# -*- coding: utf-8 -*- ############################################################################## # # OpenERP, Open Source Management Solution # Copyright (C) 2012-today OpenERP SA () # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see # ############################################################################## import logging import werkzeug import openerp from openerp.addons.auth_signup.res_users import SignupError from openerp.addons.web.controllers.main import ensure_db from openerp import http from openerp.http import request from openerp.tools.translate import _ _logger = logging.getLogger(__name__) class AuthSignupHome(openerp.addons.web.controllers.main.Home): @http.route() def web_login(self, *args, **kw): ensure_db() response = super(AuthSignupHome, self).web_login(*args, **kw) response.qcontext.update(self.get_auth_signup_config()) if request.httprequest.method == 'GET' and request.session.uid and request.params.get('redirect'): # Redirect if already logged in and redirect param is present return http.redirect_with_hash(request.params.get('redirect')) return response @http.route('/web/signup', type='http', auth='public', website=True) def web_auth_signup(self, *args, **kw): qcontext = self.get_auth_signup_qcontext() if not qcontext.get('token') and not qcontext.get('signup_enabled'): raise werkzeug.exceptions.NotFound() if 'error' not in qcontext and request.httprequest.method == 'POST': try: self.do_signup(qcontext) return super(AuthSignupHome, self).web_login(*args, **kw) except (SignupError, AssertionError), e: if request.env["res.users"].sudo().search([("login", "=", qcontext.get("login"))]): qcontext["error"] = _("Another user is already registered using this email address.") else: _logger.error(e.message) qcontext['error'] = _("Could not create a new account.") return request.render('auth_signup.signup', qcontext) @http.route('/web/reset_password', type='http', auth='public', website=True) def web_auth_reset_password(self, *args, **kw): qcontext = self.get_auth_signup_qcontext() if not qcontext.get('token') and not qcontext.get('reset_password_enabled'): raise werkzeug.exceptions.NotFound() if 'error' not in qcontext and request.httprequest.method == 'POST': try: if qcontext.get('token'): self.do_signup(qcontext) return super(AuthSignupHome, self).web_login(*args, **kw) else: login = qcontext.get('login') assert login, "No login provided." res_users = request.registry.get('res.users') res_users.reset_password(request.cr, openerp.SUPERUSER_ID, login) qcontext['message'] = _("An email has been sent with credentials to reset your password") except SignupError: qcontext['error'] = _("Could not reset your password") _logger.exception('error when resetting password') except Exception, e: qcontext['error'] = _(e.message) return request.render('auth_signup.reset_password', qcontext) def get_auth_signup_config(self): """retrieve the module config (which features are enabled) for the login page""" icp = request.registry.get('ir.config_parameter') return { 'signup_enabled': icp.get_param(request.cr, openerp.SUPERUSER_ID, 'auth_signup.allow_uninvited') == 'True', 'reset_password_enabled': icp.get_param(request.cr, openerp.SUPERUSER_ID, 'auth_signup.reset_password') == 'True', } def get_auth_signup_qcontext(self): """ Shared helper returning the rendering context for signup and reset password """ qcontext = request.params.copy() qcontext.update(self.get_auth_signup_config()) if qcontext.get('token'): try: # retrieve the user info (name, login or email) corresponding to a signup token res_partner = request.registry.get('res.partner') token_infos = res_partner.signup_retrieve_info(request.cr, openerp.SUPERUSER_ID, qcontext.get('token')) for k, v in token_infos.items(): qcontext.setdefault(k, v) except: qcontext['error'] = _("Invalid signup token") return qcontext def do_signup(self, qcontext): """ Shared helper that creates a res.partner out of a token """ values = dict((key, qcontext.get(key)) for key in ('login', 'name', 'password')) assert any([k for k in values.values()]), "The form was not properly filled in." assert values.get('password') == qcontext.get('confirm_password'), "Passwords do not match; please retype them." values['lang'] = request.lang self._signup_with_values(qcontext.get('token'), values) request.cr.commit() def _signup_with_values(self, token, values): db, login, password = request.registry['res.users'].signup(request.cr, openerp.SUPERUSER_ID, values, token) request.cr.commit() # as authenticate will use its own cursor we need to commit the current transaction uid = request.session.authenticate(db, login, password) if not uid: raise SignupError(_('Authentification Failed.')) # vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4: