def web_totp(self, redirect=None, **kwargs): if request.session.uid: return http.redirect_with_hash( self._login_redirect(request.session.uid, redirect=redirect)) if not request.session.pre_uid: return http.redirect_with_hash('/web/login') error = None if request.httprequest.method == 'POST': user = request.env['res.users'].browse(request.session.pre_uid) try: with user._assert_can_auth(): user._totp_check( int(re.sub(r'\s', '', kwargs['totp_token']))) except AccessDenied: error = _( "Verification failed, please double-check the 6-digit code" ) except ValueError: error = _("Invalid authentication code format.") else: request.session.finalize() return http.redirect_with_hash( self._login_redirect(request.session.uid, redirect=redirect)) return request.render('auth_totp.auth_totp_form', { 'error': error, 'redirect': redirect, })
def web_totp(self, redirect=None, **kwargs): if request.session.uid: return http.redirect_with_hash(self._login_redirect(request.session.uid, redirect=redirect)) if not request.session.pre_uid: return http.redirect_with_hash('/web/login') error = None user = request.env['res.users'].browse(request.session.pre_uid) if user and request.httprequest.method == 'GET': cookies = request.httprequest.cookies key = cookies.get(TRUSTED_DEVICE_COOKIE) if key: checked_credentials = request.env['res.users.apikeys']._check_credentials(scope=TRUSTED_DEVICE_SCOPE, key=key) if checked_credentials == user.id: request.session.finalize() return http.redirect_with_hash(self._login_redirect(request.session.uid, redirect=redirect)) elif user and request.httprequest.method == 'POST': try: with user._assert_can_auth(): user._totp_check(int(re.sub(r'\s', '', kwargs['totp_token']))) except AccessDenied: error = _("Verification failed, please double-check the 6-digit code") except ValueError: error = _("Invalid authentication code format.") else: request.session.finalize() response = http.redirect_with_hash(self._login_redirect(request.session.uid, redirect=redirect)) if kwargs.get('remember'): name = _("%(browser)s on %(platform)s", browser=request.httprequest.user_agent.browser.capitalize(), platform=request.httprequest.user_agent.platform.capitalize(), ) geoip = request.session.get('geoip') if geoip: name += " (%s, %s)" % (geoip['city'], geoip['country_name']) key = request.env['res.users.apikeys']._generate(TRUSTED_DEVICE_SCOPE, name) response.set_cookie( key=TRUSTED_DEVICE_COOKIE, value=key, max_age=TRUSTED_DEVICE_AGE, httponly=True, samesite='Lax' ) return response return request.render('auth_totp.auth_totp_form', { 'error': error, 'redirect': redirect, })
def web_login(self, *args, **kw): ensure_db() if request.httprequest.method == 'GET' and request.session.uid and request.params.get( 'redirect'): # Redirect if already logged in and redirect param is present return http.redirect_with_hash(request.params.get('redirect')) providers = self.list_providers() response = super(OAuthLogin, self).web_login(*args, **kw) if response.is_qweb: error = request.params.get('oauth_error') if error == '1': error = _("Sign up is not allowed on this database.") elif error == '2': error = _("Access Denied") elif error == '3': error = _( "You do not have access to this database or your invitation has expired. Please ask for an invitation and be sure to follow the link in your invitation email." ) else: error = None response.qcontext['providers'] = providers if error: response.qcontext['error'] = error return response
def web_login(self, *args, **kw): ensure_db() response = super(AuthSignupHome, self).web_login(*args, **kw) response.qcontext.update(self.get_auth_signup_config()) if request.httprequest.method == 'GET' and request.session.uid and request.params.get('redirect'): # Redirect if already logged in and redirect param is present return http.redirect_with_hash(request.params.get('redirect')) return response
def web_login(self, redirect=None, **kw): main.ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = flectra.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except flectra.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': old_uid = request.uid ip_address = request.httprequest.environ['REMOTE_ADDR'] if request.params['login']: user_rec = request.env['res.users'].sudo().search([('login', '=', request.params['login'])]) if user_rec.allowed_ips: ip_list = [] for rec in user_rec.allowed_ips: ip_list.append(rec.ip_address) if ip_address in ip_list: uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) if uid is not False: request.params['login_success'] = True if not redirect: redirect = '/web' return http.redirect_with_hash(redirect) request.uid = old_uid values['error'] = _("Wrong login/password") request.uid = old_uid values['error'] = _("Not allowed to login from this IP") else: uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) if uid is not False: request.params['login_success'] = True if not redirect: redirect = '/web' return http.redirect_with_hash(redirect) request.uid = old_uid values['error'] = _("Wrong login/password") return request.render('web.login', values)
def web_login(self, redirect=None, *args, **kw): response = super(Website, self).web_login(redirect=redirect, *args, **kw) if not redirect and request.params['login_success']: if request.env['res.users'].browse(request.uid).has_group('base.group_user'): redirect = b'/web?' + request.httprequest.query_string else: redirect = '/my' return http.redirect_with_hash(redirect) return response
def web_login(self, redirect=None, *args, **kw): ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = flectra.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except flectra.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': # Objects old_uid = request.uid db = request.session.db login = request.params.get('login', None) password = request.params.get('password', None) # Check maintenance mode result = self.check_session(db, login, password) if result: request.params['login_success'] = True else: request.uid = old_uid values['error'] = _( 'Sorry, system is under maintenance! Please, try again later.' ) if 'login' not in values and request.session.get('auth_login'): values['login'] = request.session.get('auth_login') if not flectra.tools.config['list_db']: values['disable_database_manager'] = True if request.params['login_success']: return http.redirect_with_hash('/web') response = request.render('web.login', values) response.headers['X-Frame-Options'] = 'DENY' return response
def u2f_login(self, u2f_token_response=None, redirect=None, **kw): user = request.env['res.users'].browse(request.session.uid).sudo( request.session.uid) if not user or not user._u2f_get_device(): raise AccessDenied() if request.httprequest.method == 'POST': request.session.u2f_token_response = u2f_token_response return http.redirect_with_hash( self._login_redirect(user.id, redirect=redirect)) else: login_challenge = user._u2f_get_login_challenge() request.session.u2f_last_challenge = login_challenge.json return request.render( 'auth_u2f.login', { 'login_data': json.dumps(login_challenge.data_for_client), 'redirect': redirect, })
def web_login(self, *args, **kw): ensure_db() response = super(PasswordSecurityHome, self).web_login(*args, **kw) if not request.httprequest.method == 'POST': return response uid = request.session.authenticate( request.session.db, request.params['login'], request.params['password'] ) if not uid: return response users_obj = request.env['res.users'].sudo() user_id = users_obj.browse(request.uid) if not user_id._password_has_expired(): return response user_id.action_expire_password() request.session.logout(keep_db=True) redirect = user_id.partner_id.signup_url return http.redirect_with_hash(redirect)
def web_login(self, redirect=None, **kw): main.ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = flectra.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except flectra.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': old_uid = request.uid uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) if uid is not False: user_rec = request.env['res.users'].sudo().search([('id', '=', uid)]) if user_rec.partner_id.email and user_rec.has_group( 'user_login_alert.receive_login_notification'): send_mail = 0 agent = request.httprequest.environ.get('HTTP_USER_AGENT') agent_details = httpagentparser.detect(agent) user_os = agent_details['os']['name'] browser_name = agent_details['browser']['name'] ip_address = request.httprequest.environ['REMOTE_ADDR'] if user_rec.last_logged_ip and user_rec.last_logged_browser and user_rec.last_logged_os: if user_rec.last_logged_ip != ip_address or user_rec.last_logged_browser != browser_name or user_rec.last_logged_os != user_os: send_mail = 1 user_rec.last_logged_ip = ip_address user_rec.last_logged_browser = browser_name user_rec.last_logged_os = user_os else: send_mail = 0 else: send_mail = 1 user_rec.last_logged_ip = ip_address user_rec.last_logged_browser = browser_name user_rec.last_logged_os = user_os if send_mail == 1: email_to = user_rec.partner_id.email current_date_time = strftime("%Y-%m-%d %H:%M:%S", gmtime()) message_body = 'Hi ' + user_rec.name + ' , Your account has been ' \ 'accessed successfully. The details of the ' \ 'system from which the account is accessed ...,' message_body += '<table border="1" width="100%" cellpadding="0" bgcolor="#ededed">' message_body += '<tr><td>' + 'OS' + '</td>' \ '<td>' + user_os + '</td>' \ '</tr>'\ '<tr><td>' + 'Browser' + '</td>' \ '<td>' + browser_name + '</td>' \ '</tr>'\ '<tr><td>' + 'IP Address' + '</td>' \ '<td>' + ip_address + '</td>' \ '</tr>' message_body += '</table>' message_body += 'Thank you' template_obj = request.env['mail.mail'] template_data = { 'subject': 'Login Alert : ' + current_date_time, 'body_html': message_body, 'email_from': request.env.user.company_id.email, 'email_to': email_to } template_id = template_obj.create(template_data) template_obj.send(template_id) request.params['login_success'] = True if not redirect: redirect = '/web' return http.redirect_with_hash(redirect) request.uid = old_uid values['error'] = _("Wrong login/password") return request.render('web.login', values)