diff options
| author | Rafi Zadanly <zadanlyr@gmail.com> | 2023-10-28 09:05:59 +0700 |
|---|---|---|
| committer | Rafi Zadanly <zadanlyr@gmail.com> | 2023-10-28 09:05:59 +0700 |
| commit | 6a87a12ca305d22db5532d1c645b67e9c5bf9747 (patch) | |
| tree | 8f0959b4538b8c5513bf7c7c7a3bae75ca605558 | |
| parent | 5ddda2a380e9aeaf63241e8f6b1c35e3005a3468 (diff) | |
Update auth function
| -rw-r--r-- | indoteknik_api/controllers/api_v1/user.py | 102 | ||||
| -rwxr-xr-x | indoteknik_custom/__manifest__.py | 1 | ||||
| -rwxr-xr-x | indoteknik_custom/models/res_users.py | 22 | ||||
| -rw-r--r-- | indoteknik_custom/views/res_users.xml | 62 |
4 files changed, 161 insertions, 26 deletions
diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 7a522d0c..b64e6830 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -95,37 +95,45 @@ class User(controller.Controller): password = kw.get('password') if not name or not email or not password: return self.response(code=400, description='email, name and password is required') + + company = kw.get('company', False) + phone = kw.get('phone') + + response = { + 'register': False, + 'reason': None + } user = self.get_user_by_email(email) if user: - return self.response({ - 'register': False, - 'reason': 'EMAIL_USED' - }) + if user.active: + response['reason'] = 'EMAIL_USED' + else: + user.send_activation_mail() + response['reason'] = 'NOT_ACTIVE' + + return self.response(response) user_data = { 'name': name, 'login': email, + 'phone': phone, 'password': password, 'active': False, 'sel_groups_1_9_10': 9 } user = request.env['res.users'].create(user_data) - user.partner_id.email = email - company = kw.get('company', False) if company: parameter = [ ('company_type', '=', 'company'), ('name', 'ilike', company) ] - match_company = request.env['res.partner'].search( - parameter, limit=1) + match_company = request.env['res.partner'].search(parameter, limit=1) match_ratio = 0 if match_company: - match_ratio = SequenceMatcher( - None, match_company.name, company).ratio() + match_ratio = SequenceMatcher(None, match_company.name, company).ratio() if match_ratio > 0.8: request.env['user.company.request'].create({ 'user_id': user.partner_id.id, @@ -138,27 +146,33 @@ class User(controller.Controller): }) user.parent_id = new_company.id - return self.response({'register': True}) + user.send_activation_mail() + + response['register'] = True + return self.response(response) @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False) @controller.Controller.must_authorized() def request_activation_user(self, **kw): email = kw.get('email') + response = { + 'activation_request': False, + 'reason': None + } + user = self.get_user_by_email(email) if not user: - return self.response({'activation_request': False, 'reason': 'NOT_FOUND'}) + response['reason'] = 'NOT_FOUND' + return self.response(response) if user.active: - return self.response({'activation_request': False, 'reason': 'ACTIVE'}) + response['reason'] = 'ACTIVE' + return self.response(response) - token_source = string.ascii_letters + string.digits - user.activation_token = ''.join( - random.choice(token_source) for i in range(21)) - return self.response({ - 'activation_request': True, - 'token': user.activation_token, - 'user': request.env['res.users'].api_single_response(user) - }) + user.send_activation_mail() + + response['activation_request'] = True + return self.response(response) @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) @controller.Controller.must_authorized() @@ -166,18 +180,54 @@ class User(controller.Controller): token = kw.get('token') if not token: return self.response(code=400, description='token is required') + + response = { + 'activation': False, + 'reason': None, + 'user': None + } - user = request.env['res.users'].search( - [('activation_token', '=', token), ('active', '=', False)], limit=1) + user = request.env['res.users'].search([('activation_token', '=', token), ('active', '=', False)], limit=1) if not user: - return self.response({'activation': False, 'reason': 'INVALID_TOKEN'}) + response['reason'] = 'INVALID_TOKEN' + return self.response(response) + # user.active = True + # user.activation_token = '' + response.update({ + 'activation': True, + 'user': self.response_with_token(user) + }) + return self.response(response) + + @http.route(prefix + 'user/activation-token', auth='public', methods=['POST'], csrf=False) + @controller.Controller.must_authorized() + def activation_user_with_token(self, **kw): + return self.activation_user(**kw) + + @http.route(prefix + 'user/activation-otp', auth='public', methods=['POST'], csrf=False) + @controller.Controller.must_authorized() + def activation_user_with_otp(self, **kw): + email = kw.get('email') + otp = kw.get('otp') + + response = { + 'activation': False, + 'reason': None, + 'user': None + } + + user = self.get_user_by_email(email) + if user.otp_code != otp: + response['reason'] = 'INVALID_OTP' + return self.response(response) + user.active = True - user.activation_token = '' - return self.response({ + response.update({ 'activation': True, 