Changed as per the recommandation of Sir Odo

2014-06-18 14:31:16 +02:00 · 2014-06-18 14:31:16 +02:00 · 624f256f61
parent 9b0d8c0503
commit 624f256f61
2 changed files with 28 additions and 18 deletions
--- a/openerp/addons/base/ir/ir_http.py
+++ b/openerp/addons/base/ir/ir_http.py
@ -71,17 +71,23 @@ class ir_http(osv.AbstractModel):
            request.uid = request.session.uid

    def _authenticate(self, auth_method='user'):
-        if request.session.uid:
-            try:
-                request.session.check_security()
-                # what if error in security.check()
-                #   -> res_users.check()
-                #   -> res_users.check_credentials()
-            except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException):
-                # All other exceptions mean undetermined status (e.g. connection pool full),
-                # let them bubble up
-                request.session.logout()
-        getattr(self, "_auth_method_%s" % auth_method)()
+        try:
+            if request.session.uid:
+                try:
+                    request.session.check_security()
+                    # what if error in security.check()
+                    #   -> res_users.check()
+                    #   -> res_users.check_credentials()
+                except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException):
+                    # All other exceptions mean undetermined status (e.g. connection pool full),
+                    # let them bubble up
+                    request.session.logout()
+            getattr(self, "_auth_method_%s" % auth_method)()
+        except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException):
+            raise
+        except Exception:
+            _logger.exception("Exception during request Authentication.")
+            raise openerp.exceptions.AccessDenied()
        return auth_method

    def _handle_exception(self, exception):
@ -99,11 +105,6 @@ class ir_http(osv.AbstractModel):
        try:
            auth_method = self._authenticate(func.routing["auth"])
        except Exception, e:
-            # Json requests have their own exception handler
-            # therefore we should not alter their exception's type
-            if func.routing.get('type') != 'json':
-                # for the rest, convert to a Forbidden exception keeping the original traceback
-                e = convert_exception_to(werkzeug.exceptions.Forbidden)
            return self._handle_exception(e)

        processing = self._postprocess_args(arguments)
--- a/openerp/http.py
+++ b/openerp/http.py
@ -208,8 +208,6 @@ class WebRequest(object):
           to abitrary responses. Anything returned (except None) will
           be used as response.""" 
        self._failed = exception # prevent tx commit
-        if isinstance(exception, werkzeug.exceptions.HTTPException):
-            return exception
        raise

    def _call_function(self, *args, **kwargs):
@ -456,6 +454,17 @@ class HttpRequest(WebRequest):
        params.pop('session_id', None)
        self.params = params

+    def _handle_exception(self, exception):
+        """Called within an except block to allow converting exceptions
+           to abitrary responses. Anything returned (except None) will
+           be used as response."""
+        try:
+            return super(HttpRequest, self)._handle_exception(exception)
+        except Exception, e:
+            if isinstance(e, werkzeug.exceptions.HTTPException):
+                return e
+            raise
+
    def dispatch(self):
        # TODO: refactor this correctly. This is a quick fix for pos demo.
        if request.httprequest.method == 'OPTIONS' and request.func and request.func.routing.get('cors'):