From 6a87a12ca305d22db5532d1c645b67e9c5bf9747 Mon Sep 17 00:00:00 2001 From: Rafi Zadanly Date: Sat, 28 Oct 2023 09:05:59 +0700 Subject: Update auth function --- indoteknik_api/controllers/api_v1/user.py | 102 ++++++++++++++++++++++-------- indoteknik_custom/__manifest__.py | 1 + indoteknik_custom/models/res_users.py | 22 +++++++ indoteknik_custom/views/res_users.xml | 62 ++++++++++++++++++ 4 files changed, 161 insertions(+), 26 deletions(-) create mode 100644 indoteknik_custom/views/res_users.xml diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 7a522d0c..b64e6830 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -95,37 +95,45 @@ class User(controller.Controller): password = kw.get('password') if not name or not email or not password: return self.response(code=400, description='email, name and password is required') + + company = kw.get('company', False) + phone = kw.get('phone') + + response = { + 'register': False, + 'reason': None + } user = self.get_user_by_email(email) if user: - return self.response({ - 'register': False, - 'reason': 'EMAIL_USED' - }) + if user.active: + response['reason'] = 'EMAIL_USED' + else: + user.send_activation_mail() + response['reason'] = 'NOT_ACTIVE' + + return self.response(response) user_data = { 'name': name, 'login': email, + 'phone': phone, 'password': password, 'active': False, 'sel_groups_1_9_10': 9 } user = request.env['res.users'].create(user_data) - user.partner_id.email = email - company = kw.get('company', False) if company: parameter = [ ('company_type', '=', 'company'), ('name', 'ilike', company) ] - match_company = request.env['res.partner'].search( - parameter, limit=1) + match_company = request.env['res.partner'].search(parameter, limit=1) match_ratio = 0 if match_company: - match_ratio = SequenceMatcher( - None, match_company.name, company).ratio() + match_ratio = SequenceMatcher(None, match_company.name, company).ratio() if match_ratio > 0.8: request.env['user.company.request'].create({ 'user_id': user.partner_id.id, @@ -138,27 +146,33 @@ class User(controller.Controller): }) user.parent_id = new_company.id - return self.response({'register': True}) + user.send_activation_mail() + + response['register'] = True + return self.response(response) @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False) @controller.Controller.must_authorized() def request_activation_user(self, **kw): email = kw.get('email') + response = { + 'activation_request': False, + 'reason': None + } + user = self.get_user_by_email(email) if not user: - return self.response({'activation_request': False, 'reason': 'NOT_FOUND'}) + response['reason'] = 'NOT_FOUND' + return self.response(response) if user.active: - return self.response({'activation_request': False, 'reason': 'ACTIVE'}) + response['reason'] = 'ACTIVE' + return self.response(response) - token_source = string.ascii_letters + string.digits - user.activation_token = ''.join( - random.choice(token_source) for i in range(21)) - return self.response({ - 'activation_request': True, - 'token': user.activation_token, - 'user': request.env['res.users'].api_single_response(user) - }) + user.send_activation_mail() + + response['activation_request'] = True + return self.response(response) @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) @controller.Controller.must_authorized() @@ -166,18 +180,54 @@ class User(controller.Controller): token = kw.get('token') if not token: return self.response(code=400, description='token is required') + + response = { + 'activation': False, + 'reason': None, + 'user': None + } - user = request.env['res.users'].search( - [('activation_token', '=', token), ('active', '=', False)], limit=1) + user = request.env['res.users'].search([('activation_token', '=', token), ('active', '=', False)], limit=1) if not user: - return self.response({'activation': False, 