'user': self.response_with_token(user) }) + return self.response(response) @http.route(prefix + 'user/forgot-password', auth='public', methods=['POST'], csrf=False) @controller.Controller.must_authorized() diff --git a/indoteknik_custom/__manifest__.py b/indoteknik_custom/__manifest__.py index 23abc084..000c7fe2 100755 --- a/indoteknik_custom/__manifest__.py +++ b/indoteknik_custom/__manifest__.py @@ -99,6 +99,7 @@ 'views/quotation_so_multi_update.xml', 'views/stock_move_line.xml', 'views/product_monitoring.xml', + 'views/res_users.xml', 'report/report.xml', 'report/report_banner_banner.xml', 'report/report_banner_banner2.xml', diff --git a/indoteknik_custom/models/res_users.py b/indoteknik_custom/models/res_users.py index 7f94771f..02433deb 100755 --- a/indoteknik_custom/models/res_users.py +++ b/indoteknik_custom/models/res_users.py @@ -1,4 +1,7 @@ from odoo import models, fields +from datetime import datetime +from pytz import UTC +import random, string class ResUsers(models.Model): @@ -6,3 +9,22 @@ class ResUsers(models.Model): reset_password_token = fields.Char(string="Reset Password Token") activation_token = fields.Char(string="Activation Token") + otp_code = fields.Char(string='OTP Code') + otp_create_date = fields.Datetime(string='OTP Create Date') + + def _generate_otp(self): + for user in self: + user.otp_code = '{:04d}'.format(random.randint(0, 9999)) + user.otp_create_date = fields.Datetime.now() + + def _generate_activation_token(self): + for user in self: + token_source = string.ascii_letters + string.digits + user.activation_token = ''.join(random.choice(token_source) for i in range(21)) + + def send_activation_mail(self): + template = self.env.ref('indoteknik_custom.mail_template_res_user_activation_request') + for user in self: + user._generate_otp() + user._generate_activation_token() + template.send_mail(user.id, force_send=True)
\ No newline at end of file diff --git a/indoteknik_custom/views/res_users.xml b/indoteknik_custom/views/res_users.xml new file mode 100644 index 00000000..cddd8253 --- /dev/null +++ b/indoteknik_custom/views/res_users.xml @@ -0,0 +1,62 @@ +<odoo> + <data> + <record id="mail_template_res_user_activation_request" model="mail.template"> + <field name="name">Users: Activation Request</field> + <field name="model_id" ref="base.model_res_users"/> + <field name="subject">Aktivasi Akun - Indoteknik.com</field> + <field name="email_from">sales@indoteknik.com</field> + <field name="email_to">${object.login | safe}</field> + <field name="body_html" type="html"> + <table border="0" cellpadding="0" cellspacing="0" style="padding-top: 16px; background-color: #F1F1F1; font-family:Inter, Helvetica, Verdana, Arial,sans-serif; line-height: 24px; color: #454748; width: 100%; border-collapse:separate;"> + <tr><td align="center"> + <table border="0" cellpadding="0" cellspacing="0" width="590" style="font-size: 13px; padding: 16px; background-color: white; color: #454748; border-collapse:separate;"> + <!-- HEADER --> + <tbody> + <tr> + <td align="center" style="min-width: 590px;"> + <table border="0" cellpadding="0" cellspacing="0" width="590" style="min-width: 590px; background-color: white; padding: 0px 8px 0px 8px; border-collapse:separate;"> + <tr> + <td valign="middle"> + <span></span> + </td> + </tr> + + <tr> + <td colspan="2" style="text-align:center;"> + <hr width="100%" style="background-color:rgb(204,204,204);border:medium none;clear:both;display:block;font-size:0px;min-height:1px;line-height:0; margin: 16px 0px 16px 0px;" /> + </td> + </tr> + </table> + </td> + </tr> + <!-- CONTENT --> + <tr> + <td align="center" style="min-width: 590px;"> + <table border="0" cellpadding="0" cellspacing="0" width="590" style="min-width: 590px; background-color: white; padding: 0px 8px 0px 8px; border-collapse:separate;"> + <tr><td style="padding-bottom: 24px;">Dear ${object.name},</td></tr> + + <tr><td style="padding-bottom: 16px;">Kami senang Anda bergabung dengan Indoteknik.</td></tr> + <tr><td style="padding-bottom: 16px;">Untuk mengaktifkan akun anda salin kode OTP berikut <strong>${object.otp_code}</strong>, lalu masukan pada kolom yang disediakan pada website Indoteknik.com</td></tr> + <tr><td style="padding-bottom: 16px;">Atau anda dapat klik tautan berikut: <a href="http://localhost:2100/register?activation=token&token=${object.activation_token}">Aktivasi akun</a></td></tr> + <tr><td style="padding-bottom: 16px;">Jika anda mengalami kesulitan atau memiliki pertanyaan, hubungi tim dukungan kami melalui email <a href="mailto:sales@indoteknik.com">berikut</a></td></tr> + + <tr><td style="padding-bottom: 2px;">Hormat kami,</td></tr> + <tr><td style="padding-bottom: 2px;">PT. Indoteknik Dotcom Gemilang</td></tr> + <tr> + <td style="text-align:center;"> + <hr width="100%" + style="background-color:rgb(204,204,204);border:medium none;clear:both;display:block;font-size:0px;min-height:1px;line-height:0; margin: 16px 0px 16px 0px;" /> + </td> + </tr> + </table> + </td> + </tr> + <!-- CONTENT --> + </tbody> + </table> + </td></tr> + </table> + </field> + </record> + </data> +</odoo>
\ No newline at end of file |