def web_totp(self, redirect=None, **kwargs):
if request.session.uid:
return http.redirect_with_hash(
self._login_redirect(request.session.uid, redirect=redirect))
if not request.session.pre_uid:
return http.redirect_with_hash('/web/login')
error = None
if request.httprequest.method == 'POST':
user = request.env['res.users'].browse(request.session.pre_uid)
try:
with user._assert_can_auth():
user._totp_check(
int(re.sub(r'\s', '', kwargs['totp_token'])))
except AccessDenied:
error = _(
"Verification failed, please double-check the 6-digit code"
)
except ValueError:
error = _("Invalid authentication code format.")
else:
request.session.finalize()
return http.redirect_with_hash(
self._login_redirect(request.session.uid,
redirect=redirect))
return request.render('auth_totp.auth_totp_form', {
'error': error,
'redirect': redirect,
})
def web_totp(self, redirect=None, **kwargs):
if request.session.uid:
return http.redirect_with_hash(self._login_redirect(request.session.uid, redirect=redirect))
if not request.session.pre_uid:
return http.redirect_with_hash('/web/login')
error = None
user = request.env['res.users'].browse(request.session.pre_uid)
if user and request.httprequest.method == 'GET':
cookies = request.httprequest.cookies
key = cookies.get(TRUSTED_DEVICE_COOKIE)
if key:
checked_credentials = request.env['res.users.apikeys']._check_credentials(scope=TRUSTED_DEVICE_SCOPE, key=key)
if checked_credentials == user.id:
request.session.finalize()
return http.redirect_with_hash(self._login_redirect(request.session.uid, redirect=redirect))
elif user and request.httprequest.method == 'POST':
try:
with user._assert_can_auth():
user._totp_check(int(re.sub(r'\s', '', kwargs['totp_token'])))
except AccessDenied:
error = _("Verification failed, please double-check the 6-digit code")
except ValueError:
error = _("Invalid authentication code format.")
else:
request.session.finalize()
response = http.redirect_with_hash(self._login_redirect(request.session.uid, redirect=redirect))
if kwargs.get('remember'):
name = _("%(browser)s on %(platform)s",
browser=request.httprequest.user_agent.browser.capitalize(),
platform=request.httprequest.user_agent.platform.capitalize(),
)
geoip = request.session.get('geoip')
if geoip:
name += " (%s, %s)" % (geoip['city'], geoip['country_name'])
key = request.env['res.users.apikeys']._generate(TRUSTED_DEVICE_SCOPE, name)
response.set_cookie(
key=TRUSTED_DEVICE_COOKIE,
value=key,
max_age=TRUSTED_DEVICE_AGE,
httponly=True,
samesite='Lax'
)
return response
return request.render('auth_totp.auth_totp_form', {
'error': error,
'redirect': redirect,
})
def web_login(self, *args, **kw):
ensure_db()
if request.httprequest.method == 'GET' and request.session.uid and request.params.get(
'redirect'):
# Redirect if already logged in and redirect param is present
return http.redirect_with_hash(request.params.get('redirect'))
providers = self.list_providers()
response = super(OAuthLogin, self).web_login(*args, **kw)
if response.is_qweb:
error = request.params.get('oauth_error')
if error == '1':
error = _("Sign up is not allowed on this database.")
elif error == '2':
error = _("Access Denied")
elif error == '3':
error = _(
"You do not have access to this database or your invitation has expired. Please ask for an invitation and be sure to follow the link in your invitation email."
)
else:
error = None
response.qcontext['providers'] = providers
if error:
response.qcontext['error'] = error
return response
def web_login(self, *args, **kw):
ensure_db()
response = super(AuthSignupHome, self).web_login(*args, **kw)
response.qcontext.update(self.get_auth_signup_config())
if request.httprequest.method == 'GET' and request.session.uid and request.params.get('redirect'):
# Redirect if already logged in and redirect param is present
return http.redirect_with_hash(request.params.get('redirect'))
return response
def web_login(self, redirect=None, **kw):
main.ensure_db()
request.params['login_success'] = False
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = flectra.SUPERUSER_ID
values = request.params.copy()
try:
values['databases'] = http.db_list()
except flectra.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
ip_address = request.httprequest.environ['REMOTE_ADDR']
if request.params['login']:
user_rec = request.env['res.users'].sudo().search([('login', '=', request.params['login'])])
if user_rec.allowed_ips:
ip_list = []
for rec in user_rec.allowed_ips:
ip_list.append(rec.ip_address)
if ip_address in ip_list:
uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password'])
if uid is not False:
request.params['login_success'] = True
if not redirect:
redirect = '/web'
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = _("Wrong login/password")
request.uid = old_uid
values['error'] = _("Not allowed to login from this IP")
else:
uid = request.session.authenticate(request.session.db, request.params['login'],
request.params['password'])
if uid is not False:
request.params['login_success'] = True
if not redirect:
redirect = '/web'
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = _("Wrong login/password")
return request.render('web.login', values)
def web_login(self, redirect=None, *args, **kw):
response = super(Website, self).web_login(redirect=redirect, *args, **kw)
if not redirect and request.params['login_success']:
if request.env['res.users'].browse(request.uid).has_group('base.group_user'):
redirect = b'/web?' + request.httprequest.query_string
else:
redirect = '/my'
return http.redirect_with_hash(redirect)
return response
def web_login(self, redirect=None, *args, **kw):
ensure_db()
request.params['login_success'] = False
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = flectra.SUPERUSER_ID
values = request.params.copy()
try:
values['databases'] = http.db_list()
except flectra.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
# Objects
old_uid = request.uid
db = request.session.db
login = request.params.get('login', None)
password = request.params.get('password', None)
# Check maintenance mode
result = self.check_session(db, login, password)
if result:
request.params['login_success'] = True
else:
request.uid = old_uid
values['error'] = _(
'Sorry, system is under maintenance! Please, try again later.'
