|
@ -29,77 +29,86 @@ from openerp import exceptions |
|
|
from openerp.osv.orm import Model |
|
|
from openerp.osv.orm import Model |
|
|
from openerp.tools.translate import _ |
|
|
from openerp.tools.translate import _ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class res_users(Model): |
|
|
class res_users(Model): |
|
|
_inherit = "res.users" |
|
|
_inherit = "res.users" |
|
|
|
|
|
|
|
|
### Private Function section |
|
|
|
|
|
|
|
|
# Private Function section |
|
|
def _get_translation(self, cr, lang, text): |
|
|
def _get_translation(self, cr, lang, text): |
|
|
context = {'lang': lang} |
|
|
context = {'lang': lang} |
|
|
return _(text) |
|
|
return _(text) |
|
|
|
|
|
|
|
|
def _send_email_passkey(self, cr, user_id, user_agent_env): |
|
|
def _send_email_passkey(self, cr, user_id, user_agent_env): |
|
|
""" Send a email to the admin of the system and / or the user |
|
|
""" Send a email to the admin of the system and / or the user |
|
|
to inform passkey use """ |
|
|
|
|
|
|
|
|
to inform passkey use.""" |
|
|
mails = [] |
|
|
mails = [] |
|
|
mail_obj = self.pool['mail.mail'] |
|
|
mail_obj = self.pool['mail.mail'] |
|
|
icp_obj = self.pool['ir.config_parameter'] |
|
|
icp_obj = self.pool['ir.config_parameter'] |
|
|
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) |
|
|
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) |
|
|
login_user = self.browse(cr, SUPERUSER_ID, user_id) |
|
|
login_user = self.browse(cr, SUPERUSER_ID, user_id) |
|
|
send_to_admin = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID, |
|
|
|
|
|
'auth_admin_passkey.send_to_admin', 'True')) |
|
|
|
|
|
send_to_user = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID, |
|
|
|
|
|
'auth_admin_passkey.send_to_user', 'True')) |
|
|
|
|
|
|
|
|
send_to_admin = literal_eval(icp_obj.get_param( |
|
|
|
|
|
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_admin', 'True')) |
|
|
|
|
|
send_to_user = literal_eval(icp_obj.get_param( |
|
|
|
|
|
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_user', 'True')) |
|
|
|
|
|
|
|
|
if send_to_admin and admin_user.email: |
|
|
if send_to_admin and admin_user.email: |
|
|
mails.append({'email': admin_user.email, 'lang': admin_user.lang,}) |
|
|
|
|
|
|
|
|
mails.append({'email': admin_user.email, 'lang': admin_user.lang}) |
|
|
if send_to_user and login_user.email: |
|
|
if send_to_user and login_user.email: |
|
|
mails.append({'email': login_user.email, 'lang': login_user.lang,}) |
|
|
|
|
|
|
|
|
mails.append({'email': login_user.email, 'lang': login_user.lang}) |
|
|
|
|
|
|
|
|
for mail in mails: |
|
|
for mail in mails: |
|
|
subject = self._get_translation(cr, mail['lang'], _('Passkey used')) |
|
|
|
|
|
body = self._get_translation(cr, mail['lang'], |
|
|
|
|
|
_("""Admin user used his passkey to login with '%s'.\n\n"""\ |
|
|
|
|
|
"""\n\nTechnicals informations belows : \n\n"""\ |
|
|
|
|
|
"""- Login date : %s\n\n""")) %(login_user.login, |
|
|
|
|
|
|
|
|
subject = self._get_translation( |
|
|
|
|
|
cr, mail['lang'], _('Passkey used')) |
|
|
|
|
|
body = self._get_translation( |
|
|
|
|
|
cr, mail['lang'], |
|
|
|
|
|
_("""Admin user used his passkey to login with '%s'.\n\n""" |
|
|
|
|
|
"""\n\nTechnicals informations belows : \n\n""" |
|
|
|
|
|
"""- Login date : %s\n\n""")) % ( |
|
|
|
|
|
login_user.login, |
|
|
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) |
|
|
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) |
|
|
for k, v in user_agent_env.iteritems(): |
|
|
for k, v in user_agent_env.iteritems(): |
|
|
body += ("- %s : %s\n\n") % (k, v) |
|
|
body += ("- %s : %s\n\n") % (k, v) |
|
|
mail_obj.create(cr, SUPERUSER_ID, { |
|
|
|
|
|
|
|
|
mail_obj.create( |
|
|
|
|
|
cr, SUPERUSER_ID, { |
|
|
'email_to': mail['email'], |
|
|
'email_to': mail['email'], |
|
|
'subject': subject, |
|
|
'subject': subject, |
|
|
'body_html': '<pre>%s</pre>' % body}) |
|
|
'body_html': '<pre>%s</pre>' % body}) |
|
|
|
|
|
|
|
|
def _send_email_same_password(self, cr, login_user): |
|
|
def _send_email_same_password(self, cr, login_user): |
|
|
