[FIX] base, auth_openid: wrong implementation of API by auth_openid
Authentication modules are supposed to override res_users.check_credentials() in order to plug in their own mechanism, without actually modifying the behavior of res_users.check(), res_users.authenticate() or res_users._login(). auth_openid was incorrectly overriding check() instead of check_credentials(), and unnecessarily accessing private attributes of res_users. Fixing the implementation of auth_openid to follow the API means we can completely make those attributes private.
This commit is contained in:
parent
d8d9c7277e
commit
54e06907c0
|
@ -63,13 +63,10 @@ class res_users(osv.osv):
|
||||||
cr.commit()
|
cr.commit()
|
||||||
return res[0] if res else False
|
return res[0] if res else False
|
||||||
|
|
||||||
def check(self, db, uid, passwd):
|
def check_credentials(self, cr, uid, password):
|
||||||
try:
|
try:
|
||||||
return super(res_users, self).check(db, uid, passwd)
|
return super(res_users, self).check_credentials(cr, uid, password)
|
||||||
except openerp.exceptions.AccessDenied:
|
except openerp.exceptions.AccessDenied:
|
||||||
if not passwd:
|
|
||||||
raise
|
|
||||||
with RegistryManager.get(db).cursor() as cr:
|
|
||||||
cr.execute('''SELECT COUNT(1)
|
cr.execute('''SELECT COUNT(1)
|
||||||
FROM res_users
|
FROM res_users
|
||||||
WHERE id=%s
|
WHERE id=%s
|
||||||
|
@ -78,9 +75,5 @@ class res_users(osv.osv):
|
||||||
(int(uid), passwd, True))
|
(int(uid), passwd, True))
|
||||||
if not cr.fetchone()[0]:
|
if not cr.fetchone()[0]:
|
||||||
raise
|
raise
|
||||||
self._uid_cache.setdefault(db, {})[uid] = passwd
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||||
|
|
|
@ -142,7 +142,7 @@ class res_users(osv.osv):
|
||||||
avatar, ... The user model is now dedicated to technical data.
|
avatar, ... The user model is now dedicated to technical data.
|
||||||
"""
|
"""
|
||||||
__admin_ids = {}
|
__admin_ids = {}
|
||||||
_uid_cache = {}
|
__uid_cache = {}
|
||||||
_inherits = {
|
_inherits = {
|
||||||
'res.partner': 'partner_id',
|
'res.partner': 'partner_id',
|
||||||
}
|
}
|
||||||
|
@ -341,10 +341,10 @@ class res_users(osv.osv):
|
||||||
clear = partial(self.pool['ir.rule'].clear_cache, cr)
|
clear = partial(self.pool['ir.rule'].clear_cache, cr)
|
||||||
map(clear, ids)
|
map(clear, ids)
|
||||||
db = cr.dbname
|
db = cr.dbname
|
||||||
if db in self._uid_cache:
|
if db in self.__uid_cache:
|
||||||
for id in ids:
|
for id in ids:
|
||||||
if id in self._uid_cache[db]:
|
if id in self.__uid_cache[db]:
|
||||||
del self._uid_cache[db][id]
|
del self.__uid_cache[db][id]
|
||||||
self._context_get.clear_cache(self)
|
self._context_get.clear_cache(self)
|
||||||
self.has_group.clear_cache(self)
|
self.has_group.clear_cache(self)
|
||||||
return res
|
return res
|
||||||
|
@ -353,10 +353,10 @@ class res_users(osv.osv):
|
||||||
if 1 in ids:
|
if 1 in ids:
|
||||||
raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
|
raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
|
||||||
db = cr.dbname
|
db = cr.dbname
|
||||||
if db in self._uid_cache:
|
if db in self.__uid_cache:
|
||||||
for id in ids:
|
for id in ids:
|
||||||
if id in self._uid_cache[db]:
|
if id in self.__uid_cache[db]:
|
||||||
del self._uid_cache[db][id]
|
del self.__uid_cache[db][id]
|
||||||
return super(res_users, self).unlink(cr, uid, ids, context=context)
|
return super(res_users, self).unlink(cr, uid, ids, context=context)
|
||||||
|
|
||||||
def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=100):
|
def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=100):
|
||||||
|
@ -495,15 +495,12 @@ class res_users(osv.osv):
|
||||||
if not passwd:
|
if not passwd:
|
||||||
# empty passwords disallowed for obvious security reasons
|
# empty passwords disallowed for obvious security reasons
|
||||||
raise openerp.exceptions.AccessDenied()
|
raise openerp.exceptions.AccessDenied()
|
||||||
if self._uid_cache.get(db, {}).get(uid) == passwd:
|
if self.__uid_cache.setdefault(db, {}).get(uid) == passwd:
|
||||||
return
|
return
|
||||||
cr = self.pool.cursor()
|
cr = self.pool.cursor()
|
||||||
try:
|
try:
|
||||||
self.check_credentials(cr, uid, passwd)
|
self.check_credentials(cr, uid, passwd)
|
||||||
if self._uid_cache.has_key(db):
|
self.__uid_cache[db][uid] = passwd
|
||||||
self._uid_cache[db][uid] = passwd
|
|
||||||
else:
|
|
||||||
self._uid_cache[db] = {uid:passwd}
|
|
||||||
finally:
|
finally:
|
||||||
cr.close()
|
cr.close()
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue