From 6a87a12ca305d22db5532d1c645b67e9c5bf9747 Mon Sep 17 00:00:00 2001 From: Rafi Zadanly Date: Sat, 28 Oct 2023 09:05:59 +0700 Subject: Update auth function --- indoteknik_api/controllers/api_v1/user.py | 102 ++++++++++++++++++++++-------- 1 file changed, 76 insertions(+), 26 deletions(-) (limited to 'indoteknik_api/controllers/api_v1') diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 7a522d0c..b64e6830 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -95,37 +95,45 @@ class User(controller.Controller): password = kw.get('password') if not name or not email or not password: return self.response(code=400, description='email, name and password is required') + + company = kw.get('company', False) + phone = kw.get('phone') + + response = { + 'register': False, + 'reason': None + } user = self.get_user_by_email(email) if user: - return self.response({ - 'register': False, - 'reason': 'EMAIL_USED' - }) + if user.active: + response['reason'] = 'EMAIL_USED' + else: + user.send_activation_mail() + response['reason'] = 'NOT_ACTIVE' + + return self.response(response) user_data = { 'name': name, 'login': email, + 'phone': phone, 'password': password, 'active': False, 'sel_groups_1_9_10': 9 } user = request.env['res.users'].create(user_data) - user.partner_id.email = email - company = kw.get('company', False) if company: parameter = [ ('company_type', '=', 'company'), ('name', 'ilike', company) ] - match_company = request.env['res.partner'].search( - parameter, limit=1) + match_company = request.env['res.partner'].search(parameter, limit=1) match_ratio = 0 if match_company: - match_ratio = SequenceMatcher( - None, match_company.name, company).ratio() + match_ratio = SequenceMatcher(None, match_company.name, company).ratio() if match_ratio > 0.8: request.env['user.company.request'].create({ 'user_id': user.partner_id.id, @@ -138,27 +146,33 @@ class User(controller.Controller): }) user.parent_id = new_company.id - return self.response({'register': True}) + user.send_activation_mail() + + response['register'] = True + return self.response(response) @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False) @controller.Controller.must_authorized() def request_activation_user(self, **kw): email = kw.get('email') + response = { + 'activation_request': False, + 'reason': None + } + user = self.get_user_by_email(email) if not user: - return self.response({'activation_request': False, 'reason': 'NOT_FOUND'}) + response['reason'] = 'NOT_FOUND' + return self.response(response) if user.active: - return self.response({'activation_request': False, 'reason': 'ACTIVE'}) + response['reason'] = 'ACTIVE' + return self.response(response) - token_source = string.ascii_letters + string.digits - user.activation_token = ''.join( - random.choice(token_source) for i in range(21)) - return self.response({ - 'activation_request': True, - 'token': user.activation_token, - 'user': request.env['res.users'].api_single_response(user) - }) + user.send_activation_mail() + + response['activation_request'] = True + return self.response(response) @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) @controller.Controller.must_authorized() @@ -166,18 +180,54 @@ class User(controller.Controller): token = kw.get('token') if not token: return self.response(code=400, description='token is required') + + response = { + 'activation': False, + 'reason': None, + 'user': None + } - user = request.env['res.users'].search( - [('activation_token', '=', token), ('active', '=', False)], limit=1) + user = request.env['res.users'].search([('activation_token', '=', token), ('active', '=', False)], limit=1) if not user: - return self.response({'activation': False, 'reason': 'INVALID_TOKEN'}) + response['reason'] = 'INVALID_TOKEN' + return self.response(response) + # user.active = True + # user.activation_token = '' + response.update({ + 'activation': True, + 'user': self.response_with_token(user) + }) + return self.response(response) + + @http.route(prefix + 'user/activation-token', auth='public', methods=['POST'], csrf=False) + @controller.Controller.must_authorized() + def activation_user_with_token(self, **kw): + return self.activation_user(**kw) + + @http.route(prefix + 'user/activation-otp', auth='public', methods=['POST'], csrf=False) + @controller.Controller.must_authorized() + def activation_user_with_otp(self, **kw): + email = kw.get('email') + otp = kw.get('otp') + + response = { + 'activation': False, + 'reason': None, + 'user': None + } + + user = self.get_user_by_email(email) + if user.otp_code != otp: + response['reason'] = 'INVALID_OTP' + return self.response(response) + user.active = True - user.activation_token = '' - return self.response({ + response.update({ 'activation': True, 'user': self.response_with_token(user) }) + return self.response(response) @http.route(prefix + 'user/forgot-password', auth='public', methods=['POST'], csrf=False) @controller.Controller.must_authorized() -- cgit v1.2.3 From 0831511787b1cd2171d6dd1dd6c2c9da46b64d2e Mon Sep 17 00:00:00 2001 From: Rafi Zadanly Date: Mon, 30 Oct 2023 09:53:05 +0700 Subject: Add get activation token url on activation mail template --- indoteknik_api/controllers/api_v1/user.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'indoteknik_api/controllers/api_v1') diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index b64e6830..848575e2 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -124,6 +124,7 @@ class User(controller.Controller): } user = request.env['res.users'].create(user_data) + user.partner_id.email = email if company: parameter = [ @@ -192,8 +193,8 @@ class User(controller.Controller): response['reason'] = 'INVALID_TOKEN' return self.response(response) - # user.active = True - # user.activation_token = '' + user.active = True + user.activation_token = '' response.update({ 'activation': True, 'user': self.response_with_token(user) -- cgit v1.2.3 From 132d4b80f3d5dad792468bd14961f6a9540122e2 Mon Sep 17 00:00:00 2001 From: Azka Nathan Date: Wed, 15 Nov 2023 10:32:25 +0700 Subject: add new role for wms and fix bug delete reconcile --- indoteknik_api/controllers/api_v1/user.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'indoteknik_api/controllers/api_v1') diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 7a522d0c..2b297e5d 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -42,9 +42,17 @@ class User(controller.Controller): uid = request.session.authenticate( config.get('db_name'), email, password) user = request.env['res.users'].browse(uid) + role = [] + if user.is_inbound and user.is_outbound: + role.append('admin') + elif user.is_outbound: + role.append('outbound') + elif user.is_inbound: + role.append('inbound') data = { 'is_auth': True, - 'user': self.response_with_token(user) + 'role': role, + 'user': self.response_with_token(user), } return self.response(data) except: -- cgit v1.2.3 From 7ba598c8ac2a707e93134e97f34b8668a530fd17 Mon Sep 17 00:00:00 2001 From: Azka Nathan Date: Thu, 16 Nov 2023 16:35:11 +0700 Subject: modification api users for wms --- indoteknik_api/controllers/api_v1/user.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'indoteknik_api/controllers/api_v1') diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 2b297e5d..2848f347 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -42,13 +42,14 @@ class User(controller.Controller): uid = request.session.authenticate( config.get('db_name'), email, password) user = request.env['res.users'].browse(uid) - role = [] + role = '' + if user.is_inbound and user.is_outbound: - role.append('admin') + role = 'admin' elif user.is_outbound: - role.append('outbound') + role = 'outbound' elif user.is_inbound: - role.append('inbound') + role = 'inbound' data = { 'is_auth': True, 'role': role, -- cgit v1.2.3