From b02f98f849fcdc5f7dae46dc01f4d9f993f67ab5 Mon Sep 17 00:00:00 2001 From: "Laurent Mignon (ACSONE)" Date: Wed, 15 Jun 2016 16:27:52 +0200 Subject: [PATCH] [MIG] Migration from 8.0 --- auth_from_http_remote_user/README.rst | 43 +++++++++++- auth_from_http_remote_user/__init__.py | 24 +------ auth_from_http_remote_user/__openerp__.py | 21 +----- .../controllers/__init__.py | 21 +----- .../controllers/main.py | 27 ++------ auth_from_http_remote_user/model.py | 27 -------- auth_from_http_remote_user/models/__init__.py | 6 ++ .../models/auth_from_http_remote_user.py | 10 +++ .../models/res_users.py | 24 +++++++ auth_from_http_remote_user/res_users.py | 65 ------------------- auth_from_http_remote_user/tests/__init__.py | 21 +----- .../tests/test_res_users.py | 23 +------ auth_from_http_remote_user/utils.py | 22 +------ 13 files changed, 99 insertions(+), 235 deletions(-) delete mode 100644 auth_from_http_remote_user/model.py create mode 100644 auth_from_http_remote_user/models/__init__.py create mode 100644 auth_from_http_remote_user/models/auth_from_http_remote_user.py create mode 100644 auth_from_http_remote_user/models/res_users.py delete mode 100644 auth_from_http_remote_user/res_users.py diff --git a/auth_from_http_remote_user/README.rst b/auth_from_http_remote_user/README.rst index 635802129..911b4ffbb 100644 --- a/auth_from_http_remote_user/README.rst +++ b/auth_from_http_remote_user/README.rst @@ -1,3 +1,8 @@ +.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg + :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html + :alt: License: AGPL-3 + +========================================= Allow users to be automatically logged in ========================================= @@ -12,7 +17,7 @@ If the field is found in the header and no user matches the given one, the system issue a login error page. (*401* `Unauthorized`) Use case. ---------- +========= The module allows integration with external security systems [#]_ that can pass along authentication of a user via Remote_User HTTP header field. In many @@ -37,7 +42,7 @@ cases, this is achieved via server like Apache HTTPD or nginx proxying Odoo. How to test the module with Apache [#]_ ----------------------------------------- +======================================= Apache can be used as a reverse proxy providing the authentication and adding the required field in the Http headers. @@ -120,6 +125,38 @@ logged in the system. .. [#] Shibolleth, Tivoli access manager, .. .. [#] Based on a ubuntu 12.04 env +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues +`_. In case of trouble, please +check there if your issue has already been reported. If you spotted it first, +help us smashing it by providing a detailed and welcomed feedback. + +Credits +======= + +Images +------ + +* Odoo Community Association: `Icon `_. + Contributors ------------ -* Laurent Mignon + +* Laurent Mignon + +Maintainer +---------- + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +This module is maintained by the OCA. + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +To contribute to this module, please visit https://odoo-community.org. diff --git a/auth_from_http_remote_user/__init__.py b/auth_from_http_remote_user/__init__.py index 7fb1b9d59..432e8325e 100644 --- a/auth_from_http_remote_user/__init__.py +++ b/auth_from_http_remote_user/__init__.py @@ -1,24 +1,6 @@ # -*- coding: utf-8 -*- -############################################################################## -# -# Author: Laurent Mignon -# Copyright 2014 'ACSONE SA/NV' -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# Copyright 2014 ACSONE SA/NV () +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html). from . import controllers -from . import res_users -from . import model +from . import models diff --git a/auth_from_http_remote_user/__openerp__.py b/auth_from_http_remote_user/__openerp__.py index f1b0f213b..4ce18a71a 100644 --- a/auth_from_http_remote_user/__openerp__.py +++ b/auth_from_http_remote_user/__openerp__.py @@ -1,23 +1,6 @@ # -*- coding: utf-8 -*- -############################################################################## -# -# Author: Laurent Mignon -# Copyright 2014 'ACSONE SA/NV' -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# Copyright 2014 ACSONE SA/NV () +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html). { 'name': 'Authenticate via HTTP Remote User', 'version': '9.0.1.0.0', diff --git a/auth_from_http_remote_user/controllers/__init__.py b/auth_from_http_remote_user/controllers/__init__.py index 6b12b8082..47d62e3d8 100644 --- a/auth_from_http_remote_user/controllers/__init__.py +++ b/auth_from_http_remote_user/controllers/__init__.py @@ -1,22 +1,5 @@ # -*- coding: utf-8 -*- -############################################################################## -# -# Author: Laurent Mignon -# Copyright 2014 'ACSONE SA/NV' -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# Copyright 2014 ACSONE SA/NV () +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html). from . import main diff --git a/auth_from_http_remote_user/controllers/main.py b/auth_from_http_remote_user/controllers/main.py index 85859619a..18674fa79 100644 --- a/auth_from_http_remote_user/controllers/main.py +++ b/auth_from_http_remote_user/controllers/main.py @@ -1,31 +1,14 @@ # -*- coding: utf-8 -*- -############################################################################## -# -# Author: Laurent Mignon -# Copyright 2014 'ACSONE SA/NV' -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# Copyright 2014 ACSONE SA/NV () +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html). from openerp import SUPERUSER_ID -import openerp from openerp import http from openerp.http import request from openerp.addons.web.controllers import main -from openerp.addons.auth_from_http_remote_user.model import \ +from openerp.modules.registry import RegistryManager +from ..models.auth_from_http_remote_user import \ AuthFromHttpRemoteUserInstalled from .. import utils @@ -59,7 +42,7 @@ class Home(main.Home): def _bind_http_remote_user(self, db_name): try: - registry = openerp.registry(db_name) + registry = RegistryManager.get(db_name) with registry.cursor() as cr: if AuthFromHttpRemoteUserInstalled._name not in registry: # module not installed in database, diff --git a/auth_from_http_remote_user/model.py b/auth_from_http_remote_user/model.py deleted file mode 100644 index c4ca50a33..000000000 --- a/auth_from_http_remote_user/model.py +++ /dev/null @@ -1,27 +0,0 @@ -# -*- coding: utf-8 -*- -############################################################################## -# -# Author: Laurent Mignon -# Copyright 2014 'ACSONE SA/NV' -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## -from openerp.osv import orm - - -class AuthFromHttpRemoteUserInstalled(orm.AbstractModel): - """An abstract model used to safely know if the module is installed - """ - _name = 'auth_from_http_remote_user.installed' diff --git a/auth_from_http_remote_user/models/__init__.py b/auth_from_http_remote_user/models/__init__.py new file mode 100644 index 000000000..0b032138b --- /dev/null +++ b/auth_from_http_remote_user/models/__init__.py @@ -0,0 +1,6 @@ +# -*- coding: utf-8 -*- +# Copyright 2014 ACSONE SA/NV () +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html). + +from . import res_users +from . import auth_from_http_remote_user diff --git a/auth_from_http_remote_user/models/auth_from_http_remote_user.py b/auth_from_http_remote_user/models/auth_from_http_remote_user.py new file mode 100644 index 000000000..55dbb46eb --- /dev/null +++ b/auth_from_http_remote_user/models/auth_from_http_remote_user.py @@ -0,0 +1,10 @@ +# -*- coding: utf-8 -*- +# Copyright 2014 ACSONE SA/NV () +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html). +from openerp import models + + +class AuthFromHttpRemoteUserInstalled(models.AbstractModel): + """An abstract model used to safely know if the module is installed + """ + _name = 'auth_from_http_remote_user.installed' diff --git a/auth_from_http_remote_user/models/res_users.py b/auth_from_http_remote_user/models/res_users.py new file mode 100644 index 000000000..abf423a11 --- /dev/null +++ b/auth_from_http_remote_user/models/res_users.py @@ -0,0 +1,24 @@ +# -*- coding: utf-8 -*- +# Copyright 2014 ACSONE SA/NV () +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html). + +from openerp import api, fields, models +import openerp.exceptions +from openerp.addons.auth_from_http_remote_user import utils + + +class