Merge lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:~server-env-tools-core-editors/server-env-tools/7.0
- 7.0-auth_admin_passkey
- Merge into 7.0
Status: | Merged |
---|---|
Approved by: | Yannick Vaucher @ Camptocamp |
Approved revision: | 79 |
Merged at revision: | 69 |
Proposed branch: | lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey |
Merge into: | lp:~server-env-tools-core-editors/server-env-tools/7.0 |
Diff against target: |
670 lines (+616/-0) 9 files modified
auth_admin_passkey/__init__.py (+23/-0) auth_admin_passkey/__openerp__.py (+66/-0) auth_admin_passkey/data/ir_config_parameter.xml (+34/-0) auth_admin_passkey/i18n/auth_admin_passkey.pot (+101/-0) auth_admin_passkey/i18n/fr.po (+108/-0) auth_admin_passkey/model/__init__.py (+24/-0) auth_admin_passkey/model/res_config.py (+76/-0) auth_admin_passkey/model/res_users.py (+137/-0) auth_admin_passkey/view/res_config_view.xml (+47/-0) |
To merge this branch: | bzr merge lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Yannick Vaucher @ Camptocamp | Approve | ||
Pedro Manuel Baeza | code review | Approve | |
Weste (community) | Approve | ||
Holger Brunn (Therp) | Approve | ||
Davide Corio (community) | Approve | ||
Stefan Rijnhart (Opener) | Approve | ||
Benoit Guillot - http://www.akretion.com (community) | Approve | ||
Review via email: mp+211338@code.launchpad.net |
Commit message
[ADD] new module 'auth_admin_
Description of the change
[ADD] new module 'auth_admin_
Stefan Rijnhart (Opener) (stefan-opener) wrote : | # |
Davide Corio (enlightx-deactivatedaccount) wrote : | # |
Thank you very much Sylvain!
And it works on trunk too.
Benoit Guillot - http://www.akretion.com (benoit-guillot-z) wrote : | # |
Very useful !
Sylvain LE GAL (GRAP) (sylvain-legal) wrote : | # |
Thanks for your reviews and for your interests.
@Stefan :
Sorry if was not clear : I'm not sure that is possible to do that with a glue module, and how. I just guess !
What I want :
- define in a predictive way the order of the call of the 2 functions : auth_crypt.
What I know :
1/ I tested my module with 'auth_crypt' and it works depending of installation order (what I wrote in my description) ;
2/ I developed a glue module testing differents thinks like changing order of module in the __openerp__.py 'depends' value, but it didn't seem to work ;
Reference :
[Sep 2009] http://
[2013] http://
Dependencies tree (for your information) :
base : []
web : []
auth_crypt : ['base']
web_kanban : ['web']
base_setup : ['base', 'web_kanban']
mail : ['base', 'base_setup']
auth_admin_passkey : ['mail']
If somebody knows more about module order and how to manage that case ...
Regards.
Daniel Reis (dreis-pt) wrote : | # |
Great work!
Nitpicks:
L103: could you add the .pot file?
L254-256: the body header text would be best as a single translatable string
L262: s/"Passkey used"/_("Passkey used")
Stefan Rijnhart (Opener) (stefan-opener) wrote : | # |
Some more comments from my side:
Wild idea: in your override of check_credentials, why don't you first check if uid != SUPERUSER_ID and in that case don't call *super* but call self.check_
Note that there is a small security risk in sending the emails to the unprivileged user: if such a user happens to have the same password as the administrator (it might just happen), they will receive an email that the adminitrator has logged on as themselves. They may then figure out that their password is the same as the administrator's, and they might then take advantage of that.
l.275: would it maybe make more sense if you check this condition *before* the try block in l.271?
Sylvain LE GAL (GRAP) (sylvain-legal) wrote : | # |
Hi,
@Stefan,
Remarks 1 : I didn't understand what your 'wild' idea can fix. (about possible compatibility problem).
Remarks 2 : Héhé. Yes I thought of that very specific case without solution. I finally found a workaround to manage this case and I'll update the Merge Proposal in a while. (Work in progress again).
Remarks 3 : You're right. MP updated.
@Daniel :
Point 1 : Excuse my basic question but what is the interest to add '.pot' file. (I don't use it in my personal module).
Extra Question : How to generate it ? OpenERP only propose "po" / "csv" and "tgz". ".pot" file seems to be a ".po" file with empty traduction. It isn't ?
Point 2 : My code doesn't manage translation for the mails. (it is written in __openerp__.py), not because I did'nt call "_" function but because I haven't contextual information at this step. So the function "_" will not work. The workaround is to get language of each user. (normal & admin) requesting the database, update twice some context value, call "_" function ... I confess that I am not very motivated to write this code. But it can be the aim of a futur Merge Proposal.
Regards.
Davide Corio (enlightx-deactivatedaccount) wrote : | # |
Daniel is right, pot file is missing (required as per community guide lines).
you just need to export the .po w/o selecting a specific language, then rename the file as your_module_
Stefan Rijnhart (Opener) (stefan-opener) wrote : | # |
Well the problem with auth_crypt is that the inheritance structure can be as follows:
-> auth_crypt -> auth_passkey -> base.
Authentication of regular user account with admin password fails in auth_crypt. Auth_crypt calls super(), which is this module's override. Regular authentication of the user account with the admin password fails. You then call super() with the SUPERUSER_ID which fails because the password is encrypted. If you call self.check_
- 67. By Sylvain LE GAL (GRAP)
-
[IMP] 'auth_admin_
passkey' works now indepently from the order of the installation of modules 'auth_admin_ passkey' and 'auth_crypt'. (Courtesy of Stefan Rijnhart). - 68. By Sylvain LE GAL (GRAP)
-
[IMP] Emails are now translated.