""" Send a email to the admin user to inform that another user has the |
|
|
""" Send a email to the admin user to inform that another user has the |
|
|
same password as him""" |
|
|
|
|
|
|
|
|
same password as him.""" |
|
|
mail_obj = self.pool['mail.mail'] |
|
|
mail_obj = self.pool['mail.mail'] |
|
|
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) |
|
|
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) |
|
|
if admin_user.email: |
|
|
if admin_user.email: |
|
|
mail_obj.create(cr, SUPERUSER_ID, { |
|
|
mail_obj.create(cr, SUPERUSER_ID, { |
|
|
'email_to': admin_user.email, |
|
|
'email_to': admin_user.email, |
|
|
'subject': self._get_translation(cr, admin_user.lang, |
|
|
|
|
|
_('[WARNING] OpenERP Security Risk')), |
|
|
|
|
|
'body_html': self._get_translation(cr, admin_user.lang, |
|
|
|
|
|
_("""<pre>User with login '%s' has the same """\ |
|
|
|
|
|
|
|
|
'subject': self._get_translation( |
|
|
|
|
|
cr, admin_user.lang, _('[WARNING] OpenERP Security Risk')), |
|
|
|
|
|
'body_html': self._get_translation( |
|
|
|
|
|
cr, admin_user.lang, _( |
|
|
|
|
|
"""<pre>User with login '%s' has the same """ |
|
|
"""password as you.</pre>""")) % (login_user), |
|
|
"""password as you.</pre>""")) % (login_user), |
|
|
}) |
|
|
}) |
|
|
|
|
|
|
|
|
### Overload Section |
|
|
|
|
|
|
|
|
# Overload Section |
|
|
def authenticate(self, db, login, password, user_agent_env): |
|
|
def authenticate(self, db, login, password, user_agent_env): |
|
|
""" Authenticate the user 'login' is password is ok or if |
|
|
""" Authenticate the user 'login' is password is ok or if |
|
|
is admin password. In the second case, send mail to user and admin.""" |
|
|
is admin password. In the second case, send mail to user and admin.""" |
|
|
user_id = super(res_users, self).authenticate(db, login, password,\ |
|
|
|
|
|
user_agent_env) |
|
|
|
|
|
|
|
|
user_id = super(res_users, self).authenticate( |
|
|
|
|
|
db, login, password, user_agent_env) |
|
|
if user_id != SUPERUSER_ID: |
|
|
if user_id != SUPERUSER_ID: |
|
|
same_password = False |
|
|
same_password = False |
|
|
cr = pooler.get_db(db).cursor() |
|
|
cr = pooler.get_db(db).cursor() |
|
|
try: |
|
|
try: |
|
|
# directly use parent 'check_credentials' function |
|
|
# directly use parent 'check_credentials' function |
|
|
# to really know if credentials are ok or if it was admin password |
|
|
|
|
|
super(res_users, self).check_credentials(cr, SUPERUSER_ID, password) |
|
|
|
|
|
|
|
|
# to really know if credentials are ok |
|
|
|
|
|
# or if it was admin password |
|
|
|
|
|
super(res_users, self).check_credentials( |
|
|
|
|
|
cr, SUPERUSER_ID, password) |
|
|
try: |
|
|
try: |
|
|
# Test now if the user has the same password as admin user |
|
|
# Test now if the user has the same password as admin user |
|
|
super(res_users, self).check_credentials(cr, user_id, password) |
|
|
|
|
|
|
|
|
super(res_users, self).check_credentials( |
|
|
|
|
|
cr, user_id, password) |
|
|
same_password = True |
|
|
same_password = True |
|
|
except exceptions.AccessDenied: |
|
|
except exceptions.AccessDenied: |
|
|
pass |
|
|
pass |
|
@ -116,12 +125,13 @@ class res_users(Model): |
|
|
|
|
|
|
|
|
def check_credentials(self, cr, uid, password): |
|
|
def check_credentials(self, cr, uid, password): |
|
|
""" Return now True if credentials are good OR if password is admin |
|
|
""" Return now True if credentials are good OR if password is admin |
|
|
password""" |
|
|
|
|
|
|
|
|
password.""" |
|
|
if uid != SUPERUSER_ID: |
|
|
if uid != SUPERUSER_ID: |
|
|
try: |
|
|
try: |
|
|
self.check_credentials(cr, SUPERUSER_ID, password) |
|
|
self.check_credentials(cr, SUPERUSER_ID, password) |
|
|
return True |
|
|
return True |
|
|
except exceptions.AccessDenied: |
|
|
except exceptions.AccessDenied: |
|
|
return super(res_users, self).check_credentials(cr, uid, password) |
|
|
|
|
|
|
|
|
return super(res_users, self).check_credentials( |
|
|
|
|
|
cr, uid, password) |
|
|
else: |
|
|
else: |
|
|
return super(res_users, self).check_credentials(cr, uid, password) |
|
|
return super(res_users, self).check_credentials(cr, uid, password) |