From 7655344ec534467b68e0f9bdd78ebcd46efc29b3 Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Thu, 20 Sep 2012 09:45:14 +0200 Subject: [PATCH 01/73] [FIX] auth_signup: fix reference to template user for signup bzr revid: rco@openerp.com-20120920074514-en23fuwudyn2zxjx --- addons/auth_signup/res_users.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/auth_signup/res_users.py b/addons/auth_signup/res_users.py index 5f6463508b6..ca778d68173 100644 --- a/addons/auth_signup/res_users.py +++ b/addons/auth_signup/res_users.py @@ -14,7 +14,7 @@ class res_users(osv.Model): # groups (optional) # sign (for partner_id and groups) # - user_template_id = self.pool.get('ir.config_parameter').get_param(cr, uid, 'auth.signup_template_user_id', 0) + user_template_id = self.pool.get('ir.config_parameter').get_param(cr, uid, 'auth_signup.template_user_id', 0) if user_template_id: self.pool.get('res.users').copy(cr, SUPERUSER_ID, user_template_id, new_user, context=context) else: From 7873305eb1050444330e77e99344929c7a5a8891 Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Fri, 21 Sep 2012 12:42:37 +0200 Subject: [PATCH 02/73] [IMP] auth_signup: define new model and methods for signup bzr revid: rco@openerp.com-20120921104237-krjff0k8lvhric8c --- addons/auth_signup/res_config.py | 4 +- addons/auth_signup/res_config.xml | 4 +- addons/auth_signup/res_users.py | 121 +++++++++++++++++++++++++++++- 3 files changed, 126 insertions(+), 3 deletions(-) diff --git a/addons/auth_signup/res_config.py b/addons/auth_signup/res_config.py index 8bfe1fc3ddb..36732d439f5 100644 --- a/addons/auth_signup/res_config.py +++ b/addons/auth_signup/res_config.py @@ -32,10 +32,12 @@ class base_config_settings(osv.TransientModel): def get_default_auth_signup_template_user_id(self, cr, uid, fields, context=None): icp = self.pool.get('ir.config_parameter') return { - 'auth_signup_template_user_id': icp.get_param(cr, uid, 'auth_signup.template_user_id', 0) or False + 'auth_signup_uninvited': icp.get_param(cr, uid, 'auth_signup.allow_uninvited', False), + 'auth_signup_template_user_id': icp.get_param(cr, uid, 'auth_signup.template_user_id', False), } def set_auth_signup_template_user_id(self, cr, uid, ids, context=None): config = self.browse(cr, uid, ids[0], context=context) icp = self.pool.get('ir.config_parameter') + icp.set_param(cr, uid, 'auth_signup.allow_uninvited', config.auth_signup_uninvited) icp.set_param(cr, uid, 'auth_signup.template_user_id', config.auth_signup_template_user_id.id) diff --git a/addons/auth_signup/res_config.xml b/addons/auth_signup/res_config.xml index c17634ececb..9d3eb4eaa5a 100644 --- a/addons/auth_signup/res_config.xml +++ b/addons/auth_signup/res_config.xml @@ -14,7 +14,9 @@
diff --git a/addons/auth_signup/res_users.py b/addons/auth_signup/res_users.py index ca778d68173..636763e5ca9 100644 --- a/addons/auth_signup/res_users.py +++ b/addons/auth_signup/res_users.py @@ -1,6 +1,125 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# OpenERP, Open Source Management Solution +# Copyright (C) 2012-today OpenERP SA () +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see +# +############################################################################## + import openerp -from openerp.osv import osv +from openerp.osv import osv, fields from openerp import SUPERUSER_ID +from openerp.tools.misc import DEFAULT_SERVER_DATETIME_FORMAT + +import time +import random +import urlparse + +def random_token(): + # the token has an entropy of 120 bits (6 bits/char * 20 chars) + chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' + return ''.join(random.choice(chars) for i in xrange(20)) + +def now(): + return time.strftime(DEFAULT_SERVER_DATETIME_FORMAT) + + +class res_partner(osv.Model): + _inherit = 'res.partner' + _columns = { + 'signup_token': fields.char(size=24, string='Signup Ticket'), + 'signup_expiration': fields.datetime(string='Signup Expiration'), + } + + def signup_generate_token(self, cr, uid, partner_id, context=None): + """ generate a new token for a partner, and return it + :param partner_id: the partner id + :param expiration: the expiration datetime of the token (string, optional) + :return: the token (string) + """ + # generate a unique token + token = random_token() + while self.signup_retrieve_partner(cr, uid, token, context): + token = random_token() + self.write(cr, uid, [partner_id], {'signup_token': token, 'signup_expiration': expiration}, context=context) + return token + + def signup_retrieve_partner(self, cr, uid, token, raise_exception=False, context=None): + """ find the partner corresponding to a token, and return its partner id or False """ + partner_ids = self.search(cr, uid, [('signup_token', '=', token)], context=context) + return partner_ids and partner_ids[0] or False + + def signup_get_url(self, cr, uid, partner_id, context): + """ determine a url for the partner_id to sign up """ + base_url = self.pool.get('ir.config_parameter').get_param(cr, uid, 'web.base.url') + token = self.browse(cr, uid, partner_id, context).signup_token + if not token: + token = self.signup_generate_token(cr, uid, partner_id, context=context) + return urlparse.urljoin(base_url, '/login?db=%s#action=signup&token=%s' % (cr.dbname, token)) + + def signup(self, cr, values, token=None, context=None): + """ signup a user, to either: + - create a new user (no token), or + - create a user for a partner (with token, but no user for partner), or + - change the password of a user (with token, and existing user). + :param values: a dictionary with field values + :param token: signup token (optional) + :return: the uid of the signed up user + """ + # signup the user, then log in (for setting properly the login_date) + assert values.get('login') and values.get('password') + uid = self._signup_user(cr, values, token, context) + return self.login(cr.dbname, values['login'], values['password']) + + def _signup_user(self, cr, values, token=None, context=None): + ir_config_parameter = self.pool.get('ir.config_parameter') + values.update({'signup_token': False, 'signup_expiration': False}) + + if token: + # signup with a token: find the corresponding partner id + partner_id = self.signup_retrieve_partner(cr, SUPERUSER_ID, token, context=None) + if not partner_id: + raise Exception('Signup token is not valid') + partner = self.browse(cr, SUPERUSER_ID, partner_id, context) + if partner.signup_expiration and partner.signup_expiration < now(): + raise Exception('Signup token is no longer valid') + assert values['login'] == partner.email + + # if user exists, modify its password + if partner.user_ids: + user = partner.user_ids[0] + user.write(values) + return user.id + + # user does not exist: connect the new user to the partner + values.update({'name': partner.name, 'partner_id': partner.id}) + + else: + # check whether uninvited users may sign up + if not ir_config_parameter.get_param(cr, SUPERUSER_ID, 'auth_signup.allow_uninvited', False): + raise Exception('Signup is not allowed for uninvited users') + + # create a new user + assert values.get('name') + values['email'] = values['login'] + template_user_id = ir_config_parameter.get_param(cr, SUPERUSER_ID, 'auth_signup.template_user_id') + assert template_user_id, 'Signup: missing template user' + return self.pool.get('res.users').copy(cr, SUPERUSER_ID, template_user_id, data, context=context) + + class res_users(osv.Model): _inherit = 'res.users' From d19ea766fa0499f5905c15894cf8e0615c1555d6 Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Mon, 24 Sep 2012 10:26:09 +0200 Subject: [PATCH 03/73] [IMP] auth_signup: improve API and implementation of signup bzr revid: rco@openerp.com-20120924082609-75dnuzwrlhtvafh4 --- addons/auth_signup/res_users.py | 65 ++++++++++++++++++++------------- 1 file changed, 39 insertions(+), 26 deletions(-) diff --git a/addons/auth_signup/res_users.py b/addons/auth_signup/res_users.py index 636763e5ca9..f37c547ad8c 100644 --- a/addons/auth_signup/res_users.py +++ b/addons/auth_signup/res_users.py @@ -77,47 +77,60 @@ class res_partner(osv.Model): - change the password of a user (with token, and existing user). :param values: a dictionary with field values :param token: signup token (optional) - :return: the uid of the signed up user + :return: (dbname, login, password) for the signed up user """ - # signup the user, then log in (for setting properly the login_date) assert values.get('login') and values.get('password') - uid = self._signup_user(cr, values, token, context) - return self.login(cr.dbname, values['login'], values['password']) - - def _signup_user(self, cr, values, token=None, context=None): - ir_config_parameter = self.pool.get('ir.config_parameter') - values.update({'signup_token': False, 'signup_expiration': False}) + result = (cr.dbname, values['login'], values['password']) if token: # signup with a token: find the corresponding partner id - partner_id = self.signup_retrieve_partner(cr, SUPERUSER_ID, token, context=None) + partner_id = self.signup_retrieve_partner(cr, uid, token, context=None) if not partner_id: raise Exception('Signup token is not valid') - partner = self.browse(cr, SUPERUSER_ID, partner_id, context) + partner = self.browse(cr, uid, partner_id, context) if partner.signup_expiration and partner.signup_expiration < now(): raise Exception('Signup token is no longer valid') - assert values['login'] == partner.email - # if user exists, modify its password if partner.user_ids: - user = partner.user_ids[0] - user.write(values) - return user.id + # user exists, modify its password and clear token + partner.user_ids[0].write({ + 'password': values['password'], + 'signup_token': False, + 'signup_expiration': False, + }) + else: + # user does not exist: sign up invited user + self._signup_create_user(cr, uid, { + 'name': partner.name, + 'login': values['login'], + 'password': values['password'], + 'email': values['login'], + 'partner_id': partner.id, + }, token=token, context=context) - # user does not exist: connect the new user to the partner - values.update({'name': partner.name, 'partner_id': partner.id}) + return result - else: - # check whether uninvited users may sign up - if not ir_config_parameter.get_param(cr, SUPERUSER_ID, 'auth_signup.allow_uninvited', False): - raise Exception('Signup is not allowed for uninvited users') + # sign up an external user + assert values.get('name'), 'Signup: no name given for new user' + self._signup_create_user(cr, uid, { + 'name': values['name'], + 'login': values['login'], + 'password': values['password'], + 'email': values['login'], + }, context=context) + return result - # create a new user - assert values.get('name') - values['email'] = values['login'] - template_user_id = ir_config_parameter.get_param(cr, SUPERUSER_ID, 'auth_signup.template_user_id') + def _signup_create_user(self, cr, uid, values, token=None, context=None): + """ create a new user from the template user """ + # check that uninvited users may sign up + ir_config_parameter = self.pool.get('ir.config_parameter') + if token and not ir_config_parameter.get_param(cr, uid, 'auth_signup.allow_uninvited', False): + raise Exception('Signup is not allowed for uninvited users') + + template_user_id = ir_config_parameter.get_param(cr, uid, 'auth_signup.template_user_id') assert template_user_id, 'Signup: missing template user' - return self.pool.get('res.users').copy(cr, SUPERUSER_ID, template_user_id, data, context=context) + values['active'] = True + return self.pool.get('res.users').copy(cr, uid, template_user_id, values, context=context) From aceae3501efeece3366db5a478bf450067e37301 Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Tue, 25 Sep 2012 12:40:13 +0200 Subject: [PATCH 04/73] [IMP] auth_signup: extend the login form to allow signups bzr revid: rco@openerp.com-20120925104013-f2vfqcjknx7zyo26 --- addons/auth_signup/controllers/main.py | 49 +++++-- addons/auth_signup/res_users.py | 121 ++++++++---------- .../auth_signup/static/src/js/auth_signup.js | 104 ++++++++------- .../static/src/xml/auth_signup.xml | 43 +++---- 4 files changed, 172 insertions(+), 145 deletions(-) diff --git a/addons/auth_signup/controllers/main.py b/addons/auth_signup/controllers/main.py index 821ef44f459..343c660ff7d 100644 --- a/addons/auth_signup/controllers/main.py +++ b/addons/auth_signup/controllers/main.py @@ -1,25 +1,58 @@ -import logging - -import werkzeug.urls +# -*- coding: utf-8 -*- +############################################################################## +# +# OpenERP, Open Source Management Solution +# Copyright (C) 2012-today OpenERP SA () +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see +# +############################################################################## +from openerp import SUPERUSER_ID from openerp.modules.registry import RegistryManager from openerp.addons.web.controllers.main import login_and_redirect import openerp.addons.web.common.http as openerpweb -from openerp import SUPERUSER_ID +import werkzeug + +import logging _logger = logging.getLogger(__name__) -class OpenIDController(openerpweb.Controller): +class Controller(openerpweb.Controller): _cp_path = '/auth_signup' + @openerpweb.jsonrequest + def retrieve(self, req, dbname, token): + """ retrieve the user info (name, login or email) corresponding to a signup token """ + registry = RegistryManager.get(dbname) + user_info = None + with registry.cursor() as cr: + res_partner = registry.get('res.partner') + user_info = res_partner.signup_retrieve_info(cr, SUPERUSER_ID, token) + user_info.update(db=dbname, token=token) + return user_info + @openerpweb.httprequest - def signup(self, req, dbname, name, login, password): + def signup(self, req, dbname, token, name, login, password): + """ sign up a user (new or existing), and log it in """ url = '/' registry = RegistryManager.get(dbname) with registry.cursor() as cr: try: - Users = registry.get('res.users') - credentials = Users.auth_signup(cr, SUPERUSER_ID, name, login, password) + res_users = registry.get('res.users') + values = {'name': name, 'login': login, 'password': password} + credentials = res_users.signup(cr, SUPERUSER_ID, values, token) cr.commit() return login_and_redirect(req, *credentials) except AttributeError: diff --git a/addons/auth_signup/res_users.py b/addons/auth_signup/res_users.py index f37c547ad8c..600ed9c000e 100644 --- a/addons/auth_signup/res_users.py +++ b/addons/auth_signup/res_users.py @@ -29,8 +29,8 @@ import random import urlparse def random_token(): - # the token has an entropy of 120 bits (6 bits/char * 20 chars) - chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' + # the token has an entropy of about 120 bits (6 bits/char * 20 chars) + chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789' return ''.join(random.choice(chars) for i in xrange(20)) def now(): @@ -39,12 +39,25 @@ def now(): class res_partner(osv.Model): _inherit = 'res.partner' + + def signup_get_url(self, cr, uid, partner_ids, name, arg, context=None): + """ determine a url for the partner_id to sign up """ + base_url = self.pool.get('ir.config_parameter').get_param(cr, uid, 'web.base.url') + res = {} + for partner in self.browse(cr, uid, partner_ids, context): + token = partner.signup_token + if not token: + token = self._signup_generate_token(cr, uid, partner.id, context=context) + res[partner.id] = urlparse.urljoin(base_url, '#action=login&db=%s&token=%s' % (cr.dbname, token)) + return res + _columns = { 'signup_token': fields.char(size=24, string='Signup Ticket'), 'signup_expiration': fields.datetime(string='Signup Expiration'), + 'signup_url': fields.function(signup_get_url, type='char', string='Signup URL'), } - def signup_generate_token(self, cr, uid, partner_id, context=None): + def _signup_generate_token(self, cr, uid, partner_id, expiration=False, context=None): """ generate a new token for a partner, and return it :param partner_id: the partner id :param expiration: the expiration datetime of the token (string, optional) @@ -52,25 +65,45 @@ class res_partner(osv.Model): """ # generate a unique token token = random_token() - while self.signup_retrieve_partner(cr, uid, token, context): + while self._signup_retrieve_partner(cr, uid, token, context=context): token = random_token() self.write(cr, uid, [partner_id], {'signup_token': token, 'signup_expiration': expiration}, context=context) return token - def signup_retrieve_partner(self, cr, uid, token, raise_exception=False, context=None): - """ find the partner corresponding to a token, and return its partner id or False """ + def _signup_retrieve_partner(self, cr, uid, token, raise_exception=False, context=None): + """ find the partner corresponding to a token, and check its validity + :return: partner (browse record) or False (if raise_exception is False) + :raise: when token not valid (if raise_exception is True) + """ partner_ids = self.search(cr, uid, [('signup_token', '=', token)], context=context) - return partner_ids and partner_ids[0] or False + if not partner_ids: + if raise_exception: + raise Exception("Signup token '%s' is not valid" % token) + return False + partner = self.browse(cr, uid, partner_ids[0], context) + if partner.signup_expiration and partner.signup_expiration < now(): + if raise_exception: + raise Exception("Signup token '%s' is no longer valid" % token) + return False + return partner - def signup_get_url(self, cr, uid, partner_id, context): - """ determine a url for the partner_id to sign up """ - base_url = self.pool.get('ir.config_parameter').get_param(cr, uid, 'web.base.url') - token = self.browse(cr, uid, partner_id, context).signup_token - if not token: - token = self.signup_generate_token(cr, uid, partner_id, context=context) - return urlparse.urljoin(base_url, '/login?db=%s#action=signup&token=%s' % (cr.dbname, token)) + def signup_retrieve_info(self, cr, uid, token, context=None): + """ retrieve the user info about the token + :return: either {'name': ..., 'login': ...} if a user exists for that token, + or {'name': ..., 'email': ...} otherwise + """ + partner = self._signup_retrieve_partner(cr, uid, token, raise_exception=True, context=None) + if partner.user_ids: + return {'name': partner.name, 'login': partner.user_ids[0].login} + else: + return {'name': partner.name, 'email': partner.email} - def signup(self, cr, values, token=None, context=None): + + +class res_users(osv.Model): + _inherit = 'res.users' + + def signup(self, cr, uid, values, token=None, context=None): """ signup a user, to either: - create a new user (no token), or - create a user for a partner (with token, but no user for partner), or @@ -84,13 +117,8 @@ class res_partner(osv.Model): if token: # signup with a token: find the corresponding partner id - partner_id = self.signup_retrieve_partner(cr, uid, token, context=None) - if not partner_id: - raise Exception('Signup token is not valid') - partner = self.browse(cr, uid, partner_id, context) - if partner.signup_expiration and partner.signup_expiration < now(): - raise Exception('Signup token is no longer valid') - + res_partner = self.pool.get('res.partner') + partner = res_partner._signup_retrieve_partner(cr, uid, token, raise_exception=True, context=None) if partner.user_ids: # user exists, modify its password and clear token partner.user_ids[0].write({ @@ -129,51 +157,6 @@ class res_partner(osv.Model): template_user_id = ir_config_parameter.get_param(cr, uid, 'auth_signup.template_user_id') assert template_user_id, 'Signup: missing template user' - values['active'] = True - return self.pool.get('res.users').copy(cr, uid, template_user_id, values, context=context) + values.update({'active': True, 'signup_token': False, 'signup_expiration': False}) + return self.copy(cr, uid, template_user_id, values, context=context) - - -class res_users(osv.Model): - _inherit = 'res.users' - - def auth_signup_create(self, cr, uid, new_user, context=None): - # new_user: - # login - # email - # name (optional) - # partner_id (optional) - # groups (optional) - # sign (for partner_id and groups) - # - user_template_id = self.pool.get('ir.config_parameter').get_param(cr, uid, 'auth_signup.template_user_id', 0) - if user_template_id: - self.pool.get('res.users').copy(cr, SUPERUSER_ID, user_template_id, new_user, context=context) - else: - self.pool.get('res.users').create(cr, SUPERUSER_ID, new_user, context=context) - - def auth_signup(self, cr, uid, name, login, password, context=None): - r = (cr.dbname, login, password) - res = self.search(cr, uid, [("login", "=", login)]) - if res: - # Existing user - user_id = res[0] - try: - self.check(cr.dbname, user_id, password) - # Same password - except openerp.exceptions.AccessDenied: - # Different password - raise - else: - # New user - new_user = { - 'name': name, - 'login': login, - 'user_email': login, - 'password': password, - 'active': True, - } - self.auth_signup_create(cr, uid, new_user) - return r - -# diff --git a/addons/auth_signup/static/src/js/auth_signup.js b/addons/auth_signup/static/src/js/auth_signup.js index 2ab13aa7598..bec32ce2803 100644 --- a/addons/auth_signup/static/src/js/auth_signup.js +++ b/addons/auth_signup/static/src/js/auth_signup.js @@ -5,56 +5,68 @@ openerp.auth_signup = function(instance) { instance.web.Login.include({ start: function() { var self = this; - this.$('a.oe_signup').click(function() { - var dbname = self.$("form [name=db]").val(); - self.do_action({ - type: 'ir.actions.client', - tag: 'auth_signup.signup', - params: {'dbname': dbname}, - target: 'new', - name: 'Sign up' - }); - return true; - }); - return this._super(); + var d = this._super(); + // hide the signup fields in the case of a regular login + self.on_change_mode() + self.$("form input[name=signup]").click(self.on_change_mode); + // in case of a signup, retrieve the user information from the token + if (self.params.db && self.params.token) { + d = self.rpc("/auth_signup/retrieve", {dbname: self.params.db, token: self.params.token}) + .done(self.on_token_loaded) + .fail(self.on_token_failed); + } + return d; }, - }); - - - instance.auth_signup.Signup = instance.web.Widget.extend({ - template: 'auth_signup.signup', - init: function(parent, params) { - this.params = params; - return this._super(); + on_token_loaded: function(result) { + // set the name and login of user + this.selected_db = result.db; + this.on_db_loaded({db_list: [result.db]}); + this.$("form input[name=signup]").val(result.login ? [] : ["check_signup"]); + this.$("form input[name=name]").val(result.name); + this.$("form input[name=login]").val(result.login || result.email); + this.$("form input[name=password]").val(""); + this.$("form input[name=confirm_password]").val(""); + this.on_change_mode(); }, - start: function() { - var self = this; - this.$('input[name=password_confirmation]').keyup(function() { - var v = $(this).val(); - var $b = self.$('button'); - if (_.isEmpty(v) || self.$('input[name=password]').val() === v) { - $b.removeAttr('disabled'); + on_token_failed: function(result) { + // currently does nothing + }, + on_change_mode: function() { + // 'mode' has changed: regular login, sign up, reset password + var is_signup = this.$("input[name=signup]:checked").val(); + this.$(".oe_signup").toggleClass('oe_form_invisible', false && !is_signup); + return true; + }, + on_submit: function(ev) { + if (ev) { + ev.preventDefault(); + } + if (this.params.token || this.$("input[name=signup]:checked").val()) { + // signup user (or reset password) + var db = this.params.db; + var name = this.$("form input[name=name]").val(); + var login = this.$("form input[name=login]").val(); + var password = this.$("form input[name=password]").val(); + var confirm_password = this.$("form input[name=confirm_password]").val(); + + if (password && password === confirm_password) { + var params = { + dbname : db, + token: this.params.token, + name: name, + login: login, + password: password, + }; + var url = "/auth_signup/signup?" + $.param(params); + window.location = url; } else { - $b.attr('disabled', 'disabled'); + alert('Incorrect password; please retype your password.'); } - }); - - this.$('form').submit(function(ev) { - if(ev) { - ev.preventDefault(); - } - var params = { - dbname : self.params.dbname, - name: self.$('input[name=name]').val(), - login: self.$('input[name=email]').val(), - password: self.$('input[name=password]').val(), - }; - var url = "/auth_signup/signup?" + $.param(params); - window.location = url; - }); - return this._super(); - } + } else { + // regular login + this._super(ev); + } + }, }); - instance.web.client_actions.add("auth_signup.signup", "instance.auth_signup.Signup"); }; diff --git a/addons/auth_signup/static/src/xml/auth_signup.xml b/addons/auth_signup/static/src/xml/auth_signup.xml index c2eec846d15..73e26eb6ba8 100644 --- a/addons/auth_signup/static/src/xml/auth_signup.xml +++ b/addons/auth_signup/static/src/xml/auth_signup.xml @@ -1,28 +1,27 @@ - + - - -
