#
##############################################################################
import logging
+import werkzeug
import openerp
-import openerp.addons.web.controllers.main as webmain
from openerp.addons.auth_signup.res_users import SignupError
from openerp import http
- from openerp.http import request, LazyResponse
+ from openerp.http import request
from openerp.tools.translate import _
-from openerp.tools import exception_to_unicode
_logger = logging.getLogger(__name__)
@http.route()
def web_login(self, *args, **kw):
- mode = request.params.get('mode')
+ response = super(AuthSignupHome, self).web_login(*args, **kw)
- if isinstance(response, LazyResponse):
- response.params['values'].update(self.get_auth_signup_config())
++ response.qcontext.update(self.get_auth_signup_config())
+ return response
+
+ @http.route('/web/signup', type='http', auth='public', website=True, multilang=True)
+ def web_auth_signup(self, *args, **kw):
+ qcontext = self.get_auth_signup_qcontext()
+
+ if not qcontext.get('token') and not qcontext.get('signup_enabled'):
+ raise werkzeug.exceptions.NotFound()
+
+ if 'error' not in qcontext and request.httprequest.method == 'POST':
+ try:
+ self.do_signup(qcontext)
+ return super(AuthSignupHome, self).web_login(*args, **kw)
+ except (SignupError, AssertionError), e:
+ qcontext['error'] = _(e.message)
+
- def callback(template, values):
- return request.registry['ir.ui.view'].render(request.cr, request.uid, template, values)
- return LazyResponse(callback, template='auth_signup.signup', values=qcontext)
++ return request.render('auth_signup.signup', qcontext)
+
+ @http.route('/web/reset_password', type='http', auth='public', website=True, multilang=True)
+ def web_auth_reset_password(self, *args, **kw):
+ qcontext = self.get_auth_signup_qcontext()
+
+ if not qcontext.get('token') and not qcontext.get('reset_password_enabled'):
+ raise werkzeug.exceptions.NotFound()
+
+ if 'error' not in qcontext and request.httprequest.method == 'POST':
+ try:
+ if qcontext.get('token'):
+ self.do_signup(qcontext)
+ return super(AuthSignupHome, self).web_login(*args, **kw)
+ else:
+ login = qcontext.get('login')
+ assert login, "No login provided."
+ res_users = request.registry.get('res.users')
+ res_users.reset_password(request.cr, openerp.SUPERUSER_ID, login)
+ qcontext['message'] = _("An email has been sent with credentials to reset your password")
+ except AssertionError, e:
+ qcontext['error'] = _(e.message)
+ except SignupError:
+ qcontext['error'] = _("Could not reset your password")
+ _logger.exception('error when resetting password')
+
- def callback(template, values):
- return request.registry['ir.ui.view'].render(request.cr, request.uid, template, values)
- return LazyResponse(callback, template='auth_signup.reset_password', values=qcontext)
++ return request.render('auth_signup.reset_password', qcontext)
+
+ def get_auth_signup_config(self):
+ """retrieve the module config (which features are enabled) for the login page"""
+
+ icp = request.registry.get('ir.config_parameter')
+ return {
+ 'signup_enabled': icp.get_param(request.cr, openerp.SUPERUSER_ID, 'auth_signup.allow_uninvited') == 'True',
+ 'reset_password_enabled': icp.get_param(request.cr, openerp.SUPERUSER_ID, 'auth_signup.reset_password') == 'True',
+ }
+
+ def get_auth_signup_qcontext(self):
+ """ Shared helper returning the rendering context for signup and reset password """
qcontext = request.params.copy()
- super_response = None
- if request.httprequest.method != 'POST' or mode not in ('reset', 'signup'):
- # Default behavior is to try to login, which in reset or signup mode in a non-sense.
