search

OCA / server-auth

https://odoo-community.org/psc-teams/tools-30
GNU Affero General Public License v3.0
150 stars 403 forks source link

[15.0.1.0.0] 403: Forbidden on logon #604

Closed blackjacky closed 1 day ago

blackjacky commented 7 months ago

Module

password_security

Describe the bug

When logging in, redirect to 403: Forbidden I tried uninstall and re-install -> same issues

To Reproduce

Affected versions:

Steps to reproduce the behavior:

  1. install the module
  2. log on
  3. redirect to 403: Forbidden

Expected behavior A clear and concise description of what you expected to happen.

Additional context 2024-01-16 02:51:42,030 4460 WARNING DB_NAME odoo.addons.http_routing.models.ir_http: 403 Forbidden:

Traceback (most recent call last): File "/home/odoo/src/odoo/odoo/tools/cache.py", line 85, in lookup r = d[key] File "/home/odoo/src/odoo/odoo/tools/func.py", line 71, in wrapper return func(self, *args, **kwargs) File "/home/odoo/src/odoo/odoo/tools/lru.py", line 34, in getitem a = self.d[obj] KeyError: ('ir.model.access', <function IrModelAccess.check at 0x7f347c48bca0>, 22, False, 'res.users', 'write', True, (None,))

The above exception was the direct cause of the following exception:

Traceback (most recent call last): File "/home/odoo/src/odoo/odoo/addons/base/models/ir_http.py", line 237, in _dispatch result = request.dispatch() File "/home/odoo/src/odoo/odoo/http.py", line 815, in dispatch r = self._call_function(self.params) File "/home/odoo/src/odoo/odoo/http.py", line 368, in _call_function return checked_call(self.db, *args, *kwargs) File "/home/odoo/src/odoo/odoo/service/model.py", line 94, in wrapper return f(dbname, args, kwargs) File "/home/odoo/src/odoo/odoo/http.py", line 357, in checked_call result = self.endpoint(*a, kw) File "/home/odoo/src/odoo/odoo/http.py", line 921, in call return self.method(*args, *kw) File "/home/odoo/src/odoo/odoo/http.py", line 546, in response_wrap response = f(args, kw) File "/home/odoo/src/odoo/addons/website/controllers/main.py", line 139, in web_login return super().web_login(*args, kw) File "/home/odoo/src/odoo/odoo/http.py", line 546, in response_wrap response = f(*args, *kw) File "/home/odoo/src/user/additional-addons/password_security/controllers/main.py", line 39, in web_login response = super(PasswordSecurityHome, self).web_login(args, kw) File "/home/odoo/src/odoo/odoo/http.py", line 546, in response_wrap response = f(*args, kw) File "/home/odoo/src/odoo/addons/auth_oauth/controllers/main.py", line 96, in web_login response = super(OAuthLogin, self).web_login(*args, *kw) File "/home/odoo/src/odoo/odoo/http.py", line 546, in response_wrap response = f(args, kw) File "/home/odoo/src/odoo/addons/auth_signup/controllers/main.py", line 21, in web_login response = super(AuthSignupHome, self).web_login(*args, kw) File "/home/odoo/src/odoo/odoo/http.py", line 546, in response_wrap response = f(*args, *kw) File "/home/odoo/src/odoo/addons/web/controllers/main.py", line 872, in web_login uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) File "/home/odoo/src/odoo/odoo/http.py", line 1034, in authenticate uid = odoo.registry(db)['res.users'].authenticate(db, login, password, env) File "/home/odoo/src/odoo/addons/website/models/res_users.py", line 78, in authenticate uid = super(ResUsers, cls).authenticate(db, login, password, user_agent_env) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 745, in authenticate uid = cls._login(db, login, password, user_agent_env=user_agent_env) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 720, in _login user._check_credentials(password, user_agent_env) File "/home/odoo/src/odoo/addons/website_sale_wishlist/models/res_users.py", line 10, in _check_credentials result = super(ResUsers, self)._check_credentials(password, env) File "/home/odoo/src/user/addons/kbt_api_base/models/res_users.py", line 20, in _check_credentials return super()._check_credentials(password, env) File "/home/odoo/src/odoo/addons/auth_oauth/models/res_users.py", line 135, in _check_credentials return super(ResUsers, self)._check_credentials(password, env) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 1676, in _check_credentials return super()._check_credentials(password, user_agent_env) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 402, in _check_credentials self._set_encrypted_password(self.env.user.id, replacement) File "/home/odoo/src/user/additional-addons/password_security/models/res_users.py", line 214, in _set_encrypted_password self.write({"password_history_ids": [(0, 0, {"password_crypt": pw})]}) File "/home/odoo/src/user/additional-addons/password_security/models/res_users.py", line 53, in write return super(ResUsers, self).write(vals) File "/home/odoo/src/odoo/addons/website_slides/models/res_users.py", line 22, in write res = super(Users, self).write(vals) File "/home/odoo/src/odoo/addons/hr/models/res_users.py", line 211, in write result = super(User, self).write(vals) File "/home/odoo/src/odoo/addons/gamification/models/res_users.py", line 63, in write result = super(Users, self).write(vals) File "/home/odoo/src/odoo/addons/mail/models/res_users.py", line 77, in write write_res = super(Users, self).write(vals) File "/home/odoo/src/odoo/addons/resource/models/res_users.py", line 17, in write rslt = super().write(vals) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 1412, in write res = super(UsersView, self).write(values) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 1156, in write return super(UsersImplied, self).write(values) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 600, in write res = super(Users, self).write(values) File "/home/odoo/src/odoo/odoo/models.py", line 3781, in write self.check_access_rights('write') File "/home/odoo/src/odoo/odoo/models.py", line 3556, in check_access_rights return self.env['ir.model.access'].check(self._name, operation, raise_exception) File "", line 2, in check File "/home/odoo/src/odoo/odoo/tools/cache.py", line 90, in lookup value = d[key] = self.method(args, kwargs) File "/home/odoo/src/odoo/odoo/addons/base/models/ir_model.py", line 1847, in check raise AccessError(msg) Exception

