def test_jwtsession_expire_days():
class A(spa.Handler):
def get(self):
return spa.Response(self.request.environ['jwtsession']['foo'])
routes = (
('/', 'a', A),
)
app = spa.App(routes)
secret = 'foobar'
app = JWTSessionMiddleware(app, secret_key=secret, expire_days=1)
c = Client(app, spa.Response)
tok = jwt.encode({
'foo': 'bar',
'iat': utc.now() - datetime.timedelta(days=1)
}, secret)
c.set_cookie('localhost', 'session', tok)
with pytest.raises(KeyError):
# The handler should fail to read 'foo' from the session, because it
# will have been dropped when the middleware saw that its 'iat'
# timestamp was too old.
c.get('/')
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
attach_name = reportname
if docids:
so_ids = [int(i) for i in docids.split(',')]
if reportname.find(
'cebis_sale_order_report.report_sale_order') != -1:
cr, uid, context = request.cr, request.uid, request.context
so = request.registry['sale.order'].browse(
cr, uid, so_ids, context=context)[0]
attach_name = so.name
# Generic report:
response = self.report_routes(reportname,
docids=docids,
converter='pdf')
else:
# Particular report:
data = url_decode(
url.split('?')
[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname,
converter='pdf',
**dict(data))
response.headers.add(
'Content-Disposition',
'attachment; filename=%s.pdf;' % attach_name)
response.set_cookie('fileToken', token)
return response
elif type == 'controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app,
BaseResponse).get(url,
headers=reqheaders,
follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {'code': 200, 'message': "Odoo Server Error", 'data': se}
return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = json.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname,
docids=docids,
converter='pdf')
else:
# Particular report:
data = url_decode(
url.split('?')
[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname,
converter='pdf',
**dict(data))
cr, uid = request.cr, request.uid
report = request.registry['report']._get_report_from_name(
cr, uid, reportname)
filename = "%s.%s" % (report.name, "pdf")
response.headers.add('Content-Disposition',
content_disposition(filename))
response.set_cookie('fileToken', token)
return response
elif type == 'controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app,
BaseResponse).get(url,
headers=reqheaders,
follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {
'code': 200,
'message': "YuanCloud Server Error",
'data': se
}
return request.make_response(html_escape(json.dumps(error)))
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = super(Extension, self).report_routes(reportname, docids=docids, converter='pdf')
# response = self.report_routes(reportname, docids=docids, converter='pdf')
##### FIX START: switch reportname with the evaluated attachment attribute of the action if available
docids = [int(i) for i in docids.split(',')]
report_obj = request.registry['report']
cr, uid, context = request.cr, request.uid, request.context
report = report_obj._get_report_from_name(cr, uid, reportname)
obj = report_obj.pool[report.model].browse(cr, uid, docids[0])
if hasattr(obj, 'name') and obj.name:
reportname = obj.name
##### FIX END
else:
# Particular report:
data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON
response = super(Extension, self).report_routes(reportname, converter='pdf', **dict(data))
# response = self.report_routes(reportname, converter='pdf', **dict(data))
response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname)
response.set_cookie('fileToken', token)
return response
elif type =='controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {
'code': 200,
'message': "Odoo Server Error",
'data': se
}
return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data,token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname, docids=docids, converter='pdf')
else:
# Particular report:
data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname, converter='pdf', **dict(data))
if reportname == 'jjuice_fedex.report_print_label':
cr, context = request.cr, request.context
info = request.registry('create.shipment.fedex').read(cr,SUPERUSER_ID,int(docids),['to_person_name','tracking_number'])
str_list = []
str_list.append(time.strftime("%Y-%m-%d"))
str_list.append(info.get('to_person_name','unavailable') or 'unavailable')
str_list.append(info.get('tracking_number','unavailable') or 'unavailable')
label_name = '_'.join(str_list)
response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % label_name)
else:
response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname)
response.set_cookie('fileToken', token)
return response
elif type =='controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {
'code': 200,
'message': "Odoo Server Error",
'data': se
}
return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname, docids=docids, converter='pdf')
else:
# Particular report:
data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname, converter='pdf', **dict(data))
cr, uid, context = request.cr, openerp.SUPERUSER_ID, request.context
report_obj = request.registry['ir.actions.report.xml']
idreport = report_obj.search(cr, uid, [('report_name', '=', reportname)], context=context)
try:
report = report_obj.browse(cr, uid, idreport[0], context=context)
reportname = report.report_file + '_' + time.strftime('%Y%m%d', time.gmtime())
except IndexError:
_logger.error("Can not lookup report %s" % reportname)
response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname)
response.set_cookie('fileToken', token)
return response
elif type =='controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {
'code': 200,
'message': "Odoo Server Error",
'data': se
}
return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
print docids,reportname
if docids:
# Generic report:
response = self.report_routes(reportname, docids=docids, converter='pdf')
else:
# Particular report:
data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname, converter='pdf', **dict(data))
#Rename the pdf's name make it looks kindly.