- super_response = super(AuthSignup, self).web_login(*args, **kw)
- response = webmain.render_bootstrap_template('auth_signup.signup', qcontext)
- if super_response.is_qweb:
- response.qcontext.update(super_response.qcontext)
- token = qcontext.get('token', None)
- token_infos = None
- if token:
+ qcontext.update(self.get_auth_signup_config())
+ if qcontext.get('token'):
try:
# retrieve the user info (name, login or email) corresponding to a signup token
res_partner = request.registry.get('res.partner')
qcontext.setdefault(k, v)
except:
qcontext['error'] = _("Invalid signup token")
- response.params['template'] = 'web.login'
- return response
-
- # retrieve the module config (which features are enabled) for the login page
- icp = request.registry.get('ir.config_parameter')
- config = {
- 'signup': icp.get_param(request.cr, openerp.SUPERUSER_ID, 'auth_signup.allow_uninvited') == 'True',
- 'reset': icp.get_param(request.cr, openerp.SUPERUSER_ID, 'auth_signup.reset_password') == 'True',
- }
- qcontext.update(config)
-
- if 'error' in request.params or mode not in ('reset', 'signup') or (not token and not config[mode]):
- if super_response.is_qweb:
- super_response.qcontext.update(config)
- return super_response
-
- if request.httprequest.method == 'GET':
- if token_infos:
- qcontext.update(token_infos)
- else:
- res_users = request.registry.get('res.users')
- login = request.params.get('login')
- if mode == 'reset' and not token:
- try:
- res_users.reset_password(request.cr, openerp.SUPERUSER_ID, login)
- qcontext['message'] = _("An email has been sent with credentials to reset your password")
- response.params['template'] = 'web.login'
- except Exception, e:
- qcontext['error'] = exception_to_unicode(e) or _("Could not reset your password")
- _logger.exception('error when resetting password')
- else:
- values = dict((key, qcontext.get(key)) for key in ('login', 'name', 'password'))
- try:
- self._signup_with_values(token, values)
- redirect = request.params.get('redirect')
- if not redirect:
- redirect = '/web?' + request.httprequest.query_string
- return http.redirect_with_hash(redirect)
- except SignupError, e:
- qcontext['error'] = exception_to_unicode(e)
+ return qcontext
- return response
+ def do_signup(self, qcontext):
+ """ Shared helper that creates a res.partner out of a token """
+ values = dict((key, qcontext.get(key)) for key in ('login', 'name', 'password'))
+ assert any([k for k in values.values()]), "The form was not properly filled in."
+ assert values.get('password') == qcontext.get('confirm_password'), "Passwords do not match; please retype them."
+ self._signup_with_values(qcontext.get('token'), values)
+ request.cr.commit()
def _signup_with_values(self, token, values):
- request.registry['res.users'].signup(request.cr, openerp.SUPERUSER_ID, values, token)
+ db, login, password = request.registry['res.users'].signup(request.cr, openerp.SUPERUSER_ID, values, token)
+ request.cr.commit() # as authenticate will use its own cursor we need to commit the current transaction
+ uid = request.session.authenticate(db, login, password)
+ if not uid:
+ raise SignupError(_('Authentification Failed.'))
-
# vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
@http.route(website=True, auth="public", multilang=True)
def web_login(self, *args, **kw):
- response = super(Website, self).web_login(*args, **kw)
- response.qcontext['disable_footer'] = True
- return response
++ # TODO: can't we just put auth=public, ... in web client ?
+ return super(Website, self).web_login(*args, **kw)
@http.route('/page/<page:page>', type='http', auth="public", website=True, multilang=True)
def page(self, page, **opt):
#------------------------------------------------------
# Server actions
#------------------------------------------------------
- @http.route(['/website/action/<id_or_xml_id>'], type='http', auth="public", website=True)
- def actions_server(self, id_or_xml_id, **post):
-
+ @http.route('/website/action/<path_or_xml_id_or_id>', type='http', auth="public", website=True)
+ def actions_server(self, path_or_xml_id_or_id, **post):
cr, uid, context = request.cr, request.uid, request.context
res, action_id, action = None, None, None
ServerActions = request.registry['ir.actions.server']