def company_logo(self, dbname=None, **kw):
imgname = 'placeholder.png'
placeholder = functools.partial(get_module_resource, 'web', 'static',
'src', 'img')
dbname = request.session and request.session.db or db_monodb()
uid = request.session and request.session.uid or odoo.SUPERUSER_ID
if not dbname:
response = http.send_file(placeholder(imgname))
else:
try:
# create an empty registry
registry = odoo.modules.registry.Registry(dbname)
with registry.cursor() as cr:
cr.execute(
"""
SELECT c.logo_web, c.write_date
FROM res_users u
LEFT JOIN res_company c ON c.id = u.company_id
WHERE u.id = %s
""", (uid))
row = cr.fetchone()
if row and row[0]:
image_data = StringIO(str(row[0]).decode('base64'))
response = http.send_file(image_data,
filename=imgname,
mtime=row[1])
else:
response = http.send_file(
placeholder('placeholder.png'))
except Exception:
response = http.send_file(placeholder(imgname))
return response
def oea(self, **kw):
"""login user via Odoo Account provider"""
dbname = kw.pop('db', None)
if not dbname:
dbname = db_monodb()
if not dbname:
return BadRequest()
if not http.db_filter([dbname]):
return BadRequest()
registry = registry_get(dbname)
with registry.cursor() as cr:
try:
env = api.Environment(cr, SUPERUSER_ID, {})
provider = env.ref('auth_oauth.provider_openerp')
except ValueError:
return set_cookie_and_redirect('/web?db=%s' % dbname)
assert provider._name == 'auth.oauth.provider'
state = {
'd': dbname,
'p': provider.id,
'c': {
'no_user_creation': True
},
}
kw['state'] = json.dumps(state)
return self.signin(**kw)
def oea(self, **kw):
"""login user via Odoo Account provider"""
dbname = kw.pop('db', None)
if not dbname:
dbname = db_monodb()
if not dbname:
return BadRequest()
registry = registry_get(dbname)
with registry.cursor() as cr:
try:
env = api.Environment(cr, SUPERUSER_ID, {})
provider = env.ref('auth_oauth.provider_openerp')
except ValueError:
return set_cookie_and_redirect('/web?db=%s' % dbname)
assert provider._name == 'auth.oauth.provider'
state = {
'd': dbname,
'p': provider.id,
'c': {'no_user_creation': True},
}
kw['state'] = json.dumps(state)
return self.signin(**kw)
def _render_template(self, **d):
d.setdefault('manage', True)
d['insecure'] = odoo.tools.config['admin_passwd'] == 'admin'
d['list_db'] = odoo.tools.config['list_db']
d['langs'] = odoo.service.db.exp_list_lang()
d['countries'] = odoo.service.db.exp_list_countries()
d['pattern'] = DBNAME_PATTERN
# databases list
d['databases'] = []
try:
d['databases'] = http.db_list()
except odoo.exceptions.AccessDenied:
monodb = db_monodb()
if monodb:
d['databases'] = [monodb]
return env.get_template("database_manager.html").render(d)
def training_headers(self, dbname=None, **kw):
imgname = 'logo'
imgext = '.png'
placeholder = functools.partial(get_resource_path, 'web', 'static',
'src', 'img')
uid = None
if request.session.db:
dbname = request.session.db
uid = request.session.uid
elif dbname is None:
dbname = db_monodb()
if not uid:
uid = odoo.SUPERUSER_ID
if not dbname:
response = http.send_file(placeholder(imgname + imgext))
else:
try:
# create an empty registry
image = False
registry = odoo.modules.registry.Registry(dbname)
with registry.cursor() as cr:
training_record = int(
kw['record']) if kw and kw.get('record') else False
cr.execute(
"""SELECT image_small,
FROM product_product
WHERE id = %s
""", (training_record, ))
row = cr.fetchone()
if row and row[0]:
image_base64 = base64.b64decode(row[0])
image_data = io.BytesIO(image_base64)
imgext = '.' + (imghdr.what(None, h=image_base64)
or 'png')
response = http.send_file(image_data,
filename=imgname + imgext,
mtime=row[1])
# else:
# response = http.send_file(placeholder('nologo.png'))
except Exception:
response = http.send_file(placeholder(imgname + imgext))
return response
def _render_template(self, **d):
d.setdefault('manage', True)
d['insecure'] = tools.config.verify_admin_password('admin')
d['list_db'] = tools.config['list_db']
d['langs'] = service.db.exp_list_lang()
d['countries'] = service.db.exp_list_countries()
