|
1 | 1 | # © 2019 Savoir-faire Linux |
2 | 2 | # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). |
3 | 3 |
|
4 | | -import logging |
| 4 | +from odoo import models |
| 5 | +from odoo.tools import safe_eval |
| 6 | +from odoo.addons.auth_saml.models.ir_config_parameter import ALLOW_SAML_UID_AND_PASSWORD |
| 7 | + |
5 | 8 | import random |
| 9 | +import logging |
6 | 10 |
|
7 | | -from odoo import api, models |
8 | 11 |
|
9 | 12 | _logger = logging.getLogger(__name__) |
10 | 13 | s = "abcdefghijklmnopqrstuvwxyz034567890ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()?" |
11 | 14 | passlen = 16 |
12 | 15 |
|
13 | 16 |
|
14 | 17 | class ResUsers(models.Model): |
15 | | - _inherit = "res.users" |
16 | | - |
17 | | - @api.multi |
18 | | - def _auth_saml_signin(self, provider, validation, saml_response): |
19 | | - saml_uid = validation["user_id"] |
20 | | - user_ids = self.search( |
21 | | - [("saml_uid", "=", saml_uid), ("saml_provider_id", "=", provider)] |
22 | | - ) |
23 | | - if self.check_if_create_user(provider) and not user_ids: |
24 | | - self.create_user(saml_uid, provider) |
25 | | - return super()._auth_saml_signin(provider, validation, saml_response) |
| 18 | + _inherit = 'res.users' |
26 | 19 |
|
27 | 20 | def check_if_create_user(self, provider): |
28 | | - return self.env["auth.saml.provider"].browse(provider).create_user |
| 21 | + return self.env['auth.saml.provider'].browse(provider).create_user |
29 | 22 |
|
30 | 23 | def create_user(self, saml_uid, provider): |
31 | | - _logger.debug('Creating new Odoo user "%s" from SAML' % saml_uid) |
32 | | - SudoUser = self.env["res.users"].sudo() |
33 | | - new_user = SudoUser.create( |
34 | | - { |
35 | | - "name": saml_uid, |
36 | | - "login": saml_uid, |
37 | | - "saml_provider_id": provider, |
38 | | - "password": "".join(random.sample(s, passlen)), |
39 | | - "company_id": self.env["res.company"].sudo().browse(1).id, |
40 | | - } |
41 | | - ) |
42 | | - new_user.write({"saml_uid": saml_uid}) |
| 24 | + _logger.debug("Creating new Odoo user \"%s\" from SAML" % saml_uid) |
| 25 | + SudoUser = self.env['res.users'].sudo() |
| 26 | + values = { |
| 27 | + 'name': saml_uid, |
| 28 | + 'login': saml_uid, |
| 29 | + 'saml_ids': [(0, 0, {'saml_provider_id': provider, 'saml_uid': saml_uid}),], |
| 30 | + 'company_id': self.env['res.company'].sudo().browse(1).id, |
| 31 | + } |
| 32 | + allow_saml_password = self.env['ir.config_parameter'].sudo().get_param(ALLOW_SAML_UID_AND_PASSWORD, 'False') |
| 33 | + if safe_eval.safe_eval(allow_saml_password): |
| 34 | + values['password'] = "".join(random.sample(s, passlen)) |
| 35 | + res = SudoUser.create(values) |
| 36 | + return res |
| 37 | + |
| 38 | + def _auth_saml_signin(self, provider: int, validation: dict, saml_response) -> str: |
| 39 | + """ |
| 40 | + Overload to auto create a new user if configured to allow it. |
| 41 | + """ |
| 42 | + saml_uid = validation['user_id'] |
| 43 | + user_ids = self.env["res.users.saml"].search( |
| 44 | + [('saml_uid', '=', saml_uid), ('saml_provider_id', '=', provider)]) |
| 45 | + if self.check_if_create_user(provider) and not user_ids: |
| 46 | + self.create_user(saml_uid, provider) |
| 47 | + return super()._auth_saml_signin(provider, validation, saml_response) |
0 commit comments