19.0 vanilla

odoo-bringout-oca-ocb-auth_ldap/auth_ldap/models/res_users.py

@@ -3,41 +3,50 @@
 
 from odoo.exceptions import AccessDenied
 
-from odoo import api, models, registry, SUPERUSER_ID
+from odoo import api, models, SUPERUSER_ID
+from odoo.modules.registry import Registry
 
 
-class Users(models.Model):
+class ResUsers(models.Model):
     _inherit = "res.users"
 
-    @classmethod
-    def _login(cls, db, login, password, user_agent_env):
+    def _login(self, credential, user_agent_env):
         try:
-            return super(Users, cls)._login(db, login, password, user_agent_env=user_agent_env)
-        except AccessDenied as e:
-            with registry(db).cursor() as cr:
-                cr.execute("SELECT id FROM res_users WHERE lower(login)=%s", (login,))
-                res = cr.fetchone()
-                if res:
-                    raise e
-
-                env = api.Environment(cr, SUPERUSER_ID, {})
-                Ldap = env['res.company.ldap']
-                for conf in Ldap._get_ldap_dicts():
-                    entry = Ldap._authenticate(conf, login, password)
-                    if entry:
-                        return Ldap._get_or_create_user(conf, login, entry)
-                raise e
-
-    def _check_credentials(self, password, env):
-        try:
-            return super(Users, self)._check_credentials(password, env)
+            return super()._login(credential, user_agent_env=user_agent_env)
         except AccessDenied:
+            login = credential['login']
+            self.env.cr.execute("SELECT id FROM res_users WHERE lower(login)=%s", (login,))
+            res = self.env.cr.fetchone()
+            if res:
+                raise
+
+            Ldap = self.env['res.company.ldap'].sudo()
+            for conf in Ldap._get_ldap_dicts():
+                entry = Ldap._authenticate(conf, login, credential['password'])
+                if entry:
+                    return {
+                        'uid': Ldap._get_or_create_user(conf, login, entry),
+                        'auth_method': 'ldap',
+                        'mfa': 'default',
+                    }
+            raise
+
+    def _check_credentials(self, credential, env):
+        try:
+            return super()._check_credentials(credential, env)
+        except AccessDenied:
+            if not (credential['type'] == 'password' and credential.get('password')):
+                raise
             passwd_allowed = env['interactive'] or not self.env.user._rpc_api_keys_only()
             if passwd_allowed and self.env.user.active:
                 Ldap = self.env['res.company.ldap']
                 for conf in Ldap._get_ldap_dicts():
-                    if Ldap._authenticate(conf, self.env.user.login, password):
-                        return
+                    if Ldap._authenticate(conf, self.env.user.login, credential['password']):
+                        return {
+                            'uid': self.env.user.id,
+                            'auth_method': 'ldap',
+                            'mfa': 'default',
+                        }
             raise
 
     @api.model
@@ -49,7 +58,7 @@ class Users(models.Model):
                 if changed:
                     self.env.user._set_empty_password()
                     return True
-        return super(Users, self).change_password(old_passwd, new_passwd)
+        return super().change_password(old_passwd, new_passwd)
 
     def _set_empty_password(self):
         self.flush_recordset(['password'])