jikimo/test
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复密码错误bug

Browse Source
This commit is contained in:
gqh
2023-01-31 11:30:13 +08:00
parent e0193b81c9
commit 8957fec332
1 changed files with 25 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
yizuo_login_background_and_styles/controllers/main.py
View File

@@ -35,85 +35,43 @@ from odoo import http
class Home(home.Home): class Home(home.Home):
@http.route('/web/login', type='http', auth="public") @http.route('/web/login', type='http', auth="none")
def web_login(self, redirect=None, **kw): def web_login(self, redirect=None, **kw):
home.ensure_db() home.ensure_db()
request.params['login_success'] = False request.params['login_success'] = False
if request.httprequest.method == 'GET' and redirect and request.session.uid: if request.httprequest.method == 'GET' and redirect and request.session.uid:
return request.redirect(redirect) return request.redirect(redirect)
# so it is correct if overloaded with auth="public"
if not request.uid: if not request.uid:
request.uid = odoo.SUPERUSER_ID request.update_env(user=odoo.SUPERUSER_ID)
# values = {k: v for k, v in request.params.items() if k in SIGN_UP_REQUEST_PARAMS}
values = request.params.copy() values = request.params.copy()
try: try:
values['databases'] = http.db_list() values['databases'] = http.db_list()
except odoo.exceptions.AccessDenied: except odoo.exceptions.AccessDenied:
values['databases'] = None values['databases'] = None
if request.httprequest.method == 'POST': if request.httprequest.method == 'POST':
old_uid = request.uid try:
uid = request.session.authenticate(request.session.db, uid = request.session.authenticate(request.db, request.params['login'], request.params['password'])
request.params['login'],
request.params['password'])
if uid is not False:
# user_rec = request.env['res.users'].sudo().search(
# [('id', '=', uid)])
# if user_rec.partner_id.email and user_rec.has_group(
# 'user_login_alert.receive_login_notification'):
# send_mail = 0
# agent = request.httprequest.environ.get('HTTP_USER_AGENT')
# agent_details = httpagentparser.detect(agent)
# user_os = agent_details['os']['name']
# browser_name = agent_details['browser']['name']
# ip_address = request.httprequest.environ['REMOTE_ADDR']
# if user_rec.last_logged_ip and user_rec.last_logged_browser and user_rec.last_logged_os:
# if user_rec.last_logged_ip != ip_address or user_rec.last_logged_browser != browser_name or user_rec.last_logged_os != user_os:
# send_mail = 1
# user_rec.last_logged_ip = ip_address
# user_rec.last_logged_browser = browser_name
# user_rec.last_logged_os = user_os
# else:
# send_mail = 0
# else:
# send_mail = 1
# user_rec.last_logged_ip = ip_address
# user_rec.last_logged_browser = browser_name
# user_rec.last_logged_os = user_os
# if send_mail == 1:
# email_to = user_rec.partner_id.email
# current_date_time = strftime("%Y-%m-%d %H:%M:%S",
# gmtime())
# message_body = 'Hi ' + user_rec.name + ' , Your account has been ' \
# 'accessed successfully. The details of the ' \
# 'system from which the account is accessed ...,'
# message_body += '<table border="1" width="100%" cellpadding="0" bgcolor="#ededed">'
# message_body += '<tr><td>' + 'OS' + '</td>' \
# '<td>' + user_os + '</td>' \
# '</tr>' \
# '<tr><td>' + 'Browser' + '</td>' \
# '<td>' + browser_name + '</td>' \
# '</tr>' \
# '<tr><td>' + 'IP Address' + '</td>' \
# '<td>' + ip_address + '</td>' \
# '</tr>'
# message_body += '</table>'
# message_body += 'Thank you'
# template_obj = request.env['mail.mail']
# template_data = {
# 'subject': 'Login Alert : ' + current_date_time,
# 'body_html': message_body,
# 'email_from': request.env.user.company_id.email,
# 'email_to': email_to
# }
# template_id = template_obj.create(template_data)
# template_obj.send(template_id)
request.params['login_success'] = True request.params['login_success'] = True
if not redirect: return request.redirect(self._login_redirect(uid, redirect=redirect))
redirect = '/web' except odoo.exceptions.AccessDenied as e:
return request.redirect( if e.args == odoo.exceptions.AccessDenied().args:
self._login_redirect(uid, redirect=redirect)) values['error'] = _("密码输入错误")
request.uid = old_uid else:
values['error'] = _("Wrong login/password") values['error'] = e.args[0]
else:
if 'error' in request.params and request.params.get('error') == 'access':
values['error'] = _('Only employees can access this database. Please contact the administrator.')
if 'login' not in values and request.session.get('auth_login'):
values['login'] = request.session.get('auth_login')
if not odoo.tools.config['list_db']:
values['disable_database_manager'] = True
# get confi login set # get confi login set
param_obj = request.env['ir.config_parameter'].sudo() param_obj = request.env['ir.config_parameter'].sudo()
@@ -145,5 +103,7 @@ class Home(home.Home):
else: else:
response = request.render('yizuo_login_background_and_styles.middle_login_template', values) response = request.render('yizuo_login_background_and_styles.middle_login_template', values)
response.headers['X-Frame-Options'] = 'DENY' response.headers['X-Frame-Options'] = 'SAMEORIGIN'
response.headers['Content-Security-Policy'] = "frame-ancestors 'self'"
assert isinstance(response, object)
return response return response