diff --git a/model/res_users.py b/model/res_users.py
index bcd11c9d158712f6f1ae75759bdfdf4604841b1b_bW9kZWwvcmVzX3VzZXJzLnB5..9cdd354db735d28aef79351129d8723f6544d421_bW9kZWwvcmVzX3VzZXJzLnB5 100644
--- a/model/res_users.py
+++ b/model/res_users.py
@@ -223,7 +223,9 @@
# return user credentials
return self.env.cr.dbname, login, saml_response
- # This method is using the old v7 API because it is called BEFORE the login
- def check_credentials(self, cr, uid, token):
- """token can be a password if the user has used the normal form...
+ @api.model
+ def check_credentials(self, token):
+ """Override to handle SAML auths.
+
+ The token can be a password if the user has used the normal form...
but we are more interested in the case when they are tokens
@@ -229,3 +231,3 @@
but we are more interested in the case when they are tokens
- and the interesting code is inside the except clause
+ and the interesting code is inside the "except" clause.
"""
@@ -231,4 +233,3 @@
"""
- token_osv = self.pool.get('auth_saml.token')
try:
@@ -233,6 +234,7 @@
try:
- super(ResUser, self).check_credentials(cr, uid, token)
+ # Attempt a regular login (via other auth addons) first.
+ super(ResUser, self).check_credentials(token)
except (
openerp.exceptions.AccessDenied,
@@ -240,6 +242,5 @@
):
# since normal auth did not succeed we now try to find if the user
# has an active token attached to his uid
- res = token_osv.search(
- cr, SUPERUSER_ID,
+ res = self.env['auth_saml.token'].sudo().search(
[
@@ -245,3 +246,3 @@
[
- ('user_id', '=', uid),
+ ('user_id', '=', self.env.user.id),
('saml_access_token', '=', token),
@@ -247,5 +248,5 @@
('saml_access_token', '=', token),
- ]
+ ],
)
# if the user is not found we re-raise the AccessDenied