Skip to content

Commit

Permalink
[FIX] some permission problems; call super in order to have regular p…
Browse files Browse the repository at this point in the history
…assword reset flow intact
  • Loading branch information
thomaspaulb authored and NL66278 committed Jan 10, 2025
1 parent a0518d6 commit 317fe99
Show file tree
Hide file tree
Showing 5 changed files with 34 additions and 31 deletions.
5 changes: 3 additions & 2 deletions auth_sms/models/res_users.py
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ def _auth_sms_send(self, user_id):
request and request.session.sid,
)
user = self.env["res.users"].browse(user_id)
self.env["auth_sms.code"].create(
self.env["auth_sms.code"].sudo().create(
{
"code": code,
"user_id": user.id,
Expand All @@ -109,7 +109,8 @@ def _auth_sms_send(self, user_id):
)
if not user.sudo()._auth_sms_check_rate_limit():
raise AccessDeniedSmsRateLimit(_("SMS rate limit"))
if not self.env["sms.provider"].send_sms(user.mobile, code):
mobile = user.sudo().mobile
if not self.env["sms.provider"].send_sms(mobile, code):
raise UserError(_("Sending SMS failed"))

def _auth_sms_check_rate_limit(self):
Expand Down
2 changes: 1 addition & 1 deletion auth_sms/models/sms_provider.py
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ def action_send_test(self):

@api.model
def send_sms(self, number, text, **kwargs):
provider = self.search([], limit=1)
provider = self.sudo().search([], limit=1)
if not provider:
return False
_logger.debug(
Expand Down
11 changes: 4 additions & 7 deletions auth_sms/static/description/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,10 @@

/*
:Author: David Goodger (goodger@python.org)
:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
:Copyright: This stylesheet has been placed in the public domain.
Default cascading style sheet for the HTML output of Docutils.
Despite the name, some widely supported CSS2 features are used.
See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
customize this style sheet.
Expand Down Expand Up @@ -275,7 +274,7 @@
margin-left: 2em ;
margin-right: 2em }

pre.code .ln { color: gray; } /* line numbers */
pre.code .ln { color: grey; } /* line numbers */
pre.code, code { background-color: #eeeeee }
pre.code .comment, code .comment { color: #5C6576 }
pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
Expand All @@ -301,7 +300,7 @@
span.pre {
white-space: pre }

span.problematic, pre.problematic {
span.problematic {
color: red }

span.section-subtitle {
Expand Down Expand Up @@ -461,9 +460,7 @@ <h2><a class="toc-backref" href="#toc-entry-8">Other credits</a></h2>
<div class="section" id="maintainers">
<h2><a class="toc-backref" href="#toc-entry-9">Maintainers</a></h2>
<p>This module is maintained by the OCA.</p>
<a class="reference external image-reference" href="https://odoo-community.org">
<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
</a>
<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.</p>
Expand Down
36 changes: 22 additions & 14 deletions auth_sms_auth_signup/controllers/auth_sms_auth_signup.py
Original file line number Diff line number Diff line change
@@ -1,17 +1,22 @@
# Copyright 2019 Therp BV <https://therp.nl>
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
import logging
import traceback

from odoo import http
from odoo.http import request

from odoo.addons.auth_signup.controllers.main import AuthSignupHome

_logger = logging.getLogger(__name__)


class AuthSmsAuthSignup(AuthSignupHome):
@http.route()
def web_auth_reset_password(self, *args, **kw):
qcontext = self.get_auth_signup_qcontext()
if not qcontext.get("token") or qcontext.get("error"):
return super(AuthSmsAuthSignup, self).web_auth_reset_password(*args, **kw)
return super().web_auth_reset_password(*args, **kw)
partner = (
request.env["res.partner"]
.sudo()
Expand All @@ -20,21 +25,24 @@ def web_auth_reset_password(self, *args, **kw):
)
)
user = partner.user_ids[:1]
if request.httprequest.method == "POST" and kw.get("auth_sms_request_code"):
try:
request.env["res.users"].sudo()._auth_sms_send(user.id)
qcontext["auth_sms_code_requested"] = True
except Exception as e:
qcontext["error"] = e.message or e
elif request.httprequest.method == "POST" and kw.get("auth_sms_code"):
if request.httprequest.method == "POST" and kw.get("auth_sms_code"):
request.session["auth_sms.code"] = kw["auth_sms_code"]
try:
user.sudo(user)._auth_sms_check_credentials()
user.with_user(user)._auth_sms_check_credentials()
except Exception as e:
del request.session["auth_sms.code"]
qcontext["error"] = e.message if hasattr(e, "message") else str(e)
qcontext["error"] = str(e)
_logger.error(traceback.format_exc())
if request.session.get("auth_sms.code"):
return super(AuthSmsAuthSignup, self).web_auth_reset_password(
*args, **kw
)
return request.render("auth_signup.reset_password", qcontext)
return super().web_auth_reset_password(*args, **kw)
return request.render("auth_signup.reset_password", qcontext)
elif request.httprequest.method == "POST" and kw.get("auth_sms_request_code"):
try:
request.env["res.users"].sudo()._auth_sms_send(user.id)
qcontext["auth_sms_code_requested"] = True
except Exception as e:
qcontext["error"] = str(e)
_logger.error(traceback.format_exc())
return request.render("auth_signup.reset_password", qcontext)

return super().web_auth_reset_password(*args, **kw)
11 changes: 4 additions & 7 deletions auth_sms_auth_signup/static/description/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,10 @@

/*
:Author: David Goodger (goodger@python.org)
:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
:Copyright: This stylesheet has been placed in the public domain.
Default cascading style sheet for the HTML output of Docutils.
Despite the name, some widely supported CSS2 features are used.
See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
customize this style sheet.
Expand Down Expand Up @@ -275,7 +274,7 @@
margin-left: 2em ;
margin-right: 2em }

pre.code .ln { color: gray; } /* line numbers */
pre.code .ln { color: grey; } /* line numbers */
pre.code, code { background-color: #eeeeee }
pre.code .comment, code .comment { color: #5C6576 }
pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
Expand All @@ -301,7 +300,7 @@
span.pre {
white-space: pre }

span.problematic, pre.problematic {
span.problematic {
color: red }

span.section-subtitle {
Expand Down Expand Up @@ -416,9 +415,7 @@ <h2><a class="toc-backref" href="#toc-entry-5">Other credits</a></h2>
<div class="section" id="maintainers">
<h2><a class="toc-backref" href="#toc-entry-6">Maintainers</a></h2>
<p>This module is maintained by the OCA.</p>
<a class="reference external image-reference" href="https://odoo-community.org">
<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
</a>
<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.</p>
Expand Down

0 comments on commit 317fe99

Please sign in to comment.