Odoo Addons (MOVED TO GITHUB)

Login date recorded in wrong timezone by auth_openid, users_ldap, base_crypt

Bug #967829 reported by Ian Beardslee
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Odoo Addons (MOVED TO GITHUB)
Fix Released
Low
Unassigned
Odoo Addons (MOVED TO GITHUB) 6.1

Bug Description

I noticed that the login date for LDAP users was in the future (I'm in Pacific/Auckland or GMT+13), yet the Administrator user was correct.

It seems that although the addons/base/res/res_users.py updates the login date and time (res_users.date) using UTC, the various other methods just set res_users.date use the now() function. The now() function takes the timezone of the server without consideration to the timezone of the user. The code within OpenERP applies timezone formating to the information returned from the database.

### addons/base/res/res_users.py

 cr.execute("""UPDATE res_users
               SET date = now() AT TIME ZONE 'UTC'
               WHERE login=%s AND password=%s AND active
               RETURNING id""",
           (tools.ustr(login), tools.ustr(password)))

I found the other places by using "grep -Ri 'update res_users' *"

### addons/auth_openid/res_users.py

 cr.execute('UPDATE res_users SET date=now() WHERE login=%s AND openid_key=%s AND active=%s RETURNING id',
         (tools.ustr(login), tools.ustr(password), True))

### addons/base_crypt/crypt.py

 cr.execute('UPDATE res_users SET date=now() ' \
             'WHERE id=%s AND password=%s AND active RETURNING id',
            (int(id), encrypted_pw.encode('utf-8')))

### addons/users_ldap/users_ldap.py

  cr.execute('UPDATE res_users SET date=now() WHERE '
             'login=%s', (tools.ustr(login),))

The 3 "SET date=now()" need to be changed to "SET date=now() AT TIME ZONE 'UTC'" as per addons/base/res/res_users.py, and in my example changes below formatted to the same as the addons/base/res/res_users.py

### addons/auth_openid/res_users.py

 cr.execute("""UPDATE res_users
               SET date=now() AT TIME ZONE 'UTC'
               WHERE login=%s AND openid_key=%s AND active=%s RETURNING id""",
           (tools.ustr(login), tools.ustr(password), True))

### addons/base_crypt/crypt.py

 cr.execute("""UPDATE res_users
               SET date=now() AT TIME ZONE 'UTC'
               WHERE id=%s AND password=%s AND active RETURNING id""",
           (int(id), encrypted_pw.encode('utf-8')))

### addons/users_ldap/users_ldap.py

  cr.execute("""UPDATE res_users
                SET date=now() AT TIME ZONE 'UTC'
                WHERE login=%s""",
            (tools.ustr(login),))

Because I use the users_ldap module, I have only tested changes to that module, and they appear to be correct.

This bug could also be linked to some of the other issues around how dates are updated and retrieved from the database and displayed in the interface and reports.

If, as in addons/base/res/res_users.py, dates and times are used as UTC with the interface making adjustments for language and timezone it should be consistent throughout the rest of the application. Using 'timestamp without time zone' consistently as the database type for dates and times makes it easy for developers and users to know that they need to treat timestamps in the database as UTC, and the module/report/UI being created needs to treat the date and time as such.

Related branches

lp:~openerp-community/openobject-addons/ibeardslee_addons_967829
Olivier Dony (Odoo): Approve
Diff: 52 lines (+13/-7)
3 files modified
auth_openid/res_users.py (+4/-2)
base_crypt/crypt.py (+5/-3)
users_ldap/users_ldap.py (+4/-2)
lp:openobject-addons
lp:openobject-addons/6.1
Ian Beardslee (ibeardslee)
affects: openobject-server → openobject-addons
Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

Hi Ian,

You're right, these other places where the last login date is updated were not properly patched to use the new UTC server time semantics. Your analysis is correct and the merge proposal looks right too!

Thanks a lot for both!

summary: - Login Date Incorrect
+ Login date recorded in wrong timezone by auth_openid, users_ldap,
+ base_crypt
Changed in openobject-addons:
importance: Undecided → Low
milestone: none → 6.1
status: New → Confirmed
assignee: nobody → OpenERP's Framework R&D (openerp-dev-framework)
Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

Ian's excellent fix was merged in trunk and 6.1:
- trunk: rev.6702 rev-id: <email address hidden>
- 6.1: rev.6718 rev-id: <email address hidden>

Thanks again for reporting and providing a proper patch!

Changed in openobject-addons:
assignee: OpenERP's Framework R&D (openerp-dev-framework) → nobody
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.