def company_logo(self, dbname=None, **kw): imgname = 'placeholder.png' placeholder = functools.partial(get_module_resource, 'web', 'static', 'src', 'img') dbname = request.session and request.session.db or db_monodb() uid = request.session and request.session.uid or odoo.SUPERUSER_ID if not dbname: response = http.send_file(placeholder(imgname)) else: try: # create an empty registry registry = odoo.modules.registry.Registry(dbname) with registry.cursor() as cr: cr.execute( """ SELECT c.logo_web, c.write_date FROM res_users u LEFT JOIN res_company c ON c.id = u.company_id WHERE u.id = %s """, (uid)) row = cr.fetchone() if row and row[0]: image_data = StringIO(str(row[0]).decode('base64')) response = http.send_file(image_data, filename=imgname, mtime=row[1]) else: response = http.send_file( placeholder('placeholder.png')) except Exception: response = http.send_file(placeholder(imgname)) return response
def oea(self, **kw): """login user via Odoo Account provider""" dbname = kw.pop('db', None) if not dbname: dbname = db_monodb() if not dbname: return BadRequest() if not http.db_filter([dbname]): return BadRequest() registry = registry_get(dbname) with registry.cursor() as cr: try: env = api.Environment(cr, SUPERUSER_ID, {}) provider = env.ref('auth_oauth.provider_openerp') except ValueError: return set_cookie_and_redirect('/web?db=%s' % dbname) assert provider._name == 'auth.oauth.provider' state = { 'd': dbname, 'p': provider.id, 'c': { 'no_user_creation': True }, } kw['state'] = json.dumps(state) return self.signin(**kw)
def oea(self, **kw): """login user via Odoo Account provider""" dbname = kw.pop('db', None) if not dbname: dbname = db_monodb() if not dbname: return BadRequest() registry = registry_get(dbname) with registry.cursor() as cr: try: env = api.Environment(cr, SUPERUSER_ID, {}) provider = env.ref('auth_oauth.provider_openerp') except ValueError: return set_cookie_and_redirect('/web?db=%s' % dbname) assert provider._name == 'auth.oauth.provider' state = { 'd': dbname, 'p': provider.id, 'c': {'no_user_creation': True}, } kw['state'] = json.dumps(state) return self.signin(**kw)
def _render_template(self, **d): d.setdefault('manage', True) d['insecure'] = odoo.tools.config['admin_passwd'] == 'admin' d['list_db'] = odoo.tools.config['list_db'] d['langs'] = odoo.service.db.exp_list_lang() d['countries'] = odoo.service.db.exp_list_countries() d['pattern'] = DBNAME_PATTERN # databases list d['databases'] = [] try: d['databases'] = http.db_list() except odoo.exceptions.AccessDenied: monodb = db_monodb() if monodb: d['databases'] = [monodb] return env.get_template("database_manager.html").render(d)
def training_headers(self, dbname=None, **kw): imgname = 'logo' imgext = '.png' placeholder = functools.partial(get_resource_path, 'web', 'static', 'src', 'img') uid = None if request.session.db: dbname = request.session.db uid = request.session.uid elif dbname is None: dbname = db_monodb() if not uid: uid = odoo.SUPERUSER_ID if not dbname: response = http.send_file(placeholder(imgname + imgext)) else: try: # create an empty registry image = False registry = odoo.modules.registry.Registry(dbname) with registry.cursor() as cr: training_record = int( kw['record']) if kw and kw.get('record') else False cr.execute( """SELECT image_small, FROM product_product WHERE id = %s """, (training_record, )) row = cr.fetchone() if row and row[0]: image_base64 = base64.b64decode(row[0]) image_data = io.BytesIO(image_base64) imgext = '.' + (imghdr.what(None, h=image_base64) or 'png') response = http.send_file(image_data, filename=imgname + imgext, mtime=row[1]) # else: # response = http.send_file(placeholder('nologo.png')) except Exception: response = http.send_file(placeholder(imgname + imgext)) return response
def _render_template(self, **d): d.setdefault('manage', True) d['insecure'] = tools.config.verify_admin_password('admin') d['list_db'] = tools.config['list_db'] d['langs'] = service.db.exp_list_lang() d['countries'] = service.db.exp_list_countries() d['pattern'] = DBNAME_PATTERN # databases list d['databases'] = [] d['app_name'] = yap_app_name d['without_demo'] = tools.config['without_demo'] try: d['databases'] = http.db_list() d['incompatible_databases'] = service.db.list_db_incompatible(d['databases']) except odoo_exceptions.AccessDenied: mono_db = db_monodb() if mono_db: d['databases'] = [mono_db] return env.get_template("yap_database_manager.html").render(d)
def xml(self, **kwargs): req = odoo.http.request language = kwargs.get("language", None) if req.httprequest.method == "GET": # Login database = kwargs.get("database", None) if not database: database = db_monodb() req.session.db = database try: uid = self.authenticate(req, database, language) except Exception as e: logger.warning("Failed login attempt: %s" % e) return Response( "Login with Odoo user name and password", 401, headers=[("WWW-Authenticate", 'Basic realm="odoo"')], ) # As an optional extra security check we can validate a web token attached # to the request. It allows use to verify that the request is generated # from frePPLe and not from somebody else. # Generate data try: xp = exporter( req, uid=uid, database=database, company=kwargs.get("company", None), mode=int(kwargs.get("mode", 1)), ) # TODO Returning an iterator to stream the response back to the client and # to save memory on the server side return req.make_response( "".join([i for i in xp.run()]), headers=[ ("Content-Type", "application/xml;charset=utf8"), ("Cache-Control", "no-cache, no-store, must-revalidate"), ("Pragma", "no-cache"), ("Expires", "0"), ], ) except Exception as e: logger.exception("Error generating frePPLe XML data") raise InternalServerError( description= "Error generating frePPLe XML data: check the Odoo log file for more details" ) elif req.httprequest.method == "POST": # Authenticate the user database = req.httprequest.form.get("database", None) if not database: database = db_monodb() req.session.db = database try: self.authenticate(req, database, language) except Exception as e: logger.warning("Failed login attempt %s" % e) return Response( "Login with Odoo user name and password", 401, headers=[("WWW-Authenticate", 'Basic realm="odoo"')], ) # Validate the company argument company_name = req.httprequest.form.get("company", None) company = None m = req.env["res.company"] recs = m.search([("name", "=", company_name)], limit=1) for i in recs: company = i if not company: return Response("Invalid company name argument", 401) # Verify that the data was posted from frePPLe and nobody else try: webtoken = req.httprequest.form.get("webtoken", None) decoded = jwt.decode(webtoken, company.webtoken_key, algorithms=["HS256"]) logger.warning(str(decoded)) if self.user != decoded.get("user", None): return Response("Incorrect or missing webtoken", 401) except Exception as e: logger.warning("Incorrect or missing webtoken %s " % e) return Response("Incorrect or missing webtoken", 401) # Import the data try: ip = importer( req, database=database, company=company, mode=req.httprequest.form.get("mode", 1), ) return req.make_response( ip.run(), [ ("Content-Type", "text/plain"), ("Cache-Control", "no-cache, no-store, must-revalidate"), ("Pragma", "no-cache"), ("Expires", "0"), ], ) except Exception as e: logger.exception("Error processing data posted by frePPLe") raise InternalServerError( description= "Error processing data posted by frePPLe: check the Odoo log file for more details" ) else: raise MethodNotAllowed("Only GET and POST requests are accepted")
def xml(self, **kwargs): database = kwargs.get('database', None) if not database: database = db_monodb() req = odoo.http.request language = kwargs.get('language', None) if req.httprequest.method == 'GET': # Login database = kwargs.get('database', None) req.session.db = database try: uid = self.authenticate(req, database, language) except Exception as e: logger.warning("Failed login attempt: %s" % e) return Response('Login with Odoo user name and password', 401, headers=[('WWW-Authenticate', 'Basic realm="odoo"')]) # As an optional extra security check we can validate a web token attached # to the request. It allows use to verify that the request is generated # from frePPLe and not from somebody else. # Generate data try: xp = exporter(req, uid=uid, database=database, company=kwargs.get('company', None), mode=int(kwargs.get('mode', 1))) # TODO Returning an iterator to stream the response back to the client and # to save memory on the server side return req.make_response( ''.join([i for i in xp.run()]), headers=[('Content-Type', 'application/xml;charset=utf8'), ('Cache-Control', 'no-cache, no-store, must-revalidate'), ('Pragma', 'no-cache'), ('Expires', '0')]) except Exception as e: logger.exception('Error generating frePPLe XML data') raise InternalServerError( description= 'Error generating frePPLe XML data: check the Odoo log file for more details' ) elif req.httprequest.method == 'POST': # Authenticate the user database = req.httprequest.form.get('database', None) req.session.db = database try: self.authenticate(req, database, language) except Exception as e: logger.warning("Failed login attempt %s" % e) return Response('Login with Odoo user name and password', 401, headers=[('WWW-Authenticate', 'Basic realm="odoo"')]) # Validate the company argument company_name = req.httprequest.form.get('company', None) company = None m = req.env['res.company'] recs = m.search([('name', '=', company_name)], limit=1) for i in recs: company = i if not company: return Response('Invalid company name argument', 401) # Verify that the data was posted from frePPLe and nobody else try: webtoken = req.httprequest.form.get('webtoken', None) decoded = jwt.decode(webtoken, company.webtoken_key, algorithms=['HS256']) if self.user != decoded.get('user', None): return Response('Incorrect or missing webtoken', 401) except: return Response('Incorrect or missing webtoken', 401) # Import the data try: ip = importer(req, database=database, company=company, mode=req.httprequest.form.get('mode', 1)) return req.make_response( ip.run(), [('Content-Type', 'text/plain'), ('Cache-Control', 'no-cache, no-store, must-revalidate'), ('Pragma', 'no-cache'), ('Expires', '0')]) except Exception as e: logger.exception('Error processing data posted by frePPLe') raise InternalServerError( description= 'Error processing data posted by frePPLe: check the Odoo log file for more details' ) else: raise MethodNotAllowed('Only GET and POST requests are accepted')
