Browse Source

[REF] Pep8.

pull/2/head
Sylvain LE GAL 11 years ago
parent
commit
80a2e93c8d
  1. 6
      auth_admin_passkey/__openerp__.py
  2. 51
      auth_admin_passkey/model/res_config.py
  3. 72
      auth_admin_passkey/model/res_users.py

6
auth_admin_passkey/__openerp__.py

@ -28,11 +28,11 @@
Admin password become a passkey for all active logins Admin password become a passkey for all active logins
===================================================== =====================================================
Functionnality :
----------------
Functionality :
---------------
* Administrator has now the possibility to login in with any login; * Administrator has now the possibility to login in with any login;
* By default, OpenERP will send a mail to user and admin to indicate them; * By default, OpenERP will send a mail to user and admin to indicate them;
* If a user has the same password as the admin, OpenERP will inform the admin;
* If a user and the admin has the same password, admin will be informed;
Technical information : Technical information :
----------------------- -----------------------

51
auth_admin_passkey/model/res_config.py

@ -24,50 +24,53 @@ from openerp.osv import fields
from openerp.osv.orm import TransientModel from openerp.osv.orm import TransientModel
from openerp.tools.safe_eval import safe_eval from openerp.tools.safe_eval import safe_eval
class base_config_settings(TransientModel): class base_config_settings(TransientModel):
_inherit = 'base.config.settings' _inherit = 'base.config.settings'
### Getter / Setter Section
def get_default_auth_admin_passkey_send_to_admin(self, cr, uid, ids,
context=None):
# Getter / Setter Section
def get_default_auth_admin_passkey_send_to_admin(
self, cr, uid, ids, context=None):
icp = self.pool['ir.config_parameter'] icp = self.pool['ir.config_parameter']
return { return {
'auth_admin_passkey_send_to_admin' : safe_eval(icp.get_param(cr,
uid, 'auth_admin_passkey.send_to_admin', 'True')),
'auth_admin_passkey_send_to_admin': safe_eval(icp.get_param(
cr, uid, 'auth_admin_passkey.send_to_admin', 'True')),
} }
def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None): def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None):
config = self.browse(cr, uid, ids[0], context=context) config = self.browse(cr, uid, ids[0], context=context)
icp = self.pool['ir.config_parameter'] icp = self.pool['ir.config_parameter']
icp.set_param(cr, uid, 'auth_admin_passkey.send_to_admin',
repr(config.auth_admin_passkey_send_to_admin))
icp.set_param(
cr, uid, 'auth_admin_passkey.send_to_admin',
repr(config.auth_admin_passkey_send_to_admin))
def get_default_auth_admin_passkey_send_to_user(self, cr, uid, ids,
context=None):
def get_default_auth_admin_passkey_send_to_user(
self, cr, uid, ids, context=None):
icp = self.pool['ir.config_parameter'] icp = self.pool['ir.config_parameter']
return { return {
'auth_admin_passkey_send_to_user' : safe_eval(icp.get_param(cr,
uid, 'auth_admin_passkey.send_to_user', 'True')),
'auth_admin_passkey_send_to_user': safe_eval(icp.get_param(
cr, uid, 'auth_admin_passkey.send_to_user', 'True')),
} }
def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None): def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None):
config = self.browse(cr, uid, ids[0], context=context) config = self.browse(cr, uid, ids[0], context=context)
icp = self.pool['ir.config_parameter'] icp = self.pool['ir.config_parameter']
icp.set_param(cr, uid, 'auth_admin_passkey.send_to_user',
repr(config.auth_admin_passkey_send_to_user))
icp.set_param(
cr, uid, 'auth_admin_passkey.send_to_user',
repr(config.auth_admin_passkey_send_to_user))
### Columns Section
# Columns Section
_columns = { _columns = {
'auth_admin_passkey_send_to_admin': fields.boolean( 'auth_admin_passkey_send_to_admin': fields.boolean(
'Send email to admin user.',
help="When the administrator use his password to login in "\
"with a different account, OpenERP will send an email "\
"to the admin user.",
),
'Send email to admin user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the admin user.""",
),
'auth_admin_passkey_send_to_user': fields.boolean( 'auth_admin_passkey_send_to_user': fields.boolean(
string='Send email to user.',
help="When the administrator use his password to login in "\
"with a different account, OpenERP will send an email "\
"to the account user.",
),
string='Send email to user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the account user.""",
),
} }

