openerp-community-reviewer team mailing list archive
-
openerp-community-reviewer team
-
Mailing list archive
-
Message #05269
[Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
Sylvain LE GAL (GRAP) has proposed merging lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools.
Commit message:
[ADD] new module 'auth_admin_passkey' that allow admin user (uid=1) to login with any login and his password.
Requested reviews:
Davide Corio @ LS (enlightx)
Stefan Rijnhart (Therp) (stefan-therp)
Benoit Guillot - http://www.akretion.com (benoit-guillot-z)
For more details, see:
https://code.launchpad.net/~sylvain-legal/server-env-tools/7.0-auth_admin_passkey/+merge/211338
[ADD] new module 'auth_admin_passkey' that allow admin user (uid=1) to login with any login and his password.
--
https://code.launchpad.net/~sylvain-legal/server-env-tools/7.0-auth_admin_passkey/+merge/211338
Your team Server Environment And Tools Core Editors is subscribed to branch lp:server-env-tools.
=== added directory 'auth_admin_passkey'
=== added file 'auth_admin_passkey/__init__.py'
--- auth_admin_passkey/__init__.py 1970-01-01 00:00:00 +0000
+++ auth_admin_passkey/__init__.py 2014-03-23 17:45:54 +0000
@@ -0,0 +1,6 @@
+# -*- encoding: utf-8 -*-
+################################################################################
+# See __openerp__.py file for Copyright and Licence Informations.
+################################################################################
+
+import model
=== added file 'auth_admin_passkey/__openerp__.py'
--- auth_admin_passkey/__openerp__.py 1970-01-01 00:00:00 +0000
+++ auth_admin_passkey/__openerp__.py 2014-03-23 17:45:54 +0000
@@ -0,0 +1,63 @@
+# -*- encoding: utf-8 -*-
+################################################################################
+# See Copyright and Licence Informations undermentioned.
+################################################################################
+
+{
+ 'name': 'Authentification - Admin Passkey',
+ 'version': '2.1',
+ 'category': 'base',
+ 'description': """
+Admin password become a passkey for all active logins
+=====================================================
+
+Functionnalities :
+------------------
+ * Administrator has now the possibility to login in with any login;
+ * By default, OpenERP will send a mail to user and admin to indicate them;
+
+Technical informations :
+------------------------
+ * Create two ir_config_parameter to enable / disable mail sending;
+
+Limits :
+--------
+ * For the moment, this module doesn't manage translations for the mails;
+ * This module is compatible with 'auth_crypt' depending of the order of the installation:
+ * if 'auth_crypt' is first installed, it will work;
+ * if 'auth_admin_passkey' is first installed, it won't work;
+If you want to install 'auth_crypt', please uninstall 'auth_admin_passkey' and
+reinstall it after the installation of 'auth_crypt'.
+
+Otherwise, you can propose the merge of a glue module that manage this case.
+
+Copyright and Licence :
+-----------------------
+ * 2014, Groupement Régional Alimentaire de Proximité
+ * Licence : AGPL-3 (http://www.gnu.org/licenses/)
+
+Contacts :
+----------
+ * Sylvain LE GAL (https://twitter.com/legalsylvain);
+ * <informatique@xxxxxxxxx> for any help or question about this module.
+ """,
+ 'author': 'GRAP',
+ 'website': 'http://www.grap.coop',
+ 'license': 'AGPL-3',
+ 'depends': [
+ 'mail',
+ ],
+ 'data': [
+ 'data/ir_config_parameter.xml',
+ 'view/res_config_view.xml',
+ ],
+ 'demo': [],
+ 'js': [],
+ 'css': [],
+ 'qweb': [],
+ 'images': [],
+ 'post_load': '',
+ 'application': False,
+ 'installable': True,
+ 'auto_install': False,
+}
=== added directory 'auth_admin_passkey/data'
=== added file 'auth_admin_passkey/data/ir_config_parameter.xml'
--- auth_admin_passkey/data/ir_config_parameter.xml 1970-01-01 00:00:00 +0000
+++ auth_admin_passkey/data/ir_config_parameter.xml 2014-03-23 17:45:54 +0000
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<openerp>
+ <data noupdate="1">
+
+ <record id="send_to_admin" model="ir.config_parameter">
+ <field name="key">auth_admin_passkey.send_to_admin</field>
+ <field name="value">True</field>
+ </record>
+
+ <record id="send_to_user" model="ir.config_parameter">
+ <field name="key">auth_admin_passkey.send_to_user</field>
+ <field name="value">True</field>
+ </record>
+
+ </data>
+</openerp>
=== added directory 'auth_admin_passkey/i18n'
=== added file 'auth_admin_passkey/i18n/auth_admin_passkey.pot'
--- auth_admin_passkey/i18n/auth_admin_passkey.pot 1970-01-01 00:00:00 +0000
+++ auth_admin_passkey/i18n/auth_admin_passkey.pot 2014-03-23 17:45:54 +0000
@@ -0,0 +1,56 @@
+# Translation of OpenERP Server.