d['pattern'] = DBNAME_PATTERN
# databases list
d['databases'] = []
d['app_name'] = yap_app_name
d['without_demo'] = tools.config['without_demo']
try:
d['databases'] = http.db_list()
d['incompatible_databases'] = service.db.list_db_incompatible(d['databases'])
except odoo_exceptions.AccessDenied:
mono_db = db_monodb()
if mono_db:
d['databases'] = [mono_db]
return env.get_template("yap_database_manager.html").render(d)
def xml(self, **kwargs):
req = odoo.http.request
language = kwargs.get("language", None)
if req.httprequest.method == "GET":
# Login
database = kwargs.get("database", None)
if not database:
database = db_monodb()
req.session.db = database
try:
uid = self.authenticate(req, database, language)
except Exception as e:
logger.warning("Failed login attempt: %s" % e)
return Response(
"Login with Odoo user name and password",
401,
headers=[("WWW-Authenticate", 'Basic realm="odoo"')],
)
# As an optional extra security check we can validate a web token attached
# to the request. It allows use to verify that the request is generated
# from frePPLe and not from somebody else.
# Generate data
try:
xp = exporter(
req,
uid=uid,
database=database,
company=kwargs.get("company", None),
mode=int(kwargs.get("mode", 1)),
)
# TODO Returning an iterator to stream the response back to the client and
# to save memory on the server side
return req.make_response(
"".join([i for i in xp.run()]),
headers=[
("Content-Type", "application/xml;charset=utf8"),
("Cache-Control",
"no-cache, no-store, must-revalidate"),
("Pragma", "no-cache"),
("Expires", "0"),
],
)
except Exception as e:
logger.exception("Error generating frePPLe XML data")
raise InternalServerError(
description=
"Error generating frePPLe XML data: check the Odoo log file for more details"
)
elif req.httprequest.method == "POST":
# Authenticate the user
database = req.httprequest.form.get("database", None)
if not database:
database = db_monodb()
req.session.db = database
try:
self.authenticate(req, database, language)
except Exception as e:
logger.warning("Failed login attempt %s" % e)
return Response(
"Login with Odoo user name and password",
401,
headers=[("WWW-Authenticate", 'Basic realm="odoo"')],
)
# Validate the company argument
company_name = req.httprequest.form.get("company", None)
company = None
m = req.env["res.company"]
recs = m.search([("name", "=", company_name)], limit=1)
for i in recs:
company = i
if not company:
return Response("Invalid company name argument", 401)
# Verify that the data was posted from frePPLe and nobody else
try:
webtoken = req.httprequest.form.get("webtoken", None)
decoded = jwt.decode(webtoken,
company.webtoken_key,
algorithms=["HS256"])
logger.warning(str(decoded))
if self.user != decoded.get("user", None):
return Response("Incorrect or missing webtoken", 401)
except Exception as e:
logger.warning("Incorrect or missing webtoken %s " % e)
return Response("Incorrect or missing webtoken", 401)
# Import the data
try:
ip = importer(
req,
database=database,
company=company,
mode=req.httprequest.form.get("mode", 1),
)
return req.make_response(
ip.run(),
[
("Content-Type", "text/plain"),
("Cache-Control",
"no-cache, no-store, must-revalidate"),
("Pragma", "no-cache"),
("Expires", "0"),
],
)
except Exception as e:
logger.exception("Error processing data posted by frePPLe")
raise InternalServerError(
description=
"Error processing data posted by frePPLe: check the Odoo log file for more details"
)
else:
raise MethodNotAllowed("Only GET and POST requests are accepted")
def xml(self, **kwargs):
database = kwargs.get('database', None)
if not database:
database = db_monodb()
req = odoo.http.request
language = kwargs.get('language', None)
if req.httprequest.method == 'GET':
# Login
database = kwargs.get('database', None)
req.session.db = database
try:
uid = self.authenticate(req, database, language)
except Exception as e:
logger.warning("Failed login attempt: %s" % e)
return Response('Login with Odoo user name and password',
401,
headers=[('WWW-Authenticate',
'Basic realm="odoo"')])
