to login with

any login and his password
pull/2/head
unknown 11 years ago
committed by Holger Brunn
parent
commit
39ab95acd9
  1. 23
      auth_admin_passkey/__init__.py
  2. 66
      auth_admin_passkey/__openerp__.py
  3. 34
      auth_admin_passkey/data/ir_config_parameter.xml
  4. 101
      auth_admin_passkey/i18n/auth_admin_passkey.pot
  5. 108
      auth_admin_passkey/i18n/fr.po
  6. 24
      auth_admin_passkey/model/__init__.py
  7. 76
      auth_admin_passkey/model/res_config.py
  8. 137
      auth_admin_passkey/model/res_users.py
  9. BIN
      auth_admin_passkey/static/src/img/icon.png
  10. 47
      auth_admin_passkey/view/res_config_view.xml

23
auth_admin_passkey/__init__.py

@ -0,0 +1,23 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
from . import model

66
auth_admin_passkey/__openerp__.py

@ -0,0 +1,66 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
{
'name': 'Authentification - Admin Passkey',
'version': '2.1',
'category': 'base',
'description': """
Admin password become a passkey for all active logins
=====================================================
Functionality :
---------------
* Administrator has now the possibility to login in with any login;
* By default, OpenERP will send a mail to user and admin to indicate them;
* If a user and the admin have the same password, admin will be informed;
Technical information :
-----------------------
* Create two ir_config_parameter to enable / disable mail sending;
Copyright, Author and Licence :
-------------------------------
* Copyright : 2014, Groupement Régional Alimentaire de Proximité;
* Author : Sylvain LE GAL (https://twitter.com/legalsylvain);
* Licence : AGPL-3 (http://www.gnu.org/licenses/)
""",
'author': 'GRAP',
'website': 'http://www.grap.coop',
'license': 'AGPL-3',
'depends': [
'mail',
],
'data': [
'data/ir_config_parameter.xml',
'view/res_config_view.xml',
],
'demo': [],
'js': [],
'css': [],
'qweb': [],
'images': [],
'post_load': '',
'application': False,
'installable': True,
'auto_install': False,
}

34
auth_admin_passkey/data/ir_config_parameter.xml

@ -0,0 +1,34 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- ********************************************************************** -->
<!--Admin Passkey module for OpenERP -->
<!--Copyright (C) 2013-2014 GRAP (http://www.grap.coop) -->
<!--@author Sylvain LE GAL (https://twitter.com/legalsylvain) -->
<!--This program is free software: you can redistribute it and/or modify -->
<!--it under the terms of the GNU Affero General Public License as -->
<!--published by the Free Software Foundation, either version 3 of the -->
<!--License, or (at your option) any later version. -->
<!--This program is distributed in the hope that it will be useful, -->
<!--but WITHOUT ANY WARRANTY; without even the implied warranty of -->
<!--MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -->
<!--GNU Affero General Public License for more details. -->
<!--You should have received a copy of the GNU Affero General Public License-->
<!--along with this program. If not, see <http://www.gnu.org/licenses/>. -->
<!-- ********************************************************************** -->
<openerp>
<data noupdate="1">
<record id="send_to_admin" model="ir.config_parameter">
<field name="key">auth_admin_passkey.send_to_admin</field>
<field name="value">True</field>
</record>
<record id="send_to_user" model="ir.config_parameter">
<field name="key">auth_admin_passkey.send_to_user</field>
<field name="value">True</field>
</record>
</data>
</openerp>

