How can i prevent the user from logging in odoo (openerp) system after 5 attempts of invalid username or password.
I have found a workaround to my question to have a captcha ( https://apps.openerp.com/apps/modules/7.0/web_captcha/) installed on my system but i don't need a captcha any more.
Based on your question i tried to create a simple module using which you can restrict the Odoo users not to login for some time.
Based on Configuration, it will unlock the users. Write back to me if you find any Bugs in it. You can clone it from git#github.com:muralikrishnareddy/lockout.git . or its location is https://github.com/muralikrishnareddy/lockout Its for odoo-8.0.
Related
I just installed a custom module in Odoo, and everything seems to be ok. But when I try to install other modules I receive the next error:
Sorry, you are not allowed to access this document. Please contact your system administrator if you think this is an error.
(Document model: ir.module.module.exclusion) - (Operation: read, User: 2)
I no longer have rights to install new modules
What is causing that error?
It seems like you don't have the right to access to the records of the models, try adding your user to the user groups provided by the module that have the right to access (setting -> users and companies) or become superuser.
Administration / Settings group users have all the permission (read, write, create, unlink) for ir.module.module.exclusion model. As you are trying to install apps, you are probably logged in as super user which has the group permission Administration / Settings. Probably the module you have installed is changing access right permission, you can look for base.access_ir_module_module_exclusion_group_system string in your custom modules code as that is the external id of the record for this particular model.
As per solution, you can go to Debug on Settings > Technical > Models > ir.module.module.exclusion, in form view go to access rights tab, edit and set all permission for Administration / Settings to checked, as Jorge suggested in the previous answer.
I have developed a website in Drupal 8 and have deployed it to production. I have created 7-8 other accounts for my content management team and have granted them limited privileges for creating, editing and deleting content.
Of late, I am facing a problem with the user login form, wherein the login works sporadically. Sometimes I am able to log in as the administrator in the first attempt, sometimes I am not. In the latter case, I have to reset my password via email using the reset password option. However, this approach works only temporarily for a single session, which means that as soon as I log out, I am unable to log in. My content managers are also experiencing the same problem.
I have tried the below things but no luck.
Truncating the flood, session, and all the cache tables and flood table manually from the database.
Disabling the Recaptcha module in the login form.
Enabling and disabling the HTTP Basic Authentication module.
Disabling server proxy configuration through the settings.php file.
Performing Drupal updates by running the update.php file.
The incorrect username and/or password error in the login has not been handled. When an incorrect username/password is entered the page only refreshes without displaying any custom message.
Edit: I have just observed that I had luckily forgotten to log out as the super admin on the site from another browser, Firefox. I investigated further to fix this problem and observed a pattern. I am able to login as the administrator when I manually clear the cache from Firefox (where I luckily forgot to logout). However, this works only for one session, which means after logging out the bug reappears. In order to make the login to again work as expected, I have to again clear the cache from Firefox.
Okay, after much banging my head over the wall for nearly a week, I have found a workarpund solution to this problem by uninstalling Internal Dynamic Page Cache and Internal Page Cache modules.
The problem was that the user login form was getting cached after one successful login. Using the Chrome developer tools the following response header was getting set and sent by Drupal.
X-Drupal-Dynamic-Cache: HIT
To elimnate this I had to uninstall the above two modules.
However this is just a workaround and not a solution, since disabling these two modules will have a tradeoff with the site performance.
Anyone who knows the solution to this problem, please post it here. I shall try them and update this space.
Thank you in advance.
I had issues in local environnement with a custom Login form too. The behaviour was different because for me.
It was the first login attempt just after clearing the cache drush cr that would fail, even if in the logs it was recorded that the user was successfully logged.
I fixed it in my Controller, by using a bit of code from the Core core/modules/user/src/Plugin/Block/UserLoginBlock.php
$form = $this->formBuilder()->getForm('Drupal\user\Form\UserLoginForm');
$placeholder = 'form_action_p_4r8ITd22yaUvXM6SzwrSe9rnQWe48hz9k1Sxto3pBvE';
$form['#attached']['placeholders'][$placeholder] = [
'#lazy_builder' => ['\Drupal\user\Plugin\Block\UserLoginBlock::renderPlaceholderFormAction', []],
];
$form['#action'] = $placeholder;
$build['user_login_form'] = $form;
My problem: Users don't get further from login screen. They show up as logged-in in the manager log and Whos online, but the login screen just shows an empty login-form after submit login.
It all worked for several days after last upgrade to 2.7.0.pl, and then suddenly stopped.
Error log: (ERROR # /home/verkejml/public_html/core/model/modx/moduser.class.php : 362) PHP warning: session_regenerate_id(): Cannot regenerate session id - session is not active.
Tried:
Delete all files in core/cache.
Delete browser cache and cookies.
Different browsers and different users with different permissions, up
to admin.
Reading all forum questions about the same problem, no luck.
I have one admin user logged in, and I'm super afraid to log out that user, if I'm not able to login again, and therefor can't access the manager again.
My setup:
Modx Revo 2.7.0pl.
Just a few "standard" extras installed, all updated.
PHP 7.0.33
Question: Is there anything I can do without reinstall everything, and by that be forced to log out my only logged in user?
I got the answer from the incredibly engaged and knowledgeable problem solver in the Modx community, BobRay:
My (old) settings:
session_cookie_path => (blank)
anonymous_sessions => No
Changed to
session_cookie_path => /
anonymous_sessions => Yes
Thanks to BobRay for great help!
Well, there are any problems with MODX 2.7 + PHP 7.* nowadays.
Here are other possible steps which may help you:
Disable anonymous_sessions setting and relogin again
Remove modSessionHandler value for session_handler_class and relogin again
I have one admin user logged in, and I'm super afraid to log out that user, if I'm not able to login again, and therefor can't access the manager again.
Honestly I don't know how to test without logging out ((
I need to integrate my Pentaho Community dashboard report in a DotNet application. Now I am facing a problem.
I want the report to open on single click without the Pentaho server asking for authentication or log in. I tried to find out a solution and found that if I use userid and password in the url, it will work. So I did this
http://192.168.2.122:8085/pentaho/api/repos/:home:Time%20Sheet%20Reports:Project%20Effort%20Analysis%20Dashboard.wcdf/generatedContent&userid=admin&password=password
But this is not working for me and the browser is still asking for login credentials. I don't understand what went wrong.
Any help with the same will be most appreciated.
Thanks in advance.
Regards,
Ritesh.
You need the following user to be created under the Manage Users & Roles Perspective:
anonymousUser (notice the uppercase U)
You can give this user any password; this is only to make sure this user maps the user used in the configuration files inside pentaho-solutions/system
Make sure the Anonymous role has at least the Read Permission.
The Anonymous role should exist already in the BA Server (this is by default a system role in the Manage Users and Roles Perspective)
Under Public create a folder: in my case "OpenReports"
Select the "OpenReports" folder click properties > click Share > Uncheck > Inherits folder permissions
Make sure to add anonymousUser and role anonymous to it and they at least the Read permission
Click OK
Copy an Analyzer report to the new OpenReports folder
Verify the permissions for anonymousUser and Anonymous role were inherited; if not add them accordingly.
