From 6c25b2df25af60ddaebf3d6eae831b7eef7e7f09 Mon Sep 17 00:00:00 2001 From: Denis Ledoux Date: Fri, 9 Aug 2013 16:55:06 +0200 Subject: [PATCH] [FIX]auth_oauth: auth_oauth handle oauth error 3, auth_oauth_signup raise accessdenied instead of signuperror, auth_signup use literal_eval instead of safe_eval bzr revid: dle@openerp.com-20130809145506-agzyvk8m1pr858jf --- addons/auth_oauth/static/src/js/auth_oauth.js | 8 ++++++-- addons/auth_oauth_signup/res_users.py | 9 ++++++--- addons/auth_signup/res_users.py | 6 +++--- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/addons/auth_oauth/static/src/js/auth_oauth.js b/addons/auth_oauth/static/src/js/auth_oauth.js index 131ae5c1c42..5046469a5dc 100644 --- a/addons/auth_oauth/static/src/js/auth_oauth.js +++ b/addons/auth_oauth/static/src/js/auth_oauth.js @@ -1,4 +1,6 @@ openerp.auth_oauth = function(instance) { + var _t = instance.web._t, + _lt = instance.web._lt; var QWeb = instance.web.qweb; instance.web.Login.include({ @@ -9,9 +11,11 @@ openerp.auth_oauth = function(instance) { this.$el.on('click', 'a.zocial', this.on_oauth_sign_in); this.oauth_providers = []; if(this.params.oauth_error === 1) { - this.do_warn("Sign up error.","Sign up is not allowed on this database."); + this.do_warn(_t("Sign up error"),_t("Sign up is not allowed on this database."), true); } else if(this.params.oauth_error === 2) { - this.do_warn("Authentication error",""); + this.do_warn(_t("Authentication error"),_t("Access Denied"), true); + } else if(this.params.oauth_error === 3) { + this.do_warn(_t("Authentication error"),_t("You do not have access to this database or your invitation has expired. Please ask for an invitation and be sure to follow the link in your invitation email."), true); } return d.done(this.do_oauth_load).fail(function() { self.do_oauth_load([]); diff --git a/addons/auth_oauth_signup/res_users.py b/addons/auth_oauth_signup/res_users.py index 5eebc02fe04..a06968fa46f 100644 --- a/addons/auth_oauth_signup/res_users.py +++ b/addons/auth_oauth_signup/res_users.py @@ -23,6 +23,7 @@ import logging import simplejson import openerp +from openerp.addons.auth_signup.res_users import SignupError from openerp.osv import osv, fields _logger = logging.getLogger(__name__) @@ -35,7 +36,7 @@ class res_users(osv.Model): try: login = super(res_users, self)._auth_oauth_signin(cr, uid, provider, validation, params, context=context) - except openerp.exceptions.AccessDenied: + except openerp.exceptions.AccessDenied, access_denied_exception: if context and context.get('no_user_creation'): return None state = simplejson.loads(params['state']) @@ -52,6 +53,8 @@ class res_users(osv.Model): 'oauth_access_token': params['access_token'], 'active': True, } - _, login, _ = self.signup(cr, uid, values, token, context=context) - + try: + _, login, _ = self.signup(cr, uid, values, token, context=context) + except SignupError: + raise access_denied_exception return login diff --git a/addons/auth_signup/res_users.py b/addons/auth_signup/res_users.py index 4788092e965..e29d55ba47b 100644 --- a/addons/auth_signup/res_users.py +++ b/addons/auth_signup/res_users.py @@ -25,7 +25,7 @@ from urlparse import urljoin from openerp.osv import osv, fields from openerp.tools.misc import DEFAULT_SERVER_DATETIME_FORMAT -from openerp.tools.safe_eval import safe_eval +from ast import literal_eval from openerp.tools.translate import _ class SignupError(Exception): @@ -214,12 +214,12 @@ class res_users(osv.Model): def _signup_create_user(self, cr, uid, values, context=None): """ create a new user from the template user """ ir_config_parameter = self.pool.get('ir.config_parameter') - template_user_id = safe_eval(ir_config_parameter.get_param(cr, uid, 'auth_signup.template_user_id', 'False')) + template_user_id = literal_eval(ir_config_parameter.get_param(cr, uid, 'auth_signup.template_user_id', 'False')) assert template_user_id and self.exists(cr, uid, template_user_id, context=context), 'Signup: invalid template user' # check that uninvited users may sign up if 'partner_id' not in values: - if not safe_eval(ir_config_parameter.get_param(cr, uid, 'auth_signup.allow_uninvited', 'False')): + if not literal_eval(ir_config_parameter.get_param(cr, uid, 'auth_signup.allow_uninvited', 'False')): raise SignupError('Signup is not allowed for uninvited users') assert values.get('login'), "Signup: no login given for new user"