# -*- coding: utf-8 -*- # Copyright 2015 LasLabs Inc. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). import operator from openerp import http from openerp.http import request from openerp.addons.auth_signup.controllers.main import AuthSignupHome from openerp.addons.web.controllers.main import ensure_db, Session from ..exceptions import PassError class PasswordSecuritySession(Session): @http.route() def change_password(self, fields): new_password = operator.itemgetter('new_password')( dict(map(operator.itemgetter('name', 'value'), fields)) ) user_id = request.env.user user_id.check_password(new_password) return super(PasswordSecuritySession, self).change_password(fields) class PasswordSecurityHome(AuthSignupHome): def do_signup(self, qcontext): password = qcontext.get('password') user_id = request.env.user user_id.check_password(password) return super(PasswordSecurityHome, self).do_signup(qcontext) @http.route() def web_login(self, *args, **kw): ensure_db() response = super(PasswordSecurityHome, self).web_login(*args, **kw) login_success = request.params.get('login_success', True) if not request.httprequest.method == 'POST' or not login_success: return response uid = request.session.authenticate( request.session.db, request.params['login'], request.params['password'] ) if not uid: return response users_obj = request.env['res.users'].sudo() user_id = users_obj.browse(request.uid) if not user_id._password_has_expired(): return response user_id.action_expire_password() request.session.logout(keep_db=True) redirect = user_id.partner_id.signup_url return http.redirect_with_hash(redirect) @http.route() def web_auth_signup(self, *args, **kw): try: return super(PasswordSecurityHome, self).web_auth_signup( *args, **kw ) except PassError as e: qcontext = self.get_auth_signup_qcontext() qcontext['error'] = e.message return request.render('auth_signup.signup', qcontext) @http.route() def web_auth_reset_password(self, *args, **kw): """ It provides hook to disallow front-facing resets inside of min Unfortuantely had to reimplement some core logic here because of nested logic in parent """ qcontext = self.get_auth_signup_qcontext() if ( request.httprequest.method == 'POST' and qcontext.get('login') and 'error' not in qcontext and 'token' not in qcontext ): login = qcontext.get('login') user_ids = request.env.sudo().search( [('login', '=', login)], limit=1, ) if not user_ids: user_ids = request.env.sudo().search( [('email', '=', login)], limit=1, ) user_ids._validate_pass_reset() return super(PasswordSecurityHome, self).web_auth_reset_password( *args, **kw )