[FIX] base, auth_openid: wrong implementation of API by auth_openid
Authentication modules are supposed to override res_users.check_credentials() in order to plug in their own mechanism, without actually modifying the behavior of res_users.check(), res_users.authenticate() or res_users._login(). auth_openid was incorrectly overriding check() instead of check_credentials(), and unnecessarily accessing private attributes of res_users. Fixing the implementation of auth_openid to follow the API means we can completely make those attributes private.
This commit is contained in:
parent
d8d9c7277e
commit
54e06907c0
|
@ -63,13 +63,10 @@ class res_users(osv.osv):
|
|||
cr.commit()
|
||||
return res[0] if res else False
|
||||
|
||||
def check(self, db, uid, passwd):
|
||||
def check_credentials(self, cr, uid, password):
|
||||
try:
|
||||
return super(res_users, self).check(db, uid, passwd)
|
||||
return super(res_users, self).check_credentials(cr, uid, password)
|
||||
except openerp.exceptions.AccessDenied:
|
||||
if not passwd:
|
||||
raise
|
||||
with RegistryManager.get(db).cursor() as cr:
|
||||
cr.execute('''SELECT COUNT(1)
|
||||
FROM res_users
|
||||
WHERE id=%s
|
||||
|
@ -78,9 +75,5 @@ class res_users(osv.osv):
|
|||
(int(uid), passwd, True))
|
||||
if not cr.fetchone()[0]:
|
||||
raise
|
||||
self._uid_cache.setdefault(db, {})[uid] = passwd
|
||||
|
||||
|
||||
|
||||
|
||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
|
@ -142,7 +142,7 @@ class res_users(osv.osv):
|
|||
avatar, ... The user model is now dedicated to technical data.
|
||||
"""
|
||||
__admin_ids = {}
|
||||
_uid_cache = {}
|
||||
__uid_cache = {}
|
||||
_inherits = {
|
||||
'res.partner': 'partner_id',
|
||||
}
|
||||
|
@ -341,10 +341,10 @@ class res_users(osv.osv):
|
|||
clear = partial(self.pool['ir.rule'].clear_cache, cr)
|
||||
map(clear, ids)
|
||||
db = cr.dbname
|
||||
if db in self._uid_cache:
|
||||
if db in self.__uid_cache:
|
||||
for id in ids:
|
||||
if id in self._uid_cache[db]:
|
||||
del self._uid_cache[db][id]
|
||||
if id in self.__uid_cache[db]:
|
||||
del self.__uid_cache[db][id]
|
||||
self._context_get.clear_cache(self)
|
||||
self.has_group.clear_cache(self)
|
||||
return res
|
||||
|
@ -353,10 +353,10 @@ class res_users(osv.osv):
|
|||
if 1 in ids:
|
||||
raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
|
||||
db = cr.dbname
|
||||
if db in self._uid_cache:
|
||||
if db in self.__uid_cache:
|
||||
for id in ids:
|
||||
if id in self._uid_cache[db]:
|
||||
del self._uid_cache[db][id]
|
||||
if id in self.__uid_cache[db]:
|
||||
del self.__uid_cache[db][id]
|
||||
return super(res_users, self).unlink(cr, uid, ids, context=context)
|
||||
|
||||
def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=100):
|
||||
|
@ -495,15 +495,12 @@ class res_users(osv.osv):
|
|||
if not passwd:
|
||||
# empty passwords disallowed for obvious security reasons
|
||||
raise openerp.exceptions.AccessDenied()
|
||||
if self._uid_cache.get(db, {}).get(uid) == passwd:
|
||||
if self.__uid_cache.setdefault(db, {}).get(uid) == passwd:
|
||||
return
|
||||
cr = self.pool.cursor()
|
||||
try:
|
||||
self.check_credentials(cr, uid, passwd)
|
||||
if self._uid_cache.has_key(db):
|
||||
self._uid_cache[db][uid] = passwd
|
||||
else:
|
||||
self._uid_cache[db] = {uid:passwd}
|
||||
self.__uid_cache[db][uid] = passwd
|
||||
finally:
|
||||
cr.close()
|
||||
|
||||
|
|
Loading…
Reference in New Issue