Sylvain LE GAL (GRAP) (sylvain-legal) wrote : | # |
@Stefan (rev65) : (about remark #2) I updated the algorithm to manage the special case where admin and user has the same password. In that case, when the user log in, only admin user will receive a mail to inform him that there is a security lake. Is that OK with you ?
@Davide (rev66) : I added '.pot' file.
@Stefan (rev67) : (about your last comment) Your idea works perfectly. I would never thought of that because I was lost in inheritance. Thanks a lot.
@Daniel (rev68) : I changed the algorithm to manage translatable emails.
I think that's all.
Regards.
- 69. By Sylvain LE GAL (GRAP)
-
[MRG]
Pedro Manuel Baeza (pedro.baeza) wrote : | # |
Hi Sylvain, another great contribution! Some remarks from a quick scan:
- Typos in description file:
s/Functionnalit
s/Technical informations/
- I'm not sure about putting company information in description. We have author and website fields for that. What others think about it?
- On __init__.py, please use 'from . import xxx' form.
- Please respect PEP8 max line width (79 cols) in res_config.py (maybe with shorter field names).
- You can use self.pool[
-
- 70. By Sylvain LE GAL (GRAP)
-
[REF] Pep8 and import conventions.
Sylvain LE GAL (GRAP) (sylvain-legal) wrote : | # |
Hi Pedro,
Thanks for your review.
I did modifications about import & pep8.
About description in __openerp__.py file : In other modules, there is a big header with that kind of informations (company name, date, link to AGPL licences, people who wrote the module).
In my modules, I just put a light header in each file as you seen and put all the information in the description field.
So the number of lines is smaller and information are more visible. for exemple if someone has a question about a module he can contact the authors without downloading the module.
Regards.
Stefan Rijnhart (Opener) (stefan-opener) wrote : | # |
Great, thanks!
Davide Corio (enlightx-deactivatedaccount) : | # |
- 71. By Sylvain LE GAL (GRAP)
-
[FIX] res_config.py : incorrect call. self.pool('xxx') -> self.pool['xxx']
[REF] res_users.py : same call to self.pool in other res_users class.
Yannick Vaucher @ Camptocamp (yvaucher-c2c) wrote : | # |
Correct me if I'm wrong but for license the Preamble is mandatory in each source file
Your headers don't seems compatible with AGPL to me.
http://
http://
Yannick Vaucher @ Camptocamp (yvaucher-c2c) wrote : | # |
Sylvain LE GAL (GRAP) (sylvain-legal) wrote : | # |
Hi,
Thanks a lot for your review Yannick and your question.
First, I'm pretty beginner in OpenSource World, and I have no problem with changing the declaration of the copyright.
My point of view is :
- It's a pitty to make more heavy code source with a lot of Copyright code; Sometimes I review MP with 100 lines, but with only "5 functionnal lines";
- As people writing code, I don't like Copy / Paste, duplication, etc. "If you write something twice, write a function" I so consider that it's possible to just put in each file a reference to __openerp__.py file and in __openerp__.py file, just a link to the AGPL licence online; But I'm not a lawyer;
- If the licence / author change, I have to change all my files. It's not very efficient;
- Anyway, the source code is available on launchpad, and all the project is by default on AGPL. (defined here : https:/
- You say (and it is written in your links) that header is mandatory in each source file but OpenERP SA and Community don't respect that rule. Licence are just written in '.py' file and sometimes in '.js'. But what about 'xml', 'yml' ? There is no licences in this kind of files. But for me data/view/
Would you agree if I put the whole licence in __openerp__.py file and keep references in other files ?
(In any case, I will follow the opinion of the community on this issue.)
Regards.
Pedro Manuel Baeza (pedro.baeza) wrote : | # |
Hi, Sylvain, I agree with your thoughts about reiteration on license agreement, so I think your initiative looks good to me, but we have to assure that there is no legal hole where somebody can use the software in forms not allowed by AGPL and have legal coverage due to our mistake or not correct burocracy form.
Why don't we get this topic to the community list?
Regards.
Holger Brunn (Therp) (hbrunn) wrote : | # |
Very useful, thanks!
Some remarks though:
Generally, you don't need most of your backslashes (ie when in a bracketed term) - removing them improves readability imho
#30 it's Functionality (-n)
#353 openerp.
#388 I guess you want to safe the dependency on email.template here?
#390ff you use multiline strings without actually using them. Why?
Wouldn't it make sense to swap #451 and #454? The usual (and thus the one that should be the fastest) case will be that a user logs in with her own password.
And +1 for including the full license in every file
- 72. By Sylvain LE GAL (GRAP)
-
[MRG]
- 73. By Sylvain LE GAL (GRAP)
-
[ADD] copyright information in all files.
- 74. By Sylvain LE GAL (GRAP)
-
[REF] Pep8.
- 75. By Sylvain LE GAL (GRAP)
-
[REF] change order in an algorithm;
- 76. By Sylvain LE GAL (GRAP)
-
[FIX] Incorrect import.
- 77. By Sylvain LE GAL (GRAP)
-
[REF] typo.
Sylvain LE GAL (GRAP) (sylvain-legal) wrote : | # |
Hi Holger,
Thanks for your review. In order of your remarks:
- typo changed;
- About 'literal_eval' import, I just copied / pasted some of the code written in the file ./addons/
- About 'email.template'. At the beginning, I just not wanted to manage translation... I added translation following remarks of reviewers. E-mail Template are not very easy to use in that case because I don't have a clear model related to the email_template. I wanna send informations of 'user_agent_env'. I'm not expert with email templates but It seems that I need a related persistent model (I mean, to call $object.xxx). Create a model just for that is a mess. Don't you think ?