Stop BA Server
Locate the following file:
\pentaho\server\biserver-ee\pentaho-solutions\system\applicationContext-spring-security.xml
Add the following lines:
\A/i18n.*\Z=Anonymous,Authenticated
\A/js/utils.js\Z=Anonymous,Authenticated
\A/api/.*require-js-cfg.js\Z=Anonymous,Authenticated
\A/api/.*\Z=Anonymous,Authenticated
\A/api/repos.*\Z=Anonymous,Authenticated
\A/api/common-ui/resources/.*\Z=Anonymous,Authenticated
\A/api/common-ui/util/.*\Z=Anonymous,Authenticated
The following lines open the anonymous access to the OpenReports folder and its contents
\A/api/repos.*public.*openreports.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*openreports.*/viewer/.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*openreports.*/common-ui/.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*openreports.*/common-ui/util/.*\Z=Anonymous,Authenticated
after:
\A/js/require-cfg.js\Z=Anonymous,Authenticated
and before:
\A/content/data-access/resources/gwt/.*css\Z=Anonymous,Authenticated
Add the following lines: (these open the URL access to the Analyzer plugin)
\A/content/pentaho-cdf/.*\Z=Anonymous,Authenticated
\A/content/common-ui/.*\Z=Anonymous,Authenticated
\A/content/analyzer/.*\Z=Anonymous,Authenticated
\A/content/analyzer/scripts/.*\Z=Anonymous,Authenticated
Make sure to add these lines:
After:
\A/content/data-access/resources/gwt/.*css\Z=Anonymous,Authenticated
and before:
\A/webcontext.js.*\Z=Anonymous,Authenticated
Locate the following
Change the following lines from:
\A/api/.*\Z=Authenticated
\A/plugin/.*\Z=Authenticated
to:
\A/api/.*\Z=Anonymous,Authenticated
\A/plugin/.*\Z=Anonymous,Authenticated
Save the file
Restart your BA Server
You should be able to successfully call the report by URL without having to authenticate through the login page; here is a sample URL:
http://192.168.2.122:8085/pentaho/api/repos/:public:OpenReports:Leading%20Product%20Lines%20(pivot%20table).xanalyzer/editor
Here the simplest way to bypass the log in :
http://pedroalves-bi.blogspot.pt/2015/02/useful-tips-easy-authentication-in.html
it's work for me, i'm using pentaho 5.4
don't forget to create anonymousUser and in "system Roles" check only "Read Content".
if you use admin user and then you try to access http://localhost:8080/pentaho/Home
it will automaticly login because the browser still have session login.
sorry for my bad english,
I have written my own windows service which interacts with a SQL database and updates it. The service was running fine and seems to be functioning correctly, however of late it seems to go down at random times and cannot restart due to the error designated in the question. I have tried various searches to fix this, but unfortunately I have come up with nothing. The aim is to eventually having this service running on my companies server, but I can't adjust any server settings, I am but a user on the server, so I have restrictions to some settings.
Any quick fixes, would be helpful!
Open the Services Manager. ( Win + R, then type services.msc )
Then right click on the SQL Server process and click Properties
Then go to Log On, and select This account:
Then click Browse, and add your username in the box. (Notice it should contain the domain, in my case is AD\myusername), then Check Names and accept.
Finally type your password in the other two fields, and that's it, you should have permission to start your process now.
Cheers!!
One issue for us was the format of the account user name, we initially used
domain\username
and got the 1069-logon error, then ultimately I tried validating the user name in the properties | logon tab of the Service (in Control Panel / Service Manager), using the "Browse" and "Search" for the user name and it turned it suggested and validated ok with the reverse format
username#domain
This also worked and resolved the 1069 error, and let us script the startup using sc.exe.
Error 1069 is vague and can have different causes. I am sharing my experience here.
I encountered this error when trying to get a service to run under my account (I am trying to get my services to see the same LocalDB as interactive processes running on my account for development purposes). I use an MSA (Microsoft Account) with Windows’s PIN login normally, so I rarely enter my Windows password. To resolve the issue, I locked my screen, selected Password input instead of PIN input, and then entered my password. I assume this somehow reminded Windows what my password was and made my local account more legit.
Before doing this, you need to configure the user account in question to have the Logon as Service privilege. To do this, open the Group Policy Editor. Expand Computer / Windows Configuration / Security Configuration / Local Policies / User Permissions Assignment and then open Login as Service. From there, you can add your user in question.
also check for "Deny Logon service" policy.
user should not be added over there
We had this issue as well because the account was set so that the password expired. After we updated the account to not expire and set the password this error stopped.
The account could also be locked out. To unlock it, you only need to change that user's password (new and old password can be the same).
What also worked for me was re-entering the password in the services->LogOn window. Even when you think the account and password is correct, re-entering it will re-grant the account permission to log on as a service.