[FIX] compatibility between auth_openid and base_crypt

lp bug: https://launchpad.net/bugs/1026784 fixed bzr revid: api@openerp.com-20121115141954-axiv3hq7tg5jozox
2012-11-15 15:19:54 +01:00 · 2012-11-15 15:19:54 +01:00 · 374daa28b5
parent fd38df4da5
commit 374daa28b5
1 changed files with 19 additions and 3 deletions
--- a/addons/base_crypt/crypt.py
+++ b/addons/base_crypt/crypt.py
@ -43,6 +43,7 @@ import pooler
 from tools.translate import _
 from service import security
 import logging
+import pdb

 magic_md5 = '$1$'
 _logger = logging.getLogger(__name__)
@ -183,7 +184,8 @@ class users(osv.osv):
        cr = None
        try:
            cr = pooler.get_db(db).cursor()
-            return self._login(cr, db, login, password)
+            test = self._login(cr, db, login, password)
+            return test
        except Exception:
            _logger.exception('Cannot authenticate.')
            return Exception('Access denied.')
@ -201,7 +203,22 @@ class users(osv.osv):
            # Return early if no one has a login name like that.
            return False

-        print "<-------------------Helllo world------------------>"
+        cr.execute('SELECT id FROM ir_module_module WHERE name = \'auth_openid\' and state = \'installed\'')
+        if cr.rowcount:
+            cr.execute( 'SELECT password, id FROM res_users WHERE login=%s AND openid_key = %s AND active',
+            (login.encode('utf-8'),password.encode('utf-8')))
+            if cr.rowcount:
+                # Check if the encrypted password matches against the one in the db.
+                cr.execute("""UPDATE res_users
+                                SET login_date=now() AT TIME ZONE 'UTC'
+                                WHERE id=%s AND openid_key=%s AND active
+                                RETURNING id""", 
+                           (int(id), password.encode('utf-8')))
+                res = cr.fetchone()
+                cr.commit()
+            
+                if res:
+                    return res[0]

        stored_pw = self.maybe_encrypt(cr, stored_pw, id)

@ -235,7 +252,6 @@ class users(osv.osv):
        if not passwd:
            # empty passwords disallowed for obvious security reasons
            raise security.ExceptionNoTb('AccessDenied')
-
        # Get a chance to hash all passwords in db before using the uid_cache.
        obj = pooler.get_pool(db).get('res.users')
        if not hasattr(obj, "_salt_cache"):