Cybrosys Technologies
1 month ago
4 changed files with 46 additions and 1 deletions
@ -0,0 +1,37 @@ |
|||
# -*- coding: utf-8 -*- |
|||
|
|||
import odoo |
|||
from odoo.addons.web.controllers.session import Session |
|||
from odoo import http |
|||
from odoo.exceptions import AccessError |
|||
from odoo.http import request |
|||
|
|||
|
|||
class AccessRestrict(Session): |
|||
|
|||
@http.route() |
|||
def authenticate(self, db, login, password, base_location=None): |
|||
if not http.db_filter([db]): |
|||
raise AccessError("Database not found.") |
|||
pre_uid = request.session.authenticate(db, login, password) |
|||
ip_address = request.httprequest.environ['REMOTE_ADDR'] |
|||
user = request.env['res.users'].sudo().browse(pre_uid).exists() |
|||
if user and user.allowed_ip_ids: |
|||
ip_list = set(user.allowed_ip_ids.mapped('ip_address')) |
|||
if ip_address not in ip_list: |
|||
raise AccessError("Not allowed to login from this IP") |
|||
if pre_uid != request.session.uid: |
|||
return {'uid': None} |
|||
request.session.db = db |
|||
registry = odoo.modules.registry.Registry(db) |
|||
with registry.cursor() as cr: |
|||
env = odoo.api.Environment(cr, request.session.uid, request.session.context) |
|||
if not request.db: |
|||
# request._save_session would not update the session_token |
|||
# as it lacks an environment, rotating the session myself |
|||
http.root.session_store.rotate(request.session, env) |
|||
request.future_response.set_cookie( |
|||
'session_id', request.session.sid, |
|||
max_age=http.SESSION_LIFETIME, httponly=True |
|||
) |
|||
return env['ir.http'].session_info() |
|||
Loading…
Reference in new issue