密码策略模块测试

password_security/controllers/main.py

@@ -0,0 +1,86 @@
+# Copyright 2015 LasLabs Inc.
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
+
+import operator
+
+from odoo import http
+from odoo.exceptions import UserError
+from odoo.http import request
+
+from odoo.addons.auth_signup.controllers.main import AuthSignupHome
+from odoo.addons.web.controllers.main import Session, ensure_db
+
+
+class PasswordSecuritySession(Session):
+    @http.route()
+    def change_password(self, fields):
+        new_password = operator.itemgetter("new_password")(
+            dict(list(map(operator.itemgetter("name", "value"), fields)))
+        )
+        user_id = request.env.user
+        user_id._check_password(new_password)
+        return super(PasswordSecuritySession, self).change_password(fields)
+
+
+class PasswordSecurityHome(AuthSignupHome):
+    def do_signup(self, qcontext):
+        password = qcontext.get("password")
+        user_id = request.env.user
+        user_id._check_password(password)
+        return super(PasswordSecurityHome, self).do_signup(qcontext)
+
+    @http.route("/password_security/estimate", auth="none", type="json")
+    def estimate(self, password):
+        return request.env["res.users"].get_estimation(password)
+
+    @http.route()
+    def web_login(self, *args, **kw):
+        ensure_db()
+        response = super(PasswordSecurityHome, self).web_login(*args, **kw)
+        if not request.params.get("login_success"):
+            return response
+        # Now, I'm an authenticated user
+        if not request.env.user._password_has_expired():
+            return response
+        # My password is expired, kick me out
+        request.env.user.action_expire_password()
+        request.session.logout(keep_db=True)
+        # I was kicked out, so set login_success in request params to False
+        request.params["login_success"] = False
+        redirect = request.env.user.partner_id.signup_url
+        return request.redirect(redirect)
+
+    @http.route()
+    def web_auth_signup(self, *args, **kw):
+        try:
+            return super(PasswordSecurityHome, self).web_auth_signup(*args, **kw)
+        except UserError as e:
+            qcontext = self.get_auth_signup_qcontext()
+            qcontext["error"] = str(e)
+            return request.render("auth_signup.signup", qcontext)
+
+    @http.route()
+    def web_auth_reset_password(self, *args, **kw):
+        """It provides hook to disallow front-facing resets inside of min
+        Unfortuantely had to reimplement some core logic here because of
+        nested logic in parent
+        """
+        qcontext = self.get_auth_signup_qcontext()
+        if (
+            request.httprequest.method == "POST"
+            and qcontext.get("login")
+            and "error" not in qcontext
+            and "token" not in qcontext
+        ):
+            login = qcontext.get("login")
+            user_ids = request.env.sudo().search(
+                [("login", "=", login)],
+                limit=1,
+            )
+            if not user_ids:
+                user_ids = request.env.sudo().search(
+                    [("email", "=", login)],
+                    limit=1,
+                )
+            user_ids._validate_pass_reset()
+        return super(PasswordSecurityHome, self).web_auth_reset_password(*args, **kw)