- I executed too 'pep8' tool (I just discovered ;-) ) and everything seems correct now.
@Holger, Yannick :
- About Licences & copyright informations, I added them in all files.
@Pedro :
Topic on community list is a good Idea but I don't know very well AGPL concepts and I'm not comfortable speaking in english, so I let the idea to more expert people.
Regards.
Holger Brunn (Therp) (hbrunn) wrote : | # |
How about my only substantial point about swapping #451 and #454?
Concerning the templates: You indeed need a persistent model for that, but in this case, res.users would be just fine I think
Holger Brunn (Therp) (hbrunn) wrote : | # |
...nevermind, I saw you did that already
Sylvain LE GAL (GRAP) (sylvain-legal) wrote : | # |
Hum :
1/ About the swap : Sorry, I did it. rev75 : http://
2/ About the template, The code sends an email like that :
"""
Admin user used his passkey to login with {login}.
Technicals informations belows :
- Login date : {login_date}
- base_location : {base_location}
- HTTP_HOST : {HTTP_HOST}
- REMOTE_ADDR : {REMOTE_ADDR}"""
(and all technical informations that can be found in 'user_agent_env'.) line #545
In an email template, how can I access to REMOTE_ADDR via res_users object ?
(Sorry if my question is not relevant).
Holger Brunn (Therp) (hbrunn) wrote : | # |
In templates, you have access to the context passed to the send_mail function via the variable ctx, so you could put the extra information there. But well, forget about it, it's too much hassle for an email nobody is ever going to personalize anyways.
Sylvain LE GAL (GRAP) (sylvain-legal) wrote : | # |
@Yannick, @Pedro :
Are you Ok with the changes I did ? If yes, can you update your status ?
@Holger,
Thanks for that information (about ctx access), I didn't know. (And Thanks to Stephan & You about your suggestions to improve algorithm & module compatibility).
Sharing modules takes time but it helps to learn a lot of things.
Regards.
Weste (julien-weste) wrote : | # |
Nice one, very useful to free som memory in our head ;)
Nothing more to say about the code.
Pedro Manuel Baeza (pedro.baeza) wrote : | # |
Hi, Sylvain, thanks for the changes.
Regards.
David BEAL (ak) (davidbeal) wrote : | # |
Really good idea !
thanks
Yannick Vaucher @ Camptocamp (yvaucher-c2c) wrote : | # |
In translation
> Mot de passe bris de glace
I would write "bris de glace" in quotes or replace it by "d'urgence" ou "de secours" voir "de récupération"
But I don't block the MP for this.
- 78. By Sylvain LE GAL (GRAP)
-
[MRG]
- 79. By Sylvain LE GAL (GRAP)
-
[FIX] translation.
Sylvain LE GAL (GRAP) (sylvain-legal) wrote : | # |
Hi yannick,
Thanks to update your review status. I put quote in the translation file.
@all : 7 approves, Thanks !
Regards.
Preview Diff
1 | === added directory 'auth_admin_passkey' |
2 | === added file 'auth_admin_passkey/__init__.py' |
3 | --- auth_admin_passkey/__init__.py 1970-01-01 00:00:00 +0000 |
4 | +++ auth_admin_passkey/__init__.py 2014-04-02 16:03:13 +0000 |
5 | @@ -0,0 +1,23 @@ |
6 | +# -*- encoding: utf-8 -*- |
7 | +############################################################################## |
8 | +# |
9 | +# Admin Passkey module for OpenERP |
10 | +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) |
11 | +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) |
12 | +# |
13 | +# This program is free software: you can redistribute it and/or modify |
14 | +# it under the terms of the GNU Affero General Public License as |
15 | +# published by the Free Software Foundation, either version 3 of the |
16 | +# License, or (at your option) any later version. |
17 | +# |
18 | +# This program is distributed in the hope that it will be useful, |
19 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
20 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
21 | +# GNU Affero General Public License for more details. |
22 | +# |
23 | +# You should have received a copy of the GNU Affero General Public License |
24 | +# along with this program. If not, see <http://www.gnu.org/licenses/>. |
25 | +# |
26 | +############################################################################## |
27 | + |
28 | +from . import model |
29 | |
30 | === added file 'auth_admin_passkey/__openerp__.py' |
31 | --- auth_admin_passkey/__openerp__.py 1970-01-01 00:00:00 +0000 |
32 | +++ auth_admin_passkey/__openerp__.py 2014-04-02 16:03:13 +0000 |
33 | @@ -0,0 +1,66 @@ |
34 | +# -*- encoding: utf-8 -*- |
35 | +############################################################################## |
36 | +# |
37 | +# Admin Passkey module for OpenERP |
38 | +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) |
39 | +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) |
40 | +# |
41 | +# This program is free software: you can redistribute it and/or modify |
42 | +# it under the terms of the GNU Affero General Public License as |
43 | +# published by the Free Software Foundation, either version 3 of the |
44 | +# License, or (at your option) any later version. |
45 | +# |
46 | +# This program is distributed in the hope that it will be useful, |
47 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
48 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
49 | +# GNU Affero General Public License for more details. |
50 | +# |
51 | +# You should have received a copy of the GNU Affero General Public License |
52 | +# along with this program. If not, see <http://www.gnu.org/licenses/>. |
53 | +# |
