oca/oca-server-auth
2
0
Fork 0
mirror of https://github.com/bringout/oca-server-auth.git synced 2026-04-18 14:32:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
oca-server-auth/odoo-bringout-oca-server-auth-password_security/password_security/controllers/main.py
Ernad Husremovic 3ed80311c4 Initial commit: OCA Server Auth packages (29 packages)
2025-08-29 15:43:06 +02:00

67 lines
2.5 KiB
Python
Raw Blame History

# Copyright 2015 LasLabs Inc.
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
import logging
from werkzeug.exceptions import BadRequest
from odoo import http
from odoo.http import request
from odoo.addons.auth_signup.controllers.main import AuthSignupHome
from odoo.addons.web.controllers.home import ensure_db
_logger = logging.getLogger(__name__)
class PasswordSecurityHome(AuthSignupHome):
def do_signup(self, qcontext):
password = qcontext.get("password")
# If 2FA is activated, request.env.user is not updated to the logged-in user
# at this point. In order to do _check_password on the correct user we
# search by login.
user = (
request.env.user.search([("login", "=", qcontext.get("login"))])
or request.env.user
)
user._check_password(password)
return super(PasswordSecurityHome, self).do_signup(qcontext)
@http.route()
def web_login(self, *args, **kw):
ensure_db()
response = super(PasswordSecurityHome, self).web_login(*args, **kw)
if not request.params.get("login_success"):
return response
if not request.env.user:
return response
# Now, I'm an authenticated user
if not request.env.user._password_has_expired():
return response
# My password is expired, kick me out
request.env.user.action_expire_password()
request.session.logout(keep_db=True)
# I was kicked out, so set login_success in request params to False
request.params["login_success"] = False
redirect = request.env.user.partner_id.signup_url
return request.redirect(redirect)
@http.route()
def web_auth_signup(self, *args, **kw):
"""Try to catch all the possible exceptions not already handled in the parent method"""
try:
qcontext = self.get_auth_signup_qcontext()
except Exception:
raise BadRequest from None # HTTPError: 400 Client Error: BAD REQUEST
try:
return super(PasswordSecurityHome, self).web_auth_signup(*args, **kw)
except Exception as e:
# Here we catch any generic exception since UserError is already
# handled in parent method web_auth_signup()
qcontext["error"] = str(e)
response = request.render("auth_signup.signup", qcontext)
response.headers["X-Frame-Options"] = "SAMEORIGIN"
response.headers["Content-Security-Policy"] = "frame-ancestors 'self'"
return response
Reference in a new issue View git blame Copy permalink