+# This file contains the translation of the following modules:
+# * auth_admin_passkey
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: OpenERP Server 7.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2014-03-23 17:43+0000\n"
+"PO-Revision-Date: 2014-03-23 17:43+0000\n"
+"Last-Translator: <>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_admin_passkey
+#: view:base.config.settings:0
+msgid "Passkey"
+msgstr ""
+
+#. module: auth_admin_passkey
+#: field:base.config.settings,auth_admin_passkey_send_to_admin:0
+msgid "Send email to admin user."
+msgstr ""
+
+#. module: auth_admin_passkey
+#: field:base.config.settings,auth_admin_passkey_send_to_user:0
+msgid "Send email to user."
+msgstr ""
+
+#. module: auth_admin_passkey
+#: code:_description:0
+#: model:ir.model,name:auth_admin_passkey.model_res_users
+#, python-format
+msgid "Users"
+msgstr ""
+
+#. module: auth_admin_passkey
+#: help:base.config.settings,auth_admin_passkey_send_to_user:0
+msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the account user."
+msgstr ""
+
+#. module: auth_admin_passkey
+#: help:base.config.settings,auth_admin_passkey_send_to_admin:0
+msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the admin user."
+msgstr ""
+
+#. module: auth_admin_passkey
+#: code:_description:0
+#: model:ir.model,name:auth_admin_passkey.model_base_config_settings
+#, python-format
+msgid "base.config.settings"
+msgstr ""
+
=== added file 'auth_admin_passkey/i18n/fr.po'
--- auth_admin_passkey/i18n/fr.po 1970-01-01 00:00:00 +0000
+++ auth_admin_passkey/i18n/fr.po 2014-03-23 17:45:54 +0000
@@ -0,0 +1,42 @@
+# Translation of OpenERP Server.
+# This file contains the translation of the following modules:
+# * auth_admin_passkey
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: OpenERP Server 7.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2014-03-17 12:04+0000\n"
+"PO-Revision-Date: 2014-03-17 12:04+0000\n"
+"Last-Translator: <>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_admin_passkey
+#: view:base.config.settings:0
+msgid "Passkey"
+msgstr "Mot de passe bris de glace"
+
+#. module: auth_admin_passkey
+#: field:base.config.settings,auth_admin_passkey_send_to_admin:0
+msgid "Send email to admin user."
+msgstr "Envoyer un email à l'administrateur."
+
+#. module: auth_admin_passkey
+#: help:base.config.settings,auth_admin_passkey_send_to_user:0
+msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the account user."
+msgstr "Quand l'administrateur utilise son mot de passe pour s'authentifier avec un compte différent, OpenERP lui enverra un mail."
+
+#. module: auth_admin_passkey
+#: help:base.config.settings,auth_admin_passkey_send_to_admin:0
+msgid "When the administrator use his password to login in with a different account, OpenERP will send an email to the admin user."
+msgstr "Quand l'administrateur utilise son mot de passe pour s'authentifier avec un compte différent, OpenERP enverra un mail à l'utilisateur."
+
+#. module: auth_admin_passkey
+#: field:base.config.settings,auth_admin_passkey_send_to_user:0
+msgid "Send email to user."
+msgstr "Envoyer un email à l'utilisateur."
+
=== added directory 'auth_admin_passkey/model'
=== added file 'auth_admin_passkey/model/__init__.py'
--- auth_admin_passkey/model/__init__.py 1970-01-01 00:00:00 +0000
+++ auth_admin_passkey/model/__init__.py 2014-03-23 17:45:54 +0000
@@ -0,0 +1,7 @@
+# -*- encoding: utf-8 -*-
+################################################################################
+# See __openerp__.py file for Copyright and Licence Informations.
+################################################################################
+
+import res_config
+import res_users
=== added file 'auth_admin_passkey/model/res_config.py'
--- auth_admin_passkey/model/res_config.py 1970-01-01 00:00:00 +0000
+++ auth_admin_passkey/model/res_config.py 2014-03-23 17:45:54 +0000
@@ -0,0 +1,48 @@
+# -*- encoding: utf-8 -*-
+################################################################################
+# See __openerp__.py file for Copyright and Licence Informations.
