|
|
@ -17,7 +17,6 @@ |
|
|
|
# If not, see <http://www.gnu.org/licenses/>. |
|
|
|
# |
|
|
|
############################################################################## |
|
|
|
from odoo.addons.web.controllers import utils |
|
|
|
from odoo.addons.web.controllers import home |
|
|
|
from odoo.http import request |
|
|
|
from odoo.exceptions import Warning |
|
|
@ -25,19 +24,33 @@ import odoo |
|
|
|
import odoo.modules.registry |
|
|
|
from odoo.tools.translate import _ |
|
|
|
from odoo import http |
|
|
|
from odoo.addons.web.controllers.utils import ensure_db, _get_login_redirect_url, is_user_internal |
|
|
|
|
|
|
|
SIGN_UP_REQUEST_PARAMS = {'db', 'login', 'debug', 'token', 'message', 'error', 'scope', 'mode', |
|
|
|
'redirect', 'redirect_hostname', 'email', 'name', 'partner_id', |
|
|
|
'password', 'confirm_password', 'city', 'country_id', 'lang', 'signup_email'} |
|
|
|
|
|
|
|
|
|
|
|
class Home(home.Home): |
|
|
|
|
|
|
|
@http.route('/web/login', type='http', auth="public") |
|
|
|
@http.route('/web/login', type='http', auth="none") |
|
|
|
def web_login(self, redirect=None, **kw): |
|
|
|
utils.ensure_db() |
|
|
|
ensure_db() |
|
|
|
request.params['login_success'] = False |
|
|
|
if request.httprequest.method == 'GET' and redirect and request.session.uid: |
|
|
|
return request.redirect(redirect) |
|
|
|
if not request.uid: |
|
|
|
request.uid = odoo.SUPERUSER_ID |
|
|
|
values = request.params.copy() |
|
|
|
|
|
|
|
# simulate hybrid auth=user/auth=public, despite using auth=none to be able |
|
|
|
# to redirect users when no db is selected - cfr ensure_db() |
|
|
|
if request.env.uid is None: |
|
|
|
if request.session.uid is None: |
|
|
|
# no user -> auth=public with specific website public user |
|
|
|
request.env["ir.http"]._auth_method_public() |
|
|
|
else: |
|
|
|
# auth=user |
|
|
|
request.update_env(user=request.session.uid) |
|
|
|
|
|
|
|
values = {k: v for k, v in request.params.items() if k in SIGN_UP_REQUEST_PARAMS} |
|
|
|
try: |
|
|
|
values['databases'] = http.db_list() |
|
|
|
except odoo.exceptions.AccessDenied: |
|
|
@ -81,4 +94,17 @@ class Home(home.Home): |
|
|
|
request.update_env = old_uid |
|
|
|
if e.args == odoo.exceptions.AccessDenied().args: |
|
|
|
values['error'] = _("Wrong login/password") |
|
|
|
return request.render('web.login', values) |
|
|
|
else: |
|
|
|
if 'error' in request.params and request.params.get('error') == 'access': |
|
|
|
values['error'] = _('Only employees can access this database. Please contact the administrator.') |
|
|
|
|
|
|
|
if 'login' not in values and request.session.get('auth_login'): |
|
|
|
values['login'] = request.session.get('auth_login') |
|
|
|
|
|
|
|
if not odoo.tools.config['list_db']: |
|
|
|
values['disable_database_manager'] = True |
|
|
|
|
|
|
|
response = request.render('web.login', values) |
|
|
|
response.headers['X-Frame-Options'] = 'SAMEORIGIN' |
|
|
|
response.headers['Content-Security-Policy'] = "frame-ancestors 'self'" |
|
|
|
return response |
|
|
|