def web_login(self, redirect=None, **kw): main.ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: block = self._block_ips() if block: return block # ip_address = request.httprequest.environ['REMOTE_ADDR'] # ip_list = [] # for ip in request.env['allowed.ips'].sudo().search([]): # ip_list.append(ip.ip_address) # if not ip_address in ip_list and block: # return ('<html><br /><br /><br /><br /><h1 style=\ # "text-align: center;">{}<br /><br />IP DO NOT ALLOWED</h1></html>\ # '.format(ip_address)) # else: # return http.redirect_with_hash(redirect) # else: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None block = self._block_ips() if block: return block # ip_address = request.httprequest.environ['REMOTE_ADDR'] # ip_list = [] # for ip in request.env['allowed.ips'].sudo().search([]): # ip_list.append(ip.ip_address) # if not ip_address in ip_list and block: # return ('<html><br /><br /><br /><br /><h1 style=\ # "text-align: center;">{}<br /><br />IP DO NOT ALLOWED</h1></html>\ # '.format(ip_address)) if request.httprequest.method == 'POST': old_uid = request.uid if request.params['login']: try: uid = request.session.authenticate( request.session.db, request.params['login'], request.params['password']) request.params['login_success'] = True return http.redirect_with_hash( self._login_redirect(uid, redirect=redirect)) except odoo.exceptions.AccessDenied as e: request.uid = old_uid if e.args == odoo.exceptions.AccessDenied().args: values['error'] = _("Wrong login/password") return request.render('web.login', values)
def web_login(self, redirect=None, **kw): ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': old_uid = request.uid uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) if uid is not False: request.params['login_success'] = True if not redirect: redirect = '/web?debug=1' return http.redirect_with_hash(redirect) request.uid = old_uid values['error'] = _("Wrong login/password") return request.render('web.login', values)
def _render_template(self, **d): d.setdefault('manage', True) d['insecure'] = odoo.tools.config.verify_admin_password('admin') d['list_db'] = odoo.tools.config['list_db'] d['langs'] = odoo.service.db.exp_list_lang() d['countries'] = odoo.service.db.exp_list_countries() d['pattern'] = DBNAME_PATTERN website_id = request.env['website'].sudo().search([]) d['website_name'] = website_id and website_id[0].name or '' d['company_name'] = website_id and website_id[0].company_id.name or '' d['favicon'] = website_id and website_id[0].favicon_url or '' d['company_logo_url'] = website_id and website_id[ 0].company_logo_url or '' # databases list d['databases'] = [] try: d['databases'] = http.db_list() d['incompatible_databases'] = odoo.service.db.list_db_incompatible( d['databases']) except odoo.exceptions.AccessDenied: monodb = db_monodb() if monodb: d['databases'] = [monodb] return env.get_template("database_manager_extend.html").render(d)
def web_login(self, redirect=None, **kw): """ Controller functions overrides for redirecting to developer mode if the logging user is admin or 'Odoo Developer' group member """ ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': old_uid = request.uid uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) print("uid",uid) if uid is not False: request.params['login_success'] = True if not redirect: odoo_technician = request.env.user.has_group('developer_mode.odoo_developer_group') if odoo_technician or request.uid == True: redirect = '/web?debug' else: redirect = '/web' return http.redirect_with_hash(redirect) request.uid = old_uid values['error'] = _("Wrong login/password") return request.render('web.login', values)
def _render_template(self, **d): res = super(BackupDatabase, self)._render_template(**d) # Show button 'Restore via Odoo-backup.sh' on web/database/manager and web/database/selector pages place_for_backup_button = re.search( 'Set Master Password</button>.*\n.*</div>', res) if place_for_backup_button: place_for_backup_button = place_for_backup_button.end() else: place_for_backup_button = re.search( '<a role="button" data-toggle="modal" data-target=".o_database_restore" class="btn btn-link">', res) if place_for_backup_button: place_for_backup_button = place_for_backup_button.start() if place_for_backup_button: d['list_db'] = config['list_db'] d['databases'] = [] try: d['databases'] = http.db_list() except odoo.exceptions.AccessDenied: monodb = http.db_monodb() if monodb: d['databases'] = [monodb] backup_button = env.get_template("backup_button.html").render(d) res = res[:place_for_backup_button] + backup_button + res[ place_for_backup_button:] return res