report_ids = request.registry.get('ir.actions.report.xml').search(request.cr,openerp.SUPERUSER_ID,[('report_name','=',reportname)])
if len(report_ids):
report_obj = request.registry.get('ir.actions.report.xml').browse(request.cr,openerp.SUPERUSER_ID,report_ids[0])
docids = [int(x) for x in docids.split(',')]
reports = request.registry.get(report_obj.model).browse(request.cr,openerp.SUPERUSER_ID,docids)
filename = reports[0].name
response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % filename)
response.set_cookie('fileToken', token)
return response
elif type =='controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {
'code': 200,
'message': "Odoo Server Error",
'data': se
}
return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = json.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname, docids=docids, converter='pdf')
else:
# Particular report:
data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname, converter='pdf', **dict(data))
cr, uid = request.cr, request.uid
report = request.registry['report']._get_report_from_name(cr, uid, reportname)
filename = "%s.%s" % (report.name, "pdf")
if docids:
ids = [int(x) for x in docids.split(",")]
obj = request.env[report.model].browse(ids)
if report.print_report_name and not len(obj) > 1:
filename = eval(report.print_report_name, {'object': obj, 'time': time})
response.headers.add('Content-Disposition', content_disposition(filename))
response.set_cookie('fileToken', token)
return response
elif type =='controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {
'code': 200,
'message': "Odoo Server Error",
'data': se
}
return request.make_response(html_escape(json.dumps(error)))
def test_empty_header_blocked():
class A(spa.Handler):
def post(self):
return spa.Response('hello world')
routes = (
('/', 'a', A),
)
app = ApiCSRFMiddleware(spa.App(routes))
c = Client(app, spa.Response)
c.set_cookie('localhost', 'api_csrf', 'foobar')
resp = c.post('/')
assert resp.status_code == 403
def test_mismatched_tokens_blocked():
class A(spa.Handler):
def post(self):
return spa.Response('hello world')
routes = (
('/', 'a', A),
)
app = ApiCSRFMiddleware(spa.App(routes))
c = Client(app, spa.Response)
c.set_cookie('localhost', 'api_csrf', 'foobar')
resp = c.post('/', headers={'X-Api-CSRF': 'barfoo'})
assert resp.status_code == 403
def report_download(self, data, token):
requestcontent = json.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app,
BaseResponse).get(url,
headers=reqheaders,
follow_redirects=True)
response.set_cookie('fileToken', token)
return response
except Exception as e:
se = _serialize_exception(e)
error = {'code': 200, 'message': "Odoo Server Error", 'data': se}
return request.make_response(html_escape(json.dumps(error)))
return super(ReportControllerExtend, self).report_download(data, token)
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname,
docids=docids,
converter='pdf')
else:
# Particular report:
data = url_decode(url.split(
'?')[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname,
converter='pdf',
**dict(data))
response.headers.add('Content-Disposition',
'attachment; filename=%s.pdf;' % reportname)
response.set_cookie('fileToken', token)
return response
elif type == 'controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app,
BaseResponse).get(url,
headers=reqheaders,
follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = json.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == "qweb-pdf":
reportname = url.split("/report/pdf/")[1].split("?")[0]
docids = None
if "/" in reportname:
reportname, docids = reportname.split("/")
if docids:
# Generic report:
response = self.report_routes(reportname, docids=docids, converter="pdf")
else:
# Particular report:
data = url_decode(url.split("?")[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname, converter="pdf", **dict(data))
cr, uid = request.cr, request.uid
report = request.registry["report"]._get_report_from_name(cr, uid, reportname)
filename = "%s.%s" % (report.name, "pdf")
response.headers.add("Content-Disposition", content_disposition(filename))
response.set_cookie("fileToken", token)
return response
elif type == "controller":
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app, BaseResponse).get(
url, headers=reqheaders, follow_redirects=True
)
response.set_cookie("fileToken", token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {"code": 200, "message": "Odoo Server Error", "data": se}
return request.make_response(html_escape(json.dumps(error)))
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname, docids=docids, converter='pdf')
else:
# Particular report:
data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname, converter='pdf', **dict(data))
response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname)
response.set_cookie('fileToken', token)
return response
elif type =='controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except osv.except_osv, e:
se = _serialize_exception(e)
error = {
'code': 200,
'message': "Odoo Server Error",
'data': se
}
return request.make_response(simplejson.dumps(error))
def replay_url(self, url, wsgi_application=None, follow_redirects=True):
"""
Given a URL contained in this WARC, return a werkzeug BaseResponse for the URL as played back by pywb.
