def apply(self, offer):
if http.request.httprequest.method != 'POST':
return http.local_redirect('/offer/{}'.format(slug(offer)))
try:
http.request.env['offers.application'].sudo().create({
'user': http.request.env.user.id,
'offer': offer.id,
})
except IntegrityError:
# can't use the usual `http.request.env.cr` style,
# because `env` queries db and everything explodes
http.request._cr.rollback()
return http.request.render('bestja_offers.duplicate_application')
return http.local_redirect('/offer/{}/thankyou'.format(slug(offer)))
def portal_my_contacts_create(self, redirect="/my/contacts/{}", **kwargs):
"""Create a contact."""
self._contacts_fields_check(kwargs.keys())
values = self._contacts_clean_values(kwargs)
_logger.debug("Creating contact with: %s", values)
contact = request.env["res.partner"].create(values)
return local_redirect(redirect.format(contact.id))
def page_as_widget(self, *args, **kwargs):
# get aswiddget from kwargs or set it to True if not found: So one could call the URL with &aswidget=False to
# reset the session and show header and footer again
request.session['aswidget'] = kwargs.get('aswidget', True)
widgeturl = kwargs.get('widgeturl', '/')
# local_redirect found at addons/web/controllers/main.py line 467
return http.local_redirect(widgeturl, query=request.params, keep_hash=True)
def create(self, **kwargs):
cr, uid, context = request.cr, request.session.uid, request.context
password = request.session.password
version = release.version_info[0]
if version==9:
csrf_token = request.csrf_token()
else :
csrf_token = 'None'
if not request.session.uid:
return http.local_redirect('/saas/create')
else :
user_id = request.session.uid
partner_id = request.registry['res.users'].read(cr, uid, user_id, ['partner_id'])['partner_id'][0]
if len(kwargs):
values = {'user':partner_id,
'host_name': kwargs['domain_name'],
'server':kwargs.get('server_select', False),
}
ids = request.registry['saas.user.info'].create(cr, uid, values,context=context)
#request.registry['saas.user.info'].create_use_db(cr, uid, [ids],password,context=context)
template = request.registry('ir.model.data').get_object(cr, SUPERUSER_ID, 'saas_admin', 'registry_saas_db_email')
request.registry('email.template').send_mail(cr, SUPERUSER_ID, template.id, ids, force_send=True, raise_exception=True, context=context)
users = http.request.env['saas.user.info']
servers = http.request.env['saas.server']
values = {
'users': users.search([]),
'servers': servers.search([]),
'password':password,
'csrf_token':csrf_token
}
return http.request.render('saas_website.list', values)
def apply(self, offer):
if http.request.httprequest.method != 'POST':
return http.local_redirect('/offer/{}'.format(slug(offer)))
try:
http.request.env['offers.application'].sudo().create({
'user': http.request.env.user.id,
'offer': offer.id,
})
except IntegrityError:
# can't use the usual `http.request.env.cr` style,
# because `env` queries db and everything explodes
http.request._cr.rollback()
# Unique constraint.
# Should this redirect user to a page with a different message?
return http.local_redirect('/offer/{}/thankyou'.format(slug(offer)))
def apply(self, offer):
if http.request.httprequest.method != 'POST':
return http.local_redirect('/offer/{}'.format(slug(offer)))
try:
http.request.env['offers.application'].sudo().create({
'user':
http.request.env.user.id,
'offer':
offer.id,
})
except IntegrityError:
# can't use the usual `http.request.env.cr` style,
# because `env` queries db and everything explodes
http.request._cr.rollback()
return http.request.render('bestja_offers.duplicate_application')
return http.local_redirect('/offer/{}/thankyou'.format(slug(offer)))
def build_rerun_buildout(self, build, **post):
if build.sudo().branch_id.buildout_version:
build.sudo().write({
'state': 'testing',
'result': False,
'job': 'job_10_test_base',
})
return http.local_redirect('/runbot/repo/%s' % build.repo_id.id)
def check(self, **kw):
cr, uid, context, pool = request.cr, request.uid, request.context, request.registry
mod_get = pool.get('fac.worker')
ids_get = mod_get.search(cr, uid, [('name', '=', request.params.get('fullname'))])
if ids_get:
return http.local_redirect('/factory/factory/')
else:
return """<script type='text/javascript'>
def apply(self, offer):
if http.request.httprequest.method != 'POST':
return http.local_redirect('/offer/{}'.format(slug(offer)))
try:
http.request.env['offers.application'].sudo().create({
'user':
http.request.env.user.id,
'offer':
offer.id,
})
except IntegrityError:
# can't use the usual `http.request.env.cr` style,
# because `env` queries db and everything explodes
http.request._cr.rollback()
# Unique constraint.
# Should this redirect user to a page with a different message?
return http.local_redirect('/offer/{}/thankyou'.format(slug(offer)))
def portal_my_contacts_update(self,
contact,
redirect="/my/contacts/{}",
**kwargs):
"""Update a contact."""