'reason': 'INVALID_TOKEN'}) + response['reason'] = 'INVALID_TOKEN' + return self.response(response) + # user.active = True + # user.activation_token = '' + response.update({ + 'activation': True, + 'user': self.response_with_token(user) + }) + return self.response(response) + + @http.route(prefix + 'user/activation-token', auth='public', methods=['POST'], csrf=False) + @controller.Controller.must_authorized() + def activation_user_with_token(self, **kw): + return self.activation_user(**kw) + + @http.route(prefix + 'user/activation-otp', auth='public', methods=['POST'], csrf=False) + @controller.Controller.must_authorized() + def activation_user_with_otp(self, **kw): + email = kw.get('email') + otp = kw.get('otp') + + response = { + 'activation': False, + 'reason': None, + 'user': None + } + + user = self.get_user_by_email(email) + if user.otp_code != otp: + response['reason'] = 'INVALID_OTP' + return self.response(response) + user.active = True - user.activation_token = '' - return self.response({ + response.update({ 'activation': True, 'user': self.response_with_token(user) }) + return self.response(response) @http.route(prefix + 'user/forgot-password', auth='public', methods=['POST'], csrf=False) @controller.Controller.must_authorized() diff --git a/indoteknik_custom/__manifest__.py b/indoteknik_custom/__manifest__.py index 23abc084..000c7fe2 100755 --- a/indoteknik_custom/__manifest__.py +++ b/indoteknik_custom/__manifest__.py @@ -99,6 +99,7 @@ 'views/quotation_so_multi_update.xml', 'views/stock_move_line.xml', 'views/product_monitoring.xml', + 'views/res_users.xml', 'report/report.xml', 'report/report_banner_banner.xml', 'report/report_banner_banner2.xml', diff --git a/indoteknik_custom/models/res_users.py b/indoteknik_custom/models/res_users.py index 7f94771f..02433deb 100755 --- a/indoteknik_custom/models/res_users.py +++ b/indoteknik_custom/models/res_users.py @@ -1,4 +1,7 @@ from odoo import models, fields +from datetime import datetime +from pytz import UTC +import random, string class ResUsers(models.Model): @@ -6,3 +9,22 @@ class ResUsers(models.Model): reset_password_token = fields.Char(string="Reset Password Token") activation_token = fields.Char(string="Activation Token") + otp_code = fields.Char(string='OTP Code') + otp_create_date = fields.Datetime(string='OTP Create Date') + + def _generate_otp(self): + for user in self: + user.otp_code = '{:04d}'.format(random.randint(0, 9999)) + user.otp_create_date = fields.Datetime.now() + + def _generate_activation_token(self): + for user in self: + token_source = string.ascii_letters + string.digits + user.activation_token = ''.join(random.choice(token_source) for i in range(21)) + + def send_activation_mail(self): + template = self.env.ref('indoteknik_custom.mail_template_res_user_activation_request') + for user in self: + user._generate_otp() + user._generate_activation_token() + template.send_mail(user.id, force_send=True) \ No newline at end of file diff --git a/indoteknik_custom/views/res_users.xml b/indoteknik_custom/views/res_users.xml new file mode 100644 index 00000000..cddd8253 --- /dev/null +++ b/indoteknik_custom/views/res_users.xml @@ -0,0 +1,62 @@ + + + + Users: Activation Request + + Aktivasi Akun - Indoteknik.com + sales@indoteknik.com + ${object.login | safe} + + + +
+ + + + + + + + + + + + +
+ + + + + + + + +
+ +
+
+
+
+ + + + + + + + + + + + + +
Dear ${object.name},
Kami senang Anda bergabung dengan Indoteknik.
Untuk mengaktifkan akun anda salin kode OTP berikut ${object.otp_code}, lalu masukan pada kolom yang disediakan pada website Indoteknik.com
Atau anda dapat klik tautan berikut: Aktivasi akun
Jika anda mengalami kesulitan atau memiliki pertanyaan, hubungi tim dukungan kami melalui email berikut
Hormat kami,
PT. Indoteknik Dotcom Gemilang
+
+
+
+
+ + + + \ No newline at end of file -- cgit v1.2.3