169 lines
8.1 KiB
Python
169 lines
8.1 KiB
Python
|
# -*- coding: utf-8 -*-
|
||
|
# Part of Odoo. See LICENSE file for full copyright and licensing details.
|
||
|
import logging
|
||
|
import werkzeug
|
||
|
from werkzeug.urls import url_encode
|
||
|
|
||
|
from odoo import http, tools, _
|
||
|
from odoo.addons.auth_signup.models.res_users import SignupError
|
||
|
from odoo.addons.web.controllers.home import ensure_db, Home, SIGN_UP_REQUEST_PARAMS, LOGIN_SUCCESSFUL_PARAMS
|
||
|
from odoo.addons.base_setup.controllers.main import BaseSetup
|
||
|
from odoo.exceptions import UserError
|
||
|
from odoo.http import request
|
||
|
|
||
|
_logger = logging.getLogger(__name__)
|
||
|
|
||
|
LOGIN_SUCCESSFUL_PARAMS.add('account_created')
|
||
|
|
||
|
|
||
|
class AuthSignupHome(Home):
|
||
|
|
||
|
@http.route()
|
||
|
def web_login(self, *args, **kw):
|
||
|
ensure_db()
|
||
|
response = super().web_login(*args, **kw)
|
||
|
response.qcontext.update(self.get_auth_signup_config())
|
||
|
if request.session.uid:
|
||
|
if request.httprequest.method == 'GET' and request.params.get('redirect'):
|
||
|
# Redirect if already logged in and redirect param is present
|
||
|
return request.redirect(request.params.get('redirect'))
|
||
|
# Add message for non-internal user account without redirect if account was just created
|
||
|
if response.location == '/web/login_successful' and kw.get('confirm_password'):
|
||
|
return request.redirect_query('/web/login_successful', query={'account_created': True})
|
||
|
return response
|
||
|
|
||
|
@http.route('/web/signup', type='http', auth='public', website=True, sitemap=False)
|
||
|
def web_auth_signup(self, *args, **kw):
|
||
|
qcontext = self.get_auth_signup_qcontext()
|
||
|
|
||
|
if not qcontext.get('token') and not qcontext.get('signup_enabled'):
|
||
|
raise werkzeug.exceptions.NotFound()
|
||
|
|
||
|
if 'error' not in qcontext and request.httprequest.method == 'POST':
|
||
|
try:
|
||
|
self.do_signup(qcontext)
|
||
|
# Send an account creation confirmation email
|
||
|
User = request.env['res.users']
|
||
|
user_sudo = User.sudo().search(
|
||
|
User._get_login_domain(qcontext.get('login')), order=User._get_login_order(), limit=1
|
||
|
)
|
||
|
template = request.env.ref('auth_signup.mail_template_user_signup_account_created', raise_if_not_found=False)
|
||
|
if user_sudo and template:
|
||
|
template.sudo().send_mail(user_sudo.id, force_send=True)
|
||
|
return self.web_login(*args, **kw)
|
||
|
except UserError as e:
|
||
|
qcontext['error'] = e.args[0]
|
||
|
except (SignupError, AssertionError) as e:
|
||
|
if request.env["res.users"].sudo().search([("login", "=", qcontext.get("login"))]):
|
||
|
qcontext["error"] = _("Another user is already registered using this email address.")
|
||
|
else:
|
||
|
_logger.warning("%s", e)
|
||
|
qcontext['error'] = _("Could not create a new account.") + "\n" + str(e)
|
||
|
|
||
|
elif 'signup_email' in qcontext:
|
||
|
user = request.env['res.users'].sudo().search([('email', '=', qcontext.get('signup_email')), ('state', '!=', 'new')], limit=1)
|
||
|
if user:
|
||
|
return request.redirect('/web/login?%s' % url_encode({'login': user.login, 'redirect': '/web'}))
|
||
|
|
||
|
response = request.render('auth_signup.signup', qcontext)
|
||
|
response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
||
|
response.headers['Content-Security-Policy'] = "frame-ancestors 'self'"
|
||
|
return response
|
||
|
|
||
|
@http.route('/web/reset_password', type='http', auth='public', website=True, sitemap=False)
|
||
|
def web_auth_reset_password(self, *args, **kw):
|
||
|
qcontext = self.get_auth_signup_qcontext()
|
||
|
|
||
|
if not qcontext.get('token') and not qcontext.get('reset_password_enabled'):
|
||
|
raise werkzeug.exceptions.NotFound()
|
||
|
|
||
|
if 'error' not in qcontext and request.httprequest.method == 'POST':
|
||
|
try:
|
||
|
if qcontext.get('token'):
|
||
|
self.do_signup(qcontext)
|
||
|
return self.web_login(*args, **kw)
|
||
|
else:
|
||
|
login = qcontext.get('login')
|
||
|
assert login, _("No login provided.")