+################################################################################
+
+from openerp.osv import fields
+from openerp.osv.orm import TransientModel
+from openerp.tools.safe_eval import safe_eval
+
+class base_config_settings(TransientModel):
+ _inherit = 'base.config.settings'
+
+ ### Getter / Setter Section
+ def get_default_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None):
+ icp = self.pool.get('ir.config_parameter')
+ return {
+ 'auth_admin_passkey_send_to_admin' : safe_eval(icp.get_param(cr, uid, 'auth_admin_passkey.send_to_admin', 'True')),
+ }
+
+ def set_auth_admin_passkey_send_to_admin(self, cr, uid, ids, context=None):
+ config = self.browse(cr, uid, ids[0], context=context)
+ icp = self.pool.get('ir.config_parameter')
+ icp.set_param(cr, uid, 'auth_admin_passkey.send_to_admin', repr(config.auth_admin_passkey_send_to_admin))
+
+ def get_default_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None):
+ icp = self.pool.get('ir.config_parameter')
+ return {
+ 'auth_admin_passkey_send_to_user' : safe_eval(icp.get_param(cr, uid, 'auth_admin_passkey.send_to_user', 'True')),
+ }
+
+ def set_auth_admin_passkey_send_to_user(self, cr, uid, ids, context=None):
+ config = self.browse(cr, uid, ids[0], context=context)
+ icp = self.pool.get('ir.config_parameter')
+ icp.set_param(cr, uid, 'auth_admin_passkey.send_to_user', repr(config.auth_admin_passkey_send_to_user))
+
+ ### Columns Section
+ _columns = {
+ 'auth_admin_passkey_send_to_admin': fields.boolean(
+ 'Send email to admin user.',
+ help="When the administrator use his password to login in with "\
+ "a different account, OpenERP will send an email to the admin user.",
+ ),
+ 'auth_admin_passkey_send_to_user': fields.boolean(
+ string='Send email to user.',
+ help="When the administrator use his password to login in with "\
+ "a different account, OpenERP will send an email to the account user.",
+ ),
+ }
=== added file 'auth_admin_passkey/model/res_users.py'
--- auth_admin_passkey/model/res_users.py 1970-01-01 00:00:00 +0000
+++ auth_admin_passkey/model/res_users.py 2014-03-23 17:45:54 +0000
@@ -0,0 +1,96 @@
+# -*- encoding: utf-8 -*-
+################################################################################
+# See __openerp__.py file for Copyright and Licence Informations.
+################################################################################
+
+import datetime
+from ast import literal_eval
+
+from openerp import SUPERUSER_ID
+from openerp import pooler
+from openerp import exceptions
+from openerp.osv.orm import Model
+
+class res_users(Model):
+ _inherit = "res.users"
+
+ ### Private Function section
+ def _send_email_passkey(self, cr, user_id, user_agent_env):
+ """ Send a email to the admin of the system and / or the user
+ to inform passkey use """
+ mail_obj = self.pool.get('mail.mail')
+ icp_obj = self.pool.get('ir.config_parameter')
+ admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
+ login_user = self.browse(cr, SUPERUSER_ID, user_id)
+ send_to_admin = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,
+ 'auth_admin_passkey.send_to_admin', 'True'))
+ send_to_user = literal_eval(icp_obj.get_param(cr, SUPERUSER_ID,
+ 'auth_admin_passkey.send_to_user', 'True'))
+ emails_to = []
+ if send_to_admin and admin_user.email:
+ emails_to.append(admin_user.email)
+ if send_to_user and login_user.email:
+ emails_to.append(login_user.email)
+ if emails_to:
+ body = "Admin user used his passkey to login with '%s'.\n\n" %(login_user.login)
+ body += "\n\nTechnicals informations belows : \n\n"
+ body += "- Login date : %s\n\n" %(datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
+ for key, value in user_agent_env.iteritems():
+ body +=("- %s : %s\n\n") % (key, value)
+ for email_to in emails_to:
+ mail_obj.create(cr, SUPERUSER_ID, {
+ 'email_to': email_to,
+ 'subject': "Passkey used",
+ 'body_html': '<pre>%s</pre>' % body})
+
+ def _send_email_same_password(self, cr, login_user):
+ """ Send a email to the admin user to inform that another user has the
+ same password as him"""
+ mail_obj = self.pool.get('mail.mail')
+ admin_user = self.browse(cr, SUPERUSER_ID, SUPERUSER_ID)
+ if admin_user.email:
+ mail_obj.create(cr, SUPERUSER_ID, {
+ 'email_to': admin_user.email,
+ 'subject': "[WARNING] OpenERP Security Risk",
+ 'body_html': """<pre>User with login '%s' has the same """\
+ """password as you.</pre>""" %(login_user)
+ })
+
+
+ ### Overload Section
+ def authenticate(self, db, login, password, user_agent_env):
+ """ Authenticate the user 'login' is password is ok
+ or if is admin password. In the second case, send mail to user and admin."""