self._contacts_fields_check(kwargs.keys())
values = self._contacts_clean_values(kwargs)
_logger.debug("Updating %r with: %s", contact, values)
contact.write(values)
return local_redirect(redirect.format(contact.id))
def selector(self, **kw):
try:
dbs = http.db_list()
if not dbs:
return http.local_redirect('/web/database/manager')
except openerp.exceptions.AccessDenied:
dbs = False
loader = jinja2.PackageLoader('openerp.addons.ob_web_replace', "views")
env = jinja2.Environment(loader=loader, autoescape=True)
return env.get_template("database_selector.html").render({
'databases': dbs,
'debug': request.debug,
})
def selector(self, **kw):
try:
dbs = http.db_list()
if not dbs:
return http.local_redirect('/web/database/manager')
except openerp.exceptions.AccessDenied:
dbs = False
loader = jinja2.PackageLoader('openerp.addons.ob_web_replace', "views")
env = jinja2.Environment(loader=loader, autoescape=True)
return env.get_template("database_selector.html").render({
'databases':
dbs,
'debug':
request.debug,
})
def selector(self, **kw):
abc = get_my_conf()
try:
dbs = http.db_list()
if not dbs:
return http.local_redirect('/web/database/manager')
except openerp.exceptions.AccessDenied:
dbs = False
return env.get_template("gts_database_selector.html").render({
'databases': dbs,
'debug': request.debug,
'error': kw.get('error'),
'power_by': abc.get('power_by'),
'title': abc.get('title')
})
def selector(self, **kw):
try:
dbs = http.db_list()
if not dbs:
return http.local_redirect('/web/database/manager')
except openerp.exceptions.AccessDenied:
dbs = False
return env.get_template("database_selector_backend.html").render({
'databases':
dbs,
'debug':
request.debug,
'error':
kw.get('error')
})
def getlogin(self, db, redirecturl, **kwargs):
"""Coming from database selector will show
authentication form.
:param db string: database name
:param redirecturl path: redirection url
:return: html for selector
"""
if not db:
return http.local_redirect('/mobile/database/selector')
return http.request.render('mobile.login', {
'root': '/mobile/',
'd_db': db,
'redirect_url': redirecturl
})
def redirect_auto(self, path=None, code=301, website=None, rerouting=None):
"""Return a redirection for the SEO path or fail.
:param str path:
Path that will be searched among the SEO redirections.
:param int code:
HTTP redirection code.
:param website openerp.models.Model:
Current website object. Default: ``request.website``.
:param list rerouting:
List of reroutings performed. It defaults to ``request.rerouting``.
:raise NoRedirectionError:
If no redirection target is found. This allows you to continue
the normal behavior in your controller.
:return werkzeug.wrappers.Response:
Redirection to the SEO version of the URL.
"""
# Default values
path = path or request.httprequest.path
rerouting = rerouting or getattr(request, "rerouting", list())
website = website or getattr(request, "website",
self.env["website"].get_current_website())
# Search for a SEO destination
match = self.search([("origin", "=", path)])
destination = match.destination
# Fail when needed
if not destination:
raise NoRedirectionError(_("No redirection target found."))
if destination in rerouting:
raise NoRedirectionError(_("Duplicated redirection."))
# Add language prefix to URL
if (website.default_lang_code != request.lang
and request.lang in website.language_ids.mapped("code")):
destination = u"/{}{}".format(request.lang, destination)
# Redirect to the SEO URL
return local_redirect(destination,
dict(request.httprequest.args),
True,
code=code)
def redirect_auto(self, path=None, code=301, website=None, rerouting=None):
"""Return a redirection for the SEO path or fail.
:param str path:
Path that will be searched among the SEO redirections.
:param int code:
HTTP redirection code.
:param website openerp.models.Model:
Current website object. Default: ``request.website``.
:param list rerouting:
List of reroutings performed. It defaults to ``request.rerouting``.