# As an optional extra security check we can validate a web token attached
# to the request. It allows use to verify that the request is generated
# from frePPLe and not from somebody else.
# Generate data
try:
xp = exporter(req,
uid=uid,
database=database,
company=kwargs.get('company', None),
mode=int(kwargs.get('mode', 1)))
# TODO Returning an iterator to stream the response back to the client and
# to save memory on the server side
return req.make_response(
''.join([i for i in xp.run()]),
headers=[('Content-Type', 'application/xml;charset=utf8'),
('Cache-Control',
'no-cache, no-store, must-revalidate'),
('Pragma', 'no-cache'), ('Expires', '0')])
except Exception as e:
logger.exception('Error generating frePPLe XML data')
raise InternalServerError(
description=
'Error generating frePPLe XML data: check the Odoo log file for more details'
)
elif req.httprequest.method == 'POST':
# Authenticate the user
database = req.httprequest.form.get('database', None)
req.session.db = database
try:
self.authenticate(req, database, language)
except Exception as e:
logger.warning("Failed login attempt %s" % e)
return Response('Login with Odoo user name and password',
401,
headers=[('WWW-Authenticate',
'Basic realm="odoo"')])
# Validate the company argument
company_name = req.httprequest.form.get('company', None)
company = None
m = req.env['res.company']
recs = m.search([('name', '=', company_name)], limit=1)
for i in recs:
company = i
if not company:
return Response('Invalid company name argument', 401)
# Verify that the data was posted from frePPLe and nobody else
try:
webtoken = req.httprequest.form.get('webtoken', None)
decoded = jwt.decode(webtoken,
company.webtoken_key,
algorithms=['HS256'])
if self.user != decoded.get('user', None):
return Response('Incorrect or missing webtoken', 401)
except:
return Response('Incorrect or missing webtoken', 401)
# Import the data
try:
ip = importer(req,
database=database,
company=company,
mode=req.httprequest.form.get('mode', 1))
return req.make_response(
ip.run(),
[('Content-Type', 'text/plain'),
('Cache-Control', 'no-cache, no-store, must-revalidate'),
('Pragma', 'no-cache'), ('Expires', '0')])
except Exception as e:
logger.exception('Error processing data posted by frePPLe')
raise InternalServerError(
description=
'Error processing data posted by frePPLe: check the Odoo log file for more details'
)
else:
raise MethodNotAllowed('Only GET and POST requests are accepted')
def xml(self, **kwargs):
database = kwargs.get('database', None)
if not database:
database = db_monodb()
req = odoo.http.request
language = kwargs.get('language', None)
if req.httprequest.method == 'GET':
# Login
database = kwargs.get('database', None)
req.session.db = database
try:
uid = self.authenticate(req, database, language)
except Exception as e:
logger.warning("Failed login attempt: %s" % e)
return Response(
'Login with Odoo user name and password', 401,
headers=[('WWW-Authenticate', 'Basic realm="odoo"')]
)
