From 0df3866d638c92034b80c7249bb0df647c8a618c Mon Sep 17 00:00:00 2001
From: Mihai Fekete <feketemihai@gmail.com>
Date: Mon, 11 Mar 2024 18:54:37 +0200
Subject: [PATCH] Fix conflicts

---
 l10n_ro_account_anaf_sync/README.rst          |   2 +-
 l10n_ro_account_anaf_sync/__manifest__.py     |   1 +
 .../controllers/anaf_oauth.py                 |  35 +++--
 l10n_ro_account_anaf_sync/data/neutralize.sql |   3 +-
 l10n_ro_account_anaf_sync/models/__init__.py  |   1 +
 .../models/l10n_ro_account_anaf_sync.py       | 126 ++++++++----------
 .../models/l10n_ro_account_anaf_sync_scope.py |  32 +++++
 .../models/res_company.py                     |  28 ++--
 l10n_ro_account_anaf_sync/requirements.txt    |   1 +
 .../security/ir.model.access.csv              |   2 +
 .../static/description/index.html             |   3 +-
 .../views/l10n_ro_account_anaf_sync_view.xml  |  22 ++-
 l10n_ro_account_edi_ubl/README.rst            |   2 +-
 l10n_ro_account_edi_ubl/__manifest__.py       |   2 +-
 .../{post_migration.py => post-migration.py}  |   0
 .../migrations/16.0.1.43.1/post-migration.py  |  23 ++++
 l10n_ro_account_edi_ubl/models/__init__.py    |   1 +
 .../models/account_edi_format.py              |   9 +-
 .../models/account_move.py                    |   4 +-
 .../models/l10n_ro_account_anaf_sync_scope.py |  62 +++++++++
 l10n_ro_account_edi_ubl/models/res_company.py |  11 +-
 .../static/description/index.html             |   3 +-
 .../tests/test_acccount_edi_ubl.py            |  37 +++--
 requirements.txt                              |   1 +
 24 files changed, 283 insertions(+), 128 deletions(-)
 create mode 100644 l10n_ro_account_anaf_sync/models/l10n_ro_account_anaf_sync_scope.py
 create mode 100644 l10n_ro_account_anaf_sync/requirements.txt
 rename l10n_ro_account_edi_ubl/migrations/16.0.1.40.1/{post_migration.py => post-migration.py} (100%)
 create mode 100644 l10n_ro_account_edi_ubl/migrations/16.0.1.43.1/post-migration.py
 create mode 100644 l10n_ro_account_edi_ubl/models/l10n_ro_account_anaf_sync_scope.py

diff --git a/l10n_ro_account_anaf_sync/README.rst b/l10n_ro_account_anaf_sync/README.rst
index fa038ee8c..f8af5c83c 100644
--- a/l10n_ro_account_anaf_sync/README.rst
+++ b/l10n_ro_account_anaf_sync/README.rst
@@ -7,7 +7,7 @@ Romania - Account ANAF Sync
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:fd3e4bff53bd0db2cd49ee906caa77ecc3b2f6aae1c62fac37ae91e3193e870e
+   !! source digest: sha256:5101958b635714560aaac5b75a11aa44a5acaf7311a31f5dff0c5472d4a4b3e6
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Mature-brightgreen.png
diff --git a/l10n_ro_account_anaf_sync/__manifest__.py b/l10n_ro_account_anaf_sync/__manifest__.py
index cfa566c01..45946bd92 100644
--- a/l10n_ro_account_anaf_sync/__manifest__.py
+++ b/l10n_ro_account_anaf_sync/__manifest__.py
@@ -20,4 +20,5 @@
     "installable": True,
     "development_status": "Mature",
     "maintainers": ["feketemihai"],
+    "external_dependencies": {"python": ["PyJWT"]},
 }
diff --git a/l10n_ro_account_anaf_sync/controllers/anaf_oauth.py b/l10n_ro_account_anaf_sync/controllers/anaf_oauth.py
index 44c457465..17d150fb9 100644
--- a/l10n_ro_account_anaf_sync/controllers/anaf_oauth.py
+++ b/l10n_ro_account_anaf_sync/controllers/anaf_oauth.py
@@ -1,17 +1,20 @@
 # Copyright (C) 2022 NextERP Romania
 # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
 
