1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
# -*- coding: utf-8 -*-
import re
from datetime import datetime, timedelta
from odoo import http, _
from odoo.exceptions import AccessDenied
from odoo.http import request
from odoo.addons.web.controllers import home as web_home
TRUSTED_DEVICE_COOKIE = 'td_id'
TRUSTED_DEVICE_AGE = 90*86400 # 90 days expiration
class Home(web_home.Home):
@http.route(
'/web/login/totp',
type='http', auth='public', methods=['GET', 'POST'], sitemap=False,
website=True, multilang=False # website breaks the login layout...
)
def web_totp(self, redirect=None, **kwargs):
if request.session.uid:
return request.redirect(self._login_redirect(request.session.uid, redirect=redirect))
if not request.session.pre_uid:
return request.redirect('/web/login')
error = None
user = request.env['res.users'].browse(request.session.pre_uid)
if user and request.httprequest.method == 'GET':
cookies = request.cookies
key = cookies.get(TRUSTED_DEVICE_COOKIE)
if key:
user_match = request.env['auth_totp.device']._check_credentials_for_uid(
scope="browser", key=key, uid=user.id)
if user_match:
request.session.finalize(request.env)
request.update_env(user=request.session.uid)
request.update_context(**request.session.context)
return request.redirect(self._login_redirect(request.session.uid, redirect=redirect))
elif user and request.httprequest.method == 'POST' and kwargs.get('totp_token'):
try:
with user._assert_can_auth(user=user.id):
user._totp_check(int(re.sub(r'\s', '', kwargs['totp_token'])))
except AccessDenied as e:
error = str(e)
except ValueError:
error = _("Invalid authentication code format.")
else:
request.session.finalize(request.env)
request.update_env(user=request.session.uid)
request.update_context(**request.session.context)
response = request.redirect(self._login_redirect(request.session.uid, redirect=redirect))
if kwargs.get('remember'):
name = _("%(browser)s on %(platform)s",
browser=request.httprequest.user_agent.browser.capitalize(),
platform=request.httprequest.user_agent.platform.capitalize(),
)
if request.geoip.city.name:
name += f" ({request.geoip.city.name}, {request.geoip.country_name})"
key = request.env['auth_totp.device'].sudo()._generate(
"browser",
name,
datetime.now() + timedelta(seconds=TRUSTED_DEVICE_AGE)
)
response.set_cookie(
key=TRUSTED_DEVICE_COOKIE,
value=key,
max_age=TRUSTED_DEVICE_AGE,
httponly=True,
samesite='Lax'
)
# Crapy workaround for unupdatable Odoo Mobile App iOS (Thanks Apple :@)
request.session.touch()
return response
# Crapy workaround for unupdatable Odoo Mobile App iOS (Thanks Apple :@)
request.session.touch()
return request.render('auth_totp.auth_totp_form', {
'user': user,
'error': error,
'redirect': redirect,
})
|
