 [9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
8 years ago [9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
8 years ago [9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
8 years ago [9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
8 years ago [9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
8 years ago [9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
8 years ago [9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
8 years ago [9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
8 years ago [9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
8 years ago [9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
8 years ago |
|
# -*- coding: utf-8 -*-# Copyright 2016 Jairo Llopis <jairo.llopis@tecnativa.com># License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
import hmacimport hashlibfrom openerp import api, modelsfrom openerp.exceptions import AccessDeniedfrom openerp.tools import consteq
class MailMassMailing(models.Model): _inherit = "mail.mass_mailing"
@api.multi def _unsubscribe_token(self, res_id, compare=None): """Generate a secure hash for this mailing list and parameters.
This is appended to the unsubscription URL and then checked at unsubscription time to ensure no malicious unsubscriptions are performed.
:param int res_id: ID of the resource that will be unsubscribed.
:param str compare: Received token to be compared with the good one.
:raise AccessDenied: Will happen if you provide :param:`compare` and it does not match the good token. """
secret = self.env["ir.config_parameter"].sudo().get_param( "database.secret") key = (self.env.cr.dbname, self.id, int(res_id)) token = hmac.new(str(secret), repr(key), hashlib.sha512).hexdigest() if compare is not None and not consteq(token, str(compare)): raise AccessDenied() return token
def update_opt_out(self, email, res_ids, value): """Save unsubscription reason when opting out from mailing.""" self.ensure_one() action = "unsubscription" if value else "subscription" records = self.env[self.mailing_model].browse(res_ids) previous = self.env["mail.unsubscription"].search(limit=1, args=[ ("mass_mailing_id", "=", self.id), ("email", "=", email), ("action", "=", action), ]) for one in records: # Store action only when something changed, or there was no # previous subscription record if one.opt_out != value or (action == "subscription" and not previous): # reason_id and details are expected from the context self.env["mail.unsubscription"].create({ "email": email, "mass_mailing_id": self.id, "unsubscriber_id": "%s,%d" % (one._name, one.id), "action": action, }) return super(MailMassMailing, self).update_opt_out( email, res_ids, value)
|
