def auth_by_code(self, code, appid, **kw): ensure_db() try: openid = _get_open_id(code, appid) except RuntimeError as e: return {'error': 'wechat_error', 'message': '%s' % e} account = request.env['wechat.account'].sudo().search([ ('open_id', '=', openid), ('app_id', '=', appid) ]) if account: request.session.uid = account.user_id.id request.session.login = account.user_id.login request.session.session_token = security.compute_session_token( request.session) request.uid = account.user_id.id request.disable_db = False request.session.get_context() request.session.wechat_openid = openid return { 'success': 'You have been logged in successfully!', 'user_name': account.user_id.name, 'user_id': account.user_id.id, } else: return { 'error': 'auth_failed', 'message': 'Authenticating failed, login required.' }
def authenticate_token_for_user(token): """Authenticate against the database and setup user session corresponding to the token. :param str token: The raw access token. :returns: User if token is authorized for the requested user. :rtype odoo.models.Model :raise: werkzeug.exceptions.HTTPException if user not found. """ user = request.env["res.users"].sudo().search([("openapi_token", "=", token)]) if user.exists(): # copy-pasted from odoo.http.py:OpenERPSession.authenticate() request.session.uid = user.id request.session.login = user.login request.session.session_token = user.id and security.compute_session_token( request.session, request.env) request.uid = user.id request.disable_db = False request.session.get_context() return user raise werkzeug.exceptions.HTTPException(response=error_response( *CODE__no_user_auth))
def login(self,**kw): json = http.request.jsonrequest #if not request.uid: #if request.uid and json.get('sid'): # session = http.root.session_store.get(json['sid']) # return { 'sid': session.sid } db = json['server'] user = json['user'] password = json['password'] uid = http.request.env['res.users'].authenticate( db,user,password,None ) if not uid:return False session = http.request.session session.db = db session.uid = uid session.login = user session.session_token = uid and security.compute_session_token(session) session.context = http.request.env['res.users'].context_get() or {} session.context['uid'] = uid session._fix_lang(session.context) http.root.session_store.save(session) return { 'sid': session.sid }
def _set_session_info(uid, login): request.session.uid = uid request.session.login = login request.session.session_token = security.compute_session_token( request.session, request.env) request.uid = uid request.disable_db = False request.session.get_context()
def switch_to_admin(self): uid = request.env.user.id if request.env.user._is_system(): uid = request.session.uid = odoo.SUPERUSER_ID # invalidate session token cache as we've changed the uid request.env['res.users'].clear_caches() request.session.session_token = security.compute_session_token(request.session, request.env) return request.redirect(self._login_redirect(uid))
def _rotate_session(httprequest): if httprequest.session.rotate: root.session_store.delete(httprequest.session) httprequest.session.sid = root.session_store.generate_key() if httprequest.session.uid: httprequest.session.session_token = security.compute_session_token( httprequest.session, request.env ) httprequest.session.modified = True
def login(self,db,login,password): uid = http.request.env['res.users'].authenticate( db,login,password,None ) if not uid:return False session = http.request.session session.db = db session.uid = uid session.login = login session.session_token = uid and security.compute_session_token(session) session.context = http.request.env['res.users'].context_get() or {} session.context['uid'] = uid session._fix_lang(session.context) http.root.session_store.save(session) return { 'sid': session.sid } # user info
def authenticate_new(self, db, login=None, password=None, uid=None): uid = origin_authenticate(self, db=db, login=login, password=password, uid=uid) if self.rotate: http.root.session_store.delete(self) self.sid = http.root.session_store.generate_key() self.rotate = False from odoo.service import security self.session_token = security.compute_session_token( self, http.request.env) http.root.session_store.save(self) return uid
def authenticate(self, user, password): # stay non-authenticated if user is None: return db = get_db_name() uid = self.registry['res.users'].authenticate(db, user, password, None) env = api.Environment(self.cr, uid, {}) # self.session.authenticate(db, user, password, uid=uid) # OpenERPSession.authenticate accesses the current request, which we # don't have, so reimplement it manually... session = self.session session.db = db session.uid = uid session.login = user session.session_token = uid and security.compute_session_token(session) session.context = env['res.users'].context_get() or {} session.context['uid'] = uid session._fix_lang(session.context) odoo.http.root.session_store.save(session)