diff --git a/addons/im/im.py b/addons/im/im.py
index 4a867789cbc..505ca3627b6 100644
--- a/addons/im/im.py
+++ b/addons/im/im.py
@@ -101,17 +101,19 @@ class LongPollingController(http.Controller):
raise Exception("Not usable in a server not running gevent")
from openerp.addons.im.watcher import ImWatcher
if db is not None:
- request.session.authenticate(db=db, uid=uid, password=password)
+ openerp.service.security.check(db, uid, password)
else:
- request.session.authenticate(db=request.session._db, uid=request.session._uid, password=request.session._password)
+ uid = request.session.uid
+ db = request.session.db
- with request.registry.cursor() as cr:
- request.registry.get('im.user').im_connect(cr, request.uid, uuid=uuid, context=request.context)
- my_id = request.registry.get('im.user').get_by_user_id(cr, request.uid, uuid or request.session._uid, request.context)["id"]
+ registry = openerp.modules.registry.RegistryManager.get(db)
+ with registry.cursor() as cr:
+ registry.get('im.user').im_connect(cr, uid, uuid=uuid, context=request.context)
+ my_id = registry.get('im.user').get_by_user_id(cr, uid, uuid or uid, request.context)["id"]
num = 0
while True:
- with request.registry.cursor() as cr:
- res = request.registry.get('im.message').get_messages(cr, request.uid, last, users_watch, uuid=uuid, context=request.context)
+ with registry.cursor() as cr:
+ res = registry.get('im.message').get_messages(cr, uid, last, users_watch, uuid=uuid, context=request.context)
if num >= 1 or len(res["res"]) > 0:
return res
last = res["last"]
diff --git a/addons/im_livechat/im_livechat.py b/addons/im_livechat/im_livechat.py
index adceebc7cba..b68a0079c3a 100644
--- a/addons/im_livechat/im_livechat.py
+++ b/addons/im_livechat/im_livechat.py
@@ -37,36 +37,45 @@ env.filters["json"] = json.dumps
class LiveChatController(http.Controller):
- @http.route('/im_livechat/loader')
+ def _auth(self, db):
+ reg = openerp.modules.registry.RegistryManager.get(db)
+ uid = openerp.netsvc.dispatch_rpc('common', 'authenticate', [db, "anonymous", "anonymous", None])
+ return reg, uid
+
+ @http.route('/im_livechat/loader', auth="none")
def loader(self, **kwargs):
p = json.loads(kwargs["p"])
db = p["db"]
channel = p["channel"]
user_name = p.get("user_name", None)
- request.session.authenticate(db=db, login="anonymous", password="anonymous")
- info = request.session.model('im_livechat.channel').get_info_for_chat_src(channel)
- info["db"] = db
- info["channel"] = channel
- info["userName"] = user_name
- return request.make_response(env.get_template("loader.js").render(info),
- headers=[('Content-Type', "text/javascript")])
- @http.route('/im_livechat/web_page')
+ reg, uid = self._auth(db)
+ with reg.cursor() as cr:
+ info = reg.get('im_livechat.channel').get_info_for_chat_src(cr, uid, channel)
+ info["db"] = db
+ info["channel"] = channel
+ info["userName"] = user_name
+ return request.make_response(env.get_template("loader.js").render(info),
+ headers=[('Content-Type', "text/javascript")])
+
+ @http.route('/im_livechat/web_page', auth="none")
def web_page(self, **kwargs):
p = json.loads(kwargs["p"])
db = p["db"]
channel = p["channel"]
- request.session.authenticate(db=db, login="anonymous", password="anonymous")
- script = request.session.model('im_livechat.channel').read(channel, ["script"])["script"]
- info = request.session.model('im_livechat.channel').get_info_for_chat_src(channel)
- info["script"] = script
- return request.make_response(env.get_template("web_page.html").render(info),
- headers=[('Content-Type', "text/html")])
+ reg, uid = self._auth(db)
+ with reg.cursor() as cr:
+ script = reg.get('im_livechat.channel').read(cr, uid, channel, ["script"])["script"]
+ info = reg.get('im_livechat.channel').get_info_for_chat_src(cr, uid, channel)
+ info["script"] = script
+ return request.make_response(env.get_template("web_page.html").render(info),
+ headers=[('Content-Type', "text/html")])
- @http.route('/im_livechat/available', type='json')
+ @http.route('/im_livechat/available', type='json', auth="none")
def available(self, db, channel):
- request.session.authenticate(db=db, login="anonymous", password="anonymous")
- return request.session.model('im_livechat.channel').get_available_user(channel) > 0
+ reg, uid = self._auth(db)
+ with reg.cursor() as cr:
+ return reg.get('im_livechat.channel').get_available_user(cr, uid, channel) > 0
class im_livechat_channel(osv.osv):
_name = 'im_livechat.channel'
diff --git a/addons/point_of_sale/controllers/main.py b/addons/point_of_sale/controllers/main.py
index b189c8f204a..a4a06e94eaa 100644
--- a/addons/point_of_sale/controllers/main.py
+++ b/addons/point_of_sale/controllers/main.py
@@ -14,9 +14,7 @@ class PointOfSaleController(openerp.addons.web.http.Controller):
js = "\n ".join('' % i for i in manifest_list(req, None, 'js'))
css = "\n ".join('' % i for i in manifest_list(req, None, 'css'))
- cookie = req.httprequest.cookies.get("instance0|session_id")
- session_id = cookie.replace("%22","")
- template = html_template.replace('