diff --git a/auth_admin_passkey/__openerp__.py b/auth_admin_passkey/__openerp__.py index 2586adad2..817ea5393 100644 --- a/auth_admin_passkey/__openerp__.py +++ b/auth_admin_passkey/__openerp__.py @@ -28,11 +28,11 @@ Admin password become a passkey for all active logins ===================================================== -Functionnality : ----------------- +Functionality : +--------------- * Administrator has now the possibility to login in with any login; * By default, OpenERP will send a mail to user and admin to indicate them; - * If a user has the same password as the admin, OpenERP will inform the admin; + * If a user and the admin has the same password, admin will be informed; Technical information : ----------------------- diff --git a/auth_admin_passkey/model/res_config.py b/auth_admin_passkey/model/res_config.py index 181c73444..11c7fa083 100644 --- a/auth_admin_passkey/model/res_config.py +++ b/auth_admin_passkey/model/res_config.py @@ -24,50 +24,53 @@ from openerp.osv import fields from openerp.osv.orm import TransientModel from openerp.tools.safe_eval import safe_eval + class base_config_settings(TransientModel): _inherit = 'base.config.settings' - ### Getter / Setter Section - def get_default_auth_admin_passkey_send_to_admin(self, cr, uid, ids, - context=None): + # Getter / Setter Section + def get_default_auth_admin_passkey_send_to_admin( + self, cr, uid, ids, context=None): icp = self.pool['ir.config_parameter'] return { - 'auth_admin_passkey_send_to_admin' : safe_eval(icp.get_param(cr, - uid, 'auth_admin_passkey.send_to_admin', 'True')), + 'auth_admin_passkey_send_to_admin': safe_eval(icp.get_param( + cr, uid, 'auth_admin_passkey.send_to_admin', 'True')), } def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None): config = self.browse(cr, uid, ids[0], context=context) icp = self.pool['ir.config_parameter'] - icp.set_param(cr, uid, 'auth_admin_passkey.send_to_admin', - repr(config.auth_admin_passkey_send_to_admin)) + icp.set_param( + cr, uid, 'auth_admin_passkey.send_to_admin', + repr(config.auth_admin_passkey_send_to_admin)) - def get_default_auth_admin_passkey_send_to_user(self, cr, uid, ids, - context=None): + def get_default_auth_admin_passkey_send_to_user( + self, cr, uid, ids, context=None): icp = self.pool['ir.config_parameter'] return { - 'auth_admin_passkey_send_to_user' : safe_eval(icp.get_param(cr, - uid, 'auth_admin_passkey.send_to_user', 'True')), + 'auth_admin_passkey_send_to_user': safe_eval(icp.get_param( + cr, uid, 'auth_admin_passkey.send_to_user', 'True')), } def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None): config = self.browse(cr, uid, ids[0], context=context) icp = self.pool['ir.config_parameter'] - icp.set_param(cr, uid, 'auth_admin_passkey.send_to_user', - repr(config.auth_admin_passkey_send_to_user)) + icp.set_param( + cr, uid, 'auth_admin_passkey.send_to_user', + repr(config.auth_admin_passkey_send_to_user)) - ### Columns Section + # Columns Section _columns = { 'auth_admin_passkey_send_to_admin': fields.boolean( - 'Send email to admin user.', - help="When the administrator use his password to login in "\ - "with a different account, OpenERP will send an email "\ - "to the admin user.", - ), + 'Send email to admin user.', + help="""When the administrator use his password to login in """ + """with a different account, OpenERP will send an email """ + """to the admin user.""", + ), 'auth_admin_passkey_send_to_user': fields.boolean( - string='Send email to user.', - help="When the administrator use his password to login in "\ - "with a different account, OpenERP will send an email "\ - "to the account user.", - ), + string='Send email to user.', + help="""When the administrator use his password to login in """ + """with a different account, OpenERP will send an email """ + """to the account user.""", + ), } diff --git a/auth_admin_passkey/model/res_users.py b/auth_admin_passkey/model/res_users.py index 2ce24b7d0..261f870bc 100644 --- a/auth_admin_passkey/model/res_users.py +++ b/auth_admin_passkey/model/res_users.py @@ -29,83 +29,92 @@ from openerp import exceptions from openerp.osv.orm import Model from openerp.tools.translate import _ + class res_users(Model): _inherit = "res.users" - ### Private Function section + # Private Function section def _get_translation(self, cr, lang, text): context = {'lang': lang} return _(text) - + def _send_email_passkey(self, cr, user_id, user_agent_env): - """ Send a email to the admin of the system and / or the user - to inform passkey use """ + """ Send a email to the admin of the system and / or the user + to inform passkey use.""" mails = [] mail_obj = self.pool['mail.mail'] icp_obj = self.pool['ir.config_parameter'] admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) login_user = self.browse(cr, SUPERUSER_ID, user_id) - send_to_admin = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID, - 'auth_admin_passkey.send_to_admin', 'True')) - send_to_user = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID, - 'auth_admin_passkey.send_to_user', 'True')) - - if send_to_admin and admin_user.email: - mails.append({'email': admin_user.email, 'lang': admin_user.lang,}) + send_to_admin = literal_eval(icp_obj.get_param( + cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_admin', 'True')) + send_to_user = literal_eval(icp_obj.get_param( + cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_user', 'True')) + + if send_to_admin and admin_user.email: + mails.append({'email': admin_user.email, 'lang': admin_user.lang}) if send_to_user and login_user.email: - mails.append({'email': login_user.email, 'lang': login_user.lang,}) - + mails.append({'email': login_user.email, 'lang': login_user.lang}) + for mail in mails: - subject = self._get_translation(cr, mail['lang'], _('Passkey used')) - body = self._get_translation(cr, mail['lang'], - _("""Admin user used his passkey to login with '%s'.\n\n"""\ - """\n\nTechnicals informations belows : \n\n"""\ - """- Login date : %s\n\n""")) %(login_user.login, - datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) + subject = self._get_translation( + cr, mail['lang'], _('Passkey used')) + body = self._get_translation( + cr, mail['lang'], + _("""Admin user used his passkey to login with '%s'.\n\n""" + """\n\nTechnicals informations belows : \n\n""" + """- Login date : %s\n\n""")) % ( + login_user.login, + datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) for k, v in user_agent_env.iteritems(): - body +=("- %s : %s\n\n") % (k, v) - mail_obj.create(cr, SUPERUSER_ID, { + body += ("- %s : %s\n\n") % (k, v) + mail_obj.create( + cr, SUPERUSER_ID, { 'email_to': mail['email'], 'subject': subject, 'body_html': '
%s' % body}) def _send_email_same_password(self, cr, login_user): - """ Send a email to the admin user to inform that another user has the - same password as him""" + """ Send a email to the admin user to inform that another user has the + same password as him.""" mail_obj = self.pool['mail.mail'] admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) if admin_user.email: mail_obj.create(cr, SUPERUSER_ID, { 'email_to': admin_user.email, - 'subject': self._get_translation(cr, admin_user.lang, - _('[WARNING] OpenERP Security Risk')), - 'body_html': self._get_translation(cr, admin_user.lang, - _("""
User with login '%s' has the same """\ - """password as you.""")) %(login_user), + 'subject': self._get_translation( + cr, admin_user.lang, _('[WARNING] OpenERP Security Risk')), + 'body_html': self._get_translation( + cr, admin_user.lang, _( + """
User with login '%s' has the same """ + """password as you.""")) % (login_user), }) - ### Overload Section + # Overload Section def authenticate(self, db, login, password, user_agent_env): - """ Authenticate the user 'login' is password is ok or if - is admin password. In the second case, send mail to user and admin.""" - user_id = super(res_users, self).authenticate(db, login, password,\ - user_agent_env) + """ Authenticate the user 'login' is password is ok or if + is admin password. In the second case, send mail to user and admin.""" + user_id = super(res_users, self).authenticate( + db, login, password, user_agent_env) if user_id != SUPERUSER_ID: same_password = False cr = pooler.get_db(db).cursor() try: - # directly use parent 'check_credentials' function - # to really know if credentials are ok or if it was admin password - super(res_users, self).check_credentials(cr, SUPERUSER_ID, password) + # directly use parent 'check_credentials' function + # to really know if credentials are ok + # or if it was admin password + super(res_users, self).check_credentials( + cr, SUPERUSER_ID, password) try: # Test now if the user has the same password as admin user - super(res_users, self).check_credentials(cr, user_id, password) + super(res_users, self).check_credentials( + cr, user_id, password) same_password = True except exceptions.AccessDenied: pass if not same_password: self._send_email_passkey(cr, user_id, user_agent_env) - else: + else: self._send_email_same_password(cr, login) cr.commit() except exceptions.AccessDenied: @@ -116,12 +125,13 @@ class res_users(Model): def check_credentials(self, cr, uid, password): """ Return now True if credentials are good OR if password is admin - password""" +password.""" if uid != SUPERUSER_ID: try: self.check_credentials(cr, SUPERUSER_ID, password) return True except exceptions.AccessDenied: - return super(res_users, self).check_credentials(cr, uid, password) + return super(res_users, self).check_credentials( + cr, uid, password) else: return super(res_users, self).check_credentials(cr, uid, password)