The above exception was the direct cause of the following exception:

Traceback (most recent call last): File "/home/odoo/src/odoo/odoo/addons/base/models/ir_http.py", line 237, in _dispatch result = request.dispatch() File "/home/odoo/src/odoo/odoo/http.py", line 815, in dispatch r = self._call_function(self.params) File "/home/odoo/src/odoo/odoo/http.py", line 368, in _call_function return checked_call(self.db, *args, *kwargs) File "/home/odoo/src/odoo/odoo/service/model.py", line 94, in wrapper return f(dbname, args, kwargs) File "/home/odoo/src/odoo/odoo/http.py", line 357, in checked_call result = self.endpoint(*a, kw) File "/home/odoo/src/odoo/odoo/http.py", line 921, in call return self.method(*args, *kw) File "/home/odoo/src/odoo/odoo/http.py", line 546, in response_wrap response = f(args, kw) File "/home/odoo/src/odoo/addons/website/controllers/main.py", line 139, in web_login return super().web_login(*args, kw) File "/home/odoo/src/odoo/odoo/http.py", line 546, in response_wrap response = f(*args, *kw) File "/home/odoo/src/user/additional-addons/password_security/controllers/main.py", line 39, in web_login response = super(PasswordSecurityHome, self).web_login(args, kw) File "/home/odoo/src/odoo/odoo/http.py", line 546, in response_wrap response = f(*args, kw) File "/home/odoo/src/odoo/addons/auth_oauth/controllers/main.py", line 96, in web_login response = super(OAuthLogin, self).web_login(*args, *kw) File "/home/odoo/src/odoo/odoo/http.py", line 546, in response_wrap response = f(args, kw) File "/home/odoo/src/odoo/addons/auth_signup/controllers/main.py", line 21, in web_login response = super(AuthSignupHome, self).web_login(*args, kw) File "/home/odoo/src/odoo/odoo/http.py", line 546, in response_wrap response = f(*args, *kw) File "/home/odoo/src/odoo/addons/web/controllers/main.py", line 872, in web_login uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password']) File "/home/odoo/src/odoo/odoo/http.py", line 1034, in authenticate uid = odoo.registry(db)['res.users'].authenticate(db, login, password, env) File "/home/odoo/src/odoo/addons/website/models/res_users.py", line 78, in authenticate uid = super(ResUsers, cls).authenticate(db, login, password, user_agent_env) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 745, in authenticate uid = cls._login(db, login, password, user_agent_env=user_agent_env) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 720, in _login user._check_credentials(password, user_agent_env) File "/home/odoo/src/odoo/addons/website_sale_wishlist/models/res_users.py", line 10, in _check_credentials result = super(ResUsers, self)._check_credentials(password, env) File "/home/odoo/src/user/addons/kbt_api_base/models/res_users.py", line 20, in _check_credentials return super()._check_credentials(password, env) File "/home/odoo/src/odoo/addons/auth_oauth/models/res_users.py", line 135, in _check_credentials return super(ResUsers, self)._check_credentials(password, env) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 1676, in _check_credentials return super()._check_credentials(password, user_agent_env) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 402, in _check_credentials self._set_encrypted_password(self.env.user.id, replacement) File "/home/odoo/src/user/additional-addons/password_security/models/res_users.py", line 214, in _set_encrypted_password self.write({"password_history_ids": [(0, 0, {"password_crypt": pw})]}) File "/home/odoo/src/user/additional-addons/password_security/models/res_users.py", line 53, in write return super(ResUsers, self).write(vals) File "/home/odoo/src/odoo/addons/website_slides/models/res_users.py", line 22, in write res = super(Users, self).write(vals) File "/home/odoo/src/odoo/addons/hr/models/res_users.py", line 211, in write result = super(User, self).write(vals) File "/home/odoo/src/odoo/addons/gamification/models/res_users.py", line 63, in write result = super(Users, self).write(vals) File "/home/odoo/src/odoo/addons/mail/models/res_users.py", line 77, in write write_res = super(Users, self).write(vals) File "/home/odoo/src/odoo/addons/resource/models/res_users.py", line 17, in write rslt = super().write(vals) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 1412, in write res = super(UsersView, self).write(values) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 1156, in write return super(UsersImplied, self).write(values) File "/home/odoo/src/odoo/odoo/addons/base/models/res_users.py", line 600, in write res = super(Users, self).write(values) File "/home/odoo/src/odoo/odoo/models.py", line 3781, in write self.check_access_rights('write') File "/home/odoo/src/odoo/odoo/models.py", line 3556, in check_access_rights return self.env['ir.model.access'].check(self._name, operation, raise_exception) File "", line 2, in check File "/home/odoo/src/odoo/odoo/tools/cache.py", line 90, in lookup value = d[key] = self.method(args, kwargs) File "/home/odoo/src/odoo/odoo/addons/base/models/ir_model.py", line 1847, in check raise AccessError(msg) odoo.exceptions.AccessError: You are not allowed to modify 'Users' (res.users) records.

This operation is allowed for the following groups:

Contact your administrator to request access if necessary.

fkantelberg commented 7 months ago

We also noticed the bug last week and spend some time. Updating the module wasn't enough but see the fix it in #594

github-actions[bot] commented 1 month ago

There hasn't been any activity on this issue in the past 6 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days. If you want this issue to never become stale, please ask a PSC member to apply the "no stale" label.