|
||
|
_logger.info(
|
||
|
"Password reset attempt for <%s> by user <%s> from %s",
|
||
|
login, request.env.user.login, request.httprequest.remote_addr)
|
||
|
request.env['res.users'].sudo().reset_password(login)
|
||
|
qcontext['message'] = _("Password reset instructions sent to your email")
|
||
|
except UserError as e:
|
||
|
qcontext['error'] = e.args[0]
|
||
|
except SignupError:
|
||
|
qcontext['error'] = _("Could not reset your password")
|
||
|
_logger.exception('error when resetting password')
|
||
|
except Exception as e:
|
||
|
qcontext['error'] = str(e)
|
||
|
|
||
|
elif 'signup_email' in qcontext:
|
||
|
user = request.env['res.users'].sudo().search([('email', '=', qcontext.get('signup_email')), ('state', '!=', 'new')], limit=1)
|
||
|
if user:
|
||
|
return request.redirect('/web/login?%s' % url_encode({'login': user.login, 'redirect': '/web'}))
|
||
|
|
||
|
response = request.render('auth_signup.reset_password', qcontext)
|
||
|
response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
||
|
response.headers['Content-Security-Policy'] = "frame-ancestors 'self'"
|
||
|
return response
|
||
|
|
||
|
def get_auth_signup_config(self):
|
||
|
"""retrieve the module config (which features are enabled) for the login page"""
|
||
|
|
||
|
get_param = request.env['ir.config_parameter'].sudo().get_param
|
||
|
return {
|
||
|
'disable_database_manager': not tools.config['list_db'],
|
||
|
'signup_enabled': request.env['res.users']._get_signup_invitation_scope() == 'b2c',
|
||
|
'reset_password_enabled': get_param('auth_signup.reset_password') == 'True',
|
||
|
}
|
||
|
|
||
|
def get_auth_signup_qcontext(self):
|
||
|
""" Shared helper returning the rendering context for signup and reset password """
|
||
|
qcontext = {k: v for (k, v) in request.params.items() if k in SIGN_UP_REQUEST_PARAMS}
|
||
|
qcontext.update(self.get_auth_signup_config())
|
||
|
if not qcontext.get('token') and request.session.get('auth_signup_token'):
|
||
|
qcontext['token'] = request.session.get('auth_signup_token')
|
||
|
if qcontext.get('token'):
|
||
|
try:
|
||
|
# retrieve the user info (name, login or email) corresponding to a signup token
|
||
|
token_infos = request.env['res.partner'].sudo().signup_retrieve_info(qcontext.get('token'))
|
||
|
for k, v in token_infos.items():
|
||
|
qcontext.setdefault(k, v)
|
||
|
except:
|
||
|
qcontext['error'] = _("Invalid signup token")
|
||
|
qcontext['invalid_token'] = True
|
||
|
return qcontext
|
||
|
|
||
|
def _prepare_signup_values(self, qcontext):
|
||
|
values = { key: qcontext.get(key) for key in ('login', 'name', 'password') }
|
||
|
if not values:
|
||
|
raise UserError(_("The form was not properly filled in."))
|
||
|
if values.get('password') != qcontext.get('confirm_password'):
|
||
|
raise UserError(_("Passwords do not match; please retype them."))
|
||
|
supported_lang_codes = [code for code, _ in request.env['res.lang'].get_installed()]
|
||
|
lang = request.context.get('lang', '')
|
||
|
if lang in supported_lang_codes:
|
||
|
values['lang'] = lang
|
||
|
return values
|
||
|
|
||
|
def do_signup(self, qcontext):
|
||
|
""" Shared helper that creates a res.partner out of a token """
|
||
|
values = self._prepare_signup_values(qcontext)
|
||
|
self._signup_with_values(qcontext.get('token'), values)
|
||
|
request.env.cr.commit()
|
||
|
|
||
|
def _signup_with_values(self, token, values):
|
||
|
login, password = request.env['res.users'].sudo().signup(values, token)
|
||
|
request.env.cr.commit() # as authenticate will use its own cursor we need to commit the current transaction
|
||
|
pre_uid = request.session.authenticate(request.db, login, password)
|
||
|
if not pre_uid:
|
||
|
raise SignupError(_('Authentication Failed.'))
|
||
|
|
||
|
class AuthBaseSetup(BaseSetup):
|
||
|
@http.route()
|
||
|
def base_setup_data(self, **kwargs):
|
||
|
res = super().base_setup_data(**kwargs)
|
||
|
res.update({'resend_invitation': True})
|
||
|
return res
|