"""
# By default, play back from our pywb wsgi app.
if not wsgi_application:
from warc_server.app import application as pywb_application # local to avoid circular imports
wsgi_application = pywb_application
# Set up a werkzeug wsgi client.
client = Client(wsgi_application, BaseResponse)
# Set a cookie to allow replay of private links.
if self.is_private:
client.set_cookie('localhost', self.guid, self.create_access_token())
# Return pywb's response as a BaseResponse.
full_url = '/%s/%s' % (self.guid, url)
return client.get(full_url, follow_redirects=follow_redirects)
def test_read_session_cookie():
class A(spa.Handler):
def get(self):
return spa.Response(self.request.environ['jwtsession']['foo'])
routes = (
('/', 'a', A),
)
app = spa.App(routes)
secret = 'foobar'
app = JWTSessionMiddleware(app, secret_key=secret)
c = Client(app, spa.Response)
c.set_cookie('localhost', 'session', jwt.encode({'foo': 'bar',
'iat': utc.now()}, secret))
resp = c.get('/')
assert resp.data == b'bar'
def test_cookie_forging():
c = Client(cookie_app)
c.set_cookie("localhost", "foo", "bar")
response = c.open()
assert response.data == b"foo=bar"
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
print docids, reportname
if docids:
# Generic report:
response = self.report_routes(reportname,
docids=docids,
converter='pdf')
else:
# Particular report:
data = url_decode(
url.split('?')
[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname,
converter='pdf',
**dict(data))
#Rename the pdf's name make it looks kindly.
report_ids = request.registry.get(
'ir.actions.report.xml').search(
request.cr, openerp.SUPERUSER_ID,
[('report_name', '=', reportname)])
if len(report_ids):
report_obj = request.registry.get(
'ir.actions.report.xml').browse(
request.cr, openerp.SUPERUSER_ID, report_ids[0])
docids = [int(x) for x in docids.split(',')]
reports = request.registry.get(report_obj.model).browse(
request.cr, openerp.SUPERUSER_ID, docids)
filename = reports[0].name
response.headers.add('Content-Disposition',
'attachment; filename=%s.pdf;' % filename)
response.set_cookie('fileToken', token)
return response
elif type == 'controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app,
BaseResponse).get(url,
headers=reqheaders,
follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {'code': 200, 'message': "Odoo Server Error", 'data': se}
return request.make_response(html_escape(simplejson.dumps(error)))
def test_cookie_forging(self):
c = Client(cookie_app)
c.set_cookie('localhost', 'foo', 'bar')
appiter, code, headers = c.open()
assert list(appiter) == ['foo=bar']
def test_cookie_forging():
c = Client(cookie_app)
c.set_cookie('localhost', 'foo', 'bar')
appiter, code, headers = c.open()
strict_eq(list(appiter), [b'foo=bar'])
def test_cookie_forging():
"""Test that cookie forging works."""