)
if 'login' not in values and request.session.get('auth_login'):
values['login'] = request.session.get('auth_login')
if not flectra.tools.config['list_db']:
values['disable_database_manager'] = True
if request.params['login_success']:
return http.redirect_with_hash('/web')
response = request.render('web.login', values)
response.headers['X-Frame-Options'] = 'DENY'
return response
def u2f_login(self, u2f_token_response=None, redirect=None, **kw):
user = request.env['res.users'].browse(request.session.uid).sudo(
request.session.uid)
if not user or not user._u2f_get_device():
raise AccessDenied()
if request.httprequest.method == 'POST':
request.session.u2f_token_response = u2f_token_response
return http.redirect_with_hash(
self._login_redirect(user.id, redirect=redirect))
else:
login_challenge = user._u2f_get_login_challenge()
request.session.u2f_last_challenge = login_challenge.json
return request.render(
'auth_u2f.login', {
'login_data': json.dumps(login_challenge.data_for_client),
'redirect': redirect,
})
def web_login(self, *args, **kw):
ensure_db()
response = super(PasswordSecurityHome, self).web_login(*args, **kw)
if not request.httprequest.method == 'POST':
return response
uid = request.session.authenticate(
request.session.db,
request.params['login'],
request.params['password']
)
if not uid:
return response
users_obj = request.env['res.users'].sudo()
user_id = users_obj.browse(request.uid)
if not user_id._password_has_expired():
return response
user_id.action_expire_password()
request.session.logout(keep_db=True)
redirect = user_id.partner_id.signup_url
return http.redirect_with_hash(redirect)
def web_login(self, redirect=None, **kw):
main.ensure_db()
request.params['login_success'] = False
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = flectra.SUPERUSER_ID
values = request.params.copy()
try:
values['databases'] = http.db_list()
except flectra.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db,
request.params['login'],
request.params['password'])
if uid is not False:
user_rec = request.env['res.users'].sudo().search([('id', '=',
uid)])
if user_rec.partner_id.email and user_rec.has_group(
'user_login_alert.receive_login_notification'):
send_mail = 0
agent = request.httprequest.environ.get('HTTP_USER_AGENT')
agent_details = httpagentparser.detect(agent)
user_os = agent_details['os']['name']
browser_name = agent_details['browser']['name']
ip_address = request.httprequest.environ['REMOTE_ADDR']
if user_rec.last_logged_ip and user_rec.last_logged_browser and user_rec.last_logged_os:
if user_rec.last_logged_ip != ip_address or user_rec.last_logged_browser != browser_name or user_rec.last_logged_os != user_os:
send_mail = 1
user_rec.last_logged_ip = ip_address
user_rec.last_logged_browser = browser_name
user_rec.last_logged_os = user_os
else:
send_mail = 0
else:
send_mail = 1
user_rec.last_logged_ip = ip_address
user_rec.last_logged_browser = browser_name
user_rec.last_logged_os = user_os
if send_mail == 1:
email_to = user_rec.partner_id.email
current_date_time = strftime("%Y-%m-%d %H:%M:%S",
gmtime())
message_body = 'Hi ' + user_rec.name + ' , Your account has been ' \
'accessed successfully. The details of the ' \
'system from which the account is accessed ...,'
message_body += '<table border="1" width="100%" cellpadding="0" bgcolor="#ededed">'
message_body += '<tr><td>' + 'OS' + '</td>' \
'<td>' + user_os + '</td>' \
'</tr>'\
'<tr><td>' + 'Browser' + '</td>' \
'<td>' + browser_name + '</td>' \
'</tr>'\
'<tr><td>' + 'IP Address' + '</td>' \
'<td>' + ip_address + '</td>' \
'</tr>'
message_body += '</table>'
message_body += 'Thank you'
template_obj = request.env['mail.mail']
template_data = {
'subject': 'Login Alert : ' + current_date_time,
'body_html': message_body,
'email_from': request.env.user.company_id.email,
'email_to': email_to
}
template_id = template_obj.create(template_data)
template_obj.send(template_id)
request.params['login_success'] = True
if not redirect:
redirect = '/web'
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = _("Wrong login/password")
return request.render('web.login', values)