101
auth_admin_passkey/i18n/auth_admin_passkey.pot

@ -0,0 +1,101 @@
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# Translation of OpenERP Server.
# This file contains the translation of the following modules:
# * auth_admin_passkey
#
msgid ""
msgstr ""
"Project-Id-Version: OpenERP Server 7.0\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2014-03-23 20:41+0000\n"
"PO-Revision-Date: 2014-03-23 20:41+0000\n"
"Last-Translator: <>\n"
"Language-Team: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: \n"
"Plural-Forms: \n"
#. module: auth_admin_passkey
#: code:addons/auth_admin_passkey/model/res_users.py:66
#, python-format
msgid "<pre>User with login '%s' has the same password as you.</pre>"
msgstr ""
#. module: auth_admin_passkey
#: code:addons/auth_admin_passkey/model/res_users.py:44
#, python-format
msgid "Admin user used his passkey to login with '%s'.\n"
"\n"
"\n"
"\n"
"Technicals informations belows : \n"
"\n"
"- Login date : %s\n"
"\n"
""
msgstr ""
#. module: auth_admin_passkey
#: view:base.config.settings:0
msgid "Passkey"
msgstr ""
#. module: auth_admin_passkey
#: code:addons/auth_admin_passkey/model/res_users.py:42
#, python-format
msgid "Passkey used"
msgstr ""
#. module: auth_admin_passkey
#: field:base.config.settings,auth_admin_passkey_send_to_admin:0
msgid "Send email to admin user."
msgstr ""
#. module: auth_admin_passkey
#: field:base.config.settings,auth_admin_passkey_send_to_user:0
msgid "Send email to user."
msgstr ""
#. module: auth_admin_passkey
#: code:_description:0
#: model:ir.model,name:auth_admin_passkey.model_res_users
#, python-format
msgid "Users"
msgstr ""
#. module: auth_admin_passkey
#: help:base.config.settings,auth_admin_passkey_send_to_user:0
msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the account user."
msgstr ""
#. module: auth_admin_passkey
#: help:base.config.settings,auth_admin_passkey_send_to_admin:0
msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the admin user."
msgstr ""
#. module: auth_admin_passkey
#: code:addons/auth_admin_passkey/model/res_users.py:64
#, python-format
msgid "[WARNING] OpenERP Security Risk"
msgstr ""

108
auth_admin_passkey/i18n/fr.po

@ -0,0 +1,108 @@
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# Translation of OpenERP Server.
# This file contains the translation of the following modules:
# * auth_admin_passkey
#
msgid ""
msgstr ""
"Project-Id-Version: OpenERP Server 7.0\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2014-03-23 20:38+0000\n"
"PO-Revision-Date: 2014-03-23 20:38+0000\n"
"Last-Translator: <>\n"
"Language-Team: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: \n"
"Plural-Forms: \n"
#. module: auth_admin_passkey
#: code:addons/auth_admin_passkey/model/res_users.py:66
#, python-format
msgid "<pre>User with login '%s' has the same password as you.</pre>"
msgstr "<pre>L'utilisateur dont l'identifiant est '%s' a le même mot de passe que vous.</pre>"
#. module: auth_admin_passkey
#: code:addons/auth_admin_passkey/model/res_users.py:44
#, python-format
msgid "Admin user used his passkey to login with '%s'.\n"
"\n"
"\n"
"\n"
"Technicals informations belows : \n"
"\n"
"- Login date : %s\n"
"\n"
""
msgstr "L'administrateur a utilisé son mot de passe \"bris de glace\" pour s'identifier avec l'identifiant '%s'.\n"
"\n"
"\n"
"\n"
"Informations techniques ci-dessous : \n"
"\n"
"- Date d'authentification : %s\n"
"\n"
""
#. module: auth_admin_passkey
#: view:base.config.settings:0
msgid "Passkey"
msgstr "Mot de passe \"bris de glace\""
#. module: auth_admin_passkey
#: code:addons/auth_admin_passkey/model/res_users.py:42
#, python-format
msgid "Passkey used"
msgstr "Mot de passe \"bris de glace\" utilisé"
#. module: auth_admin_passkey
#: field:base.config.settings,auth_admin_passkey_send_to_admin:0
msgid "Send email to admin user."
msgstr "Envoyer un email à l'administrateur."
#. module: auth_admin_passkey
#: field:base.config.settings,auth_admin_passkey_send_to_user:0
msgid "Send email to user."
msgstr "Envoyer un email à l'utilisateur."
#. module: auth_admin_passkey
#: code:_description:0
#: model:ir.model,name:auth_admin_passkey.model_res_users
#, python-format
msgid "Users"
msgstr "Utilisateurs"
#. module: auth_admin_passkey
#: help:base.config.settings,auth_admin_passkey_send_to_user:0
msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the account user."
msgstr "Quand l'administrateur utilise son mot de passe pour s'authentifier avec un compte différent, OpenERP lui enverra un mail."
#. module: auth_admin_passkey
#: help:base.config.settings,auth_admin_passkey_send_to_admin:0
msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the admin user."
msgstr "Quand l'administrateur utilise son mot de passe pour s'authentifier avec un compte différent, OpenERP enverra un mail à l'utilisateur."
#. module: auth_admin_passkey
#: code:addons/auth_admin_passkey/model/res_users.py:64
#, python-format
msgid "[WARNING] OpenERP Security Risk"
msgstr "[WARNING] Faille de sécurité sur OpenERP"

