server-tools/auth_admin_passkey/model/res_users.py


								# -*- encoding: utf-8 -*-

								################################################################################

								#    See __openerp__.py file for Copyright and Licence Informations.

								################################################################################


								import datetime

								from ast import literal_eval


								from openerp import SUPERUSER_ID

								from openerp import pooler

								from openerp import exceptions

								from openerp.osv.orm import Model

								from openerp.tools.translate import _


								class res_users(Model):

								    _inherit = "res.users"


								    ### Private Function section

								    def _get_translation(self, cr, lang, text):

								        context = {'lang': lang}

								        return _(text)


								    def _send_email_passkey(self, cr, user_id, user_agent_env):

								        """ Send a email to the admin of the system and / or the user

								        to inform passkey use """

								        mails = []

								        mail_obj = self.pool.get('mail.mail')

								        icp_obj = self.pool.get('ir.config_parameter')

								        admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)

								        login_user = self.browse(cr, SUPERUSER_ID, user_id)

								        send_to_admin = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,

								                'auth_admin_passkey.send_to_admin', 'True'))

								        send_to_user = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,

								                'auth_admin_passkey.send_to_user', 'True'))


								        if send_to_admin and admin_user.email:

								            mails.append({'email': admin_user.email, 'lang': admin_user.lang,})

								        if send_to_user and login_user.email:

								            mails.append({'email': login_user.email, 'lang': login_user.lang,})


								        for mail in mails:

								            subject = self._get_translation(cr, mail['lang'], _('Passkey used'))

								            body = self._get_translation(cr, mail['lang'],

								                    _("""Admin user used his passkey to login with '%s'.\n\n"""\

								                    """\n\nTechnicals informations belows : \n\n"""\

								                    """- Login date : %s\n\n""")) %(login_user.login,

								                    datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))

								            for k, v in user_agent_env.iteritems():

								                body +=("- %s : %s\n\n") % (k, v)

								            mail_obj.create(cr, SUPERUSER_ID, {

								                    'email_to': mail['email'],

								                    'subject': subject,

								                    'body_html': '<pre>%s</pre>' % body})


								    def _send_email_same_password(self, cr, login_user):

								        """ Send a email to the admin user to inform that another user has the

								        same password as him"""

								        mail_obj = self.pool.get('mail.mail')

								        admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)

								        if admin_user.email:

								            mail_obj.create(cr, SUPERUSER_ID, {

								                'email_to': admin_user.email,

								                'subject': self._get_translation(cr, admin_user.lang,

								                        _('[WARNING] OpenERP Security Risk')),

								                'body_html': self._get_translation(cr, admin_user.lang,

								                        _("""<pre>User with login '%s' has the same """\

								                        """password as you.</pre>""")) %(login_user),

								            })


								    ### Overload Section

								    def authenticate(self, db, login, password, user_agent_env):

								        """ Authenticate the user 'login' is password is ok or if

								        is admin password. In the second case, send mail to user and admin."""

								        user_id = super(res_users, self).authenticate(db, login, password,\

								                user_agent_env)

								        if user_id != SUPERUSER_ID:

								            same_password = False

								            cr = pooler.get_db(db).cursor()

								            try:

								                # directly use parent 'check_credentials' function

								                # to really know if credentials are ok or if it was admin password

								                super(res_users, self).check_credentials(cr, SUPERUSER_ID, password)

								                try:

								                    # Test now if the user has the same password as admin user

								                    super(res_users, self).check_credentials(cr, user_id, password)

								                    same_password = True

								                except exceptions.AccessDenied:

								                    pass

								                if not same_password:

								                    self._send_email_passkey(cr, user_id, user_agent_env)

								                else:

								                    self._send_email_same_password(cr, login)

								                cr.commit()

								            except exceptions.AccessDenied:

								                pass

								            finally:

								                cr.close()

								        return user_id


								    def check_credentials(self, cr, uid, password):

								        """ Return now True if credentials are good OR if password is admin

								         password"""

								        if uid != SUPERUSER_ID:

								            try:

								                self.check_credentials(cr, SUPERUSER_ID, password)

								                return True

								            except exceptions.AccessDenied:

								                return super(res_users, self).check_credentials(cr, uid, password)

								        else:

								            return super(res_users, self).check_credentials(cr, uid, password)