:raise NoRedirectionError:
If no redirection target is found. This allows you to continue
the normal behavior in your controller.
:return werkzeug.wrappers.Response:
Redirection to the SEO version of the URL.
"""
# Default values
path = path or request.httprequest.path
rerouting = rerouting or getattr(request, "rerouting", list())
website = website or getattr(
request, "website", self.env["website"].get_current_website())
# Search for a SEO destination
match = self.search([("origin", "=", path)])
destination = match.destination
# Fail when needed
if not destination:
raise NoRedirectionError(_("No redirection target found."))
if destination in rerouting:
raise NoRedirectionError(_("Duplicated redirection."))
# Add language prefix to URL
if (website.default_lang_code != request.lang and
request.lang in website.language_ids.mapped("code")):
destination = u"/{}{}".format(request.lang, destination)
# Redirect to the SEO URL
return local_redirect(
destination,
dict(request.httprequest.args),
code=code)
def a(self, debug=False, **k):
if not request.session.uid:
return http.local_redirect('/web/login?redirect=/barcode/web')
r = html_template % {
'modules': simplejson.dumps(module_boot(request.db)),
'init': """
var wc = new s.web.WebClient();
wc.show_application = function(){
wc.action_manager.do_action("stock.ui", {});
};
wc.do_push_state = function(state){};
wc.appendTo($(document.body));
"""
}
return r
def a(self, debug=False, **k):
if not request.session.uid:
return http.local_redirect('/web/login?redirect=/barcode/web')
r = html_template % {
'modules': simplejson.dumps(module_boot(request.db)),
'init': """
var wc = new s.web.WebClient();
wc.show_application = function(){
wc.action_manager.do_action("stock.ui", {});
};
wc.do_push_state = function(state){};
wc.appendTo($(document.body));
"""
}
return r
def web_login(self, *args, **kwargs):
"""Add MFA logic to the web_login action in Home
Overview:
* Call web_login in Home
* Return the result of that call if the user has not logged in yet
using a password, does not have MFA enabled, or has a valid
trusted device cookie
* If none of these is true, generate a new MFA login token for the
user, log the user out, and redirect to the MFA login form
"""
# sudo() is required because there may be no request.env.uid (likely
# since there may be no user logged in at the start of the request)
user_model_sudo = request.env['res.users'].sudo()
config_model_sudo = user_model_sudo.env['ir.config_parameter']
response = super(AuthTotp, self).web_login(*args, **kwargs)
if not request.params.get('login_success'):
return response
user = user_model_sudo.browse(request.uid)
if not user.mfa_enabled:
return response
cookie_key = 'trusted_devices_%d' % user.id
device_cookie = request.httprequest.cookies.get(cookie_key)
if device_cookie:
secret = config_model_sudo.get_param('database.secret')
device_cookie = JsonSecureCookie.unserialize(device_cookie, secret)
if device_cookie.get('device_id') in user.trusted_device_ids.ids:
return response
user.generate_mfa_login_token()
request.session.logout(keep_db=True)
request.params['login_success'] = False
return http.local_redirect(
'/auth_totp/login',
query={
'mfa_login_token': user.mfa_login_token,
'redirect': request.params.get('redirect'),
},
keep_hash=True,
)
def selector(self, redirecturl='mobile/sample', **kw):
"""Returns the database selector using jinja template
moving to login form for authentication.