  • - -
    • + + + + + + + +
  • Username
    • +     + + + +     -     - - -
    -
    - Name =
    - Email =
    - Password =
    - Confirmation =
    - -
    -
    -     - -     From 597919467d4ecedddb2b3e14798c10bdf020f7ea Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Tue, 25 Sep 2012 14:45:57 +0200 Subject: [PATCH 05/73] [IMP] auth_signup: add css bzr revid: rco@openerp.com-20120925124557-2yka4yu0x7528atl --- addons/auth_signup/__openerp__.py | 1 + addons/auth_signup/static/src/css/Makefile | 3 +++ addons/auth_signup/static/src/css/base.css | 4 ++++ addons/auth_signup/static/src/css/base.sass | 7 +++++++ 4 files changed, 15 insertions(+) create mode 100644 addons/auth_signup/static/src/css/Makefile create mode 100644 addons/auth_signup/static/src/css/base.css create mode 100644 addons/auth_signup/static/src/css/base.sass diff --git a/addons/auth_signup/__openerp__.py b/addons/auth_signup/__openerp__.py index 9cfe89cdc1c..5bb3aab4ec0 100644 --- a/addons/auth_signup/__openerp__.py +++ b/addons/auth_signup/__openerp__.py @@ -36,5 +36,6 @@ Allow users to sign up. 'res_config.xml', ], 'js': ['static/src/js/auth_signup.js'], + 'css' : ['static/src/css/base.css'], 'qweb': ['static/src/xml/auth_signup.xml'], } diff --git a/addons/auth_signup/static/src/css/Makefile b/addons/auth_signup/static/src/css/Makefile new file mode 100644 index 00000000000..d6b4f4b2fc8 --- /dev/null +++ b/addons/auth_signup/static/src/css/Makefile @@ -0,0 +1,3 @@ +base.css: base.sass + sass --trace -t expanded base.sass base.css + diff --git a/addons/auth_signup/static/src/css/base.css b/addons/auth_signup/static/src/css/base.css new file mode 100644 index 00000000000..153f27bd129 --- /dev/null +++ b/addons/auth_signup/static/src/css/base.css @@ -0,0 +1,4 @@ +@charset "utf-8"; +.openerp .oe_login input[type="checkbox"] { + width: 21px !important; +} diff --git a/addons/auth_signup/static/src/css/base.sass b/addons/auth_signup/static/src/css/base.sass new file mode 100644 index 00000000000..87bdb623727 --- /dev/null +++ b/addons/auth_signup/static/src/css/base.sass @@ -0,0 +1,7 @@ +@charset "utf-8" + +.openerp + // Login form + .oe_login + input[type="checkbox"] + width: 21px !important From e184913f346f891fd74c2c6f1e0f048beb283fbb Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Tue, 25 Sep 2012 14:55:22 +0200 Subject: [PATCH 06/73] [FIX] auth_signup: store and retrieve config parameters that may be null bzr revid: rco@openerp.com-20120925125522-2t74fta15yfoesc1 --- addons/auth_signup/res_config.py | 11 +++++++---- addons/auth_signup/res_users.py | 8 +++++--- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/addons/auth_signup/res_config.py b/addons/auth_signup/res_config.py index 36732d439f5..c69c01127f6 100644 --- a/addons/auth_signup/res_config.py +++ b/addons/auth_signup/res_config.py @@ -20,6 +20,7 @@ ############################################################################## from openerp.osv import osv, fields +from openerp.tools.safe_eval import safe_eval class base_config_settings(osv.TransientModel): _inherit = 'base.config.settings' @@ -31,13 +32,15 @@ class base_config_settings(osv.TransientModel): def get_default_auth_signup_template_user_id(self, cr, uid, fields, context=None): icp = self.pool.get('ir.config_parameter') + # we use safe_eval on the result, since the value of the parameter is a nonempty string return { - 'auth_signup_uninvited': icp.get_param(cr, uid, 'auth_signup.allow_uninvited', False), - 'auth_signup_template_user_id': icp.get_param(cr, uid, 'auth_signup.template_user_id', False), + 'auth_signup_uninvited': safe_eval(icp.get_param(cr, uid, 'auth_signup.allow_uninvited', 'False')), + 'auth_signup_template_user_id': safe_eval(icp.get_param(cr, uid, 'auth_signup.template_user_id', 'False')), } def set_auth_signup_template_user_id(self, cr, uid, ids, context=None): config = self.browse(cr, uid, ids[0], context=context) icp = self.pool.get('ir.config_parameter') - icp.set_param(cr, uid, 'auth_signup.allow_uninvited', config.auth_signup_uninvited) - icp.set_param(cr, uid, 'auth_signup.template_user_id', config.auth_signup_template_user_id.id) + # we store the repr of the values, since the value of the parameter is a required string + icp.set_param(cr, uid, 'auth_signup.allow_uninvited', repr(config.auth_signup_uninvited)) + icp.set_param(cr, uid, 'auth_signup.template_user_id', repr(config.auth_signup_template_user_id.id)) diff --git a/addons/auth_signup/res_users.py b/addons/auth_signup/res_users.py index 600ed9c000e..6956c8e2109 100644 --- a/addons/auth_signup/res_users.py +++ b/addons/auth_signup/res_users.py @@ -23,6 +23,7 @@ import openerp from openerp.osv import osv, fields from openerp import SUPERUSER_ID from openerp.tools.misc import DEFAULT_SERVER_DATETIME_FORMAT +from openerp.tools.safe_eval import safe_eval import time import random @@ -152,10 +153,11 @@ class res_users(osv.Model): """ create a new user from the template user """ # check that uninvited users may sign up ir_config_parameter = self.pool.get('ir.config_parameter') - if token and not ir_config_parameter.get_param(cr, uid, 'auth_signup.allow_uninvited', False): - raise Exception('Signup is not allowed for uninvited users') + if not token: + if not safe_eval(ir_config_parameter.get_param(cr, uid, 'auth_signup.allow_uninvited', 'False')): + raise Exception('Signup is not allowed for uninvited users') - template_user_id = ir_config_parameter.get_param(cr, uid, 'auth_signup.template_user_id') + template_user_id = safe_eval(ir_config_parameter.get_param(cr, uid, 'auth_signup.template_user_id', 'False')) assert template_user_id, 'Signup: missing template user' values.update({'active': True, 'signup_token': False, 'signup_expiration': False}) return self.copy(cr, uid, template_user_id, values, context=context) From 9906a2bda10ca089fff55521f3252f4f8b178344 Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Tue, 25 Sep 2012 16:34:33 +0200 Subject: [PATCH 07/73] [IMP] auth_signup: improve error message handling in web client bzr revid: rco@openerp.com-20120925143433-p4r2gl6t37dw0s17 --- addons/auth_signup/controllers/main.py | 8 +-- .../auth_signup/static/src/js/auth_signup.js | 61 ++++++++++++++----- 2 files changed, 47 insertions(+), 22 deletions(-) diff --git a/addons/auth_signup/controllers/main.py b/addons/auth_signup/controllers/main.py index 343c660ff7d..6e053715c09 100644 --- a/addons/auth_signup/controllers/main.py +++ b/addons/auth_signup/controllers/main.py @@ -55,14 +55,10 @@ class Controller(openerpweb.Controller): credentials = res_users.signup(cr, SUPERUSER_ID, values, token) cr.commit() return login_and_redirect(req, *credentials) - except AttributeError: - # auth_signup is not installed - _logger.exception('attribute error when signup') - url = "/#action=auth_signup&error=NA" # Not Available - except Exception: + except Exception as e: # signup error _logger.exception('error when signup') - url = "/#action=auth_signup&error=UE" # Unexcpected Error + url = "/#action=login&error_message=%s" % werkzeug.urls.url_quote(e.message) return werkzeug.utils.redirect(url) # vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_signup/static/src/js/auth_signup.js b/addons/auth_signup/static/src/js/auth_signup.js index bec32ce2803..9c90358d9e3 100644 --- a/addons/auth_signup/static/src/js/auth_signup.js +++ b/addons/auth_signup/static/src/js/auth_signup.js @@ -6,9 +6,21 @@ openerp.auth_signup = function(instance) { start: function() { var self = this; var d = this._super(); + // hide the signup fields in the case of a regular login self.on_change_mode() self.$("form input[name=signup]").click(self.on_change_mode); + + // if there is an error message, show it then forget it + if (self.params.error_message) { + this.$el.addClass('oe_login_invalid'); + this.$(".oe_login_error_message").text(self.params.error_message); + delete self.params.error_message; + } else { + this.$el.removeClass('oe_login_invalid'); + this.