24
auth_admin_passkey/model/__init__.py

@ -0,0 +1,24 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
from . import res_config
from . import res_users

76
auth_admin_passkey/model/res_config.py

@ -0,0 +1,76 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
from openerp.osv import fields
from openerp.osv.orm import TransientModel
from openerp.tools.safe_eval import safe_eval
class base_config_settings(TransientModel):
_inherit = 'base.config.settings'
# Getter / Setter Section
def get_default_auth_admin_passkey_send_to_admin(
self, cr, uid, ids, context=None):
icp = self.pool['ir.config_parameter']
return {
'auth_admin_passkey_send_to_admin': safe_eval(icp.get_param(
cr, uid, 'auth_admin_passkey.send_to_admin', 'True')),
}
def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None):
config = self.browse(cr, uid, ids[0], context=context)
icp = self.pool['ir.config_parameter']
icp.set_param(
cr, uid, 'auth_admin_passkey.send_to_admin',
repr(config.auth_admin_passkey_send_to_admin))
def get_default_auth_admin_passkey_send_to_user(
self, cr, uid, ids, context=None):
icp = self.pool['ir.config_parameter']
return {
'auth_admin_passkey_send_to_user': safe_eval(icp.get_param(
cr, uid, 'auth_admin_passkey.send_to_user', 'True')),
}
def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None):
config = self.browse(cr, uid, ids[0], context=context)
icp = self.pool['ir.config_parameter']
icp.set_param(
cr, uid, 'auth_admin_passkey.send_to_user',
repr(config.auth_admin_passkey_send_to_user))
# Columns Section
_columns = {
'auth_admin_passkey_send_to_admin': fields.boolean(
'Send email to admin user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the admin user.""",
),
'auth_admin_passkey_send_to_user': fields.boolean(
string='Send email to user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the account user.""",
),
}

