Skip to content

auth_admin_passkey to new API #519

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pedrobaeza merged 3 commits into from
Nov 22, 2016
Merged

auth_admin_passkey to new API #519

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8025a5d
auth_admin_passkey to new API
rvalyi Aug 15, 2016
06a27c8
auth_admin_passkey: better imports and use auto_commit
rvalyi Aug 18, 2016
64f23b8
auth_admin_passkey: model->models; view->views
rvalyi Aug 18, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 4 additions & 21 deletions auth_admin_passkey/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,6 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# -*- coding: utf-8 -*-
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html

from . import model
25 changes: 4 additions & 21 deletions auth_admin_passkey/__openerp__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,24 +1,7 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# -*- coding: utf-8 -*-
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html

{
'name': 'Authentification - Admin Passkey',
Expand Down
103 changes: 40 additions & 63 deletions auth_admin_passkey/model/res_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,76 +1,53 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# -*- coding: utf-8 -*-
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html

from openerp.osv import fields
from openerp.osv.orm import TransientModel
from openerp.tools.safe_eval import safe_eval
from openerp import api, fields, models


class base_config_settings(TransientModel):
class BaseConfigSettings(models.TransientModel):
_inherit = 'base.config.settings'

# Getter / Setter Section
def get_default_auth_admin_passkey_send_to_admin(
self, cr, uid, ids, context=None):
icp = self.pool['ir.config_parameter']
@api.model
def get_default_auth_admin_passkey_send_to_admin(self, fields):
return {
'auth_admin_passkey_send_to_admin': safe_eval(icp.get_param(
cr, uid, 'auth_admin_passkey.send_to_admin', 'True')),
'auth_admin_passkey_send_to_admin':
self.env["ir.config_parameter"].get_param(
"auth_admin_passkey.send_to_admin")
}

def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None):
config = self.browse(cr, uid, ids[0], context=context)
icp = self.pool['ir.config_parameter']
icp.set_param(
cr, uid, 'auth_admin_passkey.send_to_admin',
repr(config.auth_admin_passkey_send_to_admin))
@api.multi
def set_auth_admin_passkey_send_to_admin(self):
for config in self:
self.env['ir.config_parameter'].set_param(
"auth_admin_passkey.send_to_admin",
config.auth_admin_passkey_send_to_admin or '')

def get_default_auth_admin_passkey_send_to_user(
self, cr, uid, ids, context=None):
icp = self.pool['ir.config_parameter']
@api.model
def get_default_auth_admin_passkey_send_to_user(self, fields):
return {
'auth_admin_passkey_send_to_user': safe_eval(icp.get_param(
cr, uid, 'auth_admin_passkey.send_to_user', 'True')),
'auth_admin_passkey_send_to_user':
self.env["ir.config_parameter"].get_param(
Copy link
Copy Markdown
Contributor

@legalsylvain legalsylvain Aug 22, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,
Why did you removed safe_eval here, and not here :
8025a5d#diff-70199c6feb20b249a2794f26b51b5105R35

"auth_admin_passkey.send_to_user")
}

def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None):
config = self.browse(cr, uid, ids[0], context=context)
icp = self.pool['ir.config_parameter']
icp.set_param(
cr, uid, 'auth_admin_passkey.send_to_user',
repr(config.auth_admin_passkey_send_to_user))

# Columns Section
_columns = {
'auth_admin_passkey_send_to_admin': fields.boolean(
'Send email to admin user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the admin user.""",
),
'auth_admin_passkey_send_to_user': fields.boolean(
string='Send email to user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the account user.""",
),
}
@api.multi
def set_auth_admin_passkey_send_to_user(self):
for config in self:
self.env['ir.config_parameter'].set_param(
"auth_admin_passkey.send_to_user",
config.auth_admin_passkey_send_to_user or '')

auth_admin_passkey_send_to_admin = fields.Boolean(
string='Send email to admin user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the admin user.""")

auth_admin_passkey_send_to_user = fields.Boolean(
string='Send email to user.',
help="""When the administrator use his password to login in """
"""with a different account, OpenERP will send an email """
"""to the account user.""")
105 changes: 46 additions & 59 deletions auth_admin_passkey/model/res_users.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,55 +1,40 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# -*- coding: utf-8 -*-
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html

import datetime

from openerp import SUPERUSER_ID
from openerp import pooler
from openerp import registry
from openerp import exceptions
Copy link
Copy Markdown
Member

@pedrobaeza pedrobaeza Aug 18, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can join all of these imports (and order them in alphabetic)

from openerp.osv.orm import Model
from openerp import models, api
from openerp.tools.translate import _
Copy link
Copy Markdown
Member

@pedrobaeza pedrobaeza Aug 18, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be also imported in openerp namespace directly

from openerp.tools.safe_eval import safe_eval


class res_users(Model):
class ResUsers(models.Model):
_inherit = "res.users"

