audrius/suite
1
0
Fork 1
mirror of https://gitlab.com/hibou-io/hibou-odoo/suite.git synced 2025-01-20 12:37:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

[MOV] rma: from Hibou Suite Enterprise for 13.0

Browse Source
This commit is contained in:
Jared Kipe
2020-07-03 08:53:24 -07:00
parent 78da77ab55
commit 9afed572a2
24 changed files with 1936 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
rma/controllers/main.py Normal file
View File

@@ -0,0 +1,51 @@
# Part of Hibou Suite Professional. See LICENSE_PROFESSIONAL file for full copyright and licensing details.
from odoo import http, exceptions
from base64 import b64decode
import hmac
from hashlib import sha256
from datetime import datetime
from time import mktime
def create_hmac(secret, a_attchment_id, e_expires):
return hmac.new(secret.encode(), str(str(a_attchment_id) + str(e_expires)).encode(), sha256).hexdigest()
def check_hmac(secret, hash_, a_attachment_id, e_expires):
myh = hmac.new(secret.encode(), str(str(a_attachment_id) + str(e_expires)).encode(), sha256)
return hmac.compare_digest(str(hash_), myh.hexdigest())
class RMAController(http.Controller):
@http.route(['/rma_label'], type='http', auth='public', website=True)
def index(self, *args, **request):
a_attachment_id = request.get('a')
e_expires = request.get('e')
hash = request.get('h')
if not all([a_attachment_id, e_expires, hash]):
return http.Response('Invalid Request', status=400)
now = datetime.utcnow()
now = int(mktime(now.timetuple()))
config = http.request.env['ir.config_parameter'].sudo()
secret = str(config.search([('key', '=', 'database.secret')], limit=1).value)
if not check_hmac(secret, hash, a_attachment_id, e_expires):
return http.Response('Invalid Request', status=400)
if now > int(e_expires):
return http.Response('Expired', status=404)
attachment = http.request.env['ir.attachment'].sudo().search([('id', '=', int(a_attachment_id))], limit=1)
if attachment:
data = attachment.datas
filename = attachment.name
mimetype = attachment.mimetype
return http.request.make_response(b64decode(data), [
('Content-Type', mimetype),
('Content-Disposition', 'attachment; filename="' + filename + '"')])
return http.Response('Invalid Attachment', status=404)