forked from OCA/server-auth
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[REF] auth_brute_force: Cover all auth entrypoints (OCA/server-tools#…
…1219) To fix OCA/server-tools#1125 I needed to refactor the addon. To whitelist IPs now you use a config parameter, which renders res.banned.remote model unneeded. The fix is affected by odoo/odoo#24183 and will not work until it gets fixed upstream due to the technical limitations implied.
- Loading branch information
1 parent
bb3f3ba
commit ee7842e
Showing
10 changed files
with
176 additions
and
554 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
# -*- coding: utf-8 -*- | ||
# Copyright 2018 Tecnativa - Jairo Llopis | ||
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). | ||
|
||
from psycopg2 import IntegrityError | ||
|
||
|
||
def migrate(cr, version): | ||
# Fix typo across DB | ||
cr.execute( | ||
""" UPDATE res_authentication_attempt | ||
SET result = 'successful' | ||
WHERE result = 'successfull'""", | ||
) | ||
# Store whitelist IPs in new format | ||
cr.execute( | ||
""" SELECT remote | ||
FROM res_banned_remote | ||
WHERE active IS FALSE""", | ||
) | ||
remotes = {record[0] for record in cr.fetchall()} | ||
try: | ||
with cr.savepoint(): | ||
cr.execute( | ||
"INSERT INTO ir_config_parameter (key, value) VALUES (%s, %s)", | ||
( | ||
"auth_brute_force.whitelist_remotes", | ||
",".join(remotes), | ||
), | ||
) | ||
except IntegrityError: | ||
# Parameter already exists | ||
cr.execute( | ||
"SELECT value FROM ir_config_parameter WHERE key = %s", | ||
("auth_brute_force.whitelist_remotes",) | ||
) | ||
current = set(cr.fetchall()[0][0].split(",")) | ||
cr.execute( | ||
"UPDATE ir_config_parameter SET value = %s WHERE key = %s", | ||
(",".join(current | remotes), | ||
"auth_brute_force.whitelist_remotes"), | ||
) | ||
# Update the configured IP limit parameter | ||
cr.execute( | ||
"UPDATE ir_config_parameter SET key = %s WHERE key = %s", | ||
( | ||
"auth_brute_force.whitelist_remotes", | ||
"auth_brute_force.max_by_ip", | ||
) | ||
) |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,2 @@ | ||
from . import test_brute_force | ||
from . import test_ip_errors |
Oops, something went wrong.