c = Client(cookie_app)
c.set_cookie('localhost', 'foo', 'bar')
appiter, code, headers = c.open()
assert list(appiter) == ['foo=bar']
def test_cookie_forging():
c = Client(cookie_app)
c.set_cookie("localhost", "foo", "bar")
appiter, code, headers = c.open()
strict_eq(list(appiter), [b"foo=bar"])
def report_download(self, data, token):
requestcontent = json.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname,
docids=docids,
converter='pdf')
else:
# Particular report:
data = url_decode(url.split(
'?')[1]) # decoding the args represented in JSON
response = self.report_routes(reportname,
converter='pdf',
**dict(data))
temp_dict = {}
temp_dict.update(json.loads(dict(data).pop('options')))
if 'skit_report_type' in temp_dict.keys(
) and temp_dict['skit_report_type'] == 'XLS':
report = request.env[
'ir.actions.report']._get_report_from_name(
reportname)
filename = "%s.%s" % (report.name, "xls")
# Customize the report name must be what we want
# from print xls report ,pass the report_name and customize it.
# code added for skit.event.report module execute same model for all event report
if 'report_name' in temp_dict.keys(
) and temp_dict['skit_report_type'] == 'XLS':
filename = "%s.%s" % (temp_dict['report_name'],
"xls")
response.headers.add('Content-Disposition',
content_disposition(filename))
response.set_cookie('fileToken', token)
return response
report = request.env[
'ir.actions.report']._get_report_from_name(reportname)
filename = "%s.%s" % (report.name, "pdf")
response.headers.add('Content-Disposition',
content_disposition(filename))
response.set_cookie('fileToken', token)
return response
elif type == 'controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app,
BaseResponse).get(url,
headers=reqheaders,
follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception as e:
se = _serialize_exception(e)
error = {'code': 200, 'message': "Odoo Server Error", 'data': se}
return request.make_response(html_escape(json.dumps(error)))
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname,
docids=docids,
converter='pdf')
##### FIX START: switch reportname with the evaluated attachment attribute of the action if available
docids = [int(i) for i in docids.split(',')]
report_obj = request.registry['report']
cr, uid, context = request.cr, request.uid, request.context
report = report_obj._get_report_from_name(
cr, uid, reportname)
if report.attachment:
obj = report_obj.pool[report.model].browse(
cr, uid, docids[0])
reportname = eval(report.attachment, {
'object': obj
}).split('.pdf')[0]
##### FIX END
else:
# Particular report:
data = url_decode(
url.split('?')
[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname,
converter='pdf',
**dict(data))
response.headers.add(
'Content-Disposition',
'attachment; filename=%s.pdf;' % reportname)
response.set_cookie('fileToken', token)
return response
elif type == 'controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app,
BaseResponse).get(url,
headers=reqheaders,
follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except osv.except_osv, e:
se = _serialize_exception(e)
error = {'code': 200, 'message': "Odoo Server Error", 'data': se}
return request.make_response(simplejson.dumps(error))
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname, docids=docids, converter='pdf')
else:
# Particular report:
data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname, converter='pdf', **dict(data))
#################### TO CHANGE NAME OF THE QWEB REPORT PDF FILE ##################
if docids:
if reportname == "account.report_invoice":
inv_obj = request.registry['account.invoice']
lst_inv = []
lst_inv = docids.split(",")
for ele_inv in lst_inv:
inv_browse = inv_obj.browse(request.cr, request.uid, [int(ele_inv)])
if inv_browse[0].type == 'out_invoice' or inv_browse[0].type == 'in_invoice':
if inv_browse[0].number:
reportname = 'Invoice' + '(' + str(inv_browse[0].number or '') + ')'
else:
reportname = 'Invoice'
else:
if inv_browse[0].number:
reportname = "Refund" + '(' + str(inv_browse[0].number or '') + ')'
else:
reportname = 'Refund'
if reportname == "sale.report_saleorder":
sale_obj = request.registry['sale.order']
lst = []
lst = docids.split(",")
for ele in lst:
sale_browse = sale_obj.browse(request.cr, request.uid, [int(ele)])
if sale_browse[0].state in ['draft', 'sent']:
if sale_browse[0].name:
reportname = "Quotation" + '(' + str(sale_browse[0].name) + ')'
else:
reportname = "Quotation"
else :
if sale_browse[0].name:
reportname = "Order" + '(' + str(sale_browse[0].name) + ')'
else:
reportname = "Order"
if reportname == "purchase.report_purchaseorder":
purchase_obj = request.registry['purchase.order']
lst = []
lst = docids.split(",")
for ele in lst:
purchase_browse = purchase_obj.browse(request.cr, request.uid, [int(ele)])
if purchase_browse[0].state in ['draft', 'sent']:
if purchase_browse[0].name:
reportname = "Purchase Order" + '(' + str(purchase_browse[0].name) + ')'
else:
reportname = "Purchase Order"
else :
if purchase_browse[0].name:
reportname = "Purchase Order" + '(' + str(purchase_browse[0].name) + ')'
else:
reportname = "Purchase Order"
####################################################################################
response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname)
response.set_cookie('fileToken', token)
return response
elif type =='controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {
'code': 200,
'message': "Odoo Server Error",
'data': se
}
return request.make_response(html_escape(simplejson.dumps(error)))
def test_cookie_forging():
c = Client(cookie_app)
c.set_cookie("localhost", "foo", "bar")
appiter, code, headers = c.open()
assert list(appiter) == [b"foo=bar"]
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname,
docids=docids,
converter='pdf')
else:
# Particular report:
data = url_decode(
url.split('?')
[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname,
converter='pdf',
**dict(data))
if reportname == 'jjuice_fedex.report_print_label':
cr, context = request.cr, request.context
info = request.registry('create.shipment.fedex').read(
cr, SUPERUSER_ID, int(docids),
['to_person_name', 'tracking_number'])
str_list = []
str_list.append(time.strftime("%Y-%m-%d"))
str_list.append(
info.get('to_person_name', 'unavailable')
or 'unavailable')
str_list.append(
info.get('tracking_number', 'unavailable')
or 'unavailable')
label_name = '_'.join(str_list)
response.headers.add(
'Content-Disposition',
'attachment; filename=%s.pdf;' % label_name)
else:
response.headers.add(
'Content-Disposition',
'attachment; filename=%s.pdf;' % reportname)
response.set_cookie('fileToken', token)
return response
elif type == 'controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app,
BaseResponse).get(url,
headers=reqheaders,
follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {'code': 200, 'message': "Odoo Server Error", 'data': se}
return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname,
docids=docids,
converter='pdf')
#switch reportname with the evaluated attachment attribute of the action if available
docids = [int(i) for i in docids.split(',')]
report_obj = request.registry['report']
cr, uid, context = request.cr, request.uid, request.context
report = report_obj._get_report_from_name(
cr, uid, reportname)
report_ename = "%s_" % (report.name)
obj = report_obj.pool[report.model].browse(
cr, uid, docids[0])
if len(docids
) > 1: # if more than one reports for printing
prefex = "(time.strftime('%d/%m/%Y')) + ('.pdf')"
else:
prefex_name = ""
try:
if obj.name:
prefex_name = "(object.name)+'_'"
except:
pass
prefex_state = ""
try:
if obj.state:
prefex_state = "'_'+(object.state)+'_'"
except:
pass
prefex = prefex_name + prefex_state + " + (time.strftime('%d/%m/%Y')) + ('.pdf')"
#_logger.warning("prefex : %s", prefex )
try:
reportname = eval(prefex, {
'object': obj,
'time': time
}).split('.pdf')[0]
except:
pass
reportname = report_ename
reportname = report_ename + reportname
# Remove all non-word characters (everything except numbers and letters)
reportname = re.sub(r"[^\w\s]", '', reportname)
# Replace all runs of whitespace with a single dash
reportname = re.sub(r"\s+", '-', reportname)
#_logger.warning("reportname-1 : %s", reportname )
else:
# Particular report:
data = url_decode(
url.split('?')