+# Authorization Endpoint https://logincert.anaf.ro/anaf-oauth2/v1/authorize
+# Token Issuance Endpoint https://logincert.anaf.ro/anaf-oauth2/v1/token
+# Token Revocation Endpoint https://logincert.anaf.ro/anaf-oauth2/v1/revoke
+import logging
 import secrets
 from datetime import datetime, timedelta
 
+import jwt
 import requests
 
 from odoo import _, http
 from odoo.http import request
 
-# Authorization Endpoint https://logincert.anaf.ro/anaf-oauth2/v1/authorize
-# Token Issuance Endpoint https://logincert.anaf.ro/anaf-oauth2/v1/token
-# Token Revocation Endpoint https://logincert.anaf.ro/anaf-oauth2/v1/revoke
+_logger = logging.getLogger(__name__)
 
 
 class AccountANAFSyncWeb(http.Controller):
@@ -62,10 +65,13 @@ def redirect_anaf(self, anaf_config_id, **kw):
         client_id = anaf_config.client_id
         url = user.get_base_url()
         odoo_oauth_url = f"{url}/l10n_ro_account_anaf_sync/anaf_oauth/{anaf_config.id}"
-        redirect_url = "%s?response_type=code&client_id=%s&redirect_uri=%s" % (
-            anaf_config.anaf_oauth_url + "/authorize",
-            client_id,
-            odoo_oauth_url,
+        redirect_url = (
+            "%s?response_type=code&client_id=%s&redirect_uri=%s&token_content_type=jwt"
+            % (
+                anaf_config.anaf_oauth_url + "/authorize",
+                client_id,
+                odoo_oauth_url,
+            )
         )
         anaf_request_from_redirect = request.redirect(
             redirect_url, code=302, local=False
@@ -94,7 +100,7 @@ def get_anaf_oauth_code(self, anaf_config_id, **kw):
         "Returns a text with the result of anaf request from redirect"
         uid = request.uid
         user = request.env["res.users"].browse(uid)
-        now = datetime.now()
+        datetime.now()
         ANAF_Configs = request.env["l10n.ro.account.anaf.sync"].sudo()
         anaf_config = ANAF_Configs.browse(anaf_config_id)
 
@@ -126,6 +132,7 @@ def get_anaf_oauth_code(self, anaf_config_id, **kw):
                 "code": "{}".format(code),
                 "access_key": "{}".format(code),
                 "redirect_uri": "{}".format(redirect_uri),
+                "token_content_type": "jwt",
             }
             response = requests.post(
                 anaf_config.anaf_oauth_url + "/token",
@@ -134,12 +141,20 @@ def get_anaf_oauth_code(self, anaf_config_id, **kw):
                 timeout=1.5,
             )
             response_json = response.json()
-
+            acces_token = {}
+            if response_json.get("access_token", None):
+                acces_token = jwt.decode(
+                    response_json.get("access_token"),
+                    algorithms=["RS512"],
+                    options={"verify_signature": False},
+                )
             message = _("The response was finished.\nResponse was: %s") % response_json
             anaf_config.write(
                 {
                     "code": code,
-                    "client_token_valability": now + timedelta(days=89),
+                    "client_token_valability": datetime.fromtimestamp(
+                        acces_token.get("exp", 0)
+                    ),
                     "access_token": response_json.get("access_token", ""),
                     "refresh_token": response_json.get("refresh_token", ""),
                 }
diff --git a/l10n_ro_account_anaf_sync/data/neutralize.sql b/l10n_ro_account_anaf_sync/data/neutralize.sql
index 93bafab5e..e225d37ac 100644
--- a/l10n_ro_account_anaf_sync/data/neutralize.sql
+++ b/l10n_ro_account_anaf_sync/data/neutralize.sql
@@ -1,2 +1 @@
-UPDATE l10n_ro_account_anaf_sync
-    SET state = 'test', anaf_einvoice_sync_url = 'https://api.anaf.ro/test/FCTEL/rest';
+UPDATE l10n_ro_account_anaf_sync_scope SET state = 'test';
diff --git a/l10n_ro_account_anaf_sync/models/__init__.py b/l10n_ro_account_anaf_sync/models/__init__.py
index 893f50357..631bfc7c0 100644
--- a/l10n_ro_account_anaf_sync/models/__init__.py
+++ b/l10n_ro_account_anaf_sync/models/__init__.py
@@ -1,2 +1,3 @@
 from . import l10n_ro_account_anaf_sync
+from . import l10n_ro_account_anaf_sync_scope
 from . import res_company
diff --git a/l10n_ro_account_anaf_sync/models/l10n_ro_account_anaf_sync.py b/l10n_ro_account_anaf_sync/models/l10n_ro_account_anaf_sync.py
index 9a35d2308..f399c0cfe 100644
--- a/l10n_ro_account_anaf_sync/models/l10n_ro_account_anaf_sync.py
+++ b/l10n_ro_account_anaf_sync/models/l10n_ro_account_anaf_sync.py
@@ -2,11 +2,12 @@
 # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
 