:param redirecturl path: redirection url
:return: html for selector
"""
try:
dbs = http.db_list()
if not dbs:
return http.local_redirect('/web/database/manager')
except openerp.exceptions.AccessDenied:
dbs = False
return env.get_template("database_selector.html").render({
'databases': dbs,
'debug': request.debug,
'redirect_url': redirecturl
})
def a(self, debug=False, **k):
if not request.session.uid:
return http.local_redirect('/web/login?redirect=/pos/web')
js_list = manifest_list('js',db=request.db, debug=debug)
css_list = manifest_list('css',db=request.db, debug=debug)
js = "\n".join('<script type="text/javascript" src="%s"></script>' % i for i in js_list)
#css = "\n".join('<link rel="stylesheet" href="%s">' % i for i in css_list)
r = html_template % {
'js': js,
# 'css': css,
'modules': simplejson.dumps(module_boot(request.db)),
'init': """
var wc = new s.web.WebClient();
wc.show_application = function(){
wc.action_manager.do_action("pos.ui");
};
wc.appendTo($(document.body));
"""
}
return r
def popup_cancel(self, redirect="/"):
"""Hide/Cancel the PopUp Box for this Session"""
request.session["website_popup_cancel"] = True
return http.local_redirect(redirect)
def abc_interface(self, debug=False, **k):
if not request.session.uid:
return http.local_redirect('/web/login?redirect=/barcode2/web')
return request.render('stock_barcode_alternative.barcode_index')
def manager(self, **kw):
request.session.logout()
return http.local_redirect('/web/password')
def popup_enable(self, redirect="/"):
"""Enable the PopUp Box"""
request.session["website_popup_cancel"] = False
return http.local_redirect(redirect)
def a(self, debug=False, **kw):
if not request.session.uid:
return http.local_redirect('/web/login?redirect=/barcode/web')
return request.render('stock_picking_barcode.barcode_index')
def int_transfer(self, debug=False, **k):
if not request.session.uid:
return http.local_redirect('/web/login?redirect=/transfer')
return request.render('marcos_rim.locationmovewidget')
def accept_legal_age(self):
http.request.httpsession['accepted_legal_age'] = True
return http.local_redirect('/')
def a(self, debug=False, **k):
return http.local_redirect(
'/production_app/static/productionApp/www/index.html')
def popup_enable(self, redirect="/"):
"""Enable the PopUp Box"""
request.session["website_popup_cancel"] = False
return http.local_redirect(redirect)
def login_redirect(redirecturl):
db = request.session.db
return http.local_redirect('/mobile/login/%s/%s' % (db, redirecturl[1:]))
def mailing(self, mailing_id, email=None, res_id=None, **post):
"""Display a confirmation form to get the unsubscription reason."""
mailing = request.env["mail.mass_mailing"]
path = "/page/mass_mailing_custom_unsubscribe.%s"
good_token = mailing.hash_create(mailing_id, res_id, email)
# Trying to unsubscribe with fake hash? Bad boy...
if good_token and post.get("token") != good_token:
return local_redirect(path % "failure")
mailing = mailing.sudo().browse(mailing_id)
contact = request.env["mail.mass_mailing.contact"].sudo()
unsubscription = request.env["mail.unsubscription"].sudo()
if not post.get("reason_id"):
# We need to know why you leave, get to the form
return self.unsubscription_reason(mailing, email, res_id,
post.get("token"))
# Save reason and details
try:
with request.env.cr.savepoint():
records = unsubscription.create({
"email":
email,
"unsubscriber_id":
",".join((mailing.mailing_model, res_id)),
"reason_id":
int(post["reason_id"]),
"details":
post.get("details", False),
"mass_mailing_id":
mailing_id,
})
# Should provide details, go back to form
except _ex.DetailsRequiredError:
return self.unsubscription_reason(mailing, email, res_id,
post.get("token"),
{"error_details_required": True})
# Unsubscribe from additional lists
for key, value in post.iteritems():
try:
label, list_id = key.split(",")
if label != "list_id":
raise ValueError
list_id = int(list_id)
except ValueError:
pass
else:
contact_id = contact.browse(int(value))
if contact_id.list_id.id == list_id:
contact_id.opt_out = True
records += unsubscription.create({
"email":
email,
"unsubscriber_id":
",".join((contact._name, value)),
"reason_id":
int(post["reason_id"]),
"details":
post.get("details", False),
"mass_mailing_id":
mailing_id,
})
# All is OK, unsubscribe
result = super(CustomUnsubscribe,
self).mailing(mailing_id, email, res_id, **post)
records.write({"success": result.data == "OK"})
# Redirect to the result
return local_redirect(
path % ("success" if result.data == "OK" else "failure"))
def index(self, **kw):
return http.local_redirect('/web', query=request.params, keep_hash=True)
def qc(self, debug=False, **k):
if not request.session.uid:
return http.local_redirect('/web/login?redirect=/qc')
return request.render('marcos_rim.rimqc')
def accept_cookies(self):
"""Stop spamming with cookie banner."""