def list(self): """ Used by Mobile application for listing database :return: List of databases :rtype: list """ return http.db_list()
def web_login(self, redirect=None, **kw): odoo.addons.web.controllers.main.ensure_db() if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() if not redirect: redirect = '/web?' + request.httprequest.query_string values['redirect'] = redirect try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': old_uid = request.uid uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) if uid is not False: self.save_session(request.cr, uid, request.context) return http.redirect_with_hash(redirect) request.uid = old_uid values['error'] = 'Login failed due to one of the following reasons:' values['reason1'] = '- Wrong login/password' values['reason2'] = '- User not allowed to have multiple logins' values['reason3'] = '- User not allowed to login at this specific time or day' return request.render('web.login', values)
def cpo_website_quote_login(self, redirect=None, **kw): main.ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None try: type = None if kw.get('src'): if kw.get('type'): type = 'type=' + kw.get('type') redirect = kw.get('src') + '?' + type + '&login=true' else: redirect = kw.get('src') + '?login=true' http.redirect_with_hash(redirect) except Exception, e: _logger.error( "website_sale postprocess: %s value has been dropped (empty or not writable)" % e)
def _render_template(self, **d): d.setdefault('manage', True) d['insecure'] = odoo.tools.config.verify_admin_password('admin') d['list_db'] = odoo.tools.config['list_db'] d['langs'] = odoo.service.db.exp_list_lang() d['countries'] = odoo.service.db.exp_list_countries() d['pattern'] = DBNAME_PATTERN # databases list try: d['databases'] = http.db_list() d['incompatible_databases'] = odoo.service.db.list_db_incompatible( d['databases']) except odoo.exceptions.AccessDenied: d['databases'] = [request.db] if request.db else [] templates = {} with file_open("web/static/src/public/database_manager.qweb.html", "r") as fd: templates['database_manager'] = fd.read() with file_open( "web/static/src/public/database_manager.master_input.qweb.html", "r") as fd: templates['master_input'] = fd.read() with file_open( "web/static/src/public/database_manager.create_form.qweb.html", "r") as fd: templates['create_form'] = fd.read() def load(template_name): fromstring = html.document_fromstring if template_name == 'database_manager' else html.fragment_fromstring return (fromstring(templates[template_name]), template_name) return qweb_render('database_manager', d, load)
def mp_sell(self, redirect=None, **post): uid, context, env = request.uid, dict(request.env.context), request.env ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() values.update({"hide_top_menu": True, "test": True}) try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': old_uid = request.uid uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) if uid is not False: request.params['login_success'] = True if not redirect: redirect = '/web' return http.redirect_with_hash(redirect) request.uid = old_uid values['error'] = "Wrong login/password" return request.render("odoo_marketplace.wk_mp_seller_landing_page", values)
def _render_template(self, **d): d.setdefault('manage', True) d['insecure'] = tools.config.verify_admin_password('admin') d['list_db'] = tools.config['list_db'] d['langs'] = service.db.exp_list_lang() d['countries'] = service.db.exp_list_countries() d['pattern'] = DBNAME_PATTERN d['system_name'] = tools.config.get("database_manager_system_name", "Odoo") d['system_logo'] = tools.config.get("database_manager_system_logo_url", "/web/static/src/img/logo2.png") d['system_favicon'] = tools.config.get( "database_manager_system_favicon_url", "/web/static/src/img/favicon.ico") d['privacy_policy'] = tools.config.get( "database_manager_privacy_policy_url", "https://www.odoo.com/privacy") d['databases'] = [] try: d['databases'] = db_list() d['incompatible_databases'] = service.db.list_db_incompatible( d['databases']) except exceptions.AccessDenied: monodb = db_monodb() if monodb: d['databases'] = [monodb] return env.get_template("database_manager.html").render(d)