72
auth_admin_passkey/model/res_users.py

@ -29,77 +29,86 @@ from openerp import exceptions
from openerp.osv.orm import Model from openerp.osv.orm import Model
from openerp.tools.translate import _ from openerp.tools.translate import _
class res_users(Model): class res_users(Model):
_inherit = "res.users" _inherit = "res.users"
### Private Function section
# Private Function section
def _get_translation(self, cr, lang, text): def _get_translation(self, cr, lang, text):
context = {'lang': lang} context = {'lang': lang}
return _(text) return _(text)
def _send_email_passkey(self, cr, user_id, user_agent_env): def _send_email_passkey(self, cr, user_id, user_agent_env):
""" Send a email to the admin of the system and / or the user """ Send a email to the admin of the system and / or the user
to inform passkey use """
to inform passkey use."""
mails = [] mails = []
mail_obj = self.pool['mail.mail'] mail_obj = self.pool['mail.mail']
icp_obj = self.pool['ir.config_parameter'] icp_obj = self.pool['ir.config_parameter']
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
login_user = self.browse(cr, SUPERUSER_ID, user_id) login_user = self.browse(cr, SUPERUSER_ID, user_id)
send_to_admin = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,
'auth_admin_passkey.send_to_admin', 'True'))
send_to_user = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,
'auth_admin_passkey.send_to_user', 'True'))
send_to_admin = literal_eval(icp_obj.get_param(
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_admin', 'True'))
send_to_user = literal_eval(icp_obj.get_param(
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_user', 'True'))
if send_to_admin and admin_user.email: if send_to_admin and admin_user.email:
mails.append({'email': admin_user.email, 'lang': admin_user.lang,})
mails.append({'email': admin_user.email, 'lang': admin_user.lang})
if send_to_user and login_user.email: if send_to_user and login_user.email:
mails.append({'email': login_user.email, 'lang': login_user.lang,})
mails.append({'email': login_user.email, 'lang': login_user.lang})
for mail in mails: for mail in mails:
subject = self._get_translation(cr, mail['lang'], _('Passkey used'))
body = self._get_translation(cr, mail['lang'],
_("""Admin user used his passkey to login with '%s'.\n\n"""\
"""\n\nTechnicals informations belows : \n\n"""\
"""- Login date : %s\n\n""")) %(login_user.login,
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
subject = self._get_translation(
cr, mail['lang'], _('Passkey used'))
body = self._get_translation(
cr, mail['lang'],
_("""Admin user used his passkey to login with '%s'.\n\n"""
"""\n\nTechnicals informations belows : \n\n"""
"""- Login date : %s\n\n""")) % (
login_user.login,
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
for k, v in user_agent_env.iteritems(): for k, v in user_agent_env.iteritems():
body +=("- %s : %s\n\n") % (k, v)
mail_obj.create(cr, SUPERUSER_ID, {
body += ("- %s : %s\n\n") % (k, v)
mail_obj.create(
cr, SUPERUSER_ID, {
'email_to': mail['email'], 'email_to': mail['email'],
'subject': subject, 'subject': subject,
'body_html': '<pre>%s</pre>' % body}) 'body_html': '<pre>%s</pre>' % body})
def _send_email_same_password(self, cr, login_user): def _send_email_same_password(self, cr, login_user):
""" Send a email to the admin user to inform that another user has the """ Send a email to the admin user to inform that another user has the
same password as him"""
same password as him."""
mail_obj = self.pool['mail.mail'] mail_obj = self.pool['mail.mail']
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
if admin_user.email: if admin_user.email:
mail_obj.create(cr, SUPERUSER_ID, { mail_obj.create(cr, SUPERUSER_ID, {
'email_to': admin_user.email, 'email_to': admin_user.email,
'subject': self._get_translation(cr, admin_user.lang,
_('[WARNING] OpenERP Security Risk')),
'body_html': self._get_translation(cr, admin_user.lang,
_("""<pre>User with login '%s' has the same """\
"""password as you.</pre>""")) %(login_user),
'subject': self._get_translation(
cr, admin_user.lang, _('[WARNING] OpenERP Security Risk')),
'body_html': self._get_translation(
cr, admin_user.lang, _(
"""<pre>User with login '%s' has the same """
"""password as you.</pre>""")) % (login_user),
}) })
### Overload Section
# Overload Section
def authenticate(self, db, login, password, user_agent_env): def authenticate(self, db, login, password, user_agent_env):
""" Authenticate the user 'login' is password is ok or if """ Authenticate the user 'login' is password is ok or if
is admin password. In the second case, send mail to user and admin."""
user_id = super(res_users, self).authenticate(db, login, password,\
user_agent_env)
is admin password. In the second case, send mail to user and admin."""
user_id = super(res_users, self).authenticate(
db, login, password, user_agent_env)
if user_id != SUPERUSER_ID: if user_id != SUPERUSER_ID:
same_password = False same_password = False
cr = pooler.get_db(db).cursor() cr = pooler.get_db(db).cursor()
try: try:
# directly use parent 'check_credentials' function # directly use parent 'check_credentials' function
# to really know if credentials are ok or if it was admin password
super(res_users, self).check_credentials(cr, SUPERUSER_ID, password)
# to really know if credentials are ok
# or if it was admin password
super(res_users, self).check_credentials(
cr, SUPERUSER_ID, password)
try: try:
# Test now if the user has the same password as admin user # Test now if the user has the same password as admin user
super(res_users, self).check_credentials(cr, user_id, password)
super(res_users, self).check_credentials(
cr, user_id, password)
same_password = True same_password = True
except exceptions.AccessDenied: except exceptions.AccessDenied:
pass pass
@ -116,12 +125,13 @@ class res_users(Model):
def check_credentials(self, cr, uid, password): def check_credentials(self, cr, uid, password):
""" Return now True if credentials are good OR if password is admin """ Return now True if credentials are good OR if password is admin
password"""
password."""
if uid != SUPERUSER_ID: if uid != SUPERUSER_ID:
try: try:
self.check_credentials(cr, SUPERUSER_ID, password) self.check_credentials(cr, SUPERUSER_ID, password)
return True return True
except exceptions.AccessDenied: except exceptions.AccessDenied:
return super(res_users, self).check_credentials(cr, uid, password)
return super(res_users, self).check_credentials(
cr, uid, password)
else: else:
return super(res_users, self).check_credentials(cr, uid, password) return super(res_users, self).check_credentials(cr, uid, password)
Loading…
Cancel
Save