[FIX] some permission problems; call super in order to have regular p…

…assword reset flow intact
OCA · Jan 10, 2025 · 317fe99 · 317fe99
1 parent a0518d6
commit 317fe99
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 31 deletions.
diff --git a/auth_sms/models/res_users.py b/auth_sms/models/res_users.py
@@ -100,7 +100,7 @@ def _auth_sms_send(self, user_id):
             request and request.session.sid,
         )
         user = self.env["res.users"].browse(user_id)
-        self.env["auth_sms.code"].create(
+        self.env["auth_sms.code"].sudo().create(
             {
                 "code": code,
                 "user_id": user.id,
@@ -109,7 +109,8 @@ def _auth_sms_send(self, user_id):
         )
         if not user.sudo()._auth_sms_check_rate_limit():
             raise AccessDeniedSmsRateLimit(_("SMS rate limit"))
-        if not self.env["sms.provider"].send_sms(user.mobile, code):
+        mobile = user.sudo().mobile
+        if not self.env["sms.provider"].send_sms(mobile, code):
             raise UserError(_("Sending SMS failed"))
 
     def _auth_sms_check_rate_limit(self):

diff --git a/auth_sms/models/sms_provider.py b/auth_sms/models/sms_provider.py
@@ -39,7 +39,7 @@ def action_send_test(self):
 
     @api.model
     def send_sms(self, number, text, **kwargs):
-        provider = self.search([], limit=1)
+        provider = self.sudo().search([], limit=1)
         if not provider:
             return False
         _logger.debug(

diff --git a/auth_sms/static/description/index.html b/auth_sms/static/description/index.html
@@ -8,11 +8,10 @@
 
 /*
 :Author: David Goodger ([email protected])
-:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
+:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
 :Copyright: This stylesheet has been placed in the public domain.
 
 Default cascading style sheet for the HTML output of Docutils.
-Despite the name, some widely supported CSS2 features are used.
 
 See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
 customize this style sheet.
@@ -275,7 +274,7 @@
   margin-left: 2em ;
   margin-right: 2em }
 
-pre.code .ln { color: gray; } /* line numbers */
+pre.code .ln { color: grey; } /* line numbers */
 pre.code, code { background-color: #eeeeee }
 pre.code .comment, code .comment { color: #5C6576 }
 pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
@@ -301,7 +300,7 @@
 span.pre {
   white-space: pre }
 
-span.problematic, pre.problematic {
+span.problematic {
   color: red }
 
 span.section-subtitle {
@@ -461,9 +460,7 @@ <h2><a class="toc-backref" href="#toc-entry-8">Other credits</a></h2>
 <div class="section" id="maintainers">
 <h2><a class="toc-backref" href="#toc-entry-9">Maintainers</a></h2>
 <p>This module is maintained by the OCA.</p>
-<a class="reference external image-reference" href="https://odoo-community.org">
-<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
-</a>
+<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
 <p>OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.</p>

diff --git a/auth_sms_auth_signup/controllers/auth_sms_auth_signup.py b/auth_sms_auth_signup/controllers/auth_sms_auth_signup.py
@@ -1,17 +1,22 @@
 # Copyright 2019 Therp BV <https://therp.nl>
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
+import logging
+import traceback
+
 from odoo import http
 from odoo.http import request
 
 from odoo.addons.auth_signup.controllers.main import AuthSignupHome
 
+_logger = logging.getLogger(__name__)
+
 
 class AuthSmsAuthSignup(AuthSignupHome):
     @http.route()
     def web_auth_reset_password(self, *args, **kw):
         qcontext = self.get_auth_signup_qcontext()
         if not qcontext.get("token") or qcontext.get("error"):
-            return super(AuthSmsAuthSignup, self).web_auth_reset_password(*args, **kw)
+            return super().web_auth_reset_password(*args, **kw)
         partner = (
             request.env["res.partner"]
             .sudo()
@@ -20,21 +25,24 @@ def web_auth_reset_password(self, *args, **kw):
             )
         )
         user = partner.user_ids[:1]
-        if request.httprequest.method == "POST" and kw.get("auth_sms_request_code"):
-            try:
-                request.env["res.users"].sudo()._auth_sms_send(user.id)
-                qcontext["auth_sms_code_requested"] = True
-            except Exception as e:
-                qcontext["error"] = e.message or e
-        elif request.httprequest.method == "POST" and kw.get("auth_sms_code"):
+        if request.httprequest.method == "POST" and kw.get("auth_sms_code"):
             request.session["auth_sms.code"] = kw["auth_sms_code"]
             try:
-                user.sudo(user)._auth_sms_check_credentials()
+                user.with_user(user)._auth_sms_check_credentials()
             except Exception as e:
                 del request.session["auth_sms.code"]
-                qcontext["error"] = e.message if hasattr(e, "message") else str(e)
+                qcontext["error"] = str(e)
+                _logger.error(traceback.format_exc())
             if request.session.get("auth_sms.code"):
-                return super(AuthSmsAuthSignup, self).web_auth_reset_password(
-                    *args, **kw
-                )
-        return request.render("auth_signup.reset_password", qcontext)
+                return super().web_auth_reset_password(*args, **kw)
+            return request.render("auth_signup.reset_password", qcontext)
+        elif request.httprequest.method == "POST" and kw.get("auth_sms_request_code"):
+            try:
+                request.env["res.users"].sudo()._auth_sms_send(user.id)
+                qcontext["auth_sms_code_requested"] = True
+            except Exception as e:
+                qcontext["error"] = str(e)
+                _logger.error(traceback.format_exc())
+            return request.render("auth_signup.reset_password", qcontext)
+
+        return super().web_auth_reset_password(*args, **kw)
diff --git a/auth_sms_auth_signup/static/description/index.html b/auth_sms_auth_signup/static/description/index.html
@@ -8,11 +8,10 @@
 
 /*
 :Author: David Goodger ([email protected])
-:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
+:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
 :Copyright: This stylesheet has been placed in the public domain.
 
 Default cascading style sheet for the HTML output of Docutils.
-Despite the name, some widely supported CSS2 features are used.
 
 See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
 customize this style sheet.
@@ -275,7 +274,7 @@
   margin-left: 2em ;
   margin-right: 2em }
 
-pre.code .ln { color: gray; } /* line numbers */
+pre.code .ln { color: grey; } /* line numbers */
 pre.code, code { background-color: #eeeeee }
 pre.code .comment, code .comment { color: #5C6576 }
 pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
@@ -301,7 +300,7 @@
 span.pre {
   white-space: pre }
 
-span.problematic, pre.problematic {
+span.problematic {
   color: red }
 
 span.section-subtitle {
@@ -416,9 +415,7 @@ <h2><a class="toc-backref" href="#toc-entry-5">Other credits</a></h2>
 <div class="section" id="maintainers">
 <h2><a class="toc-backref" href="#toc-entry-6">Maintainers</a></h2>
 <p>This module is maintained by the OCA.</p>
-<a class="reference external image-reference" href="https://odoo-community.org">
-<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
-</a>
+<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
 <p>OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.</p>