$(".oe_login_error_message").text("Invalid username or password"); + } + // in case of a signup, retrieve the user information from the token if (self.params.db && self.params.token) { d = self.rpc("/auth_signup/retrieve", {dbname: self.params.db, token: self.params.token}) @@ -28,8 +40,14 @@ openerp.auth_signup = function(instance) { this.$("form input[name=confirm_password]").val(""); this.on_change_mode(); }, - on_token_failed: function(result) { - // currently does nothing + on_token_failed: function(result, ev) { + if (ev) { + ev.preventDefault(); + } + this.$el.addClass('oe_login_invalid'); + this.$(".oe_login_error_message").text("Invalid signup token"); + delete this.params.db; + delete this.params.token; }, on_change_mode: function() { // 'mode' has changed: regular login, sign up, reset password @@ -43,25 +61,36 @@ openerp.auth_signup = function(instance) { } if (this.params.token || this.$("input[name=signup]:checked").val()) { // signup user (or reset password) - var db = this.params.db; + var db = this.$("form [name=db]").val(); var name = this.$("form input[name=name]").val(); var login = this.$("form input[name=login]").val(); var password = this.$("form input[name=password]").val(); var confirm_password = this.$("form input[name=confirm_password]").val(); - - if (password && password === confirm_password) { - var params = { - dbname : db, - token: this.params.token, - name: name, - login: login, - password: password, - }; - var url = "/auth_signup/signup?" + $.param(params); - window.location = url; - } else { - alert('Incorrect password; please retype your password.'); + if (!db) { + this.do_warn("Login", "No database selected !"); + return false; + } else if (!name) { + this.do_warn("Login", "Please enter a name.") + return false; + } else if (!login) { + this.do_warn("Login", "Please enter a username.") + return false; + } else if (!password || !confirm_password) { + this.do_warn("Login", "Please enter a password and confirm it.") + return false; + } else if (password !== confirm_password) { + this.do_warn("Login", "Passwords do not match; please retype them.") + return false; } + var params = { + dbname : db, + token: this.params.token || "", + name: name, + login: login, + password: password, + }; + var url = "/auth_signup/signup?" + $.param(params); + window.location = url; } else { // regular login this._super(ev); From a50dfa668d9de6fe8e054deb24366d99b21e3d96 Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Wed, 26 Sep 2012 11:53:53 +0200 Subject: [PATCH 08/73] [IMP] auth_signup: improve error message handling with method show_error() bzr revid: rco@openerp.com-20120926095353-7cgcby7biohfx0i2 --- addons/auth_signup/static/src/js/auth_signup.js | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/addons/auth_signup/static/src/js/auth_signup.js b/addons/auth_signup/static/src/js/auth_signup.js index 9c90358d9e3..282221bc87e 100644 --- a/addons/auth_signup/static/src/js/auth_signup.js +++ b/addons/auth_signup/static/src/js/auth_signup.js @@ -11,14 +11,10 @@ openerp.auth_signup = function(instance) { self.on_change_mode() self.$("form input[name=signup]").click(self.on_change_mode); - // if there is an error message, show it then forget it + // if there is an error message in params, show it then forget it if (self.params.error_message) { - this.$el.addClass('oe_login_invalid'); - this.$(".oe_login_error_message").text(self.params.error_message); + this.show_error(self.params.error_message); delete self.params.error_message; - } else { - this.$el.removeClass('oe_login_invalid'); - this.$(".oe_login_error_message").text("Invalid username or password"); } // in case of a signup, retrieve the user information from the token @@ -44,8 +40,7 @@ openerp.auth_signup = function(instance) { if (ev) { ev.preventDefault(); } - this.$el.addClass('oe_login_invalid'); - this.$(".oe_login_error_message").text("Invalid signup token"); + this.show_error("Invalid signup token"); delete this.params.db; delete this.params.token; }, From 0605295602606a7e25f075f5e6bbfdd446e63dfc Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Wed, 26 Sep 2012 15:02:41 +0200 Subject: [PATCH 09/73] [IMP] auth_signup: improve web look-and-feel bzr revid: rco@openerp.com-20120926130241-wlzeyzrsr1xwjdcm --- addons/auth_signup/static/src/css/base.css | 10 ++++-- addons/auth_signup/static/src/css/base.sass | 12 +++++-- .../auth_signup/static/src/js/auth_signup.js | 32 +++++++++++-------- .../static/src/xml/auth_signup.xml | 31 +++++++++--------- 4 files changed, 51 insertions(+), 34 deletions(-) diff --git a/addons/auth_signup/static/src/css/base.css b/addons/auth_signup/static/src/css/base.css index 153f27bd129..3f97e7a9301 100644 --- a/addons/auth_signup/static/src/css/base.css +++ b/addons/auth_signup/static/src/css/base.css @@ -1,4 +1,10 @@ @charset "utf-8"; -.openerp .oe_login input[type="checkbox"] { - width: 21px !important; +.openerp .oe_login .oe_signup_show { + display: none; +} +.openerp .oe_login_signup .oe_signup_show { + display: block !important; +} +.openerp .oe_login_signup .oe_signup_hide { + display: none; } diff --git a/addons/auth_signup/static/src/css/base.sass b/addons/auth_signup/static/src/css/base.sass index 87bdb623727..f97665d192c 100644 --- a/addons/auth_signup/static/src/css/base.sass +++ b/addons/auth_signup/static/src/css/base.sass @@ -1,7 +1,13 @@ @charset "utf-8" .openerp - // Login form + // Regular login form .oe_login - input[type="checkbox"] - width: 21px !important + .oe_signup_show + display: none + // Signup form + .oe_login_signup + .oe_signup_show + display: block !important + .oe_signup_hide + display: none diff --git a/addons/auth_signup/static/src/js/auth_signup.js b/addons/auth_signup/static/src/js/auth_signup.js index 282221bc87e..927ee8de0c5 100644 --- a/addons/auth_signup/static/src/js/auth_signup.js +++ b/addons/auth_signup/static/src/js/auth_signup.js @@ -7,9 +7,14 @@ openerp.auth_signup = function(instance) { var self = this; var d = this._super(); - // hide the signup fields in the case of a regular login - self.on_change_mode() - self.$("form input[name=signup]").click(self.on_change_mode); + // to switch between the signup and regular login form + this.$('a.oe_signup_signup').click(function() { + self.$el.addClass("oe_login_signup"); + }); + this.$('a.oe_signup_back').click(function() { + self.$el.removeClass("oe_login_signup"); + delete self.params.token; + }); // if there is an error message in params, show it then forget it if (self.params.error_message) { @@ -26,15 +31,20 @@ openerp.auth_signup = function(instance) { return d; }, on_token_loaded: function(result) { - // set the name and login of user + // switch to signup mode + this.$el.addClass("oe_login_signup"); + // select the right the database this.selected_db = result.db; this.on_db_loaded({db_list: [result.db]}); - this.$("form input[name=signup]").val(result.login ? [] : ["check_signup"]); - this.$("form input[name=name]").val(result.name); - this.$("form input[name=login]").val(result.login || result.email); + // set the name and login of user + this.$("form input[name=name]").val(result.name).attr("readonly", "readonly"); + if (result.login) { + this.$("form input[name=login]").val(result.login).attr("readonly", "readonly"); + } else { + this.$("form input[name=login]").val(result.email); + } this.$("form input[name=password]").val(""); this.$("form input[name=confirm_password]").val(""); - this.on_change_mode(); }, on_token_failed: function(result, ev) { if (ev) { @@ -44,12 +54,6 @@ openerp.auth_signup = function(instance) { delete this.params.db; delete this.params.token; }, - on_change_mode: function() { - // 'mode' has changed: regular login, sign up, reset password - var is_signup = this.$("input[name=signup]:checked").val(); - this.$(".oe_signup").toggleClass('oe_form_invisible', false && !is_signup); - return true; - }, on_submit: function(ev) { if (ev) { ev.preventDefault(); diff --git a/addons/auth_signup/static/src/xml/auth_signup.xml b/addons/auth_signup/static/src/xml/auth_signup.xml index 73e26eb6ba8..e63bd5863b0 100644 --- a/addons/auth_signup/static/src/xml/auth_signup.xml +++ b/addons/auth_signup/static/src/xml/auth_signup.xml @@ -3,24 +3,25 @@ - - - - + + + -