 import logging
-from datetime import timedelta
+from datetime import datetime
 
+import jwt
 import requests
 
-from odoo import _, api, fields, models
+from odoo import _, fields, models
 from odoo.exceptions import UserError
 
 _logger = logging.getLogger(__name__)
@@ -17,14 +18,6 @@ class AccountANAFSync(models.Model):
     _inherit = ["mail.thread", "l10n.ro.mixin"]
     _description = "Account ANAF Sync"
 
-    _sql_constraints = [
-        (
-            "company_id_uniq",
-            "unique(company_id)",
-            "Another ANAF sync for this company already exists!",
-        ),
-    ]
-
     def name_get(self):
         result = []
         for anaf_sync in self:
@@ -66,11 +59,13 @@ def name_get(self):
         help="Time when was last time pressed the Get Token From Anaf Website."
         " It waits for ANAF request for maximum 1 minute",
     )
-    anaf_einvoice_sync_url = fields.Char(default="https://api.anaf.ro/test/FCTEL/rest")
     state = fields.Selection(
         [("test", "Test"), ("automatic", "Automatic")],
         default="test",
     )
+    anaf_scope_ids = fields.One2many(
+        comodel_name="l10n.ro.account.anaf.sync.scope", inverse_name="anaf_sync_id"
+    )
 
     def write(self, values):
         if values.get("company_id"):
@@ -105,6 +100,28 @@ def get_token_from_anaf_website(self):
             "target": "new",
         }
 
+    def _anaf_call_update_token(self, response):
+        # Extrage token-ul de acces din răspunsul JSON
+        token_data = response.json()
+        acces_token = {}
+        if token_data.get("access_token", None):
+            acces_token = jwt.decode(
+                token_data.get("access_token"),
+                algorithms=["RS512"],
+                options={"verify_signature": False},
+            )
+        vals = {}
+        if token_data.get("access_token"):
+            vals["access_token"] = token_data.get("access_token")
+        if token_data.get("refresh_token"):
+            vals["refresh_token"] = token_data.get("refresh_token")
+        if acces_token.get("exp"):
+            vals["client_token_valability"] = datetime.fromtimestamp(
+                acces_token.get("exp", 0)
+            )
+        vals["last_request_datetime"] = fields.Datetime.now()
+        self.write(vals)
+
     def handle_anaf_callback(self, authorization_code):
         # Folosește codul de autorizare pentru a obține token-ul de acces
         token_url = f"{self.anaf_oauth_url}/token"
@@ -114,6 +131,7 @@ def handle_anaf_callback(self, authorization_code):
             "client_id": self.client_id,
             "client_secret": self.client_secret,
             "redirect_uri": self.anaf_callback_url,
+            "token_content_type": "jwt",
         }
 
         response = requests.post(
@@ -124,17 +142,31 @@ def handle_anaf_callback(self, authorization_code):
         )
 
         if response.status_code == 200:
-            # Extrage token-ul de acces din răspunsul JSON
-            token_data = response.json()
-            self.write(
-                {
-                    "access_token": token_data.get("access_token"),
-                    "refresh_token": token_data.get("refresh_token"),
-                    "client_token_valability": fields.Date.today()
-                    + timedelta(days=90),  # Valabilitate de 90 de zile
-                    "last_request_datetime": fields.Datetime.now(),
-                }
+            self._anaf_call_update_token(response)
+
+    def refresh_access_token(self):
+        self.ensure_one()
+        if not self.refresh_token:
+            raise UserError(
+                _("You don't have ANAF refresh token. Please get it first.")
             )
+        token_url = f"{self.anaf_oauth_url}/token"
+        data = {
+            "grant_type": "refresh_token",
+            "refresh_token": self.refresh_token,
+            "client_id": self.client_id,
+            "client_secret": self.client_secret,
+        }
+
+        response = requests.post(
+            token_url,
+            data=data,
+            timeout=80,
+            headers={"Content-Type": "application/x-www-form-urlencoded"},
+        )
+
+        if response.status_code == 200:
+            self._anaf_call_update_token(response)
 
