Mar 28 : [UPDT] Updated 'access_restriction_by_ip'

1 month ago · 8c666cd647
6 changed files with 47 additions and 8 deletions
--- a/access_restriction_by_ip/manifest.py
+++ b/access_restriction_by_ip/manifest.py
@ -18,7 +18,7 @@
 {
    'name': 'Access Restriction By IP',
    'summary': """User Can Access His Account Only From Specified IP Address""",
-    'version': '16.0.1.0.0',
+    'version': '16.0.1.0.1',
    'description': """User Can Access His Account Only From Specified IP Address""",
    'live_test_url': 'https://youtu.be/nn6dAL6eKPc',
    'author': 'Cybrosys Techno Solutions',
--- a/access_restriction_by_ip/controllers/init.py
+++ b/access_restriction_by_ip/controllers/init.py
@ -17,4 +17,4 @@
 #
 ##############################################################################
 from . import main
-
+from . import session
--- a/access_restriction_by_ip/controllers/main.py
+++ b/access_restriction_by_ip/controllers/main.py
@ -39,7 +39,6 @@ class Home(home.Home):
        request.params['login_success'] = False
        if request.httprequest.method == 'GET' and redirect and request.session.uid:
            return request.redirect(redirect)
        # simulate hybrid auth=user/auth=public, despite using auth=none to be able
        # to redirect users when no db is selected - cfr ensure_db()
        if request.env.uid is None:
@ -49,7 +48,6 @@ class Home(home.Home):
            else:
                # auth=user
                request.update_env(user=request.session.uid)
        values = {k: v for k, v in request.params.items() if k in SIGN_UP_REQUEST_PARAMS}
        try:
            values['databases'] = http.db_list()
@ -103,7 +101,6 @@ class Home(home.Home):
        if not odoo.tools.config['list_db']:
            values['disable_database_manager'] = True
        response = request.render('web.login', values)
        response.headers['X-Frame-Options'] = 'SAMEORIGIN'
        response.headers['Content-Security-Policy'] = "frame-ancestors 'self'"
--- a/access_restriction_by_ip/controllers/session.py
+++ b/access_restriction_by_ip/controllers/session.py
@ -0,0 +1,39 @@
 # -*- coding: utf-8 -*-
 import odoo
 from odoo.addons.web.controllers.session import Session
 from odoo import http
 from odoo.exceptions import AccessError
 from odoo.http import request
 class AccessRestrict(Session):
    @http.route()
    def authenticate(self, db, login, password, base_location=None):
        if not http.db_filter([db]):
            raise AccessError("Database not found.")
        pre_uid = request.session.authenticate(db, login, password)
        ip_address = request.httprequest.environ['REMOTE_ADDR']
        user = request.env['res.users'].sudo().browse(pre_uid).exists()
        if user and user.allowed_ips:
            ip_list = set(user.allowed_ips.mapped('ip_address'))
            if ip_address not in ip_list:
                raise AccessError("Not allowed to login from this IP")
        if pre_uid != request.session.uid:
            # Crapy workaround for unupdatable Odoo Mobile App iOS (Thanks Apple :@) and Android
            # Correct behavior should be to raise AccessError("Renewing an expired session for user that has multi-factor-authentication is not supported. Please use /web/login instead.")
            return {'uid': None}
        request.session.db = db
        registry = odoo.modules.registry.Registry(db)
        with registry.cursor() as cr:
            env = odoo.api.Environment(cr, request.session.uid, request.session.context)
            if not request.db:
                # request._save_session would not update the session_token
                # as it lacks an environment, rotating the session myself
                http.root.session_store.rotate(request.session, env)
                request.future_response.set_cookie(
                    'session_id', request.session.sid,
                    max_age=http.SESSION_LIFETIME, httponly=True
                )
            return env['ir.http'].session_info()
--- a/access_restriction_by_ip/doc/RELEASE_NOTES.md
+++ b/access_restriction_by_ip/doc/RELEASE_NOTES.md
@ -1,12 +1,14 @@
 ## Module <access_restriction_by_ip>
 #### 12.12.2021
-#### Version 15.0.1.0.0
+#### Version 16.0.1.0.0
 #### ADD Initial Commit for access_restriction_by_ip
 #### 12.09.2023
 #### Version 16.0.1.0.0
 #### Bug fixing related to addon's updates
-
+#### 25.03.2025
-
+#### Version 16.0.1.0.1
 #### Bug fixing related to addon's updates
 - The latest module included ip restriction when instance accessed through the mobile app.
--- a/access_restriction_by_ip/models/allowed_ips.py
+++ b/access_restriction_by_ip/models/allowed_ips.py
@ -27,6 +27,7 @@ class ResUsersInherit(models.Model):
 class AllowedIPs(models.Model):
    """Model to store the allowed ip of the users"""
    _name = 'allowed.ips'
    users_ip = fields.Many2one('res.users', string='IP')