############################################################################### # # Cybrosys Technologies Pvt. Ltd. # # Copyright (C) 2024-TODAY Cybrosys Technologies() # Author: Cybrosys Technologies (odoo@cybrosys.com) # # You can modify it under the terms of the GNU LESSER # GENERAL PUBLIC LICENSE (LGPL v3), Version 3. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU LESSER GENERAL PUBLIC LICENSE (LGPL v3) for more details. # # You should have received a copy of the GNU LESSER GENERAL PUBLIC LICENSE # (LGPL v3) along with this program. # If not, see . # ############################################################################### from odoo.addons.web.controllers.home import Home as WebHome from odoo.addons.web.controllers.utils import ensure_db import odoo import odoo.modules.registry from odoo import SUPERUSER_ID from odoo import http from odoo.http import request from odoo.tools.translate import _ # Shared parameters for all login/signup flows SIGN_UP_REQUEST_PARAMS = {'db', 'login', 'debug', 'token', 'message', 'error', 'scope', 'mode', 'redirect', 'redirect_hostname', 'email', 'name', 'partner_id', 'password', 'confirm_password', 'city', 'country_id', 'lang', 'signup_email'} class Home(WebHome): """ This class includes methods related to user authentication and login.""" @http.route('/web/login', type='http', auth="none") def web_login(self, redirect=None, **kw): ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return request.redirect(redirect) # simulate hybrid auth=user/auth=public, despite using auth=none to be able # to redirect users when no db is selected - cfr ensure_db() if request.env.uid is None: if request.session.uid is None: # no user -> auth=public with specific website public user request.env["ir.http"]._auth_method_public() else: # auth=user request.update_env(user=request.session.uid) values = {k: v for k, v in request.params.items() if k in SIGN_UP_REQUEST_PARAMS} try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None if request.httprequest.method == 'POST': old_uid = request.uid try: uid = request.session.authenticate(request.db, request.params['login'], request.params['password']) request.params['login_success'] = True return request.redirect( self._login_redirect(uid, redirect=redirect)) except odoo.exceptions.AccessDenied as e: failed_uid = request.env.uid request.env.uid = old_uid if e.args == odoo.exceptions.AccessDenied().args: values['error'] = _("Wrong login/password") # already logged_in user exception elif e.args[0] == "already_logged_in": values['error'] = "User already logged in. Log out from " \ "other devices and try again." values['logout_all'] = True values['failed_uid'] = failed_uid if ( failed_uid != SUPERUSER_ID) else False else: values['error'] = e.args[0] else: if 'error' in request.params and request.params.get( 'error') == 'access': values['error'] = _( 'Only employees can access this database. Please contact the administrator.') if 'login' not in values and request.session.get('auth_login'): values['login'] = request.session.get('auth_login') if not odoo.tools.config['list_db']: values['disable_database_manager'] = True response = request.render('web.login', values) response.headers['X-Frame-Options'] = 'SAMEORIGIN' response.headers['Content-Security-Policy'] = "frame-ancestors 'self'" return response