2016-07-25 12:50:32 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
[9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
2016-11-11 14:41:20 +01:00
|
|
|
# Copyright 2016 Jairo Llopis <jairo.llopis@tecnativa.com>
|
2016-07-25 12:50:32 +02:00
|
|
|
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
|
|
|
|
|
[9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
2016-11-11 14:41:20 +01:00
|
|
|
import hmac
|
|
|
|
import hashlib
|
2016-07-25 12:50:32 +02:00
|
|
|
from openerp import api, models
|
[9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
2016-11-11 14:41:20 +01:00
|
|
|
from openerp.exceptions import AccessDenied
|
|
|
|
from openerp.tools import consteq
|
2016-07-25 12:50:32 +02:00
|
|
|
|
|
|
|
|
|
|
|
class MailMassMailing(models.Model):
|
|
|
|
_inherit = "mail.mass_mailing"
|
|
|
|
|
[9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
2016-11-11 14:41:20 +01:00
|
|
|
@api.multi
|
|
|
|
def _unsubscribe_token(self, res_id, compare=None):
|
|
|
|
"""Generate a secure hash for this mailing list and parameters.
|
|
|
|
This is appended to the unsubscription URL and then checked at
|
|
|
|
unsubscription time to ensure no malicious unsubscriptions are
|
|
|
|
performed.
|
2016-07-25 12:50:32 +02:00
|
|
|
|
[9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
2016-11-11 14:41:20 +01:00
|
|
|
:param int res_id:
|
|
|
|
ID of the resource that will be unsubscribed.
|
|
|
|
|
|
|
|
:param str compare:
|
|
|
|
Received token to be compared with the good one.
|
2016-07-25 12:50:32 +02:00
|
|
|
|
[9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
2016-11-11 14:41:20 +01:00
|
|
|
:raise AccessDenied:
|
|
|
|
Will happen if you provide :param:`compare` and it does not match
|
|
|
|
the good token.
|
2016-07-25 12:50:32 +02:00
|
|
|
"""
|
[9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
2016-11-11 14:41:20 +01:00
|
|
|
secret = self.env["ir.config_parameter"].sudo().get_param(
|
|
|
|
"database.secret")
|
|
|
|
key = (self.env.cr.dbname, self.id, int(res_id))
|
|
|
|
token = hmac.new(str(secret), repr(key), hashlib.sha512).hexdigest()
|
|
|
|
if compare is not None and not consteq(token, str(compare)):
|
|
|
|
raise AccessDenied()
|
|
|
|
return token
|
|
|
|
|
2017-07-05 11:07:28 +02:00
|
|
|
def update_opt_out(self, email, res_ids, value):
|
[9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
2016-11-11 14:41:20 +01:00
|
|
|
"""Save unsubscription reason when opting out from mailing."""
|
2017-07-05 11:07:28 +02:00
|
|
|
self.ensure_one()
|
2018-05-10 12:17:04 +02:00
|
|
|
action = "unsubscription" if value else "subscription"
|
|
|
|
records = self.env[self.mailing_model].browse(res_ids)
|
|
|
|
previous = self.env["mail.unsubscription"].search(limit=1, args=[
|
|
|
|
("mass_mailing_id", "=", self.id),
|
|
|
|
("email", "=", email),
|
|
|
|
("action", "=", action),
|
|
|
|
])
|
|
|
|
for one in records:
|
|
|
|
# Store action only when something changed, or there was no
|
|
|
|
# previous subscription record
|
|
|
|
if one.opt_out != value or (action == "subscription" and
|
|
|
|
not previous):
|
[9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
2016-11-11 14:41:20 +01:00
|
|
|
# reason_id and details are expected from the context
|
|
|
|
self.env["mail.unsubscription"].create({
|
|
|
|
"email": email,
|
2017-07-05 11:07:28 +02:00
|
|
|
"mass_mailing_id": self.id,
|
2018-05-10 12:17:04 +02:00
|
|
|
"unsubscriber_id": "%s,%d" % (one._name, one.id),
|
|
|
|
"action": action,
|
[9.0][MIG][mass_mailing_custom_unsubscribe] Migrate.
- Imported last updates from v8.
- Adapted to v9.
- Added a saner default to `mass_mailing.salt` configuration parameter by
reusing `database.secret` if available, hoping that some day
https://github.com/odoo/odoo/pull/12040 gets merged.
- Updated README.
- Increase security, drop backwards compatibility.
Security got improved upstream, which would again break compatibility among current addon and future master upstream.
I choose to break it now and keep it secured future-wise, so I drop the backwards compatibility features.
- Includes tour tests.
- Removes outdated tests.
- Extends the mailing list management form when unsubscriber is a contact.
- Adds a reason form even if he is not.
- Avoids all methods that were not model-agnostic.
[FIX][mass_mailing_custom_unsubscribe] Reasons noupdate
After this fix, when you update the addon, you will not lose your customized reasons.
[FIX] Compatibilize with mass_mailing_partner
Current test code was based on the assumption that the `@api.model` decorator on `create()` ensured an empty recordset when running the method, but that's not true. This was causing an incompatibility betwee these tests and the `mass_mailing_partner` addon, which works assuming 0-1 recordsets.
Now records are created from an empty recordset, and thus tests work everywhere.
Update instructions
If the user does not add the unsubscribe snippet, nothing will happen, so it's added to README to avoid confusion when testing/using the addon.
[FIX] Use the right operator to preserve recordsets order
Using `|=` sorts records at will each time (treating them as Python's `set`).
Using `+=` always appends a record to the end of the set.
Since we are using the record position in the set, this caused the test to work sometimes and fail other times. Now it works always.
2016-11-11 14:41:20 +01:00
|
|
|
})
|
|
|
|
return super(MailMassMailing, self).update_opt_out(
|
2017-07-05 11:07:28 +02:00
|
|
|
email, res_ids, value)
|