  • Username
    • + +     - - - + + + + + + + + + +
    • +
    • From 479dfb7ea079184c60dc39929c68ab37ada639e1 Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Wed, 26 Sep 2012 17:04:59 +0200 Subject: [PATCH 10/73] [FIX] auth_signup: fix the creation of a user attached to a partner from a user template bzr revid: rco@openerp.com-20120926150459-9degade1ra9sk0ds --- addons/auth_signup/res_users.py | 44 +++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/addons/auth_signup/res_users.py b/addons/auth_signup/res_users.py index 6956c8e2109..4d5bdc28b8f 100644 --- a/addons/auth_signup/res_users.py +++ b/addons/auth_signup/res_users.py @@ -97,7 +97,7 @@ class res_partner(osv.Model): if partner.user_ids: return {'name': partner.name, 'login': partner.user_ids[0].login} else: - return {'name': partner.name, 'email': partner.email} + return {'name': partner.name, 'email': partner.email or ''} @@ -120,23 +120,19 @@ class res_users(osv.Model): # signup with a token: find the corresponding partner id res_partner = self.pool.get('res.partner') partner = res_partner._signup_retrieve_partner(cr, uid, token, raise_exception=True, context=None) + # invalidate signup token + partner.write({'signup_token': False, 'signup_expiration': False}) if partner.user_ids: - # user exists, modify its password and clear token - partner.user_ids[0].write({ - 'password': values['password'], - 'signup_token': False, - 'signup_expiration': False, - }) + # user exists, modify its password + partner.user_ids[0].write({'password': values['password']}) else: # user does not exist: sign up invited user self._signup_create_user(cr, uid, { - 'name': partner.name, 'login': values['login'], 'password': values['password'], 'email': values['login'], 'partner_id': partner.id, - }, token=token, context=context) - + }, context=context) return result # sign up an external user @@ -149,16 +145,28 @@ class res_users(osv.Model): }, context=context) return result - def _signup_create_user(self, cr, uid, values, token=None, context=None): + def _signup_create_user(self, cr, uid, values, context=None): """ create a new user from the template user """ - # check that uninvited users may sign up ir_config_parameter = self.pool.get('ir.config_parameter') - if not token: + template_user_id = safe_eval(ir_config_parameter.get_param(cr, uid, 'auth_signup.template_user_id', 'False')) + assert template_user_id and self.exists(cr, uid, template_user_id, context=context), 'Signup: invalid template user' + + values['active'] = True + if values.get('partner_id'): + # create a copy of the template user attached to values['partner_id'] + # note: we do not include 'partner_id' here, as copy() does not handle it correctly + safe_values = {'login': values['login'], 'password': values['password']} + user_id = self.copy(cr, uid, template_user_id, safe_values, context=context) + # problem: the res.partner part of the template user has been duplicated + # solution: unlink it, and replace it by values['partner_id'] + user = self.browse(cr, uid, user_id, context=context) + partner = user.partner_id + user.write(values) + partner.unlink() + else: + # check that uninvited users may sign up if not safe_eval(ir_config_parameter.get_param(cr, uid, 'auth_signup.allow_uninvited', 'False')): raise Exception('Signup is not allowed for uninvited users') + user_id = self.copy(cr, uid, template_user_id, values, context=context) - template_user_id = safe_eval(ir_config_parameter.get_param(cr, uid, 'auth_signup.template_user_id', 'False')) - assert template_user_id, 'Signup: missing template user' - values.update({'active': True, 'signup_token': False, 'signup_expiration': False}) - return self.copy(cr, uid, template_user_id, values, context=context) - + return user_id From b80d84aafc7f4d543247d22d445e71752272f925 Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Thu, 27 Sep 2012 10:27:04 +0200 Subject: [PATCH 11/73] [IMP] auth_signup: remove temporary function field signup_url, and clean methods bzr revid: rco@openerp.com-20120927082704-wtuvir9tm2pgsvnq --- addons/auth_signup/res_users.py | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/addons/auth_signup/res_users.py b/addons/auth_signup/res_users.py index 4d5bdc28b8f..333686d4ca5 100644 --- a/addons/auth_signup/res_users.py +++ b/addons/auth_signup/res_users.py @@ -41,24 +41,21 @@ def now(): class res_partner(osv.Model): _inherit = 'res.partner' - def signup_get_url(self, cr, uid, partner_ids, name, arg, context=None): - """ determine a url for the partner_id to sign up """ - base_url = self.pool.get('ir.config_parameter').get_param(cr, uid, 'web.base.url') - res = {} - for partner in self.browse(cr, uid, partner_ids, context): - token = partner.signup_token - if not token: - token = self._signup_generate_token(cr, uid, partner.id, context=context) - res[partner.id] = urlparse.urljoin(base_url, '#action=login&db=%s&token=%s' % (cr.dbname, token)) - return res - _columns = { 'signup_token': fields.char(size=24, string='Signup Ticket'), 'signup_expiration': fields.datetime(string='Signup Expiration'), - 'signup_url': fields.function(signup_get_url, type='char', string='Signup URL'), } - def _signup_generate_token(self, cr, uid, partner_id, expiration=False, context=None): + def signup_get_url(self, cr, uid, partner_id, context=None): + """ determine a signup url for the given partner_id """ + base_url = self.pool.get('ir.config_parameter').get_param(cr, uid, 'web.base.url') + partner = self.browse(cr, uid, partner_id, context) + token = partner.signup_token + if not token: + token = self.signup_generate_token(cr, uid, partner.id, context=context) + return urlparse.urljoin(base_url, '#action=login&db=%s&token=%s' % (cr.dbname, token)) + + def signup_generate_token(self, cr, uid, partner_id, expiration=False, context=None): """ generate a new token for a partner, and return it :param partner_id: the partner id :param expiration: the expiration datetime of the token (string, optional) From 0f4529603c667f786f152859ad16e08ce9cc1fea Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Fri, 28 Sep 2012 10:52:59 +0200 Subject: [PATCH 12/73] [FIX] auth_signup: change test to determine when signing in bzr revid: rco@openerp.com-20120928085259-cb51yq7e7mivxsw3 --- addons/auth_signup/static/src/js/auth_signup.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/auth_signup/static/src/js/auth_signup.js b/addons/auth_signup/static/src/js/auth_signup.js index 927ee8de0c5..9bc775c8355 100644 --- a/addons/auth_signup/static/src/js/auth_signup.js +++ b/addons/auth_signup/static/src/js/auth_signup.js @@ -58,7 +58,7 @@ openerp.auth_signup = function(instance) { if (ev) { ev.preventDefault(); } - if (this.params.token || this.$("input[name=signup]:checked").val()) { + if (this.$el.hasClass("oe_login_signup")) { // signup user (or reset password) var db = this.$("form [name=db]").val(); var name = this.$("form input[name=name]").val(); From bf5395ab3dc4dfe1a26faa7f9d490a46c80271f7 Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Fri, 28 Sep 2012 10:58:43 +0200 Subject: [PATCH 13/73] [IMP] auth_signup: add function fields signup_valid, signup_url, and method prepare_signup bzr revid: rco@openerp.com-20120928085843-0erxrzva9lk5tqfh --- addons/auth_signup/res_users.py | 57 +++++++++++++++++++++------------ 1 file changed, 37 insertions(+), 20 deletions(-) diff --git a/addons/auth_signup/res_users.py b/addons/auth_signup/res_users.py index 333686d4ca5..0624b25b357 100644 --- a/addons/auth_signup/res_users.py +++ b/addons/auth_signup/res_users.py @@ -41,32 +41,49 @@ def now(): class res_partner(osv.Model): _inherit = 'res.partner' + def _get_signup_valid(self, cr, uid, ids, name, arg, context=None): + dt = now() + res = {} + for partner in self.browse(cr, uid, ids, context): + res[partner.id] = bool(partner.signup_token) and (partner.signup_expiration or '') <= dt + return res + + def _get_signup_url(self, cr, uid, ids, name, arg, context=None): + """ determine a signup url for a given partner """ + base_url = self.pool.get('ir.config_parameter').get_param(cr, uid, 'web.base.url') + template_url = '#action=login&db=%s&token=%s' + + # if required, make sure that every partner has a valid signup token + if context and context.get('signup_valid'): + self.signup_prepare(cr, uid, ids, context=context) + + res = dict.fromkeys(ids, False) + for partner in self.browse(cr, uid, ids, context): + if partner.signup_token: + res[partner.id] = urlparse.urljoin(base_url, template_url % (cr.dbname, partner.signup_token)) + return res + _columns = { - 'signup_token': fields.char(size=24, string='Signup Ticket'), + 'signup_token': fields.char(size=24, string='Signup Token'), 'signup_expiration': fields.datetime(string='Signup Expiration'), + 'signup_valid': fields.function(_get_signup_valid, type='boolean', string='Signup Token is Valid'), + 'signup_url': fields.function(_get_signup_url, type='char', string='Signup URL'), } - def signup_get_url(self, cr, uid, partner_id, context=None): - """ determine a signup url for the given partner_id """ - base_url = self.pool.get('ir.config_parameter').get_param(cr, uid, 'web.base.url') - partner = self.browse(cr, uid, partner_id, context) - token = partner.signup_token - if not token: - token = self.signup_generate_token(cr, uid, partner.id, context=context) - return urlparse.urljoin(base_url, '#action=login&db=%s&token=%s' % (cr.dbname, token)) + def action_signup_prepare(self, cr, uid, ids, context=None): + return self.signup_prepare(cr, uid, ids, context=context) - def signup_generate_token(self, cr, uid, partner_id, expiration=False, context=None): - """ generate a new token for a partner, and return it - :param partner_id: the partner id + def signup_prepare(self, cr, uid, ids, expiration=False, context=None): + """ generate a new token for the partners with the given validity, if necessary :param expiration: the expiration datetime of the token (string, optional) - :return: the token (string) """ - # generate a unique token - token = random_token() - while self._signup_retrieve_partner(cr, uid, token, context=context): - token = random_token() - self.write(cr, uid, [partner_id], {'signup_token': token, 'signup_expiration': expiration}, context=context) - return token + for partner in self.browse(cr, uid, ids, context): + if expiration or not partner.signup_valid: + token = random_token() + while self._signup_retrieve_partner(cr, uid, token, context=context): + token = random_token() + partner.write({'signup_token': token, 'signup_expiration': expiration}) + return True def _signup_retrieve_partner(self, cr, uid, token, raise_exception=False, context=None): """ find the partner corresponding to a token, and check its validity @@ -79,7 +96,7 @@ class res_partner(osv.Model): raise Exception("Signup token '%s' is not valid" % token) return False partner = self.browse(cr, uid, partner_ids[0], context) - if partner.signup_expiration and partner.signup_expiration < now(): + if not partner.signup_valid: if raise_exception: raise Exception("Signup token '%s' is no longer valid" % token) return False From 0d878dc99e93b61085d746456e422e73a8e23dec Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Fri, 28 Sep 2012 14:02:02 +0200 Subject: [PATCH 14/73] [FIX] orm: fix the method copy() when an 'inherits' field is given in parameter default bzr revid: rco@openerp.com-20120928120202-6fbayrwb1iszwfwv --- openerp/osv/orm.py | 83 ++++++++++++++++++++-------------------------- 1 file changed, 36 insertions(+), 47 deletions(-) diff --git a/openerp/osv/orm.py b/openerp/osv/orm.py index f324ed67522..651f655617c 100644 --- a/openerp/osv/orm.py +++ b/openerp/osv/orm.py @@ -4744,56 +4744,45 @@ class BaseModel(object): else: raise IndexError( _("Record #%d of %s not found, cannot copy!") %( id, self._name)) - # TODO it seems fields_get can be replaced by _all_columns (no need for translation) - fields = self.fields_get(cr, uid, context=context) - for f in fields: - ftype = fields[f]['type'] - - if self._log_access and f in LOG_ACCESS_COLUMNS: - del data[f] + # build a black list of fields that should not be copied + blacklist = set(MAGIC_COLUMNS + ['parent_left', 'parent_right']) + def blacklist_given_fields(obj): + # blacklist the fields that are given by inheritance + for other, field_to_other in obj._inherits.items(): + blacklist.add(field_to_other) + if field_to_other in default: + # all the fields of 'other' are given by the record: default[field_to_other], + # except the ones redefined in self + blacklist.update(set(self.pool.get(other)._all_columns) - set(self._columns)) + else: + blacklist_given_fields(self.pool.get(other)) + blacklist_given_fields(self) + res = dict(default) + for f, colinfo in self._all_columns.items(): + field = colinfo.column if f in default: - data[f] = default[f] - elif 'function' in fields[f]: - del data[f] - elif ftype == 'many2one': - try: - data[f] = data[f] and data[f][0] - except: - pass - elif ftype == 'one2many': - res = [] - rel = self.pool.get(fields[f]['relation']) - if data[f]: - # duplicate following the order of the ids - # because we'll rely on it later for copying - # translations in copy_translation()! - data[f].sort() - for rel_id in data[f]: - # the lines are first duplicated using the wrong (old) - # parent but then are reassigned to the correct one thanks - # to the (0, 0, ...) - d = rel.copy_data(cr, uid, rel_id, context=context) - if d: - res.append((0, 0, d)) - data[f] = res - elif ftype == 'many2many': - data[f] = [(6, 0, data[f])] + pass + elif f in blacklist: + pass + elif isinstance(field, fields.function): + pass + elif field._type == 'many2one': + res[f] = data[f] and data[f][0] + elif field._type == 'one2many': + other = self.pool.get(field._obj) + # duplicate following the order of the ids because we'll rely on + # it later for copying translations in copy_translation()! + lines = [other.copy_data(cr, uid, line_id, context=context) for line_id in sorted(data[f])] + # the lines are duplicated using the wrong (old) parent, but then + # are reassigned to the correct one thanks to the (0, 0, ...) + res[f] = [(0, 0, line) for line in lines if line] + elif field._type == 'many2many': + res[f] = [(6, 0, data[f])] + else: + res[f] = data[f] - del data['id'] - - # make sure we don't break the current parent_store structure and - # force a clean recompute! - for parent_column in ['parent_left', 'parent_right']: - data.pop(parent_column, None) - # Remove _inherits field's from data recursively, missing parents will - # be created by create() (so that copy() copy everything). - def remove_ids(inherits_dict): - for parent_table in inherits_dict: - del data[inherits_dict[parent_table]] - remove_ids(self.pool.get(parent_table)._inherits) - remove_ids(self._inherits) - return data + return res def copy_translations(self, cr, uid, old_id, new_id, context=None): if context is None: From 3efe72ad6a012acc4d585abf9fa2098a613ae9ec Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Fri, 28 Sep 2012 14:09:44 +0200 Subject: [PATCH 15/73] [IMP] auth_signup: simplify user creation in signup, thanks to the fix of method copy() bzr revid: rco@openerp.com-20120928120944-a2hgusq8gg3qf83n --- addons/auth_signup/res_users.py | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/addons/auth_signup/res_users.py b/addons/auth_signup/res_users.py index 0624b25b357..33538ca67bf 100644 --- a/addons/auth_signup/res_users.py +++ b/addons/auth_signup/res_users.py @@ -142,6 +142,7 @@ class res_users(osv.Model): else: # user does not exist: sign up invited user self._signup_create_user(cr, uid, { + 'name': partner.name, 'login': values['login'], 'password': values['password'], 'email': values['login'], @@ -165,22 +166,11 @@ class res_users(osv.Model): template_user_id = safe_eval(ir_config_parameter.get_param(cr, uid, 'auth_signup.template_user_id', 'False')) assert template_user_id and self.exists(cr, uid, template_user_id, context=context), 'Signup: invalid template user' - values['active'] = True - if values.get('partner_id'): - # create a copy of the template user attached to values['partner_id'] - # note: we do not include 'partner_id' here, as copy() does not handle it correctly - safe_values = {'login': values['login'], 'password': values['password']} - user_id = self.copy(cr, uid, template_user_id, safe_values, context=context) - # problem: the res.partner part of the template user has been duplicated - # solution: unlink it, and replace it by values['partner_id'] - user = self.browse(cr, uid, user_id, context=context) - partner = user.partner_id - user.write(values) - partner.unlink() - else: - # check that uninvited users may sign up + # check that uninvited users may sign up + if 'partner_id' not in values: if not safe_eval(ir_config_parameter.get_param(cr, uid, 'auth_signup.allow_uninvited', 'False')): raise Exception('Signup is not allowed for uninvited users') - user_id = self.copy(cr, uid, template_user_id, values, context=context) - return user_id + # create a copy of the template user (attached to a specific partner_id if given) + values['active'] = True + return self.copy(cr, uid, template_user_id, values, context=context) From 21de1f18ed1fc63069e205ffb6370140eff192ec Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Fri, 28 Sep 2012 14:21:10 +0200 Subject: [PATCH 16/73] [IMP] portal: remove password from welcome message, and use auth_signup on portal users bzr revid: rco@openerp.com-20120928122110-hspgzhxnulmal2mb --- addons/portal/wizard/portal_wizard.