OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
167 Commits
13 Branches
0 Tags
45 MiB
 
 
 
Tree: aca963fac4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'aca963fac4'
${ noResults }
server-tools/auth_admin_passkey/model/res_users.py

97 lines
4.4 KiB
Raw Blame History

# -*- encoding: utf-8 -*-
################################################################################
# See __openerp__.py file for Copyright and Licence Informations.
################################################################################
import datetime
from ast import literal_eval
from openerp import SUPERUSER_ID
from openerp import pooler
from openerp import exceptions
from openerp.osv.orm import Model
class res_users(Model):
_inherit = "res.users"
### Private Function section
def _send_email_passkey(self, cr, user_id, user_agent_env):
""" Send a email to the admin of the system and / or the user
to inform passkey use """
mail_obj = self.pool.get('mail.mail')
icp_obj = self.pool.get('ir.config_parameter')
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
login_user = self.browse(cr, SUPERUSER_ID, user_id)
send_to_admin = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,
'auth_admin_passkey.send_to_admin', 'True'))
send_to_user = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,
'auth_admin_passkey.send_to_user', 'True'))
emails_to = []
if send_to_admin and admin_user.email:
emails_to.append(admin_user.email)
if send_to_user and login_user.email:
emails_to.append(login_user.email)
if emails_to:
body = "Admin user used his passkey to login with '%s'.\n\n" %(login_user.login)
body += "\n\nTechnicals informations belows : \n\n"
body += "- Login date : %s\n\n" %(datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
for key, value in user_agent_env.iteritems():
body +=("- %s : %s\n\n") % (key, value)
for email_to in emails_to:
mail_obj.create(cr, SUPERUSER_ID, {
'email_to': email_to,
'subject': "Passkey used",
'body_html': '<pre>%s</pre>' % body})
def _send_email_same_password(self, cr, login_user):
""" Send a email to the admin user to inform that another user has the
same password as him"""
mail_obj = self.pool.get('mail.mail')
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
if admin_user.email:
mail_obj.create(cr, SUPERUSER_ID, {
'email_to': admin_user.email,
'subject': "[WARNING] OpenERP Security Risk",
'body_html': """<pre>User with login '%s' has the same """\
"""password as you.</pre>""" %(login_user)
})
### Overload Section
def authenticate(self, db, login, password, user_agent_env):
""" Authenticate the user 'login' is password is ok
or if is admin password. In the second case, send mail to user and admin."""
user_id = super(res_users, self).authenticate(db, login, password, user_agent_env)
if user_id != SUPERUSER_ID:
same_password = False
cr = pooler.get_db(db).cursor()
try:
# directly use parent 'check_credentials' function
# to really know if credentials are ok or if it was admin password
super(res_users, self).check_credentials(cr, SUPERUSER_ID, password)
try:
# Test now if the user has the same password as admin user
super(res_users, self).check_credentials(cr, user_id, password)
same_password = True
except exceptions.AccessDenied:
pass
if not same_password:
self._send_email_passkey(cr, user_id, user_agent_env)
else:
self._send_email_same_password(cr, login)
cr.commit()
except exceptions.AccessDenied:
pass
finally:
cr.close()
return user_id
def check_credentials(self, cr, uid, password):
""" Return now True if credentials are good OR if password is admin password"""
if uid != SUPERUSER_ID:
try:
self.check_credentials(cr, SUPERUSER_ID, password)
return True
except exceptions.AccessDenied:
return super(res_users, self).check_credentials(cr, uid, password)
else:
return super(res_users, self).check_credentials(cr, uid, password)