# As an optional extra security check we can validate a web token attached
# to the request. It allows use to verify that the request is generated
# from frePPLe and not from somebody else.
# Generate data
try:
xp = exporter(
req,
uid=uid,
database=database,
company=kwargs.get('company', None),
mode=int(kwargs.get('mode', 1))
)
# TODO Returning an iterator to stream the response back to the client and
# to save memory on the server side
return req.make_response(
''.join([i for i in xp.run()]),
headers=[
('Content-Type', 'application/xml;charset=utf8'),
('Cache-Control', 'no-cache, no-store, must-revalidate'),
('Pragma', 'no-cache'),
('Expires', '0')
])
except Exception as e:
logger.exception('Error generating frePPLe XML data')
raise InternalServerError(description='Error generating frePPLe XML data: check the Odoo log file for more details')
elif req.httprequest.method == 'POST':
# Authenticate the user
database = req.httprequest.form.get('database', None)
req.session.db = database
try:
self.authenticate(req, database, language)
except Exception as e:
logger.warning("Failed login attempt %s" % e)
return Response(
'Login with Odoo user name and password', 401,
headers=[('WWW-Authenticate', 'Basic realm="odoo"')]
)
# Validate the company argument
company_name = req.httprequest.form.get('company', None)
company = None
m = req.env['res.company']
recs = m.search([('name', '=', company_name)], limit=1)
for i in recs:
company = i
if not company:
return Response('Invalid company name argument', 401)
# Verify that the data was posted from frePPLe and nobody else
try:
webtoken = req.httprequest.form.get('webtoken', None)
decoded = jwt.decode(
webtoken,
company.webtoken_key,
algorithms=['HS256']
)
if self.user != decoded.get('user', None):
return Response('Incorrect or missing webtoken', 401)
except:
return Response('Incorrect or missing webtoken', 401)
# Import the data
try:
ip = importer(
req,
database=database,
company=company,
mode=req.httprequest.form.get('mode', 1)
)
return req.make_response(
ip.run(),
[
('Content-Type', 'text/plain'),
('Cache-Control', 'no-cache, no-store, must-revalidate'),
('Pragma', 'no-cache'),
('Expires', '0')
])
except Exception as e:
logger.exception('Error processing data posted by frePPLe')
raise InternalServerError(description='Error processing data posted by frePPLe: check the Odoo log file for more details')
else:
raise MethodNotAllowed('Only GET and POST requests are accepted')
def company_wecom_message_web_logo(self, dbname=None, **kw):
imgname = "wecom_message_logo"
imgext = ".png"
placeholder = functools.partial(get_resource_path, "web", "static",
"src", "img")
uid = None
if request.session.db:
dbname = request.session.db
uid = request.session.uid
elif dbname is None:
dbname = db_monodb()
if not uid:
uid = odoo.SUPERUSER_ID
if not dbname:
response = http.send_file(placeholder(imgname + imgext))
else:
try:
# create an empty registry
registry = odoo.modules.registry.Registry(dbname)
with registry.cursor() as cr:
company = int(
kw["company"]) if kw and kw.get("company") else False
if company:
cr.execute(
"""SELECT wecom_message_logo_web, write_date
FROM res_company
WHERE id = %s
""",
(company, ),
)
else:
cr.execute(
"""SELECT c.wecom_message_logo_web, c.write_date
FROM res_users u
LEFT JOIN res_company c
ON c.id = u.company_id
WHERE u.id = %s
""",
(uid, ),
)
row = cr.fetchone()
if row and row[0]:
image_base64 = base64.b64decode(row[0])
image_data = io.BytesIO(image_base64)
mimetype = guess_mimetype(image_base64,
default="image/png")
imgext = "." + mimetype.split("/")[1]
if imgext == ".svg+xml":
imgext = ".svg"
response = http.send_file(
image_data,
filename=imgname + imgext,
mimetype=mimetype,
mtime=row[1],
)
else:
response = http.send_file(placeholder("nologo.png"))
except Exception:
response = http.send_file(placeholder(imgname + imgext))
return response