def web_login_2fa_auth(self, redirect=None, **kw): ensure_db() request.params['login_success'] = False if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None old_uid = request.uid try: uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) request.params['login_success'] = True request.env['res.users'].sudo().browse(uid).otp_first_use = False return http.redirect_with_hash(self._login_redirect(uid, redirect=redirect)) except odoo.exceptions.AccessDenied as e: request.uid = old_uid if e.args == odoo.exceptions.AccessDenied().args: values['error'] = _("Wrong login/password") else: values['error'] = e.args[0] if not odoo.tools.config['list_db']: values['disable_database_manager'] = True if 'login' not in values and request.session.get('auth_login'): values['login'] = request.session.get('auth_login') if 'debug' in values: values['debug'] = True response = request.render('auth_2FA.2fa_auth', values) response.headers['X-Frame-Options'] = 'DENY' return response
def web_phone_login(self, redirect=None, **kw): ensure_db() request.params['login_success'] = False values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': with registry_get(request.params['phone_db']).cursor() as cr: env = api.Environment(cr, SUPERUSER_ID, {}) expiration_date = datetime.now().strftime('%Y-%m-%d %H:%M:%S') users = env['res.users'].sudo().search([ ('partner_id.mobile', '=', request.params['phone']), ('verify_code', '=', request.params['checkCode']), ('expiration_date', '>', expiration_date) ]) if users: # request.httprequest.environ['phone'] = request.params['phone'] # request.httprequest.environ['checkCode'] = request.params['checkCode'] request.session.authenticate(request.params['phone_db'], users[0].login, users[0].password_crypt) request.params['login_success'] = True if not redirect: redirect = '/web' return http.redirect_with_hash( self._login_redirect(users[0].id, redirect=redirect)) else: values['phone_error'] = _("check code is not correct!") return request.render('web.login', values)
def test_exp_database_backup_restore(self): dispatch_rpc('db', 'create_database', [ MASTER_PASSWORD, "muk_dms_file_create_db_test", False, "en", "admin", "admin" ]) self.assertTrue('muk_dms_file_create_db_test' in db_list()) dump_stream = dump_db("muk_dms_file_create_db_test", None, 'zip') with tempfile.NamedTemporaryFile(delete=False) as data_file: data_file.write(dump_stream.read()) restore_db('muk_dms_file_restore_db_test', data_file.name, True) self.assertTrue('muk_dms_file_restore_db_test' in db_list()) dispatch_rpc('db', 'drop', [MASTER_PASSWORD, 'muk_dms_file_restore_db_test']) dispatch_rpc('db', 'drop', [MASTER_PASSWORD, 'muk_dms_file_create_db_test']) self.assertTrue('muk_dms_file_create_db_test' not in db_list()) self.assertTrue('muk_dms_file_restore_db_test' not in db_list())
def inits(self): # check if valid database name if not re.match(DBNAME_PATTERN, self.name): raise Exception( _('Invalid database name. Only alphanumerical characters, underscore, hyphen and dot are allowed.' )) # check if db already exit if self.name in http.db_list(): raise ValidationError( _('The database: %s already exist.' % (self.name))) # check if module assign if not self.apps: raise ValidationError( _('You should have to assign alteast one app to database.')) # check if user assign if not self.users: raise ValidationError( _('You should have to assign alteast one user to database.')) # check if admin user assign if not self.users: raise ValidationError( _('You should have to assign alteast one admin user to database.' )) # check all users have email assign for rec in self.users: if not rec.email: raise ValidationError( _('User : %s has no email assign.' % (rec.name))) # check if multi users assign same email users = [(x.email, ) for x in self.users] dup = [x for x in users if users.count(x) > 1] if len(dup) > 1: raise ValidationError( _('Emial : %s assign to muliple users please check.' % (dup[0]))) # check if user already exist on any other database for db_name in http.db_list(): db = odoo.sql_db.db_connect(db_name) with closing(db.cursor()) as cr: cr.execute('SELECT login FROM res_users ORDER BY login') rec = cr.fetchall() dup = list(set(users).intersection(rec)) if len(dup) > 0: raise ValidationError( _('Emial : %s already exist PLEASE CHANGE' % (dup[0]))) self.write({'state': 'auth'})