54 | +############################################################################## |
55 | + |
56 | +{ |
57 | + 'name': 'Authentification - Admin Passkey', |
58 | + 'version': '2.1', |
59 | + 'category': 'base', |
60 | + 'description': """ |
61 | +Admin password become a passkey for all active logins |
62 | +===================================================== |
63 | + |
64 | +Functionality : |
65 | +--------------- |
66 | + * Administrator has now the possibility to login in with any login; |
67 | + * By default, OpenERP will send a mail to user and admin to indicate them; |
68 | + * If a user and the admin have the same password, admin will be informed; |
69 | + |
70 | +Technical information : |
71 | +----------------------- |
72 | + * Create two ir_config_parameter to enable / disable mail sending; |
73 | + |
74 | +Copyright, Author and Licence : |
75 | +------------------------------- |
76 | + * Copyright : 2014, Groupement Régional Alimentaire de Proximité; |
77 | + * Author : Sylvain LE GAL (https://twitter.com/legalsylvain); |
78 | + * Licence : AGPL-3 (http://www.gnu.org/licenses/) |
79 | + """, |
80 | + 'author': 'GRAP', |
81 | + 'website': 'http://www.grap.coop', |
82 | + 'license': 'AGPL-3', |
83 | + 'depends': [ |
84 | + 'mail', |
85 | + ], |
86 | + 'data': [ |
87 | + 'data/ir_config_parameter.xml', |
88 | + 'view/res_config_view.xml', |
89 | + ], |
90 | + 'demo': [], |
91 | + 'js': [], |
92 | + 'css': [], |
93 | + 'qweb': [], |
94 | + 'images': [], |
95 | + 'post_load': '', |
96 | + 'application': False, |
97 | + 'installable': True, |
98 | + 'auto_install': False, |
99 | +} |
100 | |
101 | === added directory 'auth_admin_passkey/data' |
102 | === added file 'auth_admin_passkey/data/ir_config_parameter.xml' |
103 | --- auth_admin_passkey/data/ir_config_parameter.xml 1970-01-01 00:00:00 +0000 |
104 | +++ auth_admin_passkey/data/ir_config_parameter.xml 2014-04-02 16:03:13 +0000 |
105 | @@ -0,0 +1,34 @@ |
106 | +<?xml version="1.0" encoding="UTF-8"?> |
107 | +<!-- ********************************************************************** --> |
108 | +<!--Admin Passkey module for OpenERP --> |
109 | +<!--Copyright (C) 2013-2014 GRAP (http://www.grap.coop) --> |
110 | +<!--@author Sylvain LE GAL (https://twitter.com/legalsylvain) --> |
111 | + |
112 | +<!--This program is free software: you can redistribute it and/or modify --> |
113 | +<!--it under the terms of the GNU Affero General Public License as --> |
114 | +<!--published by the Free Software Foundation, either version 3 of the --> |
115 | +<!--License, or (at your option) any later version. --> |
116 | + |
117 | +<!--This program is distributed in the hope that it will be useful, --> |
118 | +<!--but WITHOUT ANY WARRANTY; without even the implied warranty of --> |
119 | +<!--MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --> |
120 | +<!--GNU Affero General Public License for more details. --> |
121 | + |
122 | +<!--You should have received a copy of the GNU Affero General Public License--> |
123 | +<!--along with this program. If not, see <http://www.gnu.org/licenses/>. --> |
124 | +<!-- ********************************************************************** --> |
125 | +<openerp> |
126 | + <data noupdate="1"> |
127 | + |
128 | + <record id="send_to_admin" model="ir.config_parameter"> |
129 | + <field name="key">auth_admin_passkey.send_to_admin</field> |
130 | + <field name="value">True</field> |
131 | + </record> |
132 | + |
133 | + <record id="send_to_user" model="ir.config_parameter"> |
134 | + <field name="key">auth_admin_passkey.send_to_user</field> |
135 | + <field name="value">True</field> |
136 | + </record> |
137 | + |
138 | + </data> |
139 | +</openerp> |
140 | |
141 | === added directory 'auth_admin_passkey/i18n' |
142 | === added file 'auth_admin_passkey/i18n/auth_admin_passkey.pot' |
143 | --- auth_admin_passkey/i18n/auth_admin_passkey.pot 1970-01-01 00:00:00 +0000 |
144 | +++ auth_admin_passkey/i18n/auth_admin_passkey.pot 2014-04-02 16:03:13 +0000 |
145 | @@ -0,0 +1,101 @@ |
146 | +############################################################################## |
147 | +# |
148 | +# Admin Passkey module for OpenERP |
149 | +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) |
150 | +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) |
151 | +# |
152 | +# This program is free software: you can redistribute it and/or modify |
153 | +# it under the terms of the GNU Affero General Public License as |
154 | +# published by the Free Software Foundation, either version 3 of the |
155 | +# License, or (at your option) any later version. |
156 | +# |
157 | +# This program is distributed in the hope that it will be useful, |
158 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
159 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
160 | +# GNU Affero General Public License for more details. |
161 | +# |
162 | +# You should have received a copy of the GNU Affero General Public License |
163 | +# along with this program. If not, see <http://www.gnu.org/licenses/>. |
164 | +# |
165 | +############################################################################## |
166 | +# Translation of OpenERP Server. |
167 | +# This file contains the translation of the following modules: |
168 | +# * auth_admin_passkey |
169 | +# |
170 | +msgid "" |
171 | +msgstr "" |
172 | +"Project-Id-Version: OpenERP Server 7.0\n" |
173 | +"Report-Msgid-Bugs-To: \n" |
174 | +"POT-Creation-Date: 2014-03-23 20:41+0000\n" |
175 | +"PO-Revision-Date: 2014-03-23 20:41+0000\n" |