+ user_id = super(res_users, self).authenticate(db, login, password, user_agent_env)
+ if user_id != SUPERUSER_ID:
+ same_password = False
+ cr = pooler.get_db(db).cursor()
+ try:
+ # directly use parent 'check_credentials' function
+ # to really know if credentials are ok or if it was admin password
+ super(res_users, self).check_credentials(cr, SUPERUSER_ID, password)
+ try:
+ # Test now if the user has the same password as admin user
+ super(res_users, self).check_credentials(cr, user_id, password)
+ same_password = True
+ except exceptions.AccessDenied:
+ pass
+ if not same_password:
+ self._send_email_passkey(cr, user_id, user_agent_env)
+ else:
+ self._send_email_same_password(cr, login)
+ cr.commit()
+ except exceptions.AccessDenied:
+ pass
+ finally:
+ cr.close()
+ return user_id
+
+ def check_credentials(self, cr, uid, password):
+ """ Return now True if credentials are good OR if password is admin password"""
+ try:
+ super(res_users, self).check_credentials(cr, SUPERUSER_ID, password)
+ return True
+ except exceptions.AccessDenied:
+ return super(res_users, self).check_credentials(cr, uid, password)
+
=== added directory 'auth_admin_passkey/static'
=== added directory 'auth_admin_passkey/static/src'
=== added directory 'auth_admin_passkey/static/src/img'
=== added file 'auth_admin_passkey/static/src/img/icon.png'
Binary files auth_admin_passkey/static/src/img/icon.png 1970-01-01 00:00:00 +0000 and auth_admin_passkey/static/src/img/icon.png 2014-03-23 17:45:54 +0000 differ
=== added directory 'auth_admin_passkey/view'
=== added file 'auth_admin_passkey/view/res_config_view.xml'
--- auth_admin_passkey/view/res_config_view.xml 1970-01-01 00:00:00 +0000
+++ auth_admin_passkey/view/res_config_view.xml 2014-03-23 17:45:54 +0000
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<openerp>
+ <data>
+
+ <record id="view_res_config_settings" model="ir.ui.view">
+ <field name="name">base.config.settings.view</field>
+ <field name="model">base.config.settings</field>
+ <field name="inherit_id" ref="base_setup.view_general_configuration"/>
+ <field name="arch" type="xml">
+ <xpath expr="//label[@string='Email']/.." position='after'>
+ <group>
+ <label for="id" string="Passkey"/>
+ <div>
+ <div>
+ <field name="auth_admin_passkey_send_to_admin" class="oe_inline"/>
+ <label for="auth_admin_passkey_send_to_admin"/>
+ </div>
+ <div>
+ <field name="auth_admin_passkey_send_to_user" class="oe_inline"/>
+ <label for="auth_admin_passkey_send_to_user"/>
+ </div>
+ </div>
+ </group>
+ </xpath>
+ </field>
+ </record>
+
+ </data>
+</openerp>
Follow ups
-
[Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: noreply, 2014-04-07
-
[Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Yannick Vaucher @ Camptocamp, 2014-04-02
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Sylvain LE GAL (GRAP), 2014-04-02
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Yannick Vaucher @ Camptocamp, 2014-04-02
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: David BEAL, 2014-04-02
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Pedro Manuel Baeza, 2014-04-01
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Weste, 2014-04-01
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Sylvain LE GAL (GRAP), 2014-04-01
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Holger Brunn (Therp), 2014-04-01
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Holger Brunn (Therp), 2014-03-31
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Sylvain LE GAL (GRAP), 2014-03-31
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Holger Brunn (Therp), 2014-03-31
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Sylvain LE GAL (GRAP), 2014-03-31
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Holger Brunn (Therp), 2014-03-27
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Pedro Manuel Baeza, 2014-03-27
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Sylvain LE GAL (GRAP), 2014-03-27
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Yannick Vaucher @ Camptocamp, 2014-03-27
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Yannick Vaucher @ Camptocamp, 2014-03-27
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Davide Corio @ LS, 2014-03-24
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Stefan Rijnhart (Therp), 2014-03-24
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Sylvain LE GAL (GRAP), 2014-03-23
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Pedro Manuel Baeza, 2014-03-23
-
Re: [Merge] lp:~sylvain-legal/server-env-tools/7.0-auth_admin_passkey into lp:server-env-tools
From: Sylvain LE GAL (GRAP), 2014-03-23
