Browse Source

[REF] Pep8.

pull/2/head
Sylvain LE GAL 11 years ago
parent
commit
80a2e93c8d
  1. 6
      auth_admin_passkey/__openerp__.py
  2. 51
      auth_admin_passkey/model/res_config.py
  3. 90
      auth_admin_passkey/model/res_users.py

6
auth_admin_passkey/__openerp__.py

@ -28,11 +28,11 @@
Admin password become a passkey for all active logins Admin password become a passkey for all active logins
===================================================== =====================================================
Functionnality :
----------------
Functionality :
---------------
* Administrator has now the possibility to login in with any login; * Administrator has now the possibility to login in with any login;
* By default, OpenERP will send a mail to user and admin to indicate them; * By default, OpenERP will send a mail to user and admin to indicate them;
* If a user has the same password as the admin, OpenERP will inform the admin;
* If a user and the admin has the same password, admin will be informed;
Technical information : Technical information :
----------------------- -----------------------

51
auth_admin_passkey/model/res_config.py

@ -24,50 +24,53 @@ from openerp.osv import fields
from openerp.osv.orm import TransientModel from openerp.osv.orm import TransientModel
from openerp.tools.safe_eval import safe_eval from openerp.tools.safe_eval import safe_eval
class base_config_settings(TransientModel): class base_config_settings(TransientModel):
_inherit = 'base.config.settings' _inherit = 'base.config.settings'
### Getter / Setter Section
def get_default_auth_admin_passkey_send_to_admin(self, cr, uid, ids,
context=None):
# Getter / Setter Section
def get_default_auth_admin_passkey_send_to_admin(
self, cr, uid, ids, context=None):
icp = self.pool['ir.config_parameter'] icp = self.pool['ir.config_parameter']
return { return {
'auth_admin_passkey_send_to_admin' : safe_eval(icp.get_param(cr,
uid, 'auth_admin_passkey.send_to_admin', 'True')),
'auth_admin_passkey_send_to_admin': safe_eval(icp.get_param(
cr, uid, 'auth_admin_passkey.send_to_admin', 'True')),
} }
def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None): def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None):
config = self.browse(cr, uid, ids[0], context=context) config = self.browse(cr, uid, ids[0], context=context)
icp = self.pool['ir.config_parameter'] icp = self.pool['ir.config_parameter']
icp.set_param(cr, uid, 'auth_admin_passkey.send_to_admin',
repr(config.auth_admin_passkey_send_to_admin))
icp.set_param(
cr, uid, 'auth_admin_passkey.send_to_admin',
repr(config.auth_admin_passkey_send_to_admin))
def get_default_auth_admin_passkey_send_to_user(self, cr, uid, ids,
context=None):
def get_default_auth_admin_passkey_send_to_user(
self, cr, uid, ids, context=None):
icp = self.pool['ir.config_parameter'] icp = self.pool['ir.config_parameter']
return { return {
'auth_admin_passkey_send_to_user' : safe_eval(icp.get_param(cr,
uid, 'auth_admin_passkey.send_to_user', 'True')),
'auth_admin_passkey_send_to_user': safe_eval(icp.get_param(
cr, uid, 'auth_admin_passkey.send_to_user', 'True')),
} }
def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None): def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None):
config = self.browse(cr, uid, ids[0], context=context) config = self.browse(cr, uid, ids[0], context=context)
icp = self.pool['ir.config_parameter'] icp = self.pool['ir.config_parameter']
icp.set_param(cr, uid, 'auth_admin_passkey.send_to_user',
repr(config.auth_admin_passkey_send_to_user))
icp.set_param(
cr, uid, 'auth_admin_passkey.send_to_user',
repr(config.auth_admin_passkey_send_to_user))
### Columns Section
# Columns Section
_columns = { _columns = {
'auth_admin_passkey_send_to_admin': fields.boolean( 'auth_admin_passkey_send_to_admin': fields.boolean(
'Send email to admin user.',
help="When the administrator use his password to login in "\
"with a different account, OpenERP will send an email "\
"to the admin user.",
),
'Send email to admin user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the admin user.""",
),
'auth_admin_passkey_send_to_user': fields.boolean( 'auth_admin_passkey_send_to_user': fields.boolean(
string='Send email to user.',
help="When the administrator use his password to login in "\
"with a different account, OpenERP will send an email "\
"to the account user.",
),
string='Send email to user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the account user.""",
),
} }