176 | +"Last-Translator: <>\n" |
177 | +"Language-Team: \n" |
178 | +"MIME-Version: 1.0\n" |
179 | +"Content-Type: text/plain; charset=UTF-8\n" |
180 | +"Content-Transfer-Encoding: \n" |
181 | +"Plural-Forms: \n" |
182 | + |
183 | +#. module: auth_admin_passkey |
184 | +#: code:addons/auth_admin_passkey/model/res_users.py:66 |
185 | +#, python-format |
186 | +msgid "<pre>User with login '%s' has the same password as you.</pre>" |
187 | +msgstr "" |
188 | + |
189 | +#. module: auth_admin_passkey |
190 | +#: code:addons/auth_admin_passkey/model/res_users.py:44 |
191 | +#, python-format |
192 | +msgid "Admin user used his passkey to login with '%s'.\n" |
193 | +"\n" |
194 | +"\n" |
195 | +"\n" |
196 | +"Technicals informations belows : \n" |
197 | +"\n" |
198 | +"- Login date : %s\n" |
199 | +"\n" |
200 | +"" |
201 | +msgstr "" |
202 | + |
203 | +#. module: auth_admin_passkey |
204 | +#: view:base.config.settings:0 |
205 | +msgid "Passkey" |
206 | +msgstr "" |
207 | + |
208 | +#. module: auth_admin_passkey |
209 | +#: code:addons/auth_admin_passkey/model/res_users.py:42 |
210 | +#, python-format |
211 | +msgid "Passkey used" |
212 | +msgstr "" |
213 | + |
214 | +#. module: auth_admin_passkey |
215 | +#: field:base.config.settings,auth_admin_passkey_send_to_admin:0 |
216 | +msgid "Send email to admin user." |
217 | +msgstr "" |
218 | + |
219 | +#. module: auth_admin_passkey |
220 | +#: field:base.config.settings,auth_admin_passkey_send_to_user:0 |
221 | +msgid "Send email to user." |
222 | +msgstr "" |
223 | + |
224 | +#. module: auth_admin_passkey |
225 | +#: code:_description:0 |
226 | +#: model:ir.model,name:auth_admin_passkey.model_res_users |
227 | +#, python-format |
228 | +msgid "Users" |
229 | +msgstr "" |
230 | + |
231 | +#. module: auth_admin_passkey |
232 | +#: help:base.config.settings,auth_admin_passkey_send_to_user:0 |
233 | +msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the account user." |
234 | +msgstr "" |
235 | + |
236 | +#. module: auth_admin_passkey |
237 | +#: help:base.config.settings,auth_admin_passkey_send_to_admin:0 |
238 | +msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the admin user." |
239 | +msgstr "" |
240 | + |
241 | +#. module: auth_admin_passkey |
242 | +#: code:addons/auth_admin_passkey/model/res_users.py:64 |
243 | +#, python-format |
244 | +msgid "[WARNING] OpenERP Security Risk" |
245 | +msgstr "" |
246 | + |
247 | |
248 | === added file 'auth_admin_passkey/i18n/fr.po' |
249 | --- auth_admin_passkey/i18n/fr.po 1970-01-01 00:00:00 +0000 |
250 | +++ auth_admin_passkey/i18n/fr.po 2014-04-02 16:03:13 +0000 |
251 | @@ -0,0 +1,108 @@ |
252 | +############################################################################## |
253 | +# |
254 | +# Admin Passkey module for OpenERP |
255 | +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) |
256 | +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) |
257 | +# |
258 | +# This program is free software: you can redistribute it and/or modify |
259 | +# it under the terms of the GNU Affero General Public License as |
260 | +# published by the Free Software Foundation, either version 3 of the |
261 | +# License, or (at your option) any later version. |
262 | +# |
263 | +# This program is distributed in the hope that it will be useful, |
264 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
265 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
266 | +# GNU Affero General Public License for more details. |
267 | +# |
268 | +# You should have received a copy of the GNU Affero General Public License |
269 | +# along with this program. If not, see <http://www.gnu.org/licenses/>. |
270 | +# |
271 | +############################################################################## |
272 | +# Translation of OpenERP Server. |
273 | +# This file contains the translation of the following modules: |
274 | +# * auth_admin_passkey |
275 | +# |
276 | +msgid "" |
277 | +msgstr "" |
278 | +"Project-Id-Version: OpenERP Server 7.0\n" |
279 | +"Report-Msgid-Bugs-To: \n" |
280 | +"POT-Creation-Date: 2014-03-23 20:38+0000\n" |
281 | +"PO-Revision-Date: 2014-03-23 20:38+0000\n" |
282 | +"Last-Translator: <>\n" |
283 | +"Language-Team: \n" |
284 | +"MIME-Version: 1.0\n" |
285 | +"Content-Type: text/plain; charset=UTF-8\n" |
286 | +"Content-Transfer-Encoding: \n" |
287 | +"Plural-Forms: \n" |
288 | + |
289 | +#. module: auth_admin_passkey |
290 | +#: code:addons/auth_admin_passkey/model/res_users.py:66 |
291 | +#, python-format |
292 | +msgid "<pre>User with login '%s' has the same password as you.</pre>" |
293 | +msgstr "<pre>L'utilisateur dont l'identifiant est '%s' a le même mot de passe que vous.</pre>" |
294 | + |
295 | +#. module: auth_admin_passkey |
296 | +#: code:addons/auth_admin_passkey/model/res_users.py:44 |
297 | +#, python-format |
298 | +msgid "Admin user used his passkey to login with '%s'.\n" |
299 | +"\n" |
300 | +"\n" |
301 | +"\n" |
302 | +"Technicals informations belows : \n" |
303 | +"\n" |
304 | +"- Login date : %s\n" |
305 | +"\n" |
306 | +"" |
307 | +msgstr "L'administrateur a utilisé son mot de passe \"bris de glace\" pour s'identifier avec l'identifiant '%s'.\n" |
308 | +"\n" |
309 | +"\n" |
310 | +"\n" |
311 | +"Informations techniques ci-dessous : \n" |
312 | +"\n" |
313 | +"- Date d'authentification : %s\n" |
314 | +"\n" |
315 | +"" |
316 | + |
317 | +#. module: auth_admin_passkey |
318 | +#: view:base.config.settings:0 |
319 | +msgid "Passkey" |
