19.0 vanilla

2026-04-22 02:32:07 +02:00 · 2026-03-09 09:30:27 +01:00 · 2026-03-09 09:30:27 +01:00 · 2d3ee4855a
commit 2d3ee4855a
parent d1963a3c3a
7430 changed files with 2687981 additions and 2965473 deletions
--- a/odoo-bringout-oca-ocb-bus/bus/controllers/init.py
+++ b/odoo-bringout-oca-ocb-bus/bus/controllers/init.py
@ -1,3 +1,5 @@
 # -*- coding: utf-8 -*-
+
+from . import home
 from . import main
 from . import websocket
--- a/odoo-bringout-oca-ocb-bus/bus/controllers/home.py
+++ b/odoo-bringout-oca-ocb-bus/bus/controllers/home.py
@ -0,0 +1,38 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+import ipaddress
+
+from odoo import _, SUPERUSER_ID
+from odoo.http import request
+from odoo.addons.web.controllers.home import Home as WebHome
+
+
+def _admin_password_warn(uid):
+    if request.params['password'] != 'admin':
+        return
+    if ipaddress.ip_address(request.httprequest.remote_addr).is_private:
+        return
+    env = request.env(user=SUPERUSER_ID, su=True)
+    admin = env.ref('base.partner_admin')
+    if uid not in admin.user_ids.ids:
+        return
+    has_demo = bool(env['ir.module.module'].search_count([('demo', '=', True)]))
+    if has_demo:
+        return
+    admin.with_context(request.env(user=uid)["res.users"].context_get())._bus_send(
+        "simple_notification",
+        {
+            "type": "danger",
+            "message": _(
+                "Your password is the default (admin)! If this system is exposed to untrusted users it is important to change it immediately for security reasons. I will keep nagging you about it!"
+            ),
+            "sticky": True,
+        },
+    )
+
+
+class Home(WebHome):
+    def _login_redirect(self, uid, redirect=None):
+        if request.params.get('login_success'):
+            _admin_password_warn(uid)
+        return super()._login_redirect(uid, redirect)
--- a/odoo-bringout-oca-ocb-bus/bus/controllers/main.py
+++ b/odoo-bringout-oca-ocb-bus/bus/controllers/main.py
@ -11,3 +11,9 @@ class BusController(Controller):
        return request.make_response(json.dumps(
            request.env['ir.model']._get_model_definitions(json.loads(model_names_to_fetch)),
        ))
+
+    @route("/bus/has_missed_notifications", type="jsonrpc", auth="public")
+    def has_missed_notifications(self, last_notification_id):
+        # sudo - bus.bus: checking if a notification still exists in order to
+        # detect missed notification during disconnect is allowed.
+        return request.env["bus.bus"].sudo().search_count([("id", "=", last_notification_id)]) == 0
--- a/odoo-bringout-oca-ocb-bus/bus/controllers/websocket.py
+++ b/odoo-bringout-oca-ocb-bus/bus/controllers/websocket.py
@ -3,19 +3,21 @@
 import json

 from odoo.http import Controller, request, route, SessionExpiredException
-from odoo.addons.base.models.assetsbundle import AssetsBundle
 from ..models.bus import channel_with_db
 from ..websocket import WebsocketConnectionHandler


 class WebsocketController(Controller):
    @route('/websocket', type="http", auth="public", cors='*', websocket=True)
-    def websocket(self):
+    def websocket(self, version=None):
        """
-        Handle the websocket handshake, upgrade the connection if
-        successfull.
+        Handle the websocket handshake, upgrade the connection if successfull.
+
+        :param version: The version of the WebSocket worker that tries to
+            connect. Connections with an outdated version will result in the
+            websocket being closed. See :attr:`WebsocketConnectionHandler._VERSION`.
        """
-        return WebsocketConnectionHandler.open_connection(request)
+        return WebsocketConnectionHandler.open_connection(request, version)

    @route('/websocket/health', type='http', auth='none', save_session=False)
    def health(self):
@ -26,31 +28,24 @@ class WebsocketController(Controller):
                   ('Cache-Control', 'no-store')]
        return request.make_response(data, headers)

-    @route('/websocket/peek_notifications', type='json', auth='public', cors='*')
+    @route('/websocket/peek_notifications', type='jsonrpc', auth='public', cors='*')
    def peek_notifications(self, channels, last, is_first_poll=False):
-        if not all(isinstance(c, str) for c in channels):
-            raise ValueError("bus.Bus only string channels are allowed.")
        if is_first_poll:
            # Used to detect when the current session is expired.
            request.session['is_websocket_session'] = True
        elif 'is_websocket_session' not in request.session:
            raise SessionExpiredException()
-        channels = list(set(
-            channel_with_db(request.db, c)
-            for c in request.env['ir.websocket']._build_bus_channel_list(channels)
-        ))
-        last_known_notification_id = request.env['bus.bus'].sudo().search([], limit=1, order='id desc').id or 0
-        if last > last_known_notification_id:
-            last = 0
-        notifications = request.env['bus.bus']._poll(channels, last)
-        return {'channels': channels, 'notifications': notifications}
+        subscribe_data = request.env["ir.websocket"]._prepare_subscribe_data(channels, last)
+        request.env["ir.websocket"]._after_subscribe_data(subscribe_data)
+        channels_with_db = [channel_with_db(request.db, c) for c in subscribe_data["channels"]]
+        notifications = request.env["bus.bus"]._poll(channels_with_db, subscribe_data["last"])
+        return {"channels": channels_with_db, "notifications": notifications}

-    @route('/websocket/update_bus_presence', type='json', auth='public', cors='*')
-    def update_bus_presence(self, inactivity_period, im_status_ids_by_model):
-        if 'is_websocket_session' not in request.session:
-            raise SessionExpiredException()
-        request.env['ir.websocket']._update_bus_presence(int(inactivity_period), im_status_ids_by_model)
-        return {}
+    @route("/websocket/on_closed", type="jsonrpc", auth="public", cors="*")
+    def on_websocket_closed(self):
+        """Manually notify the closure of a websocket, useful when implementing custom websocket code.
+        This is mainly used by Odoo.sh."""
+        request.env["ir.websocket"]._on_websocket_closed(request.cookies)

    @route('/bus/websocket_worker_bundle', type='http', auth='public', cors='*')
    def get_websocket_worker_bundle(self, v=None):  # pylint: disable=unused-argument
@ -58,10 +53,7 @@ class WebsocketController(Controller):
        :param str v: Version of the worker, frontend only argument used to
            prevent new worker versions to be loaded from the browser cache.
        """
-        bundle = 'bus.websocket_worker_assets'
-        files, _ = request.env["ir.qweb"]._get_asset_content(bundle)
-        asset = AssetsBundle(bundle, files)
-        stream = request.env['ir.binary']._get_stream_from(asset.js(
-            is_minified="assets" not in request.session.debug
-        ))
+        bundle_name = 'bus.websocket_worker_assets'
+        bundle = request.env["ir.qweb"]._get_asset_bundle(bundle_name, debug_assets="assets" in request.session.debug)
+        stream = request.env['ir.binary']._get_stream_from(bundle.js())
        return stream.get_response(content_security_policy=None)