http.request.httpsession["accepted_cookies"] = True
return http.local_redirect("/")
def sale_picking(self, debug=False, **k):
if not request.session.uid:
return http.local_redirect('/web/login?redirect=/salepicking')
return request.render('marcos_rim.salepickingwidget')
def index(self, s_action=None, db=None, **kw):
return http.local_redirect(get_base_url() + '/auth_cas', query=request.params, keep_hash=True)
def popup_cancel(self, redirect="/"):
"""Hide/Cancel the PopUp Box for this Session"""
request.session["website_popup_cancel"] = True
return http.local_redirect(redirect)
def apply(self, offer):
http.request.env['offers.application'].create({
'user': http.request.env.user.id,
'offer': offer.id,
})
return http.local_redirect('/offer/{}/thankyou'.format(slug(offer)))
def qc(self, debug=False, **k):
if not request.session.uid:
return http.local_redirect('/web/login?redirect=/qc')
return request.render('marcos_rim.rimqc')
def int_transfer(self, debug=False, **k):
if not request.session.uid:
return http.local_redirect('/web/login?redirect=/transfer')
return request.render('marcos_rim.locationmovewidget')
def wiki(self, *args, **kwargs):
return http.local_redirect('/wiki/home')
def a(self, debug=False, **k):
if not request.session.uid:
return http.local_redirect('/web/login?redirect=/barcode/web')
return request.render('stock.barcode_index')
def sale_picking(self, debug=False, **k):
if not request.session.uid:
return http.local_redirect('/web/login?redirect=/salepicking')
return request.render('marcos_rim.salepickingwidget')
def liuhao(self, **post):
cr, uid, context, pool = request.cr, request.uid, request.context, request.registry
return http.local_redirect('/angulaJS/static/src/index.html')
def a(self, debug=False, **k):
return http.local_redirect('/stock_move_apk/static/www_apk/index.html')
def mfa_login_post(self, *args, **kwargs):
"""Process MFA login attempt
Overview:
* Try to find a user based on the MFA login token. If this doesn't
work, redirect to the password login page with an error message
* Validate the confirmation code provided by the user. If it's not
valid, redirect to the previous login step with an error message
* Generate a long-term MFA login token for the user and log the
user in using the token
* Build a trusted device cookie and add it to the response if the
trusted device option was checked
* Redirect to the provided URL or to '/web' if one was not given
"""
# sudo() is required because there is no request.env.uid (likely since
# there is no user logged in at the start of the request)
user_model_sudo = request.env['res.users'].sudo()
device_model_sudo = user_model_sudo.env['res.users.device']
config_model_sudo = user_model_sudo.env['ir.config_parameter']
token = request.params.get('mfa_login_token')
try:
user = user_model_sudo.user_from_mfa_login_token(token)
except (MfaTokenInvalidError, MfaTokenExpiredError) as exception:
return http.local_redirect(
'/web/login',
query={
'redirect': request.params.get('redirect'),
'error': exception.message,
},
keep_hash=True,
)
confirmation_code = request.params.get('confirmation_code')
if not user.validate_mfa_confirmation_code(confirmation_code):
return http.local_redirect(
'/auth_totp/login',
query={
'redirect':
request.params.get('redirect'),
'error':
_('Your confirmation code is not correct. Please try'
' again.'),
'mfa_login_token':
token,
},
keep_hash=True,
)
# These context managers trigger a safe commit, which persists the
# changes right away and is needed for the auth call
with Environment.manage():
with registry(request.db).cursor() as temp_cr:
temp_env = Environment(temp_cr, SUPERUSER_ID, request.context)
temp_user = temp_env['res.users'].browse(user.id)
temp_user.generate_mfa_login_token(60 * 24 * 30)
token = temp_user.mfa_login_token
request.session.authenticate(request.db, user.login, token, user.id)
redirect = request.params.get('redirect')
if not redirect:
redirect = '/web'
response = Response(http.redirect_with_hash(redirect))
if request.params.get('remember_device'):
device = device_model_sudo.create({'user_id': user.id})
secret = config_model_sudo.get_param('database.secret')
device_cookie = JsonSecureCookie({'device_id': device.id}, secret)
cookie_lifetime = timedelta(days=30)
cookie_exp = datetime.utcnow() + cookie_lifetime
device_cookie = device_cookie.serialize(cookie_exp)
cookie_key = 'trusted_devices_%d' % user.id
sec_config = config_model_sudo.get_param('auth_totp.secure_cookie')
security_flag = sec_config != '0'
response.set_cookie(
cookie_key,
device_cookie,
max_age=cookie_lifetime.total_seconds(),
expires=cookie_exp,
httponly=True,
secure=security_flag,
)
return response
def getlogout(self, db, redirecturl, **kwargs):
request.session.logout(keep_db = True)
return http.local_redirect('/mobile/login/%s/%s' % (db, redirecturl))