[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname,
converter='pdf',
**dict(data))
#_logger.warning("reportname-2 : %s", reportname )
response.headers.add(
'Content-Disposition',
'attachment; filename=%s.pdf;' % reportname)
response.set_cookie('fileToken', token)
return response
elif type == 'controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app,
BaseResponse).get(url,
headers=reqheaders,
follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {'code': 200, 'message': "Odoo Server Error", 'data': se}
return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = json.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname, docids=docids, converter='pdf')
else:
# Particular report:
data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname, converter='pdf', **dict(data))
report = request.env['report']._get_report_from_name(reportname)
filename = "%s.%s" % (report.name, "pdf")
#Sale Order
if report.report_name == 'solum_sale.sol_quotation_report_template_id':
so_pool = request.env['sale.order']
lst_so = []
lst_so = docids.split(",")
for ele_inv in lst_so:
so_obj = so_pool.browse([int(ele_inv)])
filename = so_obj.name +'-'+'Sol Luminaire'
if report.report_name == 'solum_sale.idesign_quotation_report_template_id':
so_pool = request.env['sale.order']
lst_so = []
lst_so = docids.split(",")
for ele_inv in lst_so:
so_obj = so_pool.browse([int(ele_inv)])
filename = so_obj.name +'-'+'iDesign'
#Invoice
if report.report_name == 'solum_invoice.sol_invoice_report_template_id':
inv_pool = request.env['account.invoice']
lst_inv = []
lst_inv = docids.split(",")
for ele_inv in lst_inv:
inv_obj = inv_pool.browse([int(ele_inv)])
if inv_obj.number:
filename = inv_obj.number +'-'+'Sol Luminaire Customer'
else:
filename = inv_obj.partner_id.name +'-'+'Sol Luminaire Customer'
if report.report_name == 'solum_invoice.idesign_invoice_report_template_id':
inv_pool = request.env['account.invoice']
lst_inv = []
lst_inv = docids.split(",")
for ele_inv in lst_inv:
inv_obj = inv_pool.browse([int(ele_inv)])
if inv_obj.number:
filename = inv_obj.number +'-'+'iDesign'
else:
filename = inv_obj.partner_id.name +'-'+'iDesign'
if report.report_name == 'solum_invoice.sol_commission_invoice_report_template_id':
inv_pool = request.env['account.invoice']
lst_inv = []
lst_inv = docids.split(",")
for ele_inv in lst_inv:
inv_obj = inv_pool.browse([int(ele_inv)])
if inv_obj.number:
filename = inv_obj.number +'-'+'Sol Luminaire Commission'
else:
filename = inv_obj.partner_id.name +'-'+'Sol Luminaire Commission'
#Delivery Order
if report.report_name == 'solum_delivery_order.sol_do_report_template_id':
picking_pool = request.env['stock.picking']
lst_picking = []
lst_picking = docids.split(",")
for ele_picking in lst_picking:
picking_obj = picking_pool.browse([int(ele_picking)])
filename = picking_obj.name +'-'+'Sol Luminaire'
if report.report_name == 'solum_delivery_order.idesign_do_report_template_id':
picking_pool = request.env['stock.picking']
lst_picking = []
lst_picking = docids.split(",")
for ele_picking in lst_picking:
picking_obj = picking_pool.browse([int(ele_picking)])
filename = picking_obj.name +'-'+'iDesign'
filename = "%s.%s" % (filename, "pdf")
if docids:
ids = [int(x) for x in docids.split(",")]
obj = request.env[report.model].browse(ids)
if report.print_report_name and not len(obj) > 1:
filename = safe_eval(report.print_report_name, {'object': obj, 'time': time})
response.headers.add('Content-Disposition', content_disposition(filename))
response.set_cookie('fileToken', token)
return response
elif type == 'controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {
'code': 200,
'message': "Odoo Server Error",
'data': se
}
return request.make_response(html_escape(json.dumps(error)))
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = json.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == "qweb-pdf":
reportname = url.split("/report/pdf/")[1].split("?")[0]
docids = None
if "/" in reportname:
reportname, docids = reportname.split("/")
if docids:
# Generic report:
response = self.report_routes(
reportname, docids=docids, converter="pdf"
)
else:
# Particular report:
data = url_decode(
url.split("?")[1]
).items() # decoding the args represented in JSON
response = self.report_routes(
reportname, converter="pdf", **dict(data)
)
cr, uid = request.cr, request.uid
report = request.registry["report"]._get_report_from_name(
cr, uid, reportname
)
filename = "%s.%s" % (report.name, "pdf")
if docids:
ids = [int(x) for x in docids.split(",")]
obj = request.env[report.model].browse(ids)
if report.attachment and not len(obj) > 1:
filename = safe_eval(
report.attachment, {"object": obj, "time": time}
)
response.headers.add(
"Content-Disposition", content_disposition(filename)
)
response.set_cookie("fileToken", token)
return response
elif type == "controller":
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app, BaseResponse).get(
url, headers=reqheaders, follow_redirects=True
)
response.set_cookie("fileToken", token)
return response
else:
return
except Exception as e:
se = _serialize_exception(e)
error = {"code": 200, "message": "Odoo Server Error", "data": se}
return request.make_response(html_escape(json.dumps(error)))
def test_cookie_forging():
c = Client(cookie_app)
c.set_cookie("localhost", "foo", "bar")
appiter, code, headers = c.open()
strict_eq(list(appiter), [b"foo=bar"])
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = json.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname,
docids=docids,
converter='pdf')
else:
# Particular report:
data = url_decode(
url.split('?')
