Ported some authentication methods to the Session class
bzr revid: nicolas.vanhoren@openerp.com-20130805111250-ws23n3b6os54qsp3
This commit is contained in:
parent
85b2238472
commit
22c56b1dd8
|
@ -347,13 +347,7 @@ def make_conditional(response, last_modified=None, etag=None):
|
|||
return response.make_conditional(request.httprequest)
|
||||
|
||||
def login_and_redirect(db, login, key, redirect_url='/'):
|
||||
wsgienv = request.httprequest.environ
|
||||
env = dict(
|
||||
base_location=request.httprequest.url_root.rstrip('/'),
|
||||
HTTP_HOST=wsgienv['HTTP_HOST'],
|
||||
REMOTE_ADDR=wsgienv['REMOTE_ADDR'],
|
||||
)
|
||||
request.session.authenticate(db, login, key, env)
|
||||
request.session.authenticate(db, login, key)
|
||||
return set_cookie_and_redirect(redirect_url)
|
||||
|
||||
def set_cookie_and_redirect(redirect_url):
|
||||
|
@ -832,13 +826,7 @@ class Session(http.Controller):
|
|||
|
||||
@http.route('/web/session/authenticate', type='json', auth="none")
|
||||
def authenticate(self, db, login, password, base_location=None):
|
||||
wsgienv = request.httprequest.environ
|
||||
env = dict(
|
||||
base_location=base_location,
|
||||
HTTP_HOST=wsgienv['HTTP_HOST'],
|
||||
REMOTE_ADDR=wsgienv['REMOTE_ADDR'],
|
||||
)
|
||||
request.session.authenticate(db, login, password, env)
|
||||
request.session.authenticate(db, login, password)
|
||||
|
||||
return self.session_info()
|
||||
|
||||
|
|
|
@ -606,7 +606,7 @@ class OpenERPSession(werkzeug.contrib.sessions.Session):
|
|||
return self.__setitem__(k, v)
|
||||
object.__setattr__(self, k, v)
|
||||
|
||||
def authenticate(self, db, login=None, password=None, env=None, uid=None):
|
||||
def authenticate(self, db, login=None, password=None, uid=None):
|
||||
"""
|
||||
Authenticate the current user with the given db, login and password. If successful, store
|
||||
the authentication parameters in the current session and request.
|
||||
|
@ -615,7 +615,8 @@ class OpenERPSession(werkzeug.contrib.sessions.Session):
|
|||
"""
|
||||
|
||||
if uid is None:
|
||||
uid = openerp.netsvc.dispatch_rpc('common', 'authenticate', [db, login, password, env])
|
||||
uid = openerp.netsvc.dispatch_rpc('common', 'authenticate', [db, login, password,
|
||||
request.httprequest.environ])
|
||||
else:
|
||||
security.check(db, uid, password)
|
||||
self.db = db
|
||||
|
|
|
@ -14,27 +14,23 @@ if (!console) {
|
|||
|
||||
openerp.web.coresetup = function(instance) {
|
||||
|
||||
/*
|
||||
Some retro-compatibility.