def xml(self, **kwargs): database = kwargs.get('database', None) if not database: database = db_monodb() req = odoo.http.request language = kwargs.get('language', None) if req.httprequest.method == 'GET': # Login database = kwargs.get('database', None) req.session.db = database try: uid = self.authenticate(req, database, language) except Exception as e: logger.warning("Failed login attempt: %s" % e) return Response( 'Login with Odoo user name and password', 401, headers=[('WWW-Authenticate', 'Basic realm="odoo"')] ) # As an optional extra security check we can validate a web token attached # to the request. It allows use to verify that the request is generated # from frePPLe and not from somebody else. # Generate data try: xp = exporter( req, uid=uid, database=database, company=kwargs.get('company', None), mode=int(kwargs.get('mode', 1)) ) # TODO Returning an iterator to stream the response back to the client and # to save memory on the server side return req.make_response( ''.join([i for i in xp.run()]), headers=[ ('Content-Type', 'application/xml;charset=utf8'), ('Cache-Control', 'no-cache, no-store, must-revalidate'), ('Pragma', 'no-cache'), ('Expires', '0') ]) except Exception as e: logger.exception('Error generating frePPLe XML data') raise InternalServerError(description='Error generating frePPLe XML data: check the Odoo log file for more details') elif req.httprequest.method == 'POST': # Authenticate the user database = req.httprequest.form.get('database', None) req.session.db = database try: self.authenticate(req, database, language) except Exception as e: logger.warning("Failed login attempt %s" % e) return Response( 'Login with Odoo user name and password', 401, headers=[('WWW-Authenticate', 'Basic realm="odoo"')] ) # Validate the company argument company_name = req.httprequest.form.get('company', None) company = None m = req.env['res.company'] recs = m.search([('name', '=', company_name)], limit=1) for i in recs: company = i if not company: return Response('Invalid company name argument', 401) # Verify that the data was posted from frePPLe and nobody else try: webtoken = req.httprequest.form.get('webtoken', None) decoded = jwt.decode( webtoken, company.webtoken_key, algorithms=['HS256'] ) if self.user != decoded.get('user', None): return Response('Incorrect or missing webtoken', 401) except: return Response('Incorrect or missing webtoken', 401) # Import the data try: ip = importer( req, database=database, company=company, mode=req.httprequest.form.get('mode', 1) ) return req.make_response( ip.run(), [ ('Content-Type', 'text/plain'), ('Cache-Control', 'no-cache, no-store, must-revalidate'), ('Pragma', 'no-cache'), ('Expires', '0') ]) except Exception as e: logger.exception('Error processing data posted by frePPLe') raise InternalServerError(description='Error processing data posted by frePPLe: check the Odoo log file for more details') else: raise MethodNotAllowed('Only GET and POST requests are accepted')
def company_wecom_message_web_logo(self, dbname=None, **kw): imgname = "wecom_message_logo" imgext = ".png" placeholder = functools.partial(get_resource_path, "web", "static", "src", "img") uid = None if request.session.db: dbname = request.session.db uid = request.session.uid elif dbname is None: dbname = db_monodb() if not uid: uid = odoo.SUPERUSER_ID if not dbname: response = http.send_file(placeholder(imgname + imgext)) else: try: # create an empty registry registry = odoo.modules.registry.Registry(dbname) with registry.cursor() as cr: company = int( kw["company"]) if kw and kw.get("company") else False if company: cr.execute( """SELECT wecom_message_logo_web, write_date FROM res_company WHERE id = %s """, (company, ), ) else: cr.execute( """SELECT c.wecom_message_logo_web, c.write_date FROM res_users u LEFT JOIN res_company c ON c.id = u.company_id WHERE u.id = %s """, (uid, ), ) row = cr.fetchone() if row and row[0]: image_base64 = base64.b64decode(row[0]) image_data = io.BytesIO(image_base64) mimetype = guess_mimetype(image_base64, default="image/png") imgext = "." + mimetype.split("/")[1] if imgext == ".svg+xml": imgext = ".svg" response = http.send_file( image_data, filename=imgname + imgext, mimetype=mimetype, mtime=row[1], ) else: response = http.send_file(placeholder("nologo.png")) except Exception: response = http.send_file(placeholder(imgname + imgext)) return response