[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname,
converter='pdf',
**dict(data))
report = request.env['report']._get_report_from_name(
reportname)
filename = "%s.%s" % (report.name, "pdf")
if docids:
ids = [int(x) for x in docids.split(",")]
obj = request.env[report.model].browse(ids)
if report.model == "sale.order":
filename = "%s.%s" % (obj.name, "pdf")
elif report.model == "account.invoice":
filename = "%s.%s" % (obj.number, "pdf")
else:
if report.print_report_name and not len(obj) > 1:
filename = safe_eval(report.print_report_name, {
'object': obj,
'time': time
})
response.headers.add('Content-Disposition',
content_disposition(filename))
response.set_cookie('fileToken', token)
return response
elif type == 'controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app,
BaseResponse).get(url,
headers=reqheaders,
follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {'code': 200, 'message': "Odoo Server Error", 'data': se}
return request.make_response(html_escape(json.dumps(error)))
def test_cookie_forging(self):
c = Client(cookie_app)
c.set_cookie('localhost', 'foo', 'bar')
appiter, code, headers = c.open()
self.assert_strict_equal(list(appiter), [b'foo=bar'])
def report_download(self, data, token):
"""This function is used by 'qwebactionmanager.js' in order to trigger the download of
a pdf/controller report.
:param data: a javascript array JSON.stringified containg report internal url ([0]) and
type [1]
:returns: Response with a filetoken cookie and an attachment header
"""
requestcontent = simplejson.loads(data)
url, type = requestcontent[0], requestcontent[1]
try:
if type == 'qweb-pdf':
reportname = url.split('/report/pdf/')[1].split('?')[0]
docids = None
if '/' in reportname:
reportname, docids = reportname.split('/')
if docids:
# Generic report:
response = self.report_routes(reportname, docids=docids, converter='pdf')
#switch reportname with the evaluated attachment attribute of the action if available
docids = [int(i) for i in docids.split(',')]
report_obj = request.registry['report']
cr, uid, context = request.cr, request.uid, request.context
report = report_obj._get_report_from_name(cr, uid, reportname)
report_ename = "%s_" % (report.name)
obj = report_obj.pool[report.model].browse(cr, uid, docids[0])
if len(docids) > 1: # if more than one reports for printing
prefex = "(time.strftime('%d/%m/%Y')) + ('.pdf')"
else:
prefex_name = ""
try:
if obj.name:
prefex_name = "(object.name)+'_'"
except:
pass
prefex_state = ""
try:
if obj.state:
prefex_state = "'_'+(object.state)+'_'"
except:
pass
prefex = prefex_name + prefex_state + " + (time.strftime('%d/%m/%Y')) + ('.pdf')"
#_logger.warning("prefex : %s", prefex )
try:
reportname = eval(prefex, {'object': obj, 'time': time}).split('.pdf')[0]
except:
pass
reportname = report_ename
reportname = report_ename+reportname
# Remove all non-word characters (everything except numbers and letters)
reportname = re.sub(r"[^\w\s]", '', reportname)
# Replace all runs of whitespace with a single dash
reportname = re.sub(r"\s+", '-', reportname)
#_logger.warning("reportname-1 : %s", reportname )
else:
# Particular report:
data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON
response = self.report_routes(reportname, converter='pdf', **dict(data))
#_logger.warning("reportname-2 : %s", reportname )
response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname)
response.set_cookie('fileToken', token)
return response
elif type =='controller':
reqheaders = Headers(request.httprequest.headers)
response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True)
response.set_cookie('fileToken', token)
return response
else:
return
except Exception, e:
se = _serialize_exception(e)
error = {
'code': 200,
'message': "Odoo Server Error",
'data': se
}
return request.make_response(html_escape(simplejson.dumps(error)))