320 | +msgstr "Mot de passe \"bris de glace\"" |
321 | + |
322 | +#. module: auth_admin_passkey |
323 | +#: code:addons/auth_admin_passkey/model/res_users.py:42 |
324 | +#, python-format |
325 | +msgid "Passkey used" |
326 | +msgstr "Mot de passe \"bris de glace\" utilisé" |
327 | + |
328 | +#. module: auth_admin_passkey |
329 | +#: field:base.config.settings,auth_admin_passkey_send_to_admin:0 |
330 | +msgid "Send email to admin user." |
331 | +msgstr "Envoyer un email à l'administrateur." |
332 | + |
333 | +#. module: auth_admin_passkey |
334 | +#: field:base.config.settings,auth_admin_passkey_send_to_user:0 |
335 | +msgid "Send email to user." |
336 | +msgstr "Envoyer un email à l'utilisateur." |
337 | + |
338 | +#. module: auth_admin_passkey |
339 | +#: code:_description:0 |
340 | +#: model:ir.model,name:auth_admin_passkey.model_res_users |
341 | +#, python-format |
342 | +msgid "Users" |
343 | +msgstr "Utilisateurs" |
344 | + |
345 | +#. module: auth_admin_passkey |
346 | +#: help:base.config.settings,auth_admin_passkey_send_to_user:0 |
347 | +msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the account user." |
348 | +msgstr "Quand l'administrateur utilise son mot de passe pour s'authentifier avec un compte différent, OpenERP lui enverra un mail." |
349 | + |
350 | +#. module: auth_admin_passkey |
351 | +#: help:base.config.settings,auth_admin_passkey_send_to_admin:0 |
352 | +msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the admin user." |
353 | +msgstr "Quand l'administrateur utilise son mot de passe pour s'authentifier avec un compte différent, OpenERP enverra un mail à l'utilisateur." |
354 | + |
355 | +#. module: auth_admin_passkey |
356 | +#: code:addons/auth_admin_passkey/model/res_users.py:64 |
357 | +#, python-format |
358 | +msgid "[WARNING] OpenERP Security Risk" |
359 | +msgstr "[WARNING] Faille de sécurité sur OpenERP" |
360 | |
361 | === added directory 'auth_admin_passkey/model' |
362 | === added file 'auth_admin_passkey/model/__init__.py' |
363 | --- auth_admin_passkey/model/__init__.py 1970-01-01 00:00:00 +0000 |
364 | +++ auth_admin_passkey/model/__init__.py 2014-04-02 16:03:13 +0000 |
365 | @@ -0,0 +1,24 @@ |
366 | +# -*- encoding: utf-8 -*- |
367 | +############################################################################## |
368 | +# |
369 | +# Admin Passkey module for OpenERP |
370 | +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) |
371 | +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) |
372 | +# |
373 | +# This program is free software: you can redistribute it and/or modify |
374 | +# it under the terms of the GNU Affero General Public License as |
375 | +# published by the Free Software Foundation, either version 3 of the |
376 | +# License, or (at your option) any later version. |
377 | +# |
378 | +# This program is distributed in the hope that it will be useful, |
379 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
380 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
381 | +# GNU Affero General Public License for more details. |
382 | +# |
383 | +# You should have received a copy of the GNU Affero General Public License |
384 | +# along with this program. If not, see <http://www.gnu.org/licenses/>. |
385 | +# |
386 | +############################################################################## |
387 | + |
388 | +from . import res_config |
389 | +from . import res_users |
390 | |
391 | === added file 'auth_admin_passkey/model/res_config.py' |
392 | --- auth_admin_passkey/model/res_config.py 1970-01-01 00:00:00 +0000 |
393 | +++ auth_admin_passkey/model/res_config.py 2014-04-02 16:03:13 +0000 |
394 | @@ -0,0 +1,76 @@ |
395 | +# -*- encoding: utf-8 -*- |
396 | +############################################################################## |
397 | +# |
398 | +# Admin Passkey module for OpenERP |
399 | +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) |
400 | +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) |
401 | +# |
402 | +# This program is free software: you can redistribute it and/or modify |
403 | +# it under the terms of the GNU Affero General Public License as |
404 | +# published by the Free Software Foundation, either version 3 of the |
405 | +# License, or (at your option) any later version. |
406 | +# |
407 | +# This program is distributed in the hope that it will be useful, |
408 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
409 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
410 | +# GNU Affero General Public License for more details. |
411 | +# |
412 | +# You should have received a copy of the GNU Affero General Public License |
413 | +# along with this program. If not, see <http://www.gnu.org/licenses/>. |
414 | +# |
415 | +############################################################################## |
416 | + |
417 | +from openerp.osv import fields |
418 | +from openerp.osv.orm import TransientModel |
419 | +from openerp.tools.safe_eval import safe_eval |
420 | + |
421 | + |
422 | +class base_config_settings(TransientModel): |
423 | + _inherit = 'base.config.settings' |
424 | + |
425 | + # Getter / Setter Section |
426 | + def get_default_auth_admin_passkey_send_to_admin( |
427 | + self, cr, uid, ids, context=None): |
428 | + icp = self.pool['ir.config_parameter'] |
429 | + return { |
430 | + 'auth_admin_passkey_send_to_admin': safe_eval(icp.get_param( |
431 | + cr, uid, 'auth_admin_passkey.send_to_admin', 'True')), |
432 | + } |
433 | + |
434 | + def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None): |