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/addons/portal/wizard/portal_wizard.py b/addons/portal/wizard/portal_wizard.py index 3cc706c2129..13253861d44 100644 --- a/addons/portal/wizard/portal_wizard.py +++ b/addons/portal/wizard/portal_wizard.py @@ -35,12 +35,14 @@ _logger = logging.getLogger(__name__) WELCOME_EMAIL_SUBJECT = _("Your OpenERP account at %(company)s") WELCOME_EMAIL_BODY = _("""Dear %(name)s, -You have been given access to %(portal)s at %(url)s. +You have been given access to %(portal)s. Your login account data is: Database: %(db)s -User: %(login)s -Password: %(password)s +Username: %(login)s + +In order to complete the signin process, click on the following url: +%(url)s %(welcome_message)s @@ -164,6 +166,8 @@ class wizard_user(osv.osv_memory): user = self._create_user(cr, SUPERUSER_ID, wizard_user, context) if (not user.active) or (portal not in user.groups_id): user.write({'active': True, 'groups_id': [(4, portal.id)]}) + # prepare for the signup process + user.partner_id.signup_prepare() wizard_user = self.browse(cr, SUPERUSER_ID, wizard_user.id, context) self._send_email(cr, uid, wizard_user, context) else: @@ -219,7 +223,8 @@ class wizard_user(osv.osv_memory): _('You must have an email address in your User Preferences to send emails.')) # determine subject and body in the portal user's language - url = self.pool.get('ir.config_parameter').get_param(cr, SUPERUSER_ID, 'web.base.url', context=this_context) + ir_config_parameter = self.pool.get('ir.config_parameter') + url = ir_config_parameter.get_param(cr, SUPERUSER_ID, 'web.base.url', context=this_context) user = self._retrieve_user(cr, SUPERUSER_ID, wizard_user, context) context = dict(this_context or {}, lang=user.lang) data = { @@ -227,11 +232,10 @@ class wizard_user(osv.osv_memory): 'portal': wizard_user.wizard_id.portal_id.name, 'welcome_message': wizard_user.wizard_id.welcome_message or "", 'goodbye_message': wizard_user.wizard_id.goodbye_message or "", - 'url': url or _("(missing url)"), 'db': cr.dbname, + 'name': user.name, 'login': user.login, - 'password': user.password, - 'name': user.name + 'url': user.signup_url, } if wizard_user.in_portal: subject = _(WELCOME_EMAIL_SUBJECT) % data From ab930b9906ec0a80f6922b524b1d66fa2449533f Mon Sep 17 00:00:00 2001 From: Raphael Collet Date: Fri, 28 Sep 2012 14:37:04 +0200 Subject: [PATCH 17/73] [IMP] portal: remove goodbye message bzr revid: rco@openerp.com-20120928123704-g6gd67v2t0ewqpm9 --- addons/portal/wizard/portal_wizard.py | 46 ++++----------------- addons/portal/wizard/portal_wizard_view.xml | 2 - 2 files changed, 7 insertions(+), 41 deletions(-) diff --git a/addons/portal/wizard/portal_wizard.py b/addons/portal/wizard/portal_wizard.py index 13253861d44..c94d6509f63 100644 --- a/addons/portal/wizard/portal_wizard.py +++ b/addons/portal/wizard/portal_wizard.py @@ -30,7 +30,7 @@ from openerp import SUPERUSER_ID from base.res.res_partner import _lang_get _logger = logging.getLogger(__name__) -# welcome/goodbye email sent to portal users +# welcome email sent to portal users # (note that calling '_' has no effect except exporting those strings for translation) WELCOME_EMAIL_SUBJECT = _("Your OpenERP account at %(company)s") WELCOME_EMAIL_BODY = _("""Dear %(name)s, @@ -51,28 +51,10 @@ OpenERP - Open Source Business Applications http://www.openerp.com """) -GOODBYE_EMAIL_SUBJECT = _("Your OpenERP account at %(company)s") -GOODBYE_EMAIL_BODY = _("""Dear %(name)s, - -Your access to %(portal)s has been withdrawn. - -%(goodbye_message)s - --- -OpenERP - Open Source Business Applications -http://www.openerp.com -""") - -# character sets for passwords, excluding 0, O, o, 1, I, l -_PASSU = 'ABCDEFGHIJKLMNPQRSTUVWXYZ' -_PASSL = 'abcdefghijkmnpqrstuvwxyz' -_PASSD = '23456789' - def random_password(): - # get 3 uppercase letters, 3 lowercase letters, 2 digits, and shuffle them - chars = map(random.choice, [_PASSU] * 3 + [_PASSL] * 3 + [_PASSD] * 2) - random.shuffle(chars) - return ''.join(chars) + # temporary random stuff; user password is reset by signup process + chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789' + return ''.join(random.choice(chars) for i in xrange(12)) def extract_email(email): """ extract the email address from a user-friendly email address """ @@ -94,8 +76,6 @@ class wizard(osv.osv_memory): 'user_ids': fields.one2many('portal.wizard.user', 'wizard_id', string='Users'), 'welcome_message': fields.text(string='Invitation Message', help="This text is included in the email sent to new users of the portal."), - 'goodbye_message': fields.text(string='Withdrawal Message', - help="This text is included in the email sent to users withdrawn from the portal."), } def _default_portal(self, cr, uid, context): @@ -178,8 +158,6 @@ class wizard_user(osv.osv_memory): user.write({'groups_id': [(3, portal.id)], 'active': False}) else: user.write({'groups_id': [(3, portal.id)]}) - wizard_user = self.browse(cr, SUPERUSER_ID, wizard_user.id, context) - self._send_email(cr, uid, wizard_user, context) def _retrieve_user(self, cr, uid, wizard_user, context=None): """ retrieve the (possibly inactive) user corresponding to wizard_user.partner_id @@ -212,7 +190,7 @@ class wizard_user(osv.osv_memory): return res_users.browse(cr, uid, user_id, context) def _send_email(self, cr, uid, wizard_user, context=None): - """ send notification email to a new/former portal user + """ send notification email to a new portal user @param wizard_user: browse record of model portal.wizard.user @return: the id of the created mail.mail record """ @@ -223,33 +201,23 @@ class wizard_user(osv.osv_memory): _('You must have an email address in your User Preferences to send emails.')) # determine subject and body in the portal user's language - ir_config_parameter = self.pool.get('ir.config_parameter') - url = ir_config_parameter.get_param(cr, SUPERUSER_ID, 'web.base.url', context=this_context) user = self._retrieve_user(cr, SUPERUSER_ID, wizard_user, context) context = dict(this_context or {}, lang=user.lang) data = { 'company': this_user.company_id.name, 'portal': wizard_user.wizard_id.portal_id.name, 'welcome_message': wizard_user.wizard_id.welcome_message or "", - 'goodbye_message': wizard_user.wizard_id.goodbye_message or "", 'db': cr.dbname, 'name': user.name, 'login': user.login, 'url': user.signup_url, } - if wizard_user.in_portal: - subject = _(WELCOME_EMAIL_SUBJECT) % data - body = _(WELCOME_EMAIL_BODY) % data - else: - subject = _(GOODBYE_EMAIL_SUBJECT) % data - body = _(GOODBYE_EMAIL_BODY) % data - mail_mail = self.pool.get('mail.mail') mail_values = { 'email_from': this_user.email, 'email_to': user.email, - 'subject': subject, - 'body_html': '
    %s
    ' % body, + 'subject': _(WELCOME_EMAIL_SUBJECT) % data, + 'body_html': '
    %s
    ' % (_(WELCOME_EMAIL_BODY) % data), 'state': 'outgoing', } return mail_mail.create(cr, uid, mail_values, context=this_context) diff --git a/addons/portal/wizard/portal_wizard_view.xml b/addons/portal/wizard/portal_wizard_view.xml index c8e3f30b128..373b4ad8e7a 100644 --- a/addons/portal/wizard/portal_wizard_view.xml +++ b/addons/portal/wizard/portal_wizard_view.xml @@ -27,8 +27,6 @@ -