audrius/suite
1
0
Fork 1
mirror of https://gitlab.com/hibou-io/hibou-odoo/suite.git synced 2025-01-20 12:37:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

[FIX] auth_admin: finish refactor, skip MFA

Browse Source
This commit is contained in:
Jared Kipe
2022-10-07 08:52:14 +00:00
parent 9bce20d254
commit bc66a55dd8
1 changed files with 10 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
auth_admin/controllers/main.py
View File

@@ -25,33 +25,18 @@ class AuthAdmin(http.Controller):
try: try:
user = check_admin_auth_login(http.request.env, u, e, o, h) user = check_admin_auth_login(http.request.env, u, e, o, h)
http.request.session.uid = user.id # this is mostly like session finalize() as we skip MFA
http.request.session.pre_login = user.login env = http.request.env(user=user)
# http.request.session.pre_uid = pre_uid user_context = dict(env['res.users'].context_get())
with registry.cursor() as cr: http.request.session.should_rotate = True
env = odoo.api.Environment(cr, user.id, {}) http.request.session.update({
'login': user.login,
'uid': user.id,
'context': user_context,
'session_token': env.user._compute_session_token(http.request.session.sid),
})
# if 2FA is disabled we finalize immediately
user = env['res.users'].browse(user.id)
# TODO RFC do we want to allow this mechanism with mfa?
if not user._mfa_url():
http.request.session.finalize(env)
if request and request.db == dbname:
# Like update_env(user=request.session.uid) but works when uid is None
request.env = odoo.api.Environment(request.env.cr, http.request.session.uid, http.request.session.context)
request.update_context(**http.request.session.context)
# http.request.session.uid = user.id
# http.request.session.login = user.login
# http.request.session.password = ''
# http.request.session.auth_admin = int(o)
# http.request.uid = user.id
# uid = http.request.session.authenticate(http.request.session.db, user.login, 'x')
# if uid is not False:
# http.request.params['login_success'] = True
# return http.request.redirect('/my/home')
return http.request.redirect('/my/home') return http.request.redirect('/my/home')
except (exceptions.Warning, ) as e: except (exceptions.Warning, ) as e:
return http.Response(e.message, status=400) return http.Response(e.message, status=400)