|
||||
*/
|
||||
instance.web.JsonRPC = instance.web.Session;
|
||||
|
||||
/** Session openerp specific RPC class */
|
||||
instance.web.Session = instance.web.JsonRPC.extend( /** @lends instance.web.Session# */{
|
||||
instance.web.Session.include( /** @lends instance.web.Session# */{
|
||||
init: function() {
|
||||
this._super.apply(this, arguments);
|
||||
// TODO: session store in cookie should be optional
|
||||
this.name = instance._session_id;
|
||||
this.qweb_mutex = new $.Mutex();
|
||||
},
|
||||
rpc: function(url, params, options) {
|
||||
return this._super(url, params, options);
|
||||
},
|
||||
/**
|
||||
* Setup a sessionm
|
||||
*/
|
||||
session_bind: function(origin) {
|
||||
if (!_.isUndefined(this.origin)) {
|
||||
if (this.origin === origin) {
|
||||
return $.when();
|
||||
}
|
||||
throw new Error('Session already bound to ' + this.origin);
|
||||
}
|
||||
var self = this;
|
||||
this.setup(origin);
|
||||
instance.web.qweb.default_dict['_s'] = this.origin;
|
||||
|
@ -69,33 +65,6 @@ instance.web.Session = instance.web.JsonRPC.extend( /** @lends instance.web.Sess
|
|||
);
|
||||
});
|
||||
},
|
||||
/**
|
||||
* (re)loads the content of a session: db name, username, user id, session
|
||||
* context and status of the support contract
|
||||
*
|
||||
* @returns {$.Deferred} deferred indicating the session is done reloading
|
||||
*/
|
||||
session_reload: function () {
|
||||
var self = this;
|
||||
var def = $.when();
|
||||
if (this.override_session) {
|
||||
if (! this.session_id) {
|
||||
def = this.rpc("/gen_session_id", {}).then(function(result) {
|
||||
self.session_id = result;
|
||||
});
|
||||
}
|
||||
} else {
|
||||
this.session_id = this.get_cookie('session_id');
|
||||
}
|
||||
return def.then(function() {
|
||||
return self.rpc("/web/session/get_session_info", {});
|
||||
}).then(function(result) {
|
||||
// If immediately follows a login (triggered by trying to restore
|
||||
// an invalid session or no session at all), refresh session data
|
||||
// (should not change, but just in case...)
|
||||
_.extend(self, result);
|
||||
});
|
||||
},
|
||||
session_is_valid: function() {
|
||||
var db = $.deparam.querystring().db;
|
||||
if (db && this.db !== db) {
|
||||
|
@ -106,15 +75,9 @@ instance.web.Session = instance.web.JsonRPC.extend( /** @lends instance.web.Sess
|
|||
/**
|
||||
* The session is validated either by login or by restoration of a previous session
|
||||
*/
|
||||
session_authenticate: function(db, login, password, _volatile) {
|
||||
session_authenticate: function() {
|
||||
var self = this;
|
||||
var base_location = document.location.protocol + '//' + document.location.host;
|
||||
var params = { db: db, login: login, password: password, base_location: base_location };
|
||||
return this.rpc("/web/session/authenticate", params).then(function(result) {
|
||||
if (!result.uid) {
|
||||
return $.Deferred().reject();
|
||||
}
|
||||
_.extend(self, result);
|
||||
return $.when(this._super.apply(this, arguments)).then(function() {
|
||||
return self.load_modules();
|
||||
});
|
||||
},
|
||||
|
@ -550,6 +513,7 @@ instance.session = new instance.web.Session();
|
|||
|
||||
/** Configure default qweb */
|
||||
instance.web._t = new instance.web.TranslationDataBase().build_translation_function();
|
||||
instance.web._t = new instance.web.TranslationDataBase().build_translation_function();
|
||||
/**
|
||||
* Lazy translation function, only performs the translation when actually
|
||||
* printed (e.g. inserted into a template)
|
||||
|
|
|
@ -870,7 +870,7 @@ openerp.web.jsonpRpc = function(url, fct_name, params, settings) {
|
|||
});
|
||||
};
|
||||
|
||||
openerp.web.JsonRPC = openerp.web.Class.extend(openerp.web.PropertiesMixin, {
|
||||
openerp.web.Session = openerp.web.Class.extend(openerp.web.PropertiesMixin, {
|
||||
triggers: {
|
||||
'request': 'Request sent',
|
||||
'response': 'Response received',
|
||||
|
@ -878,29 +878,66 @@ openerp.web.JsonRPC = openerp.web.Class.extend(openerp.web.PropertiesMixin, {
|
|||
'error': 'The received response is an JSON-RPC error'
|
||||
},
|
||||
/**
|
||||
* @constructs openerp.web.JsonRPC
|
||||
*
|
||||
* @param {String} [server] JSON-RPC endpoint hostname
|
||||
* @param {String} [port] JSON-RPC endpoint port
|
||||
@constructs openerp.web.Session
|
||||
|
||||
@param parent The parent of the newly created object.