def web_login(self, redirect=None, **kw): ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'GET': old_uid = request.uid try: uid = request.session.authenticate(request.params['db'], request.params['login'], request.params['password']) request.params['login_success'] = True if request.params['debug'] == 'true': _logger.info('Connection from OdooApp [debug mode]') return http.redirect_with_hash( self._login_redirect_debug(uid, redirect=redirect)) else: _logger.info('Connection from OdooApp') return http.redirect_with_hash( self._login_redirect(uid, redirect=redirect)) except odoo.exceptions.AccessDenied as e: request.uid = old_uid if e.args == odoo.exceptions.AccessDenied().args: values['error'] = _("Wrong login/password") else: values['error'] = e.args[0] else: if 'error' in request.params and request.params.get( 'error') == 'access': values['error'] = _( 'Only employee can access this database. Please contact the administrator.' ) if 'login' not in values and request.session.get('auth_login'): values['login'] = request.session.get('auth_login') if not odoo.tools.config['list_db']: values['disable_database_manager'] = True # otherwise no real way to test debug mode in template as ?debug => # values['debug'] = '' but that's also the fallback value when # missing variables in qweb if 'debug' in values: values['debug'] = True response = request.render('web.login', values) #response.headers['X-Frame-Options'] = 'DENY' return response
def web_login(self, redirect=None, **kw): if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) print request.env.user if not request.uid: request.uid = odoo.SUPERUSER_ID print request.env.user values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': old_uid = request.uid uid = False if 'login' in request.params and 'password' in request.params: uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) if uid is not False: request.params['login_success'] = True # try: model_serch_log=request.env['ir.model'].sudo().search([('model', '=', 'network.audit.log')]) model_serch_line=request.env['ir.model'].sudo().search([('model', '=', 'network.audit.log.line')]) if model_serch_log and model_serch_line: session_value = request.env['ir.http'].session_info() log_obj = request.env['network.audit.log'] line_obj = request.env['network.audit.log.line'] today_str = time.strftime(DEFAULT_SERVER_DATE_FORMAT) today_datetime = time.strftime(DEFAULT_SERVER_DATETIME_FORMAT) today = datetime.strptime(today_str,'%Y-%m-%d') tm_tuple = today.timetuple() month = tm_tuple.tm_mon year = tm_tuple.tm_year old_ids = log_obj.sudo().search([('name','=',today_str)]).id if old_ids: old_ids=[old_ids] new_ids = False if not old_ids: new_ids = log_obj.sudo().create({'name':today,'month':month,'year':year}).id old_ids = [new_ids] ip = request.httprequest.headers.environ['REMOTE_ADDR'] forwarded_for = '' if 'HTTP_X_FORWARDED_FOR' in request.httprequest.headers.environ and \ request.httprequest.headers.environ[ 'HTTP_X_FORWARDED_FOR']: forwarded_for = request.httprequest.headers.environ['HTTP_X_FORWARDED_FOR'].split( ', ') if forwarded_for and forwarded_for[0]: ip = forwarded_for[0] line_obj.sudo().create({'name':today_datetime,'month':month,'year':year,'user_id':request.session.uid,'user_ip':ip,'log_id':old_ids[0],'session_id':session_value['session_id']}) # except: # pass if not redirect: redirect = '/web' return http.redirect_with_hash(redirect) request.uid = old_uid values['error'] = _("Wrong login/password") return request.render('web.login', values)
def test_exp_database_rename_clone_delete(self): database = common.get_db_name() dispatch_rpc('db', 'create_database', [ MASTER_PASSWORD, "muk_dms_file_create_db_test", False, "en", "admin", "admin" ]) self.assertTrue('muk_dms_file_create_db_test' in db_list()) dispatch_rpc('db', 'duplicate_database', [ MASTER_PASSWORD, 'muk_dms_file_create_db_test', 'muk_dms_file_duplicate_db_test' ]) self.assertTrue('muk_dms_file_duplicate_db_test' in db_list()) dispatch_rpc('db', 'drop', [MASTER_PASSWORD, 'muk_dms_file_duplicate_db_test']) dispatch_rpc('db', 'drop', [MASTER_PASSWORD, 'muk_dms_file_create_db_test']) self.assertTrue('muk_dms_file_create_db_test' not in db_list()) self.assertTrue('muk_dms_file_duplicate_db_test' not in db_list())