435 | + config = self.browse(cr, uid, ids[0], context=context) |
436 | + icp = self.pool['ir.config_parameter'] |
437 | + icp.set_param( |
438 | + cr, uid, 'auth_admin_passkey.send_to_admin', |
439 | + repr(config.auth_admin_passkey_send_to_admin)) |
440 | + |
441 | + def get_default_auth_admin_passkey_send_to_user( |
442 | + self, cr, uid, ids, context=None): |
443 | + icp = self.pool['ir.config_parameter'] |
444 | + return { |
445 | + 'auth_admin_passkey_send_to_user': safe_eval(icp.get_param( |
446 | + cr, uid, 'auth_admin_passkey.send_to_user', 'True')), |
447 | + } |
448 | + |
449 | + def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None): |
450 | + config = self.browse(cr, uid, ids[0], context=context) |
451 | + icp = self.pool['ir.config_parameter'] |
452 | + icp.set_param( |
453 | + cr, uid, 'auth_admin_passkey.send_to_user', |
454 | + repr(config.auth_admin_passkey_send_to_user)) |
455 | + |
456 | + # Columns Section |
457 | + _columns = { |
458 | + 'auth_admin_passkey_send_to_admin': fields.boolean( |
459 | + 'Send email to admin user.', |
460 | + help="""When the administrator use his password to login in """ |
461 | + """with a different account, OpenERP will send an email """ |
462 | + """to the admin user.""", |
463 | + ), |
464 | + 'auth_admin_passkey_send_to_user': fields.boolean( |
465 | + string='Send email to user.', |
466 | + help="""When the administrator use his password to login in """ |
467 | + """with a different account, OpenERP will send an email """ |
468 | + """to the account user.""", |
469 | + ), |
470 | + } |
471 | |
472 | === added file 'auth_admin_passkey/model/res_users.py' |
473 | --- auth_admin_passkey/model/res_users.py 1970-01-01 00:00:00 +0000 |
474 | +++ auth_admin_passkey/model/res_users.py 2014-04-02 16:03:13 +0000 |
475 | @@ -0,0 +1,137 @@ |
476 | +# -*- encoding: utf-8 -*- |
477 | +############################################################################## |
478 | +# |
479 | +# Admin Passkey module for OpenERP |
480 | +# Copyright (C) 2013-2014 GRAP (http://www.grap.coop) |
481 | +# @author Sylvain LE GAL (https://twitter.com/legalsylvain) |
482 | +# |
483 | +# This program is free software: you can redistribute it and/or modify |
484 | +# it under the terms of the GNU Affero General Public License as |
485 | +# published by the Free Software Foundation, either version 3 of the |
486 | +# License, or (at your option) any later version. |
487 | +# |
488 | +# This program is distributed in the hope that it will be useful, |
489 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
490 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
491 | +# GNU Affero General Public License for more details. |
492 | +# |
493 | +# You should have received a copy of the GNU Affero General Public License |
494 | +# along with this program. If not, see <http://www.gnu.org/licenses/>. |
495 | +# |
496 | +############################################################################## |
497 | + |
498 | +import datetime |
499 | + |
500 | +from openerp import SUPERUSER_ID |
501 | +from openerp import pooler |
502 | +from openerp import exceptions |
503 | +from openerp.osv.orm import Model |
504 | +from openerp.tools.translate import _ |
505 | +from openerp.tools.safe_eval import safe_eval |
506 | + |
507 | + |
508 | +class res_users(Model): |
509 | + _inherit = "res.users" |
510 | + |
511 | + # Private Function section |
512 | + def _get_translation(self, cr, lang, text): |
513 | + context = {'lang': lang} |
514 | + return _(text) |
515 | + |
516 | + def _send_email_passkey(self, cr, user_id, user_agent_env): |
517 | + """ Send a email to the admin of the system and / or the user |
518 | + to inform passkey use.""" |
519 | + mails = [] |
520 | + mail_obj = self.pool['mail.mail'] |
521 | + icp_obj = self.pool['ir.config_parameter'] |
522 | + admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) |
523 | + login_user = self.browse(cr, SUPERUSER_ID, user_id) |
524 | + send_to_admin = safe_eval(icp_obj.get_param( |
525 | + cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_admin', 'True')) |
526 | + send_to_user = safe_eval(icp_obj.get_param( |
527 | + cr, SUPERUSER_ID, 'auth_admin_passkey.send_to_user', 'True')) |
528 | + |
529 | + if send_to_admin and admin_user.email: |
530 | + mails.append({'email': admin_user.email, 'lang': admin_user.lang}) |
531 | + if send_to_user and login_user.email: |
532 | + mails.append({'email': login_user.email, 'lang': login_user.lang}) |
533 | + |
534 | + for mail in mails: |
535 | + subject = self._get_translation( |
536 | + cr, mail['lang'], _('Passkey used')) |
537 | + body = self._get_translation( |
538 | + cr, mail['lang'], |
539 | + _("""Admin user used his passkey to login with '%s'.\n\n""" |
540 | + """\n\nTechnicals informations belows : \n\n""" |
541 | + """- Login date : %s\n\n""")) % ( |
542 | + login_user.login, |
543 | + datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) |
544 | + for k, v in user_agent_env.iteritems(): |
545 | + body += ("- %s : %s\n\n") % (k, v) |
546 | + mail_obj.create( |
547 | + cr, SUPERUSER_ID, { |
548 | + 'email_to': mail['email'], |
549 | + 'subject': subject, |
550 | + 'body_html': '<pre>%s</pre>' % body}) |
551 | + |
552 | + def _send_email_same_password(self, cr, login_user): |
553 | + """ Send a email to the admin user to inform that another user has the |
554 | + same password as him.""" |
555 | + mail_obj = self.pool['mail.mail'] |
556 | + admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID) |
557 | + if admin_user.email: |
558 | + mail_obj.create(cr, SUPERUSER_ID, { |
559 | + 'email_to': admin_user.email, |
560 | + 'subject': self._get_translation( |
561 | + cr, admin_user.lang, _('[WARNING] OpenERP Security Risk')), |
562 | + 'body_html': self._get_translation( |
563 | + cr, admin_user.lang, _( |
564 | + """<pre>User with login '%s' has the same """ |
565 | + """password as you.</pre>""")) % (login_user), |
566 | + }) |
567 | + |
568 | + # Overload Section |
569 | + def authenticate(self, db, login, password, user_agent_env): |
570 | + """ Authenticate the user 'login' is password is ok or if |
571 | + is admin password. In the second case, send mail to user and admin.""" |
572 | + user_id = super(res_users, self).authenticate( |
573 | + db, login, password, user_agent_env) |
574 | + if user_id != SUPERUSER_ID: |
575 | + same_password = False |
576 | + cr = pooler.get_db(db).cursor() |
577 | + try: |
578 | + # directly use parent 'check_credentials' function |
579 | + # to really know if credentials are ok |
580 | + # or if it was admin password |
581 | + super(res_users, self).check_credentials( |
582 | + cr, SUPERUSER_ID, password) |
583 | + try: |
584 | + # Test now if the user has the same password as admin user |
585 | + super(res_users, self).check_credentials( |
586 | + cr, user_id, password) |
587 | + same_password = True |
588 | + except exceptions.AccessDenied: |
589 | + pass |
590 | + if not same_password: |
591 | + self._send_email_passkey(cr, user_id, user_agent_env) |
592 | + else: |
593 | + self._send_email_same_password(cr, login) |
594 | + cr.commit() |
595 | + except exceptions.AccessDenied: |
596 | + pass |
597 | + finally: |
598 | + cr.close() |
599 | + return user_id |
600 | + |
601 | + def check_credentials(self, cr, uid, password): |
602 | + """ Return now True if credentials are good OR if password is admin |
603 | +password.""" |
604 | + if uid != SUPERUSER_ID: |
605 | + try: |
606 | + super(res_users, self).check_credentials( |
607 | + cr, uid, password) |
608 | + return True |
609 | + except exceptions.AccessDenied: |
610 | + return self.check_credentials(cr, SUPERUSER_ID, password) |
611 | + else: |
612 | + return super(res_users, self).check_credentials(cr, uid, password) |
613 | |
614 | === added directory 'auth_admin_passkey/static' |
615 | === added directory 'auth_admin_passkey/static/src' |
616 | === added directory 'auth_admin_passkey/static/src/img' |
617 | === added file 'auth_admin_passkey/static/src/img/icon.png' |
618 | Binary files auth_admin_passkey/static/src/img/icon.png 1970-01-01 00:00:00 +0000 and auth_admin_passkey/static/src/img/icon.png 2014-04-02 16:03:13 +0000 differ |
619 | === added directory 'auth_admin_passkey/view' |
620 | === added file 'auth_admin_passkey/view/res_config_view.xml' |
621 | --- auth_admin_passkey/view/res_config_view.xml 1970-01-01 00:00:00 +0000 |
622 | +++ auth_admin_passkey/view/res_config_view.xml 2014-04-02 16:03:13 +0000 |
623 | @@ -0,0 +1,47 @@ |
624 | +<?xml version="1.0" encoding="UTF-8"?> |
625 | +<!-- ********************************************************************** --> |
626 | +<!--Admin Passkey module for OpenERP --> |
627 | +<!--Copyright (C) 2013-2014 GRAP (http://www.grap.coop) --> |
628 | +<!--@author Sylvain LE GAL (https://twitter.com/legalsylvain) --> |
629 | + |
630 | +<!--This program is free software: you can redistribute it and/or modify --> |
631 | +<!--it under the terms of the GNU Affero General Public License as --> |
632 | +<!--published by the Free Software Foundation, either version 3 of the --> |
633 | +<!--License, or (at your option) any later version. --> |
634 | + |
635 | +<!--This program is distributed in the hope that it will be useful, --> |
636 | +<!--but WITHOUT ANY WARRANTY; without even the implied warranty of --> |
637 | +<!--MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --> |
638 | +<!--GNU Affero General Public License for more details. --> |
639 | + |
640 | +<!--You should have received a copy of the GNU Affero General Public License--> |
641 | +<!--along with this program. If not, see <http://www.gnu.org/licenses/>. --> |
642 | +<!-- ********************************************************************** --> |
643 | +<openerp> |
644 | + <data> |
645 | + |
646 | + <record id="view_res_config_settings" model="ir.ui.view"> |
647 | + <field name="name">base.config.settings.view</field> |
648 | + <field name="model">base.config.settings</field> |
649 | + <field name="inherit_id" ref="base_setup.view_general_configuration"/> |
650 | + <field name="arch" type="xml"> |
651 | + <xpath expr="//label[@string='Email']/.." position='after'> |
652 | + <group> |
653 | + <label for="id" string="Passkey"/> |
654 | + <div> |
655 | + <div> |
656 | + <field name="auth_admin_passkey_send_to_admin" class="oe_inline"/> |
657 | + <label for="auth_admin_passkey_send_to_admin"/> |
658 | + </div> |
659 | + <div> |
660 | + <field name="auth_admin_passkey_send_to_user" class="oe_inline"/> |
661 | + <label for="auth_admin_passkey_send_to_user"/> |
662 | + </div> |
663 | + </div> |
664 | + </group> |
665 | + </xpath> |
666 | + </field> |
667 | + </record> |
668 | + |
669 | + </data> |
670 | +</openerp> |
Great idea! The code looks good too. Thanks! Compatibility with auth_crypt is important, but if you say it can be done in a glue module we can leave it for someone to make this effort later on.