From 3ae66729eda4cf3a27924f98e043de6e3ac1123f Mon Sep 17 00:00:00 2001 From: Jared Kipe Date: Fri, 28 Dec 2018 18:54:20 -0800 Subject: [PATCH] #5 Migrate to 12.0 Additionally, allowing the field to be written to improves the UI by automatically highlighting it and doesn't really have any negative side effects. (how could you alter the hmac?) --- auth_admin/__init__.py | 1 - auth_admin/__manifest__.py | 4 +--- auth_admin/controllers/main.py | 2 -- auth_admin/models/__init__.py | 1 - auth_admin/models/res_users.py | 25 +++++++++++++---------- auth_admin/wizard/__init__.py | 1 - auth_admin/wizard/portal_wizard.py | 14 +++++++++---- auth_admin/wizard/portal_wizard_views.xml | 4 ++-- 8 files changed, 27 insertions(+), 25 deletions(-) diff --git a/auth_admin/__init__.py b/auth_admin/__init__.py index cec04a5b..e4f4917a 100755 --- a/auth_admin/__init__.py +++ b/auth_admin/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- from . import controllers from . import models from . import wizard diff --git a/auth_admin/__manifest__.py b/auth_admin/__manifest__.py index d2f49137..b77d87ee 100755 --- a/auth_admin/__manifest__.py +++ b/auth_admin/__manifest__.py @@ -1,10 +1,8 @@ -# -*- coding: utf-8 -*- - { 'name': 'Auth Admin', 'author': 'Hibou Corp. ', 'category': 'Hidden', - 'version': '11.0.0.0.0', + 'version': '12.0.1.0.0', 'description': """ Login as other user diff --git a/auth_admin/controllers/main.py b/auth_admin/controllers/main.py index 13b2ec14..cf0ac9df 100755 --- a/auth_admin/controllers/main.py +++ b/auth_admin/controllers/main.py @@ -1,5 +1,3 @@ -# -*- coding: utf-8 -*- - from odoo import http, exceptions from ..models.res_users import check_admin_auth_login diff --git a/auth_admin/models/__init__.py b/auth_admin/models/__init__.py index 741ed460..88351653 100755 --- a/auth_admin/models/__init__.py +++ b/auth_admin/models/__init__.py @@ -1,2 +1 @@ -# -*- coding: utf-8 -*- from . import res_users diff --git a/auth_admin/models/res_users.py b/auth_admin/models/res_users.py index e3d0ffea..2d962402 100755 --- a/auth_admin/models/res_users.py +++ b/auth_admin/models/res_users.py @@ -1,5 +1,3 @@ -# -*- coding: utf-8 -*- - from odoo import models, api, exceptions from odoo.http import request from datetime import datetime @@ -10,6 +8,7 @@ from hashlib import sha256 from logging import getLogger _logger = getLogger(__name__) + def admin_auth_generate_login(env, user): """ Generates a URL to allow the current user to login as the portal user. @@ -36,6 +35,7 @@ def admin_auth_generate_login(env, user): return base_url + '/auth_admin?u=' + u + '&e=' + e + '&o=' + o + '&h=' + h.hexdigest() + def check_admin_auth_login(env, u_user_id, e_expires, o_org_user_id, hash_): """ Checks that the parameters are valid and that the user exists. @@ -58,14 +58,14 @@ def check_admin_auth_login(env, u_user_id, e_expires, o_org_user_id, hash_): myh = hmac.new(key.encode(), str(str(u_user_id) + str(e_expires) + str(o_org_user_id)).encode(), sha256) if not hmac.compare_digest(hash_, myh.hexdigest()): - raise exceptions.Warning('Invalid Request') + raise exceptions.AccessDenied('Invalid Request') if not (now <= int(e_expires) <= fifteen): - raise exceptions.Warning('Expired') + raise exceptions.AccessDenied('Expired') user = env['res.users'].sudo().search([('id', '=', int(u_user_id))], limit=1) if not user.id: - raise exceptions.Warning('Invalid User') + raise exceptions.AccessDenied('Invalid User') return user @@ -82,9 +82,12 @@ class ResUsers(models.Model): return False - @api.model - def check_credentials(self, password): - if request and hasattr(request, 'session') and request.session.get('auth_admin'): - _logger.warn('check_credentials for user id: ' + str(request.session.uid) + ' original user id: ' + str(request.session.auth_admin)) - return True - return super(ResUsers, self).check_credentials(password) + def _check_credentials(self, password): + try: + return super(ResUsers, self)._check_credentials(password) + except exceptions.AccessDenied: + if request and hasattr(request, 'session') and request.session.get('auth_admin'): + _logger.warn('_check_credentials for user id: ' + \ + str(request.session.uid) + ' original user id: ' + str(request.session.auth_admin)) + else: + raise diff --git a/auth_admin/wizard/__init__.py b/auth_admin/wizard/__init__.py index 853f3b4d..8bff21fa 100755 --- a/auth_admin/wizard/__init__.py +++ b/auth_admin/wizard/__init__.py @@ -1,2 +1 @@ -# -*- coding: utf-8 -*- from . import portal_wizard diff --git a/auth_admin/wizard/portal_wizard.py b/auth_admin/wizard/portal_wizard.py index e9e036ad..f8248421 100755 --- a/auth_admin/wizard/portal_wizard.py +++ b/auth_admin/wizard/portal_wizard.py @@ -9,7 +9,13 @@ class PortalWizard(models.TransientModel): def admin_auth_generate_login(self): self.ensure_one() self.user_ids.admin_auth_generate_login() - return {'type': 'ir.actions.do_nothing'} + return { + "type": "ir.actions.act_window", + "res_model": self._name, + "views": [[False, "form"]], + "res_id": self.id, + "target": "new", + } class PortalWizardUser(models.TransientModel): @@ -20,8 +26,8 @@ class PortalWizardUser(models.TransientModel): @api.multi def admin_auth_generate_login(self): ir_model_access = self.env['ir.model.access'] - for row in self: - row.force_login_url = '' + for row in self.filtered(lambda r: r.in_portal): user = row.partner_id.user_ids[0] if row.partner_id.user_ids else None - if ir_model_access.check('res.partner', mode='unlink') and row.in_portal and user: + if ir_model_access.check('res.partner', mode='unlink') and user: row.force_login_url = admin_auth_generate_login(self.env, user) + self.filtered(lambda r: not r.in_portal).update({'force_login_url': ''}) diff --git a/auth_admin/wizard/portal_wizard_views.xml b/auth_admin/wizard/portal_wizard_views.xml index 78e37b21..6389e4ca 100755 --- a/auth_admin/wizard/portal_wizard_views.xml +++ b/auth_admin/wizard/portal_wizard_views.xml @@ -7,10 +7,10 @@ - + -