|
||||
@param {String} origin Url of the OpenERP server to contact with this session object
|
||||
or `null` if the server to contact is the origin server.
|
||||
@param {Dict} options A dictionary that can contain the following options:
|
||||
|
||||
* "override_session": Default to false. If true, the current session object will
|
||||
not try to re-use a previously created session id stored in a cookie.
|
||||
* "session_id": Default to null. If specified, the specified session_id will be used
|
||||
by this session object. Specifying this option automatically implies that the option
|
||||
"override_session" is set to true.
|
||||
*/
|
||||
init: function(parent, origin, options) {
|
||||
openerp.web.PropertiesMixin.init.call(this, parent);
|
||||
options = options || {};
|
||||
this.server = null;
|
||||
this.override_session = options.override_session || false;
|
||||
this.session_id = undefined;
|
||||
this.session_id = options.session_id || null;
|
||||
this.override_session = options.override_session || !!options.session_id || false;
|
||||
this.avoid_recursion = false;
|
||||
this.setup(origin);
|
||||
},
|
||||
setup: function(origin) {
|
||||
// must be able to customize server
|
||||
var window_origin = location.protocol + "//" + location.host;
|
||||
var self = this;
|
||||
this.origin = origin ? origin.replace( /\/+$/, '') : window_origin;
|
||||
origin = origin ? origin.replace( /\/+$/, '') : window_origin;
|
||||
if (!_.isUndefined(this.origin) && this.origin !== origin)
|
||||
throw new Error('Session already bound to ' + this.origin);
|
||||
else
|
||||
this.origin = origin;
|
||||
this.prefix = this.origin;
|
||||
this.server = this.origin; // keep chs happy
|
||||
this.origin_server = this.origin === window_origin;
|
||||
this.session_id = null;
|
||||
},
|
||||
/**
|
||||
* (re)loads the content of a session: db name, username, user id, session
|
||||
* context and status of the support contract
|
||||
*
|
||||
* @returns {$.Deferred} deferred indicating the session is done reloading
|
||||
*/
|
||||
session_reload: function () {
|
||||
var self = this;
|
||||
return self.rpc("/web/session/get_session_info", {}).then(function(result) {
|
||||
delete result.session_id;
|
||||
_.extend(self, result);
|
||||
});
|
||||
},
|
||||
/**
|
||||
* The session is validated either by login or by restoration of a previous session
|
||||
*/
|
||||
session_authenticate: function(db, login, password) {
|
||||
var self = this;
|
||||
var params = {db: db, login: login, password: password};
|
||||
return this.rpc("/web/session/authenticate", params).then(function(result) {
|
||||
if (!result.uid) {
|
||||
return $.Deferred().reject();
|
||||
}
|
||||
delete result.session_id;
|
||||
_.extend(self, result);
|
||||
});
|
||||
},
|
||||
check_session_id: function() {
|
||||
var self = this;
|
||||
|
|
|
@ -7,27 +7,27 @@ var openerp = ropenerp.declare($, _, QWeb2);
|
|||
ropenerp.testing.section('jsonrpc', {},
|
||||
function (test) {
|
||||
test('basic-jsonrpc', {asserts: 1}, function () {
|
||||
var session = new openerp.web.JsonRPC();
|
||||
var session = new openerp.web.Session();
|
||||
return session.rpc("/gen_session_id", {}).then(function(result) {
|
||||
ok(result.length > 0, "Result returned by /gen_session_id");
|
||||
});
|
||||
});
|
||||
test('basic-jsonprpc', {asserts: 1}, function () {
|
||||
var session = new openerp.web.JsonRPC();
|
||||
var session = new openerp.web.Session();
|
||||
session.origin_server = false;
|
||||
return session.rpc("/gen_session_id", {}).then(function(result) {
|
||||
ok(result.length > 0, "Result returned by /gen_session_id");
|
||||
});
|
||||
});
|
||||
test('basic-jsonprpc2', {asserts: 1}, function () {
|
||||
var session = new openerp.web.JsonRPC();
|
||||
var session = new openerp.web.Session();
|
||||
session.origin_server = false;
|
||||
return session.rpc("/gen_session_id", {}, {force2step: true}).then(function(result) {
|
||||
ok(result.length > 0, "Result returned by /gen_session_id");
|
||||
});
|
||||
});
|
||||
test('session-jsonrpc', {asserts: 2}, function () {
|
||||
var session = new openerp.web.JsonRPC();
|
||||
var session = new openerp.web.Session();
|
||||
var tmp = _.uniqueId("something");
|
||||
return session.rpc("/web/tests/set_session_value", {value: tmp}).then(function() {
|
||||
ok(true, "set_session returned");
|
||||
|
@ -37,7 +37,7 @@ function (test) {
|
|||
});
|
||||
});
|
||||
test('session-jsonprpc', {asserts: 2}, function () {
|
||||
var session = new openerp.web.JsonRPC();
|
||||
var session = new openerp.web.Session();
|
||||
session.origin_server = false;
|
||||
var tmp = _.uniqueId("something");
|
||||
return session.rpc("/web/tests/set_session_value", {value: tmp}).then(function() {
|
||||
|
@ -48,7 +48,7 @@ function (test) {
|
|||
});
|
||||
});
|
||||
test('session-jsonprpc2', {asserts: 2}, function () {
|
||||
var session = new openerp.web.JsonRPC();
|
||||
var session = new openerp.web.Session();
|
||||
session.origin_server = false;
|
||||
var tmp = _.uniqueId("something");
|
||||
return session.rpc("/web/tests/set_session_value", {value: tmp}, {force2step: true}).then(function() {
|
||||
|
@ -59,9 +59,9 @@ function (test) {
|
|||
});
|
||||
});
|
||||
test('overridesession-jsonrpc', {asserts: 4}, function () {
|
||||
var origin_session = new openerp.web.JsonRPC();
|
||||
var origin_session = new openerp.web.Session();
|
||||
var origin_tmp = _.uniqueId("something");
|
||||
var session = new openerp.web.JsonRPC(null, null, {override_session: true});
|
||||
var session = new openerp.web.Session(null, null, {override_session: true});
|
||||
var tmp = _.uniqueId("something_else");
|
||||
return session.rpc("/web/tests/set_session_value", {value: tmp}).then(function() {
|
||||
ok(true, "set_session returned");
|
||||
|
@ -75,9 +75,9 @@ function (test) {
|
|||
});
|
||||
});
|
||||
test('overridesession-jsonprpc', {asserts: 4}, function () {
|
||||
var origin_session = new openerp.web.JsonRPC();
|
||||
var origin_session = new openerp.web.Session();
|
||||
var origin_tmp = _.uniqueId("something");
|
||||
var session = new openerp.web.JsonRPC(null, null, {override_session: true});
|
||||
var session = new openerp.web.Session(null, null, {override_session: true});
|
||||
var tmp = _.uniqueId("something_else");
|
||||
session.origin_server = false;
|
||||
return session.rpc("/web/tests/set_session_value", {value: tmp}).then(function() {
|
||||
|
@ -92,9 +92,9 @@ function (test) {
|
|||
});
|
||||
});
|
||||
test('overridesession-jsonprpc2', {asserts: 4}, function () {
|
||||
var origin_session = new openerp.web.JsonRPC();
|
||||
var origin_session = new openerp.web.Session();
|
||||
var origin_tmp = _.uniqueId("something");
|
||||
var session = new openerp.web.JsonRPC(null, null, {override_session: true});
|
||||
var session = new openerp.web.Session(null, null, {override_session: true});
|
||||
var tmp = _.uniqueId("something_else");
|
||||
session.origin_server = false;
|
||||
return session.rpc("/web/tests/set_session_value", {value: tmp}, {force2step: true}).then(function() {
|
||||
|
|
Loading…
Reference in New Issue