From 9b1daf3861ff5f92da95a421b53487e3b4cbc17d Mon Sep 17 00:00:00 2001
From: Christophe Simonis <chs@openerp.com>
Date: Tue, 23 Oct 2012 21:18:05 +0200
Subject: [PATCH] [FIX] auth_signup: do the signup via ajax, allowing web
 client to respect hash values and execute initially asked action

bzr revid: chs@openerp.com-20121023191805-6ct40v4klj75fdpx
---
 addons/auth_signup/common.py                  |  2 ++
 addons/auth_signup/controllers/main.py        | 29 ++++++++-----------
 addons/auth_signup/res_users.py               |  8 +++--
 .../auth_signup/static/src/js/auth_signup.js  | 27 +++++++++++++----
 4 files changed, 41 insertions(+), 25 deletions(-)
 create mode 100644 addons/auth_signup/common.py

diff --git a/addons/auth_signup/common.py b/addons/auth_signup/common.py
new file mode 100644
index 00000000000..01b96f29d73
--- /dev/null
+++ b/addons/auth_signup/common.py
@@ -0,0 +1,2 @@
+class SignupError(Exception):
+    pass
diff --git a/addons/auth_signup/controllers/main.py b/addons/auth_signup/controllers/main.py
index 54dcc5b4362..9f64215c936 100644
--- a/addons/auth_signup/controllers/main.py
+++ b/addons/auth_signup/controllers/main.py
@@ -20,11 +20,10 @@
 ##############################################################################
 import logging
 
-import werkzeug
-
 import openerp
 from openerp.modules.registry import RegistryManager
-from openerp.addons.web.controllers.main import login_and_redirect
+
+from ..common import SignupError
 
 _logger = logging.getLogger(__name__)
 
@@ -41,22 +40,18 @@ class Controller(openerp.addons.web.http.Controller):
             user_info = res_partner.signup_retrieve_info(cr, openerp.SUPERUSER_ID, token)
         return user_info
 
-    @openerp.addons.web.http.httprequest
-    def signup(self, req, dbname, token, name, login, password, state=''):
-        """ sign up a user (new or existing), and log it in """
-        url = '/'
+    @openerp.addons.web.http.jsonrequest
+    def signup(self, req, dbname, token, name, login, password):
+        """ sign up a user (new or existing)"""
         registry = RegistryManager.get(dbname)
         with registry.cursor() as cr:
+            res_users = registry.get('res.users')
+            values = {'name': name, 'login': login, 'password': password}
             try:
-                res_users = registry.get('res.users')
-                values = {'name': name, 'login': login, 'password': password}
-                credentials = res_users.signup(cr, openerp.SUPERUSER_ID, values, token)
-                cr.commit()
-                return login_and_redirect(req, *credentials, redirect_url='/#%s'%state)
-            except Exception as e:
-                # signup error
-                _logger.exception('error when signup')
-                url = "/#action=login&error_message=%s" % werkzeug.urls.url_quote(e.message)
-        return werkzeug.utils.redirect(url)
+                res_users.signup(cr, openerp.SUPERUSER_ID, values, token)
+            except SignupError, e:
+                return {'error': openerp.tools.exception_to_unicode(e)}
+            cr.commit()
+        return {}
 
 # vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
diff --git a/addons/auth_signup/res_users.py b/addons/auth_signup/res_users.py
index 59196c4da87..1dbee3e0520 100644
--- a/addons/auth_signup/res_users.py
+++ b/addons/auth_signup/res_users.py
@@ -29,6 +29,8 @@ from openerp import SUPERUSER_ID
 from openerp.tools.misc import DEFAULT_SERVER_DATETIME_FORMAT
 from openerp.tools.safe_eval import safe_eval
 
+from .common import SignupError
+
 def random_token():
     # the token has an entropy of about 120 bits (6 bits/char * 20 chars)
     chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
@@ -101,12 +103,12 @@ class res_partner(osv.Model):
         partner_ids = self.search(cr, uid, [('signup_token', '=', token)], context=context)
         if not partner_ids:
             if raise_exception:
-                raise Exception("Signup token '%s' is not valid" % token)
+                raise SignupError("Signup token '%s' is not valid" % token)
             return False
         partner = self.browse(cr, uid, partner_ids[0], context)
         if check_validity and not partner.signup_valid:
             if raise_exception:
-                raise Exception("Signup token '%s' is no longer valid" % token)
+                raise SignupError("Signup token '%s' is no longer valid" % token)
             return False
         return partner
 
@@ -194,7 +196,7 @@ class res_users(osv.Model):
         # check that uninvited users may sign up
         if 'partner_id' not in values:
             if not safe_eval(ir_config_parameter.get_param(cr, uid, 'auth_signup.allow_uninvited', 'False')):
-                raise Exception('Signup is not allowed for uninvited users')
+                raise SignupError('Signup is not allowed for uninvited users')
 
         # create a copy of the template user (attached to a specific partner_id if given)
         values['active'] = True
diff --git a/addons/auth_signup/static/src/js/auth_signup.js b/addons/auth_signup/static/src/js/auth_signup.js
index 0974b73292d..bb249429894 100644
--- a/addons/auth_signup/static/src/js/auth_signup.js
+++ b/addons/auth_signup/static/src/js/auth_signup.js
@@ -8,12 +8,20 @@ openerp.auth_signup = function(instance) {
             var d = this._super();
 
             // to switch between the signup and regular login form
-            this.$('a.oe_signup_signup').click(function() {
+            this.$('a.oe_signup_signup').click(function(ev) {
+                if (ev) {
+                    ev.preventDefault();
+                }
                 self.$el.addClass("oe_login_signup");
+                return false;
             });
-            this.$('a.oe_signup_back').click(function() {
+            this.$('a.oe_signup_back').click(function(ev) {
+                if (ev) {
+                    ev.preventDefault();
+                }
                 self.$el.removeClass("oe_login_signup");
                 delete self.params.token;
+                return false;
             });
 
             // if there is an error message in params, show it then forget it
@@ -90,10 +98,19 @@ openerp.auth_signup = function(instance) {
                     name: name,
                     login: login,
                     password: password,
-                    state: $.param(this.params)
+                    //state: $.param(this.params)
                 };
-                var url = "/auth_signup/signup?" + $.param(params);
-                window.location = url;
+                
+                var self = this,
+                    super_ = this._super;
+                this.rpc('/auth_signup/signup', params)
+                    .done(function(result) {
+                        if (result.error) {
+                            self.show_error(result.error);
+                        } else {
+                            super_.apply(self, [ev]);
+                        }
+                    });
             } else {
                 // regular login
                 this._super(ev);