90
auth_admin_passkey/model/res_users.py

@ -29,83 +29,92 @@ from openerp import exceptions
from openerp.osv.orm import Model from openerp.osv.orm import Model
from openerp.tools.translate import _ from openerp.tools.translate import _
class res_users(Model): class res_users(Model):
_inherit = "res.users" _inherit = "res.users"
### Private Function section
# Private Function section
def _get_translation(self, cr, lang, text): def _get_translation(self, cr, lang, text):
context = {'lang': lang} context = {'lang': lang}
return _(text) return _(text)
def _send_email_passkey(self, cr, user_id, user_agent_env): def _send_email_passkey(self, cr, user_id, user_agent_env):
""" Send a email to the admin of the system and / or the user
to inform passkey use """
""" Send a email to the admin of the system and / or the user
to inform passkey use."""
mails = [] mails = []
mail_obj = self.pool['mail.mail'] mail_obj = self.pool['mail.mail']
icp_obj = self.pool['ir.config_parameter'] icp_obj = self.pool['ir.config_parameter']
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
login_user = self.browse(cr, SUPERUSER_ID, user_id) login_user = self.browse(cr, SUPERUSER_ID, user_id)
send_to_admin = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,
'auth_admin_passkey.send_to_admin', 'True'))
send_to_user = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,
'auth_admin_passkey.send_to_user', 'True'))
if send_to_admin and admin_user.email:
mails.append({'email': admin_user.email, 'lang': admin_user.lang,})
send_to_admin = literal_eval(icp_obj.get_param(
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_admin', 'True'))
send_to_user = literal_eval(icp_obj.get_param(
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_user', 'True'))
if send_to_admin and admin_user.email:
mails.append({'email': admin_user.email, 'lang': admin_user.lang})
if send_to_user and login_user.email: if send_to_user and login_user.email:
mails.append({'email': login_user.email, 'lang': login_user.lang,})
mails.append({'email': login_user.email, 'lang': login_user.lang})
for mail in mails: for mail in mails:
subject = self._get_translation(cr, mail['lang'], _('Passkey used'))
body = self._get_translation(cr, mail['lang'],
_("""Admin user used his passkey to login with '%s'.\n\n"""\
"""\n\nTechnicals informations belows : \n\n"""\
"""- Login date : %s\n\n""")) %(login_user.login,
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
subject = self._get_translation(
cr, mail['lang'], _('Passkey used'))
body = self._get_translation(
cr, mail['lang'],
_("""Admin user used his passkey to login with '%s'.\n\n"""
"""\n\nTechnicals informations belows : \n\n"""
"""- Login date : %s\n\n""")) % (
login_user.login,
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
for k, v in user_agent_env.iteritems(): for k, v in user_agent_env.iteritems():
body +=("- %s : %s\n\n") % (k, v)
mail_obj.create(cr, SUPERUSER_ID, {
body += ("- %s : %s\n\n") % (k, v)
mail_obj.create(
cr, SUPERUSER_ID, {
'email_to': mail['email'], 'email_to': mail['email'],
'subject': subject, 'subject': subject,
'body_html': '<pre>%s</pre>' % body}) 'body_html': '<pre>%s</pre>' % body})
def _send_email_same_password(self, cr, login_user): def _send_email_same_password(self, cr, login_user):
""" Send a email to the admin user to inform that another user has the
same password as him"""
""" Send a email to the admin user to inform that another user has the
same password as him."""
mail_obj = self.pool['mail.mail'] mail_obj = self.pool['mail.mail']
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
if admin_user.email: if admin_user.email:
mail_obj.create(cr, SUPERUSER_ID, { mail_obj.create(cr, SUPERUSER_ID, {
'email_to': admin_user.email, 'email_to': admin_user.email,
'subject': self._get_translation(cr, admin_user.lang,
_('[WARNING] OpenERP Security Risk')),
'body_html': self._get_translation(cr, admin_user.lang,
_("""<pre>User with login '%s' has the same """\
"""password as you.</pre>""")) %(login_user),
'subject': self._get_translation(
cr, admin_user.lang, _('[WARNING] OpenERP Security Risk')),
'body_html': self._get_translation(
cr, admin_user.lang, _(
"""<pre>User with login '%s' has the same """
"""password as you.</pre>""")) % (login_user),
}) })
### Overload Section
# Overload Section
def authenticate(self, db, login, password, user_agent_env): def authenticate(self, db, login, password, user_agent_env):
""" Authenticate the user 'login' is password is ok or if
is admin password. In the second case, send mail to user and admin."""
user_id = super(res_users, self).authenticate(db, login, password,\
user_agent_env)
""" Authenticate the user 'login' is password is ok or if
is admin password. In the second case, send mail to user and admin."""
user_id = super(res_users, self).authenticate(
db, login, password, user_agent_env)
if user_id != SUPERUSER_ID: if user_id != SUPERUSER_ID:
same_password = False same_password = False
cr = pooler.get_db(db).cursor() cr = pooler.get_db(db).cursor()
try: try:
# directly use parent 'check_credentials' function
# to really know if credentials are ok or if it was admin password
super(res_users, self).check_credentials(cr, SUPERUSER_ID, password)
# directly use parent 'check_credentials' function
# to really know if credentials are ok
# or if it was admin password
super(res_users, self).check_credentials(
cr, SUPERUSER_ID, password)
try: try:
# Test now if the user has the same password as admin user # Test now if the user has the same password as admin user
super(res_users, self).check_credentials(cr, user_id, password)
super(res_users, self).check_credentials(
cr, user_id, password)
same_password = True same_password = True
except exceptions.AccessDenied: except exceptions.AccessDenied:
pass pass
if not same_password: if not same_password:
self._send_email_passkey(cr, user_id, user_agent_env) self._send_email_passkey(cr, user_id, user_agent_env)
else:
else:
self._send_email_same_password(cr, login) self._send_email_same_password(cr, login)
cr.commit() cr.commit()
except exceptions.AccessDenied: except exceptions.AccessDenied:
@ -116,12 +125,13 @@ class res_users(Model):
def check_credentials(self, cr, uid, password): def check_credentials(self, cr, uid, password):
""" Return now True if credentials are good OR if password is admin """ Return now True if credentials are good OR if password is admin
password"""
password."""
if uid != SUPERUSER_ID: if uid != SUPERUSER_ID:
try: try:
self.check_credentials(cr, SUPERUSER_ID, password) self.check_credentials(cr, SUPERUSER_ID, password)
return True return True
except exceptions.AccessDenied: except exceptions.AccessDenied:
return super(res_users, self).check_credentials(cr, uid, password)
return super(res_users, self).check_credentials(
cr, uid, password)
else: else:
return super(res_users, self).check_credentials(cr, uid, password) return super(res_users, self).check_credentials(cr, uid, password)
Loading…
Cancel
Save