修复密码错误bug
This commit is contained in:
gqh
@@ -35,85 +35,43 @@ from odoo import http
|
||||
|
||||
class Home(home.Home):
|
||||
|
||||
@http.route('/web/login', type='http', auth="public")
|
||||
@http.route('/web/login', type='http', auth="none")
|
||||
def web_login(self, redirect=None, **kw):
|
||||
home.ensure_db()
|
||||
request.params['login_success'] = False
|
||||
if request.httprequest.method == 'GET' and redirect and request.session.uid:
|
||||
return request.redirect(redirect)
|
||||
|
||||
# so it is correct if overloaded with auth="public"
|
||||
if not request.uid:
|
||||
request.uid = odoo.SUPERUSER_ID
|
||||
request.update_env(user=odoo.SUPERUSER_ID)
|
||||
|
||||
# values = {k: v for k, v in request.params.items() if k in SIGN_UP_REQUEST_PARAMS}
|
||||
values = request.params.copy()
|
||||
try:
|
||||
values['databases'] = http.db_list()
|
||||
except odoo.exceptions.AccessDenied:
|
||||
values['databases'] = None
|
||||
|
||||
if request.httprequest.method == 'POST':
|
||||
old_uid = request.uid
|
||||
uid = request.session.authenticate(request.session.db,
|
||||
request.params['login'],
|
||||
request.params['password'])
|
||||
if uid is not False:
|
||||
# user_rec = request.env['res.users'].sudo().search(
|
||||
# [('id', '=', uid)])
|
||||
# if user_rec.partner_id.email and user_rec.has_group(
|
||||
# 'user_login_alert.receive_login_notification'):
|
||||
# send_mail = 0
|
||||
# agent = request.httprequest.environ.get('HTTP_USER_AGENT')
|
||||
# agent_details = httpagentparser.detect(agent)
|
||||
# user_os = agent_details['os']['name']
|
||||
# browser_name = agent_details['browser']['name']
|
||||
# ip_address = request.httprequest.environ['REMOTE_ADDR']
|
||||
# if user_rec.last_logged_ip and user_rec.last_logged_browser and user_rec.last_logged_os:
|
||||
# if user_rec.last_logged_ip != ip_address or user_rec.last_logged_browser != browser_name or user_rec.last_logged_os != user_os:
|
||||
# send_mail = 1
|
||||
# user_rec.last_logged_ip = ip_address
|
||||
# user_rec.last_logged_browser = browser_name
|
||||
# user_rec.last_logged_os = user_os
|
||||
# else:
|
||||
# send_mail = 0
|
||||
# else:
|
||||
# send_mail = 1
|
||||
# user_rec.last_logged_ip = ip_address
|
||||
# user_rec.last_logged_browser = browser_name
|
||||
# user_rec.last_logged_os = user_os
|
||||
# if send_mail == 1:
|
||||
# email_to = user_rec.partner_id.email
|
||||
# current_date_time = strftime("%Y-%m-%d %H:%M:%S",
|
||||
# gmtime())
|
||||
# message_body = 'Hi ' + user_rec.name + ' , Your account has been ' \
|
||||
# 'accessed successfully. The details of the ' \
|
||||
# 'system from which the account is accessed ...,'
|
||||
# message_body += '<table border="1" width="100%" cellpadding="0" bgcolor="#ededed">'
|
||||
# message_body += '<tr><td>' + 'OS' + '</td>' \
|
||||
# '<td>' + user_os + '</td>' \
|
||||
# '</tr>' \
|
||||
# '<tr><td>' + 'Browser' + '</td>' \
|
||||
# '<td>' + browser_name + '</td>' \
|
||||
# '</tr>' \
|
||||
# '<tr><td>' + 'IP Address' + '</td>' \
|
||||
# '<td>' + ip_address + '</td>' \
|
||||
# '</tr>'
|
||||
# message_body += '</table>'
|
||||
# message_body += 'Thank you'
|
||||
# template_obj = request.env['mail.mail']
|
||||
# template_data = {
|
||||
# 'subject': 'Login Alert : ' + current_date_time,
|
||||
# 'body_html': message_body,
|
||||
# 'email_from': request.env.user.company_id.email,
|
||||
# 'email_to': email_to
|
||||
# }
|
||||
# template_id = template_obj.create(template_data)
|
||||
# template_obj.send(template_id)
|
||||
try:
|
||||
uid = request.session.authenticate(request.db, request.params['login'], request.params['password'])
|
||||
request.params['login_success'] = True
|
||||
if not redirect:
|
||||
redirect = '/web'
|
||||
return request.redirect(
|
||||
self._login_redirect(uid, redirect=redirect))
|
||||
request.uid = old_uid
|
||||
values['error'] = _("Wrong login/password")
|
||||
return request.redirect(self._login_redirect(uid, redirect=redirect))
|
||||
except odoo.exceptions.AccessDenied as e:
|
||||
if e.args == odoo.exceptions.AccessDenied().args:
|
||||
values['error'] = _("密码输入错误")
|
||||
else:
|
||||
values['error'] = e.args[0]
|
||||
else:
|
||||
if 'error' in request.params and request.params.get('error') == 'access':
|
||||
values['error'] = _('Only employees can access this database. Please contact the administrator.')
|
||||
|
||||
if 'login' not in values and request.session.get('auth_login'):
|
||||
values['login'] = request.session.get('auth_login')
|
||||
|
||||
if not odoo.tools.config['list_db']:
|
||||
values['disable_database_manager'] = True
|
||||
|
||||
# get confi login set
|
||||
param_obj = request.env['ir.config_parameter'].sudo()
|
||||
@@ -145,5 +103,7 @@ class Home(home.Home):
|
||||
else:
|
||||
response = request.render('yizuo_login_background_and_styles.middle_login_template', values)
|
||||
|
||||
response.headers['X-Frame-Options'] = 'DENY'
|
||||
response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
||||
response.headers['Content-Security-Policy'] = "frame-ancestors 'self'"
|
||||
assert isinstance(response, object)
|
||||
return response
|
||||
|
||||
Reference in New Issue
Block a user