[FIX] Bug fixed incorrect password 'access_restriction_by_ip'

6 years ago · 8dd675af6a
3 changed files with 36 additions and 20 deletions
--- a/access_restriction_by_ip/manifest.py
+++ b/access_restriction_by_ip/manifest.py
@ -19,7 +19,7 @@
 {
    'name': 'Access Restriction By IP',
    'summary': """User Can Access His Account Only From Specified IP Address""",
-    'version': '13.0.1.0.0',
+    'version': '13.0.1.0.1',
    'description': """User Can Access His Account Only From Specified IP Address""",
    'author': 'Cybrosys Techno Solutions',
    'company': 'Cybrosys Techno Solutions',
--- a/access_restriction_by_ip/controllers/main.py
+++ b/access_restriction_by_ip/controllers/main.py
@ -47,32 +47,43 @@ class Home(main.Home):
            old_uid = request.uid
            ip_address = request.httprequest.environ['REMOTE_ADDR']
            if request.params['login']:
-                user_rec = request.env['res.users'].sudo().search([('login', '=', request.params['login'])])
+                user_rec = request.env['res.users'].sudo().search(
+                    [('login', '=', request.params['login'])])
                if user_rec.allowed_ips:
                    ip_list = []
                    for rec in user_rec.allowed_ips:
                        ip_list.append(rec.ip_address)
                    if ip_address in ip_list:
-                        uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password'])
-                        if uid is not False:
-                                request.params['login_success'] = True
-                                if not redirect:
-                                    redirect = '/web'
-                                return http.redirect_with_hash(redirect)
+                        try:
+                            uid = request.session.authenticate(
+                                request.session.db,
+                                request.params[
+                                    'login'],
+                                request.params[
+                                    'password'])
+                            request.params['login_success'] = True
+                            return http.redirect_with_hash(
+                                self._login_redirect(uid, redirect=redirect))
+                        except odoo.exceptions.AccessDenied as e:
+                            request.uid = old_uid
+                            if e.args == odoo.exceptions.AccessDenied().args:
+                                values['error'] = _("Wrong login/password")
+                    else:
                        request.uid = old_uid
-                        values['error'] = _("Wrong login/password")
-                    request.uid = old_uid
-                    values['error'] = _("Not allowed to login from this IP")
+                        values['error'] = _("Not allowed to login from this IP")
                else:
-                    uid = request.session.authenticate(request.session.db, request.params['login'],
-                                                       request.params['password'])
-                    if uid is not False:
+                    try:
+                        uid = request.session.authenticate(request.session.db,
+                                                           request.params[
+                                                               'login'],
+                                                           request.params[
+                                                               'password'])
                        request.params['login_success'] = True
-                        if not redirect:
-                            redirect = '/web'
-                        return http.redirect_with_hash(redirect)
-                    request.uid = old_uid
-                    values['error'] = _("Wrong login/password")
-
+                        return http.redirect_with_hash(
+                            self._login_redirect(uid, redirect=redirect))
+                    except odoo.exceptions.AccessDenied as e:
+                        request.uid = old_uid
+                        if e.args == odoo.exceptions.AccessDenied().args:
+                            values['error'] = _("Wrong login/password")

        return request.render('web.login', values)
--- a/access_restriction_by_ip/doc/RELEASE_NOTES.md
+++ b/access_restriction_by_ip/doc/RELEASE_NOTES.md
@ -3,3 +3,8 @@
 #### 02.08.2019
 #### Version 13.0.1.0.0
 #### ADD Initial Commit for access_restriction_by_ip
+
+#### 02.08.2019
+#### Version 13.0.1.0.1
+#### FIX 
+#### Bug Fixed