diff --git a/auth_admin_passkey/__init__.py b/auth_admin_passkey/__init__.py new file mode 100644 index 000000000..12135a333 --- /dev/null +++ b/auth_admin_passkey/__init__.py @@ -0,0 +1,6 @@ +# -*- encoding: utf-8 -*- +################################################################################ +# See __openerp__.py file for Copyright and Licence Informations. +################################################################################ + +import model diff --git a/auth_admin_passkey/__openerp__.py b/auth_admin_passkey/__openerp__.py new file mode 100644 index 000000000..dd9e30ac6 --- /dev/null +++ b/auth_admin_passkey/__openerp__.py @@ -0,0 +1,63 @@ +# -*- encoding: utf-8 -*- +################################################################################ +# See Copyright and Licence Informations undermentioned. +################################################################################ + +{ + 'name': 'Authentification - Admin Passkey', + 'version': '2.1', + 'category': 'base', + 'description': """ +Admin password become a passkey for all active logins +===================================================== + +Functionnalities : +------------------ + * Administrator has now the possibility to login in with any login; + * By default, OpenERP will send a mail to user and admin to indicate them; + +Technical informations : +------------------------ + * Create two ir_config_parameter to enable / disable mail sending; + +Limits : +-------- + * For the moment, this module doesn't manage translations for the mails; + * This module is compatible with 'auth_crypt' depending of the order of the installation: + * if 'auth_crypt' is first installed, it will work; + * if 'auth_admin_passkey' is first installed, it won't work; +If you want to install 'auth_crypt', please uninstall 'auth_admin_passkey' and +reinstall it after the installation of 'auth_crypt'. + +Otherwise, you can propose the merge of a glue module that manage this case. + +Copyright and Licence : +----------------------- + * 2014, Groupement Régional Alimentaire de Proximité + * Licence : AGPL-3 (http://www.gnu.org/licenses/) + +Contacts : +---------- + * Sylvain LE GAL (https://twitter.com/legalsylvain); + * for any help or question about this module. + """, + 'author': 'GRAP', + 'website': 'http://www.grap.coop', + 'license': 'AGPL-3', + 'depends': [ + 'mail', + ], + 'data': [ + 'data/ir_config_parameter.xml', + 'view/res_config_view.xml', + ], + 'demo': [], + 'js': [], + 'css': [], + 'qweb': [], + 'images': [], + 'post_load': '', + 'application': False, + 'installable': True, + 'auto_install': False, +} diff --git a/auth_admin_passkey/data/ir_config_parameter.xml b/auth_admin_passkey/data/ir_config_parameter.xml new file mode 100644 index 000000000..6cb75828c --- /dev/null +++ b/auth_admin_passkey/data/ir_config_parameter.xml @@ -0,0 +1,16 @@ + + + + + + auth_admin_passkey.send_to_admin + True + + + + auth_admin_passkey.send_to_user + True + + + + diff --git a/auth_admin_passkey/i18n/fr.po b/auth_admin_passkey/i18n/fr.po new file mode 100644 index 000000000..c352d40a5 --- /dev/null +++ b/auth_admin_passkey/i18n/fr.po @@ -0,0 +1,42 @@ +# Translation of OpenERP Server. +# This file contains the translation of the following modules: +# * auth_admin_passkey +# +msgid "" +msgstr "" +"Project-Id-Version: OpenERP Server 7.0\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2014-03-17 12:04+0000\n" +"PO-Revision-Date: 2014-03-17 12:04+0000\n" +"Last-Translator: <>\n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: \n" + +#. module: auth_admin_passkey +#: view:base.config.settings:0 +msgid "Passkey" +msgstr "Mot de passe bris de glace" + +#. module: auth_admin_passkey +#: field:base.config.settings,auth_admin_passkey_send_to_admin:0 +msgid "Send email to admin user." +msgstr "Envoyer un email à l'administrateur." + +#. module: auth_admin_passkey +#: help:base.config.settings,auth_admin_passkey_send_to_user:0 +msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the account user." +msgstr "Quand l'administrateur utilise son mot de passe pour s'authentifier avec un compte différent, OpenERP lui enverra un mail." + +#. module: auth_admin_passkey +#: help:base.config.settings,auth_admin_passkey_send_to_admin:0 +msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the admin user." +msgstr "Quand l'administrateur utilise son mot de passe pour s'authentifier avec un compte différent, OpenERP enverra un mail à l'utilisateur." + +#. module: auth_admin_passkey +#: field:base.config.settings,auth_admin_passkey_send_to_user:0 +msgid "Send email to user." +msgstr "Envoyer un email à l'utilisateur." + diff --git a/auth_admin_passkey/model/__init__.py b/auth_admin_passkey/model/__init__.py new file mode 100644 index 000000000..c672ffa17 --- /dev/null +++ b/auth_admin_passkey/model/__init__.py @@ -0,0 +1,7 @@ +# -*- encoding: utf-8 -*- +################################################################################ +# See __openerp__.py file for Copyright and Licence Informations. +################################################################################ + +import res_config +import res_users diff --git a/auth_admin_passkey/model/res_config.py b/auth_admin_passkey/model/res_config.py new file mode 100644 index 000000000..53e5d99b9 --- /dev/null +++ b/auth_admin_passkey/model/res_config.py @@ -0,0 +1,48 @@ +# -*- encoding: utf-8 -*- +################################################################################ +# See __openerp__.py file for Copyright and Licence Informations. +################################################################################ + +from openerp.osv import fields +from openerp.osv.orm import TransientModel +from openerp.tools.safe_eval import safe_eval + +class base_config_settings(TransientModel): + _inherit = 'base.config.settings' + + ### Getter / Setter Section + def get_default_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None): + icp = self.pool.get('ir.config_parameter') + return { + 'auth_admin_passkey_send_to_admin' : safe_eval(icp.get_param(cr, uid, 'auth_admin_passkey.send_to_admin', 'True')), + } + + def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None): + config = self.browse(cr, uid, ids[0], context=context) + icp = self.pool.get('ir.config_parameter') + icp.set_param(cr, uid, 'auth_admin_passkey.send_to_admin', repr(config.auth_admin_passkey_send_to_admin)) + + def get_default_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None): + icp = self.pool.get('ir.config_parameter') + return { + 'auth_admin_passkey_send_to_user' : safe_eval(icp.get_param(cr, uid, 'auth_admin_passkey.send_to_user', 'True')), + } + + def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None): + config = self.browse(cr, uid, ids[0], context=context) + icp = self.pool.get('ir.config_parameter') + icp.set_param(cr, uid, 'auth_admin_passkey.send_to_user', repr(config.auth_admin_passkey_send_to_user)) + + ### Columns Section + _columns = { + 'auth_admin_passkey_send_to_admin': fields.boolean( + 'Send email to admin user.', + help="When the administrator use his password to login in with "\ + "a different account, OpenERP will send an email to the admin user.", + ), + 'auth_admin_passkey_send_to_user': fields.boolean( + string='Send email to user.', + help="When the administrator use his password to login in with "\ + "a different account, OpenERP will send an email to the account user.", + ), + } diff --git a/auth_admin_passkey/model/res_users.py b/auth_admin_passkey/model/res_users.py new file mode 100644 index 000000000..9cc6599dc --- /dev/null +++ b/auth_admin_passkey/model/res_users.py @@ -0,0 +1,71 @@ +# -*- encoding: utf-8 -*- +################################################################################ +# See __openerp__.py file for Copyright and Licence Informations. +################################################################################ + +import datetime +from ast import literal_eval + +from openerp import SUPERUSER_ID +from openerp import pooler +from openerp import exceptions +from openerp.osv.orm import Model + +class res_users(Model): + _inherit = "res.users" + + ### Private Function section + def _send_email_passkey(self, cr, user_id, user_agent_env): + """ Send a email to the admin of the system to inform passkey use """ + mail_obj = self.pool.get('mail.mail') + icp_obj = self.pool.get('ir.config_parameter') + admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) + login_user = self.browse(cr, SUPERUSER_ID, user_id) + send_to_admin = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID, + 'auth_admin_passkey.send_to_admin', 'True')) + send_to_user = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID, + 'auth_admin_passkey.send_to_user', 'True')) + emails_to = [] + if send_to_admin and admin_user.email: + emails_to.append(admin_user.email) + if send_to_user and login_user.email: + emails_to.append(login_user.email) + if emails_to: + body = "Admin user used his passkey to login with '%s'.\n\n" %(login_user.login) + body += "\n\nTechnicals informations belows : \n\n" + body += "- Login date : %s\n\n" %(datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) + for key, value in user_agent_env.iteritems(): + body +=("- %s : %s\n\n") % (key, value) + for email_to in emails_to: + mail_obj.create(cr, SUPERUSER_ID, { + 'email_to': email_to, + 'subject': "Passkey used", + 'body_html': '
%s
' % body}) + + ### Overload Section + def authenticate(self, db, login, password, user_agent_env): + """ Authenticate the user 'login' is password is ok + or if is admin password. In the second case, send mail to user and admin.""" + user_id = super(res_users, self).authenticate(db, login, password, user_agent_env) + cr = pooler.get_db(db).cursor() + try: + # directly use parent 'check_credentials' function + # to really know if credentials are ok and if it's admin password + super(res_users, self).check_credentials(cr, SUPERUSER_ID, password) + if user_id != SUPERUSER_ID: + self._send_email_passkey(cr, user_id, user_agent_env) + cr.commit() + except exceptions.AccessDenied: + pass + finally: + cr.close() + return user_id + + def check_credentials(self, cr, uid, password): + """ Return now True if credentials are good OR if password is admin password""" + try: + super(res_users, self).check_credentials(cr, SUPERUSER_ID, password) + return True + except exceptions.AccessDenied: + return super(res_users, self).check_credentials(cr, uid, password) + diff --git a/auth_admin_passkey/static/src/img/icon.png b/auth_admin_passkey/static/src/img/icon.png new file mode 100644 index 000000000..490879d9f Binary files /dev/null and b/auth_admin_passkey/static/src/img/icon.png differ diff --git a/auth_admin_passkey/view/res_config_view.xml b/auth_admin_passkey/view/res_config_view.xml new file mode 100644 index 000000000..a7dbbcd44 --- /dev/null +++ b/auth_admin_passkey/view/res_config_view.xml @@ -0,0 +1,29 @@ + + + + + + base.config.settings.view + base.config.settings + + + + + + + + + + +