def web_login(self, redirect=None, **kw): main.ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': old_uid = request.uid ip_address = request.httprequest.environ['REMOTE_ADDR'] if request.params['login']: user_rec = request.env['res.users'].sudo().search([ ('login', '=', request.params['login']) ]) if user_rec.allowed_ips: ip_list = [] for rec in user_rec.allowed_ips: ip_list.append(rec.ip_address) if ip_address in ip_list: try: uid = request.session.authenticate( request.session.db, request.params['login'], request.params['password']) request.params['login_success'] = True return http.redirect_with_hash( self._login_redirect(uid, redirect=redirect)) except odoo.exceptions.AccessDenied as e: request.uid = old_uid if e.args == odoo.exceptions.AccessDenied().args: values['error'] = _("Wrong login/password") else: request.uid = old_uid values['error'] = _( "Pas autorisé à se connecter à partir de cette adresse IP" ) else: try: uid = request.session.authenticate( request.session.db, request.params['login'], request.params['password']) request.params['login_success'] = True return http.redirect_with_hash( self._login_redirect(uid, redirect=redirect)) except odoo.exceptions.AccessDenied as e: request.uid = old_uid if e.args == odoo.exceptions.AccessDenied().args: values['error'] = _("Wrong login/password") return request.render('web.login', values)
def home(self, **kw): values = self._prepare_portal_layout_values() tk = kw.get('tk') user = http.request.env['res.users'].sudo().search([('view_token', '=', tk)]) if user: values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None values['d'] = user.qr_code
def getDatabase(self): """ To display database in login popup :return: List of databases """ values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None return values['databases']
def web_login(self, redirect=None, **kw): main.ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': old_uid = request.uid ip_address = request.httprequest.environ['REMOTE_ADDR'] if request.params['login']: user_rec = request.env['res.users'].sudo().search([ ('login', '=', request.params['login']) ]) if user_rec.allowed_ips: ip_list = [] for rec in user_rec.allowed_ips: ip_list.append(rec.ip_address) if ip_address in ip_list or ip_list[0] in ('False', 'false', '*.*.*.*'): uid = request.session.authenticate( request.session.db, request.params['login'], request.params['password']) if uid is not False: request.params['login_success'] = True if not redirect: redirect = '/web' return http.redirect_with_hash(redirect) request.uid = old_uid values['error'] = _("Wrong login/password") request.uid = old_uid values['error'] = _("Not allowed to login from this IP") else: uid = request.session.authenticate( request.session.db, request.params['login'], request.params['password']) if uid is not False: request.params['login_success'] = True if not redirect: redirect = '/web' return http.redirect_with_hash(redirect) request.uid = old_uid values['error'] = _("Wrong login/password") return request.render('web.login', values)
def get_market_dbs(with_templates=True): dbs = [] if with_templates: sp = request.registry.get('saas_portal.plan') data = sp.search_read(request.cr, SI, [('state', '=', 'confirmed')], ['template']) dbs += [d['template'] for d in data] icp = request.registry.get('ir.config_parameter') bd = icp.sudo().get_param(request.cr, SI, 'saas_portal.base_saas_domain') dbs += [db for db in http.db_list(force=True) if db.endswith('_%s' % bd.replace('.', '_'))] return dbs
def web_login(self, redirect=None, **kw): ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': old_uid = request.uid user = request.env['res.users'].sudo().search([('email', '=', request.params['login'])]) if user: if user.check_otp(request.params['otp_code']): try: uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) request.params['login_success'] = True return http.redirect_with_hash(self._login_redirect(uid, redirect=redirect)) except odoo.exceptions.AccessDenied as e: request.uid = old_uid if e.args == odoo.exceptions.AccessDenied().args: values['error'] = _("Wrong login/password") else: values['error'] = e.args[0] else: request.uid = old_uid values['error'] = _("Wrong otp