137
auth_admin_passkey/model/res_users.py

@ -0,0 +1,137 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
import datetime
from openerp import SUPERUSER_ID
from openerp import pooler
from openerp import exceptions
from openerp.osv.orm import Model
from openerp.tools.translate import _
from openerp.tools.safe_eval import safe_eval
class res_users(Model):
_inherit = "res.users"
# Private Function section
def _get_translation(self, cr, lang, text):
context = {'lang': lang}
return _(text)
def _send_email_passkey(self, cr, user_id, user_agent_env):
""" Send a email to the admin of the system and / or the user
to inform passkey use."""
mails = []
mail_obj = self.pool['mail.mail']
icp_obj = self.pool['ir.config_parameter']
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
login_user = self.browse(cr, SUPERUSER_ID, user_id)
send_to_admin = safe_eval(icp_obj.get_param(
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_admin', 'True'))
send_to_user = safe_eval(icp_obj.get_param(
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_user', 'True'))
if send_to_admin and admin_user.email:
mails.append({'email': admin_user.email, 'lang': admin_user.lang})
if send_to_user and login_user.email:
mails.append({'email': login_user.email, 'lang': login_user.lang})
for mail in mails:
subject = self._get_translation(
cr, mail['lang'], _('Passkey used'))
body = self._get_translation(
cr, mail['lang'],
_("""Admin user used his passkey to login with '%s'.\n\n"""
"""\n\nTechnicals informations belows : \n\n"""
"""- Login date : %s\n\n""")) % (
login_user.login,
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
for k, v in user_agent_env.iteritems():
body += ("- %s : %s\n\n") % (k, v)
mail_obj.create(
cr, SUPERUSER_ID, {
'email_to': mail['email'],
'subject': subject,
'body_html': '<pre>%s</pre>' % body})
def _send_email_same_password(self, cr, login_user):
""" Send a email to the admin user to inform that another user has the
same password as him."""
mail_obj = self.pool['mail.mail']
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
if admin_user.email:
mail_obj.create(cr, SUPERUSER_ID, {
'email_to': admin_user.email,
'subject': self._get_translation(
cr, admin_user.lang, _('[WARNING] OpenERP Security Risk')),
'body_html': self._get_translation(
cr, admin_user.lang, _(
"""<pre>User with login '%s' has the same """
"""password as you.</pre>""")) % (login_user),
})
# Overload Section
def authenticate(self, db, login, password, user_agent_env):
""" Authenticate the user 'login' is password is ok or if
is admin password. In the second case, send mail to user and admin."""
user_id = super(res_users, self).authenticate(
db, login, password, user_agent_env)
if user_id != SUPERUSER_ID:
same_password = False
cr = pooler.get_db(db).cursor()
try:
# directly use parent 'check_credentials' function
# to really know if credentials are ok
# or if it was admin password
super(res_users, self).check_credentials(
cr, SUPERUSER_ID, password)
try:
# Test now if the user has the same password as admin user
super(res_users, self).check_credentials(
cr, user_id, password)
same_password = True
except exceptions.AccessDenied:
pass
if not same_password:
self._send_email_passkey(cr, user_id, user_agent_env)
else:
self._send_email_same_password(cr, login)
cr.commit()
except exceptions.AccessDenied:
pass
finally:
cr.close()
return user_id
def check_credentials(self, cr, uid, password):
""" Return now True if credentials are good OR if password is admin
password."""
if uid != SUPERUSER_ID:
try:
super(res_users, self).check_credentials(
cr, uid, password)
return True
except exceptions.AccessDenied:
return self.check_credentials(cr, SUPERUSER_ID, password)
else:
return super(res_users, self).check_credentials(cr, uid, password)

BIN
auth_admin_passkey/static/src/img/icon.png

After

Width: 128  |  Height: 128  |  Size: 4.0 KiB

47
auth_admin_passkey/view/res_config_view.xml

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- ********************************************************************** -->
<!--Admin Passkey module for OpenERP -->
<!--Copyright (C) 2013-2014 GRAP (http://www.grap.coop) -->
<!--@author Sylvain LE GAL (https://twitter.com/legalsylvain) -->
<!--This program is free software: you can redistribute it and/or modify -->
<!--it under the terms of the GNU Affero General Public License as -->
<!--published by the Free Software Foundation, either version 3 of the -->
<!--License, or (at your option) any later version. -->
<!--This program is distributed in the hope that it will be useful, -->
<!--but WITHOUT ANY WARRANTY; without even the implied warranty of -->
<!--MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -->
<!--GNU Affero General Public License for more details. -->
<!--You should have received a copy of the GNU Affero General Public License-->
<!--along with this program. If not, see <http://www.gnu.org/licenses/>. -->
<!-- ********************************************************************** -->
<openerp>
<data>
<record id="view_res_config_settings" model="ir.ui.view">
<field name="name">base.config.settings.view</field>
<field name="model">base.config.settings</field>
<field name="inherit_id" ref="base_setup.view_general_configuration"/>
<field name="arch" type="xml">
<xpath expr="//label[@string='Email']/.." position='after'>
<group>
<label for="id" string="Passkey"/>
<div>
<div>
<field name="auth_admin_passkey_send_to_admin" class="oe_inline"/>
<label for="auth_admin_passkey_send_to_admin"/>
</div>
<div>
<field name="auth_admin_passkey_send_to_user" class="oe_inline"/>
<label for="auth_admin_passkey_send_to_user"/>
</div>
</div>
</group>
</xpath>
</field>
</record>
</data>
</openerp>
Loading…
Cancel
Save