19.0 vanilla

odoo-bringout-oca-ocb-auth_signup/auth_signup/controllers/main.py

@@ -7,10 +7,14 @@ from werkzeug.urls import url_encode
 from odoo import http, tools, _
 from odoo.addons.auth_signup.models.res_users import SignupError
 from odoo.addons.web.controllers.home import ensure_db, Home, SIGN_UP_REQUEST_PARAMS, LOGIN_SUCCESSFUL_PARAMS
+from odoo.addons.web.models.res_users import SKIP_CAPTCHA_LOGIN
 from odoo.addons.base_setup.controllers.main import BaseSetup
 from odoo.exceptions import UserError
+from odoo.tools.translate import LazyTranslate
 from odoo.http import request
+from markupsafe import Markup
 
+_lt = LazyTranslate(__name__)
 _logger = logging.getLogger(__name__)
 
 LOGIN_SUCCESSFUL_PARAMS.add('account_created')
@@ -32,7 +36,7 @@ class AuthSignupHome(Home):
                 return request.redirect_query('/web/login_successful', query={'account_created': True})
         return response
 
-    @http.route('/web/signup', type='http', auth='public', website=True, sitemap=False)
+    @http.route('/web/signup', type='http', auth='public', website=True, sitemap=False, captcha='signup', list_as_website_content=_lt("Sign Up"))
     def web_auth_signup(self, *args, **kw):
         qcontext = self.get_auth_signup_qcontext()
 
@@ -41,9 +45,14 @@ class AuthSignupHome(Home):
 
         if 'error' not in qcontext and request.httprequest.method == 'POST':
             try:
-                if not request.env['ir.http']._verify_request_recaptcha_token('signup'):
-                    raise UserError(_("Suspicious activity detected by Google reCaptcha."))
                 self.do_signup(qcontext)
+
+                # Set user to public if they were not signed in by do_signup
+                # (mfa enabled)
+                if request.session.uid is None:
+                    public_user = request.env.ref('base.public_user')
+                    request.update_env(user=public_user)
+
                 # Send an account creation confirmation email
                 User = request.env['res.users']
                 user_sudo = User.sudo().search(
@@ -52,15 +61,18 @@ class AuthSignupHome(Home):
                 template = request.env.ref('auth_signup.mail_template_user_signup_account_created', raise_if_not_found=False)
                 if user_sudo and template:
                     template.sudo().send_mail(user_sudo.id, force_send=True)
+                request.update_context(skip_captcha_login=SKIP_CAPTCHA_LOGIN)
                 return self.web_login(*args, **kw)
             except UserError as e:
                 qcontext['error'] = e.args[0]
             except (SignupError, AssertionError) as e:
-                if request.env["res.users"].sudo().search([("login", "=", qcontext.get("login"))]):
+                User = request.env['res.users']
+                if User.sudo().with_context(active_test=False).\
+                        search_count(User._get_login_domain(qcontext.get('login')), limit=1):
                     qcontext["error"] = _("Another user is already registered using this email address.")
                 else:
-                    _logger.error("%s", e)
-                    qcontext['error'] = _("Could not create a new account.")
+                    _logger.warning("%s", e)
+                    qcontext['error'] = _("Could not create a new account.") + Markup('<br/>') + str(e)
 
         elif 'signup_email' in qcontext:
             user = request.env['res.users'].sudo().search([('email', '=', qcontext.get('signup_email')), ('state', '!=', 'new')], limit=1)
@@ -72,7 +84,7 @@ class AuthSignupHome(Home):
         response.headers['Content-Security-Policy'] = "frame-ancestors 'self'"
         return response
 
-    @http.route('/web/reset_password', type='http', auth='public', website=True, sitemap=False)
+    @http.route('/web/reset_password', type='http', auth='public', website=True, sitemap=False, captcha='password_reset', list_as_website_content=_lt("Reset Password"))
     def web_auth_reset_password(self, *args, **kw):
         qcontext = self.get_auth_signup_qcontext()
 
@@ -81,11 +93,10 @@ class AuthSignupHome(Home):
 
         if 'error' not in qcontext and request.httprequest.method == 'POST':
             try:
-                if not request.env['ir.http']._verify_request_recaptcha_token('password_reset'):
-                    raise UserError(_("Suspicious activity detected by Google reCaptcha."))
                 if qcontext.get('token'):
-                    self.do_signup(qcontext)
-                    return self.web_login(*args, **kw)
+                    self.do_signup(qcontext, do_login=False)
+                    request.update_context(skip_captcha_login=SKIP_CAPTCHA_LOGIN)
+                    qcontext['message'] = _("Your password has been reset successfully.")
                 else:
                     login = qcontext.get('login')
                     assert login, _("No login provided.")
@@ -93,7 +104,7 @@ class AuthSignupHome(Home):
                         "Password reset attempt for <%s> by user <%s> from %s",
                         login, request.env.user.login, request.httprequest.remote_addr)
                     request.env['res.users'].sudo().reset_password(login)
-                    qcontext['message'] = _("Password reset instructions sent to your email")
+                    qcontext['message'] = _("Password reset instructions sent to your email address.")
             except UserError as e:
                 qcontext['error'] = e.args[0]
             except SignupError:
@@ -131,7 +142,7 @@ class AuthSignupHome(Home):
         if qcontext.get('token'):
             try:
                 # retrieve the user info (name, login or email) corresponding to a signup token
-                token_infos = request.env['res.partner'].sudo().signup_retrieve_info(qcontext.get('token'))
+                token_infos = request.env['res.partner'].sudo()._signup_retrieve_info(qcontext.get('token'))
                 for k, v in token_infos.items():
                     qcontext.setdefault(k, v)
             except:
@@ -146,26 +157,25 @@ class AuthSignupHome(Home):
         if values.get('password') != qcontext.get('confirm_password'):
             raise UserError(_("Passwords do not match; please retype them."))
         supported_lang_codes = [code for code, _ in request.env['res.lang'].get_installed()]
-        lang = request.context.get('lang', '')
+        lang = request.env.context.get('lang', '')
         if lang in supported_lang_codes:
             values['lang'] = lang
         return values
 
-    def do_signup(self, qcontext):
+    def do_signup(self, qcontext, do_login=True):
         """ Shared helper that creates a res.partner out of a token """
         values = self._prepare_signup_values(qcontext)
-        self._signup_with_values(qcontext.get('token'), values)
+        self._signup_with_values(qcontext.get('token'), values, do_login)
         request.env.cr.commit()
 
-    def _signup_with_values(self, token, values):
+    def _signup_with_values(self, token, values, do_login):
         login, password = request.env['res.users'].sudo().signup(values, token)
-        request.env.cr.commit()     # as authenticate will use its own cursor we need to commit the current transaction
-        pre_uid = request.session.authenticate(request.db, login, password)
-        if not pre_uid:
-            raise SignupError(_('Authentication Failed.'))
+        credential = {'login': login, 'password': password, 'type': 'password'}
+        if do_login:
+            request.session.authenticate(request.env, credential)
 
 class AuthBaseSetup(BaseSetup):
-    @http.route('/base_setup/data', type='json', auth='user')
+    @http.route()
     def base_setup_data(self, **kwargs):
         res = super().base_setup_data(**kwargs)
         res.update({'resend_invitation': True})