[FIX] base, auth_openid: wrong implementation of API by auth_openid
Authentication modules are supposed to override res_users.check_credentials() in order to plug in their own mechanism, without actually modifying the behavior of res_users.check(), res_users.authenticate() or res_users._login(). auth_openid was incorrectly overriding check() instead of check_credentials(), and unnecessarily accessing private attributes of res_users. Fixing the implementation of auth_openid to follow the API means we can completely make those attributes private.
This commit is contained in:
parent
d2d81ca9d8
commit
77868ec4f9
|
@ -73,22 +73,18 @@ class res_users(osv.osv):
|
||||||
cr.commit()
|
cr.commit()
|
||||||
return res[0] if res else False
|
return res[0] if res else False
|
||||||
|
|
||||||
def check(self, db, uid, passwd):
|
def check_credentials(self, cr, uid, password):
|
||||||
try:
|
try:
|
||||||
return super(res_users, self).check(db, uid, passwd)
|
return super(res_users, self).check_credentials(cr, uid, password)
|
||||||
except openerp.exceptions.AccessDenied:
|
except openerp.exceptions.AccessDenied:
|
||||||
if not passwd:
|
cr.execute('''SELECT COUNT(1)
|
||||||
|
FROM res_users
|
||||||
|
WHERE id=%s
|
||||||
|
AND openid_key=%s
|
||||||
|
AND active=%s''',
|
||||||
|
(int(uid), passwd, True))
|
||||||
|
if not cr.fetchone()[0]:
|
||||||
raise
|
raise
|
||||||
with RegistryManager.get(db).cursor() as cr:
|
|
||||||
cr.execute('''SELECT COUNT(1)
|
|
||||||
FROM res_users
|
|
||||||
WHERE id=%s
|
|
||||||
AND openid_key=%s
|
|
||||||
AND active=%s''',
|
|
||||||
(int(uid), passwd, True))
|
|
||||||
if not cr.fetchone()[0]:
|
|
||||||
raise
|
|
||||||
self._uid_cache.setdefault(db, {})[uid] = passwd
|
|
||||||
|
|
||||||
res_users()
|
res_users()
|
||||||
|
|
||||||
|
|
|
@ -136,7 +136,7 @@ class res_users(osv.osv):
|
||||||
avatar, ... The user model is now dedicated to technical data.
|
avatar, ... The user model is now dedicated to technical data.
|
||||||
"""
|
"""
|
||||||
__admin_ids = {}
|
__admin_ids = {}
|
||||||
_uid_cache = {}
|
__uid_cache = {}
|
||||||
_inherits = {
|
_inherits = {
|
||||||
'res.partner': 'partner_id',
|
'res.partner': 'partner_id',
|
||||||
}
|
}
|
||||||
|
@ -336,10 +336,10 @@ class res_users(osv.osv):
|
||||||
clear = partial(self.pool.get('ir.rule').clear_cache, cr)
|
clear = partial(self.pool.get('ir.rule').clear_cache, cr)
|
||||||
map(clear, ids)
|
map(clear, ids)
|
||||||
db = cr.dbname
|
db = cr.dbname
|
||||||
if db in self._uid_cache:
|
if db in self.__uid_cache:
|
||||||
for id in ids:
|
for id in ids:
|
||||||
if id in self._uid_cache[db]:
|
if id in self.__uid_cache[db]:
|
||||||
del self._uid_cache[db][id]
|
del self.__uid_cache[db][id]
|
||||||
self.context_get.clear_cache(self)
|
self.context_get.clear_cache(self)
|
||||||
return res
|
return res
|
||||||
|
|
||||||
|
@ -347,10 +347,10 @@ class res_users(osv.osv):
|
||||||
if 1 in ids:
|
if 1 in ids:
|
||||||
raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the admin user as it is used internally for resources created by OpenERP (updates, module installation, ...)'))
|
raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the admin user as it is used internally for resources created by OpenERP (updates, module installation, ...)'))
|
||||||
db = cr.dbname
|
db = cr.dbname
|
||||||
if db in self._uid_cache:
|
if db in self.__uid_cache:
|
||||||
for id in ids:
|
for id in ids:
|
||||||
if id in self._uid_cache[db]:
|
if id in self.__uid_cache[db]:
|
||||||
del self._uid_cache[db][id]
|
del self.__uid_cache[db][id]
|
||||||
return super(res_users, self).unlink(cr, uid, ids, context=context)
|
return super(res_users, self).unlink(cr, uid, ids, context=context)
|
||||||
|
|
||||||
def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=100):
|
def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=100):
|
||||||
|
@ -491,15 +491,12 @@ class res_users(osv.osv):
|
||||||
if not passwd:
|
if not passwd:
|
||||||
# empty passwords disallowed for obvious security reasons
|
# empty passwords disallowed for obvious security reasons
|
||||||
raise openerp.exceptions.AccessDenied()
|
raise openerp.exceptions.AccessDenied()
|
||||||
if self._uid_cache.get(db, {}).get(uid) == passwd:
|
if self.__uid_cache.setdefault(db, {}).get(uid) == passwd:
|
||||||
return
|
return
|
||||||
cr = pooler.get_db(db).cursor()
|
cr = pooler.get_db(db).cursor()
|
||||||
try:
|
try:
|
||||||
self.check_credentials(cr, uid, passwd)
|
self.check_credentials(cr, uid, passwd)
|
||||||
if self._uid_cache.has_key(db):
|
self.__uid_cache[db][uid] = passwd
|
||||||
self._uid_cache[db][uid] = passwd
|
|
||||||
else:
|
|
||||||
self._uid_cache[db] = {uid:passwd}
|
|
||||||
finally:
|
finally:
|
||||||
cr.close()
|
cr.close()
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue