forked from OCA/server-auth
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[REF] auth_brute_force: Cover all auth entrypoints (#1219)
To fix OCA/server-tools#1125 I needed to refactor the addon. To whitelist IPs now you use a config parameter, which renders res.banned.remote model unneeded. The fix is affected by odoo/odoo#24183 and will not work until it gets fixed upstream due to the technical limitations implied. [FIX] auth_brute_force: Small typos (#1250) - The `whitelisted` field needs to exist in view to be usable. - The correct class is `decoration-danger` for tree views.
- Loading branch information
Showing
18 changed files
with
835 additions
and
292 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,3 @@ | ||
# -*- encoding: utf-8 -*- | ||
# -*- coding: utf-8 -*- | ||
|
||
from . import models | ||
from . import controllers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
# -*- coding: utf-8 -*- | ||
# Copyright 2018 Tecnativa - Jairo Llopis | ||
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). | ||
|
||
from psycopg2 import IntegrityError | ||
|
||
|
||
def migrate(cr, version): | ||
# Fix typo across DB | ||
cr.execute( | ||
""" UPDATE res_authentication_attempt | ||
SET result = 'successful' | ||
WHERE result = 'successfull'""", | ||
) | ||
# Store whitelist IPs in new format | ||
cr.execute( | ||
""" SELECT remote | ||
FROM res_banned_remote | ||
WHERE active IS FALSE""", | ||
) | ||
remotes = {record[0] for record in cr.fetchall()} | ||
try: | ||
with cr.savepoint(): | ||
cr.execute( | ||
"INSERT INTO ir_config_parameter (key, value) VALUES (%s, %s)", | ||
( | ||
"auth_brute_force.whitelist_remotes", | ||
",".join(remotes), | ||
), | ||
) | ||
except IntegrityError: | ||
# Parameter already exists | ||
cr.execute( | ||
"SELECT value FROM ir_config_parameter WHERE key = %s", | ||
("auth_brute_force.whitelist_remotes",) | ||
) | ||
current = set(cr.fetchall()[0][0].split(",")) | ||
cr.execute( | ||
"UPDATE ir_config_parameter SET value = %s WHERE key = %s", | ||
(",".join(current | remotes), | ||
"auth_brute_force.whitelist_remotes"), | ||
) | ||
# Update the configured IP limit parameter | ||
cr.execute( | ||
"UPDATE ir_config_parameter SET key = %s WHERE key = %s", | ||
( | ||
"auth_brute_force.whitelist_remotes", | ||
"auth_brute_force.max_by_ip", | ||
) | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
# -*- encoding: utf-8 -*- | ||
|
||
from . import res_banned_remote | ||
from . import res_authentication_attempt | ||
from . import res_users |
Oops, something went wrong.