[FIX] base, auth_openid: wrong implementation of API by auth_openid
Authentication modules are supposed to override res_users.check_credentials() in order to plug in their own mechanism, without actually modifying the behavior of res_users.check(), res_users.authenticate() or res_users._login(). auth_openid was incorrectly overriding check() instead of check_credentials(), and unnecessarily accessing private attributes of res_users. Fixing the implementation of auth_openid to follow the API means we can completely make those attributes private.
This commit is contained in:
parent
d2d81ca9d8
commit
77868ec4f9
|
@ -73,22 +73,18 @@ class res_users(osv.osv):
|
|||
cr.commit()
|
||||
return res[0] if res else False
|
||||
|
||||
def check(self, db, uid, passwd):
|
||||
def check_credentials(self, cr, uid, password):
|
||||
try:
|
||||
return super(res_users, self).check(db, uid, passwd)
|
||||
return super(res_users, self).check_credentials(cr, uid, password)
|
||||
except openerp.exceptions.AccessDenied:
|
||||
if not passwd:
|
||||
cr.execute('''SELECT COUNT(1)
|
||||
FROM res_users
|
||||
WHERE id=%s
|
||||
AND openid_key=%s
|
||||
AND active=%s''',
|
||||
(int(uid), passwd, True))
|
||||
if not cr.fetchone()[0]:
|
||||
raise
|
||||
with RegistryManager.get(db).cursor() as cr:
|
||||
cr.execute('''SELECT COUNT(1)
|
||||
FROM res_users
|
||||
WHERE id=%s
|
||||
AND openid_key=%s
|
||||
AND active=%s''',
|
||||
(int(uid), passwd, True))
|
||||
if not cr.fetchone()[0]:
|
||||
raise
|
||||
self._uid_cache.setdefault(db, {})[uid] = passwd
|
||||
|
||||
res_users()
|
||||
|
||||
|
|
|
@ -136,7 +136,7 @@ class res_users(osv.osv):
|
|||
avatar, ... The user model is now dedicated to technical data.
|
||||
"""
|
||||
__admin_ids = {}
|
||||
_uid_cache = {}
|
||||
__uid_cache = {}
|
||||
_inherits = {
|
||||
'res.partner': 'partner_id',
|
||||
}
|
||||
|
@ -336,10 +336,10 @@ class res_users(osv.osv):
|
|||
clear = partial(self.pool.get('ir.rule').clear_cache, cr)
|
||||
map(clear, ids)
|
||||
db = cr.dbname
|
||||
if db in self._uid_cache:
|
||||
if db in self.__uid_cache:
|
||||
for id in ids:
|
||||
if id in self._uid_cache[db]:
|
||||
del self._uid_cache[db][id]
|
||||
if id in self.__uid_cache[db]:
|
||||
del self.__uid_cache[db][id]
|
||||
self.context_get.clear_cache(self)
|
||||
return res
|
||||
|
||||
|
@ -347,10 +347,10 @@ class res_users(osv.osv):
|
|||
if 1 in ids:
|
||||
raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the admin user as it is used internally for resources created by OpenERP (updates, module installation, ...)'))
|
||||
db = cr.dbname
|
||||
if db in self._uid_cache:
|
||||
if db in self.__uid_cache:
|
||||
for id in ids:
|
||||
if id in self._uid_cache[db]:
|
||||
del self._uid_cache[db][id]
|
||||
if id in self.__uid_cache[db]:
|
||||
del self.__uid_cache[db][id]
|
||||
return super(res_users, self).unlink(cr, uid, ids, context=context)
|
||||
|
||||
def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=100):
|
||||
|
@ -491,15 +491,12 @@ class res_users(osv.osv):
|
|||
if not passwd:
|
||||
# empty passwords disallowed for obvious security reasons
|
||||
raise openerp.exceptions.AccessDenied()
|
||||
if self._uid_cache.get(db, {}).get(uid) == passwd:
|
||||
if self.__uid_cache.setdefault(db, {}).get(uid) == passwd:
|
||||
return
|
||||
cr = pooler.get_db(db).cursor()
|
||||
try:
|
||||
self.check_credentials(cr, uid, passwd)
|
||||
if self._uid_cache.has_key(db):
|
||||
self._uid_cache[db][uid] = passwd
|
||||
else:
|
||||
self._uid_cache[db] = {uid:passwd}
|
||||
self.__uid_cache[db][uid] = passwd
|
||||
finally:
|
||||
cr.close()
|
||||
|
||||
|
|
Loading…
Reference in New Issue