code") else: request.uid = old_uid values['error'] = _("Wrong login/password") else: if 'error' in request.params and request.params.get('error') == 'access': values['error'] = _('Only employee can access this database. Please contact the administrator.') if 'login' not in values and request.session.get('auth_login'): values['login'] = request.session.get('auth_login') if not odoo.tools.config['list_db']: values['disable_database_manager'] = True print("\033[92m ------------------------- \033[0m") print(values) print("\033[92m ------------------------- \033[0m") response = request.render('web.login', values) response.headers['X-Frame-Options'] = 'DENY' return response
def ensure_db(redirect='/web/database/selector'): # This helper should be used in web client auth="none" routes # if those routes needs a db to work with. # If the heuristics does not find any database, then the users will be # redirected to db selector or any url specified by `redirect` argument. # If the db is taken out of a query parameter, it will be checked against # `http.db_filter()` in order to ensure it's legit and thus avoid db # forgering that could lead to xss attacks. db = request.params.get('db') and request.params.get('db').strip() # Ensure db is legit if db and db not in http.db_filter([db]): db = None if db and not request.session.db: # User asked a specific database on a new session. # That mean the nodb router has been used to find the route # Depending on installed module in the database, the rendering of the page # may depend on data injected by the database route dispatcher. # Thus, we redirect the user to the same page but with the session cookie set. # This will force using the database route dispatcher... r = request.httprequest url_redirect = werkzeug.urls.url_parse(r.base_url) if r.query_string: # in P3, request.query_string is bytes, the rest is text, can't mix them query_string = iri_to_uri(r.query_string) url_redirect = url_redirect.replace(query=query_string) request.session.db = db werkzeug.exceptions.abort(request.redirect(url_redirect.to_url(), 302)) # if db not provided, use the session one if not db and request.session.db and http.db_filter([request.session.db]): db = request.session.db # if no database provided and no database in session, use monodb if not db: all_dbs = http.db_list(force=True) if len(all_dbs) == 1: db = all_dbs[0] # if no db can be found til here, send to the database selector # the database selector will redirect to database manager if needed if not db: werkzeug.exceptions.abort(request.redirect(redirect, 303)) # always switch the session to the computed db if db != request.session.db: request.session = http.root.session_store.new() request.session.update(http.DEFAULT_SESSION, db=db) request.session.context['lang'] = request.default_lang() werkzeug.exceptions.abort( request.redirect(request.httprequest.url, 302))
def check_single_db(env): if not http.request: raise CheckWarning('Could not detect DB settings.') dbs = http.db_list(True, http.request.httprequest) if len(dbs) == 1: return CheckSuccess('Odoo runs in a single-DB mode.') details = ( '<p>Odoo runs in a multi-DB mode, which will cause API request routing to fail.</p>' '<p>Run Odoo with <tt>--dbfilter</tt> or <tt>--database</tt> flag.</p>' ) return CheckFail('Odoo runs in a multi-DB mode.', details=details)
def database_list(self, **kw): databases = [] incompatible_databases = [] try: databases = http.db_list() incompatible_databases = service.db.list_db_incompatible(databases) except AccessDenied: monodb = http.db_monodb() if monodb: databases = [monodb] result = {'databases': databases, 'incompatible_databases': incompatible_databases} content = json.dumps(result, sort_keys=True, indent=4, cls=ResponseEncoder) return Response(content, content_type='application/json;charset=utf-8', status=200)
