def portal_my_dms_file_download(self,
dms_file_id,
access_token=None,
**kw):
"""Process user's consent acceptance or rejection."""
ensure_db()
try:
# If there's a website, we need a user to render the template
request.uid = request.website.user_id.id
except AttributeError:
# If there's no website, the default is OK
pass
# operations
res = self._dms_check_access("dms.file", dms_file_id, access_token)
if not res:
if access_token:
return request.redirect("/")
else:
return request.redirect("/my")
dms_file_sudo = res
filecontent = base64.b64decode(dms_file_sudo.content)
content_type = ["Content-Type", "application/octet-stream"]
disposition_content = [
"Content-Disposition",
content_disposition(dms_file_sudo.name),
]
return request.make_response(filecontent,
[content_type, disposition_content])
def web_login(self, *args, **kw):
ensure_db()
if request.httprequest.method == 'GET' and request.session.uid and request.params.get(
'redirect'):
# Redirect if already logged in and redirect param is present
return http.redirect_with_hash(request.params.get('redirect'))
providers = self.list_providers()
response = super(OAuthLogin, self).web_login(*args, **kw)
if response.is_qweb:
error = request.params.get('oauth_error')
if error == '1':
error = _("Sign up is not allowed on this database.")
elif error == '2':
error = _("Access Denied")
elif error == '3':
error = _(
"You do not have access to this database or your invitation has expired. Please ask for an invitation and be sure to follow the link in your invitation email."
)
else:
error = None
response.qcontext['providers'] = providers
if error:
response.qcontext['error'] = error
return response
def OAS_json_spec_download(self, namespace_name, **kwargs):
ensure_db()
namespace = (http.request.env["openapi.namespace"].sudo().search([
("name", "=", namespace_name)
]))
if not namespace:
raise werkzeug.exceptions.NotFound()
if namespace.token != kwargs.get("token"):
raise werkzeug.exceptions.Forbidden()
response_params = {"headers": [("Content-Type", "application/json")]}
if "download" in kwargs:
response_params = {
"headers": [
("Content-Type",
"application/octet-stream; charset=binary"),
("Content-Disposition",
http.content_disposition("swagger.json")),
],
"direct_passthrough":
True,
}
return werkzeug.wrappers.Response(json.dumps(
namespace.get_OAS(), default=date_utils.json_default),
status=200,
**response_params)
def web_login(self, *args, **kw):
ensure_db()
response = super(AuthSignupHome, self).web_login(*args, **kw)
response.qcontext.update(self.get_auth_signup_config())
if request.httprequest.method == 'GET' and request.session.uid and request.params.get('redirect'):
# Redirect if already logged in and redirect param is present
return http.redirect_with_hash(request.params.get('redirect'))
return response
def web_login(self, redirect=None, **kw):
main.ensure_db()
request.params['login_success'] = False
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = flectra.SUPERUSER_ID
values = request.params.copy()
try:
values['databases'] = http.db_list()
except flectra.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
ip_address = request.httprequest.environ['REMOTE_ADDR']
if request.params['login']:
user_rec = request.env['res.users'].sudo().search([('login', '=', request.params['login'])])
if user_rec.allowed_ips:
ip_list = []
for rec in user_rec.allowed_ips:
ip_list.append(rec.ip_address)
if ip_address in ip_list:
uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password'])
if uid is not False:
request.params['login_success'] = True
if not redirect:
redirect = '/web'
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = _("Wrong login/password")
request.uid = old_uid
values['error'] = _("Not allowed to login from this IP")
else:
uid = request.session.authenticate(request.session.db, request.params['login'],
request.params['password'])
if uid is not False:
request.params['login_success'] = True
if not redirect:
redirect = '/web'
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = _("Wrong login/password")
return request.render('web.login', values)
def web_login(self, redirect=None, *args, **kw):
ensure_db()
request.params['login_success'] = False
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = flectra.SUPERUSER_ID
values = request.params.copy()
try:
values['databases'] = http.db_list()
except flectra.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
# Objects
old_uid = request.uid
db = request.session.db
login = request.params.get('login', None)
password = request.params.get('password', None)
# Check maintenance mode
result = self.check_session(db, login, password)
if result:
request.params['login_success'] = True
else:
request.uid = old_uid
values['error'] = _(
'Sorry, system is under maintenance! Please, try again later.'
)
if 'login' not in values and request.session.get('auth_login'):
values['login'] = request.session.get('auth_login')
if not flectra.tools.config['list_db']:
values['disable_database_manager'] = True
if request.params['login_success']:
return http.redirect_with_hash('/web')
response = request.render('web.login', values)
response.headers['X-Frame-Options'] = 'DENY'
return response
def web_login(self, *args, **kw):
ensure_db()
response = super(PasswordSecurityHome, self).web_login(*args, **kw)
if not request.httprequest.method == 'POST':
return response
uid = request.session.authenticate(
request.session.db,
request.params['login'],
request.params['password']
)
if not uid:
return response
users_obj = request.env['res.users'].sudo()
user_id = users_obj.browse(request.uid)
if not user_id._password_has_expired():
return response
user_id.action_expire_password()
request.session.logout(keep_db=True)
redirect = user_id.partner_id.signup_url
return http.redirect_with_hash(redirect)
def web_under_maintenance(self, *args, **kwargs):
# Validation
ensure_db()
if request.env.uid != SUPERUSER_ID:
raise AccessError(_("Access Denied"))
# Objects
redirect = request.params and 'redirect' in request.params and request.params[
'redirect'] or '/web'
ir_param = request.env['ir.config_parameter'].sudo()
session_obj = request.env['ir.session'].sudo()
# Toggle mode
under_maintenance = 0 if bool(
eval(ir_param.get_param('under_maintenance'))) else 1
ir_param.set_param('under_maintenance', under_maintenance)
if under_maintenance:
sessions = session_obj.search([
('user_id', '!=', SUPERUSER_ID),
('is_logged_in', '=', True),
])
if sessions:
sessions.close_sessions()
# Reload
return werkzeug.utils.redirect(redirect, 303)
def portal_my_dms_directory(self,
dms_directory_id=False,
sortby=None,
filterby=None,
search=None,
search_in="name",
access_token=None,
**kw):
"""Process user's consent acceptance or rejection."""