ResUsers(models.Model): + _inherit = 'res.users' + + sso_key = fields.Char( + 'SSO Key', size=utils.KEY_LENGTH, readonly=True, copy=False) + + @api.model + def check_credentials(self, password): + try: + return super(ResUsers, self).check_credentials(password) + except openerp.exceptions.AccessDenied: + res = self.sudo().search([('id', '=', self.env.uid), + ('sso_key', '=', password)]) + if not res: + raise diff --git a/auth_from_http_remote_user/res_users.py b/auth_from_http_remote_user/res_users.py deleted file mode 100644 index 638179405..000000000 --- a/auth_from_http_remote_user/res_users.py +++ /dev/null @@ -1,65 +0,0 @@ -# -*- coding: utf-8 -*- -############################################################################## -# -# Author: Laurent Mignon -# Copyright 2014 'ACSONE SA/NV' -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## - -from openerp.modules.registry import RegistryManager -from openerp.osv import orm, fields -from openerp import SUPERUSER_ID -import openerp.exceptions -from openerp.addons.auth_from_http_remote_user import utils - - -class res_users(orm.Model): - _inherit = 'res.users' - - _columns = { - 'sso_key': fields.char('SSO Key', size=utils.KEY_LENGTH, - readonly=True), - } - - def copy(self, cr, uid, rid, defaults=None, context=None): - defaults = defaults or {} - defaults['sso_key'] = False - return super(res_users, self).copy(cr, uid, rid, defaults, context) - - def check_credentials(self, cr, uid, password): - try: - return super(res_users, self).check_credentials(cr, uid, password) - except openerp.exceptions.AccessDenied: - res = self.search(cr, SUPERUSER_ID, [('id', '=', uid), - ('sso_key', '=', password)]) - if not res: - raise openerp.exceptions.AccessDenied() - - def check(self, db, uid, passwd): - try: - return super(res_users, self).check(db, uid, passwd) - except openerp.exceptions.AccessDenied: - if not passwd: - raise - with RegistryManager.get(db).cursor() as cr: - cr.execute('''SELECT COUNT(1) - FROM res_users - WHERE id=%s - AND sso_key=%s - AND active=%s''', (int(uid), passwd, True)) - if not cr.fetchone()[0]: - raise - self._uid_cache.setdefault(db, {})[uid] = passwd diff --git a/auth_from_http_remote_user/tests/__init__.py b/auth_from_http_remote_user/tests/__init__.py index 141f3a428..dd7a8bf05 100644 --- a/auth_from_http_remote_user/tests/__init__.py +++ b/auth_from_http_remote_user/tests/__init__.py @@ -1,22 +1,5 @@ # -*- coding: utf-8 -*- -############################################################################## -# -# Author: Laurent Mignon -# Copyright 2014 'ACSONE SA/NV' -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# Copyright 2014 ACSONE SA/NV () +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html). from . import test_res_users diff --git a/auth_from_http_remote_user/tests/test_res_users.py b/auth_from_http_remote_user/tests/test_res_users.py index 0878babed..555d5242e 100644 --- a/auth_from_http_remote_user/tests/test_res_users.py +++ b/auth_from_http_remote_user/tests/test_res_users.py @@ -1,23 +1,6 @@ # -*- coding: utf-8 -*- -############################################################################## -# -# Author: Laurent Mignon -# Copyright 2014 'ACSONE SA/NV' -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## +# Copyright 2014 ACSONE SA/NV () +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html). from openerp.tests import common import mock @@ -41,7 +24,7 @@ def mock_cursor(cr): cr.autocommit = org_autocommit -class test_res_users(common.TransactionCase): +class TestResUsers(common.TransactionCase): def test_login(self): res_users_obj = self.registry('res.users') diff --git a/auth_from_http_remote_user/utils.py b/auth_from_http_remote_user/utils.py index ee1eacf68..75149d797 100644 --- a/auth_from_http_remote_user/utils.py +++ b/auth_from_http_remote_user/utils.py @@ -1,22 +1,4 @@ # -*- coding: utf-8 -*- -############################################################################## -# -# Author: Laurent Mignon -# Copyright 2014 'ACSONE SA/NV' -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -############################################################################## - +# Copyright 2014 ACSONE SA/NV () +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html). KEY_LENGTH = 16