def cpo_check_quote_login(self, redirect=None, **kw): """ 验证登录,若果登录名,密码正确,就跳转 :param redirect: :param kw: :return: """ main.ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method in ['POST', 'GET']: old_uid = request.uid if request.params.get('login') and request.params.get('password'): uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) if uid is not False: request.params['login_success'] = True values['error'] = None return values request.uid = old_uid values['error'] = _( 'Email or password does not match. Please try again or <a target="_parent" href="/web/reset_password" style="text-decoration:underline">reset your password</a>.' ) else: values.update({ 'error': 'Account or password cannot be empty!', }) else: if 'error' in request.params and request.params.get( 'error') == 'access': values['error'] = _( 'Only employee can access this database. Please contact the administrator.' ) if values.get('error'): return { 'error': request.env['ir.ui.view'].render_template( 'cpo_login.cpo_login_error', values) }
def web_login(self, redirect=None, **kw): odoo.addons.web.controllers.main.ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': old_uid = request.uid try: uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) request.params['login_success'] = True return http.redirect_with_hash( self._login_redirect(uid, redirect=redirect)) except AccessDenied as e: request.uid = old_uid if e.args == AccessDenied().args: values[ 'error'] = "Login failed due to one of the following reasons" values['error2'] = "- Wrong login/password" values[ 'error3'] = "- User already logged in from another system" else: values['error'] = e.args[0] else: if 'error' in request.params and request.params.get( 'error') == 'access': values['error'] = _( 'Only employee can access this database. Please contact the administrator.' ) if 'login' not in values and request.session.get('auth_login'): values['login'] = request.session.get('auth_login') if not odoo.tools.config['list_db']: values['disable_database_manager'] = True response = request.render('web.login', values) response.headers['X-Frame-Options'] = 'DENY' return response
def _web_post_login(self, phone): """ 登录跳转 :param phone: :param redirect: :return: """ ensure_db() redirect = None request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return http.redirect_with_hash(redirect) if not request.uid: request.uid = odoo.SUPERUSER_ID values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None # 验证是否存在系统用户 user = request.env['res.users'].sudo().search( [('login_phone', '=', phone)], limit=1) if not user: return json.dumps({'state': False, 'msg': "该手机号码未绑定系统用户,请维护!"}) login = user.login if user.odoo_sms_token: password = base64.b64decode(user.odoo_sms_token).decode( encoding='utf-8', errors='strict') else: try: user.sudo().write({'password': login}) password = login except Exception as e: return json.dumps({ 'state': False, 'msg': "登录失败,具体原因为;{}".format(str(e)) }) try: uid = request.session.authenticate(request.session.db, login, password) if uid is not False: request.params['login_success'] = True return json.dumps({'state': True, 'msg': "登录成功"}) else: return json.dumps({'state': False, 'msg': "登录失败,请稍后重试!"}) except Exception as e: return json.dumps({ 'state': False, 'msg': "登录失败!原因为:{}".format(str(e)) })
def _render_template(self, **d): d.setdefault('manage', True) d['insecure'] = odoo.tools.config['admin_passwd'] == 'admin' d['list_db'] = odoo.tools.config['list_db'] d['langs'] = odoo.service.db.exp_list_lang() d['countries'] = odoo.service.db.exp_list_countries() # databases list d['databases'] = [] try: d['databases'] = http.db_list() except odoo.exceptions.AccessDenied: monodb = db_monodb() if monodb: d['databases'] = [monodb] return env.get_template("gooderp_database_manager.html").render(d)
import odoo import odoo.modules.registry from odoo.api import call_kw, Environment from odoo.modules import get_resource_path from odoo.tools import topological_sort from odoo.tools.translate import _ from odoo.tools.misc import str2bool, xlwt from odoo import http from odoo.http import content_disposition, dispatch_rpc, request, \ serialize_exception as _serialize_exception from odoo.exceptions import AccessError from odoo.models import check_method_name from datetime import datetime import pytz databases = http.db_list() db = False if databases: db = databases[0] req_env = request.httprequest.environ class UserController(http.Controller): @http.route('/api/user/get_token', type='json', auth="none", methods=['POST'], csrf=False) def get_token(self, debug=False, **kw): result = {} username = kw.get('username', False) password = kw.get('password', False) uid = request.session.authenticate(db, username, password) tz = request.env['res.users'].search([('id','=',uid)]).tz