# Private Function section
def _get_translation(self, cr, lang, text):
def _get_translation(self, lang, text):
context = {'lang': lang} # noqa: _() checks page for locals
return _(text)

def _send_email_passkey(self, cr, user_id, user_agent_env):
@api.model
def _send_email_passkey(self, user_agent_env):
""" Send a email to the admin of the system and / or the user
to inform passkey use."""
mails = []
mail_obj = self.pool['mail.mail']
icp_obj = self.pool['ir.config_parameter']
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
login_user = self.browse(cr, SUPERUSER_ID, user_id)
send_to_admin = safe_eval(icp_obj.get_param(
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_admin', 'True'))
send_to_user = safe_eval(icp_obj.get_param(
cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_user', 'True'))
mail_obj = self.env['mail.mail']
icp_obj = self.env['ir.config_parameter']
admin_user = self.sudo().browse(SUPERUSER_ID)
login_user = self.sudo().browse(self.env.uid)
send_to_admin = safe_eval(icp_obj.sudo().get_param(
'auth_admin_passkey.send_to_admin',
'True'))
send_to_user = safe_eval(icp_obj.sudo().get_param(
'auth_admin_passkey.send_to_user',
'True'))

if send_to_admin and admin_user.email:
mails.append({'email': admin_user.email, 'lang': admin_user.lang})
Expand All @@ -58,34 +43,34 @@ def _send_email_passkey(self, cr, user_id, user_agent_env):

for mail in mails:
subject = self._get_translation(
cr, mail['lang'], _('Passkey used'))
mail['lang'], _('Passkey used'))
body = self._get_translation(
cr, mail['lang'],
mail['lang'],
_("""Admin user used his passkey to login with '%s'.\n\n"""
"""\n\nTechnicals informations belows : \n\n"""
"""- Login date : %s\n\n""")) % (
login_user.login,
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
for k, v in user_agent_env.iteritems():
body += ("- %s : %s\n\n") % (k, v)
mail_obj.create(
cr, SUPERUSER_ID, {
'email_to': mail['email'],
'subject': subject,
'body_html': '<pre>%s</pre>' % body})
mail_obj.sudo().create({
'email_to': mail['email'],
'subject': subject,
'body_html': '<pre>%s</pre>' % body})

def _send_email_same_password(self, cr, login_user):
@api.cr
def _send_email_same_password(self, login_user):
""" Send a email to the admin user to inform that another user has the
same password as him."""
mail_obj = self.pool['mail.mail']
admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
mail_obj = self.env['mail.mail']
admin_user = self.sudo().browse(SUPERUSER_ID)
if admin_user.email:
mail_obj.create(cr, SUPERUSER_ID, {
mail_obj.sudo().create({
'email_to': admin_user.email,
'subject': self._get_translation(
cr, admin_user.lang, _('[WARNING] OpenERP Security Risk')),
admin_user.lang, _('[WARNING] OpenERP Security Risk')),
'body_html': self._get_translation(
cr, admin_user.lang, _(
admin_user.lang, _(
"""<pre>User with login '%s' has the same """
"""password as you.</pre>""")) % (login_user),
})
Expand All @@ -94,20 +79,20 @@ def _send_email_same_password(self, cr, login_user):
def authenticate(self, db, login, password, user_agent_env):
""" Authenticate the user 'login' is password is ok or if
is admin password. In the second case, send mail to user and admin."""
user_id = super(res_users, self).authenticate(
user_id = super(ResUsers, self).authenticate(
db, login, password, user_agent_env)
if user_id and (user_id != SUPERUSER_ID):
same_password = False
cr = pooler.get_db(db).cursor()
cr = registry(db).cursor()
try:
# directly use parent 'check_credentials' function
# to really know if credentials are ok
# or if it was admin password
super(res_users, self).check_credentials(
super(ResUsers, self).check_credentials(
cr, SUPERUSER_ID, password)
try:
# Test now if the user has the same password as admin user
super(res_users, self).check_credentials(
super(ResUsers, self).check_credentials(
cr, user_id, password)
same_password = True
except exceptions.AccessDenied:
Expand All @@ -116,22 +101,24 @@ def authenticate(self, db, login, password, user_agent_env):
self._send_email_passkey(cr, user_id, user_agent_env)
else:
self._send_email_same_password(cr, login)
cr.commit()
# we need to commit as we need to create the mails
# and we are not in a method with standard cursor management
cr.commit() # pylint: disable=invalid-commit
Copy link
Copy Markdown
Member

@pedrobaeza pedrobaeza Aug 18, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there is an argument in send_mail called autocommit or similar that makes the same.

except exceptions.AccessDenied:
pass
finally:
cr.close()
return user_id

def check_credentials(self, cr, uid, password):
@api.model
def check_credentials(self, password):
""" Return now True if credentials are good OR if password is admin
password."""
if uid != SUPERUSER_ID:
if self.env.uid != SUPERUSER_ID:
try:
super(res_users, self).check_credentials(
cr, uid, password)
super(ResUsers, self).check_credentials(password)
return True
except exceptions.AccessDenied:
return self.check_credentials(cr, SUPERUSER_ID, password)
return self.sudo().check_credentials(password)
else:
return super(res_users, self).check_credentials(cr, uid, password)
return super(ResUsers, self).check_credentials(password)
25 changes: 4 additions & 21 deletions auth_admin_passkey/tests/test_auth_admin_passkey.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,24 +1,7 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Admin Passkey module for OpenERP
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# -*- coding: utf-8 -*-
# Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html

import threading

Expand Down