ensure_db()
try:
# If there's a website, we need a user to render the template
request.uid = request.website.user_id.id
except AttributeError:
# If there's no website, the default is OK
pass
# operations
searchbar_sortings = {
"name": {
"label": _("Name"),
"order": "name asc"
}
}
# default sortby br
if not sortby:
sortby = "name"
sort_br = searchbar_sortings[sortby]["order"]
# search
searchbar_inputs = {
"name": {
"input": "name",
"label": _("Name")
},
}
if not filterby:
filterby = "name"
# domain
domain = [("is_hidden", "=", False),
("parent_id", "=", dms_directory_id)]
# search
if search and search_in:
search_domain = []
if search_in == "name":
search_domain = OR(
[search_domain, [("name", "ilike", search)]])
domain += search_domain
# content according to pager and archive selected
dms_directory_items = (request.env["dms.directory"].with_user(
request.env.user.id).search(domain, order=sort_br))
request.session["my_dms_folder_history"] = dms_directory_items.ids
# check_access
res = self._dms_check_access("dms.directory", dms_directory_id,
access_token)
if not res:
if access_token:
return request.redirect("/")
else:
return request.redirect("/my")
dms_directory_sudo = res
# dms_files_count
domain = [
("is_hidden", "=", False),
("directory_id", "=", dms_directory_id),
]
# search
if search and search_in:
search_domain = []
if search_in == "name":
search_domain = OR(
[search_domain, [("name", "ilike", search)]])
domain += search_domain
# items
dms_file_items = (request.env["dms.file"].with_user(
request.env.user.id).search(domain, order=sort_br))
request.session["my_dms_file_history"] = dms_file_items.ids
dms_parent_categories = dms_directory_sudo.with_user(
request.env.user.id)._get_parent_categories(access_token)
# values
values = {
"dms_directories": dms_directory_items.sudo(),
"page_name": "dms_directory",
"default_url": "/my/dms",
"searchbar_sortings": searchbar_sortings,
"searchbar_inputs": searchbar_inputs,
"search_in": search_in,
"sortby": sortby,
"filterby": filterby,
"access_token": access_token,
"dms_directory": dms_directory_sudo,
"dms_files": dms_file_items.sudo(),
"dms_parent_categories": dms_parent_categories,
}
return request.render("dms.portal_my_dms", values)
def web_login(self, redirect=None, **kw):
main.ensure_db()
request.params['login_success'] = False
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = flectra.SUPERUSER_ID
values = request.params.copy()
try:
values['databases'] = http.db_list()
except flectra.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db,
request.params['login'],
request.params['password'])
if uid is not False:
user_rec = request.env['res.users'].sudo().search([('id', '=',
uid)])
if user_rec.partner_id.email and user_rec.has_group(
'user_login_alert.receive_login_notification'):
send_mail = 0
agent = request.httprequest.environ.get('HTTP_USER_AGENT')
agent_details = httpagentparser.detect(agent)
user_os = agent_details['os']['name']
browser_name = agent_details['browser']['name']
ip_address = request.httprequest.environ['REMOTE_ADDR']
if user_rec.last_logged_ip and user_rec.last_logged_browser and user_rec.last_logged_os:
if user_rec.last_logged_ip != ip_address or user_rec.last_logged_browser != browser_name or user_rec.last_logged_os != user_os:
send_mail = 1
user_rec.last_logged_ip = ip_address
user_rec.last_logged_browser = browser_name
user_rec.last_logged_os = user_os
else:
send_mail = 0
else:
send_mail = 1
user_rec.last_logged_ip = ip_address
user_rec.last_logged_browser = browser_name
user_rec.last_logged_os = user_os
if send_mail == 1:
email_to = user_rec.partner_id.email
current_date_time = strftime("%Y-%m-%d %H:%M:%S",
gmtime())
message_body = 'Hi ' + user_rec.name + ' , Your account has been ' \
'accessed successfully. The details of the ' \
'system from which the account is accessed ...,'
message_body += '<table border="1" width="100%" cellpadding="0" bgcolor="#ededed">'
message_body += '<tr><td>' + 'OS' + '</td>' \
'<td>' + user_os + '</td>' \
'</tr>'\
'<tr><td>' + 'Browser' + '</td>' \
'<td>' + browser_name + '</td>' \
'</tr>'\
'<tr><td>' + 'IP Address' + '</td>' \
'<td>' + ip_address + '</td>' \
'</tr>'
message_body += '</table>'
message_body += 'Thank you'
template_obj = request.env['mail.mail']
template_data = {
'subject': 'Login Alert : ' + current_date_time,
'body_html': message_body,
'email_from': request.env.user.company_id.email,
'email_to': email_to
}
template_id = template_obj.create(template_data)
template_obj.send(template_id)
request.params['login_success'] = True
if not redirect:
redirect = '/web'
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = _("Wrong login/password")
return request.render('web.login', values)