     def revoke_access_token(self):
         self.ensure_one()
@@ -144,7 +176,6 @@ def revoke_access_token(self):
             "client_id": self.client_id,
             "client_secret": self.client_secret,
             "access_token": self.access_token,
-            # "refresh_token": should function for refresh function
             "token_type_hint": "access_token",  # refresh_token  (should work without)
         }
         url = self.anaf_oauth_url + "/revoke"
@@ -190,54 +221,3 @@ def test_anaf_api(self):
         else:
             message = _("Test token response: %s") % response.reason
         self.message_post(body=message)
-
-    @api.onchange("state")
-    def _onchange_state(self):
-        if self.state:
-            if self.state == "test":
-                new_url = "https://api.anaf.ro/test/FCTEL/rest"
-            else:
-                new_url = "https://api.anaf.ro/prod/FCTEL/rest"
-            self.anaf_einvoice_sync_url = new_url
-
-    def _l10n_ro_einvoice_call(self, func, params, data=None, method="POST"):
-        self.ensure_one()
-        _logger.info("ANAF API call: %s %s" % (func, params))
-        url = self.anaf_einvoice_sync_url + func
-        access_token = self.access_token
-        headers = {
-            "Content-Type": "application/xml",
-            "Authorization": f"Bearer {access_token}",
-        }
-        test_data = self.env.context.get("test_data", False)
-        if test_data:
-            content = test_data
-            status_code = 200
-        else:
-            if method == "GET":
-                response = requests.get(
-                    url, params=params, data=data, headers=headers, timeout=80
-                )
-            else:
-                response = requests.post(
-                    url, params=params, data=data, headers=headers, timeout=80
-                )
-
-            content = response.content
-            status_code = response.status_code
-            if response.status_code == 400:
-                content = response.json()
-            content_type = ""
-            if response.headers:
-                content_type = response.headers.get("Content-Type", "")
-            if content_type == "application/xml":
-                _logger.info("ANAF API response: %s" % response.text)
-            if "text/plain" in content_type:
-                try:
-                    content = response.json()
-                    if content.get("eroare"):
-                        status_code = 400
-                except Exception:
-                    _logger.info("ANAF API response: %s" % response.text)
-
-        return content, status_code
diff --git a/l10n_ro_account_anaf_sync/models/l10n_ro_account_anaf_sync_scope.py b/l10n_ro_account_anaf_sync/models/l10n_ro_account_anaf_sync_scope.py
new file mode 100644
index 000000000..8c3738ef4
--- /dev/null
+++ b/l10n_ro_account_anaf_sync/models/l10n_ro_account_anaf_sync_scope.py
@@ -0,0 +1,32 @@
+# Copyright (C) 2024 Dakai Soft
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
+
+from odoo import api, fields, models
+
+
+class AccountANAFSyncScope(models.Model):
+    _name = "l10n.ro.account.anaf.sync.scope"
+    _inherit = ["mail.thread", "l10n.ro.mixin"]
+    _description = "Account ANAF Sync Scope"
+
+    anaf_sync_id = fields.Many2one("l10n.ro.account.anaf.sync")
+    company_id = fields.Many2one(related="anaf_sync_id.company_id", store=True)
+    scope = fields.Selection([])
+    anaf_sync_production_url = fields.Char(string="API production URL")
+    anaf_sync_test_url = fields.Char(string="API test URL")
+    state = fields.Selection(
+        [("test", "Test"), ("production", "Production")],
+        default="test",
+    )
+    anaf_sync_url = fields.Char(compute="_compute_anaf_sync_url")
+
+    @api.depends("state")
+    def _compute_anaf_sync_url(self):
+        for entry in self:
+            entry.anaf_sync_url = getattr(
+                entry, f"anaf_sync_{entry.state}_url", "anaf_sync_test_url"
+            )
+
+    @api.onchange("scope")
+    def _onchange_scope(self):
+        self._compute_anaf_sync_url()
diff --git a/l10n_ro_account_anaf_sync/models/res_company.py b/l10n_ro_account_anaf_sync/models/res_company.py
index 9177b2579..e3e30ccfd 100644
--- a/l10n_ro_account_anaf_sync/models/res_company.py
+++ b/l10n_ro_account_anaf_sync/models/res_company.py
@@ -7,15 +7,19 @@
 class ResCompany(models.Model):
     _inherit = "res.company"
 
-    l10n_ro_account_anaf_sync_id = fields.Many2one(
-        "l10n.ro.account.anaf.sync",
-        string="Romania - Account ANAF Sync",
-        compute="_compute_l10n_ro_account_anaf_sync_id",
-    )
-
-    def _compute_l10n_ro_account_anaf_sync_id(self):
-        for company in self:
-            domain = [("company_id", "=", company.id)]
-            company.l10n_ro_account_anaf_sync_id = self.env[
-                "l10n.ro.account.anaf.sync"
-            ].search(domain, limit=1)
+    def _l10n_ro_get_anaf_sync(self, scope=None):
+        anaf_sync_scope = self.env["l10n.ro.account.anaf.sync.scope"]
+        if scope:
+            anaf_sync_scope |= anaf_sync_scope.search(
+                [
+                    ("anaf_sync_id.company_id", "=", self.id),
+                    ("scope", "=", scope),
+                    (
+                        "anaf_sync_id.client_token_valability",
+                        ">",
+                        fields.Date().today(),
+                    ),
+                ],
+                limit=1,
+            )
+        return anaf_sync_scope
diff --git a/l10n_ro_account_anaf_sync/requirements.txt b/l10n_ro_account_anaf_sync/requirements.txt
new file mode 100644
index 000000000..560e69df4
--- /dev/null
+++ b/l10n_ro_account_anaf_sync/requirements.txt
@@ -0,0 +1 @@
+PyJWT
diff --git a/l10n_ro_account_anaf_sync/security/ir.model.access.csv b/l10n_ro_account_anaf_sync/security/ir.model.access.csv
index 7141b41bf..49c9e809c 100644
--- a/l10n_ro_account_anaf_sync/security/ir.model.access.csv
+++ b/l10n_ro_account_anaf_sync/security/ir.model.access.csv
@@ -2,3 +2,5 @@ id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
 access_l10n_ro_account_anaf_sync_user,l10n.ro.account.anaf.sync.user,model_l10n_ro_account_anaf_sync,account.group_account_user,1,0,0,0
 access_l10n_ro_account_anaf_sync_invoice,l10n.ro.account.anaf.sync.invoice,model_l10n_ro_account_anaf_sync,account.group_account_invoice,1,0,0,0
 access_l10n_ro_account_anaf_sync_manager,l10n.ro.account.anaf.sync.manager,model_l10n_ro_account_anaf_sync,account.group_account_manager,1,1,1,1
+access_l10n_ro_account_anaf_sync_scope_user,l10n.ro.account.anaf.sync.scope.invoice,model_l10n_ro_account_anaf_sync_scope,account.group_account_invoice,1,0,0,0
+access_l10n_ro_account_anaf_sync_scope_manager,l10n.ro.account.anaf.sync.scope.manager,model_l10n_ro_account_anaf_sync_scope,account.group_account_manager,1,1,1,1
diff --git a/l10n_ro_account_anaf_sync/static/description/index.html b/l10n_ro_account_anaf_sync/static/description/index.html
index 3a6089a47..e89815886 100644
--- a/l10n_ro_account_anaf_sync/static/description/index.html
+++ b/l10n_ro_account_anaf_sync/static/description/index.html
@@ -1,3 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
@@ -366,7 +367,7 @@ <h1 class="title">Romania - Account ANAF Sync</h1>
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:fd3e4bff53bd0db2cd49ee906caa77ecc3b2f6aae1c62fac37ae91e3193e870e
+!! source digest: sha256:5101958b635714560aaac5b75a11aa44a5acaf7311a31f5dff0c5472d4a4b3e6
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
 <p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Mature" src="https://img.shields.io/badge/maturity-Mature-brightgreen.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/l10n-romania/tree/16.0/l10n_ro_account_anaf_sync"><img alt="OCA/l10n-romania" src="https://img.shields.io/badge/github-OCA%2Fl10n--romania-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/l10n-romania-16-0/l10n-romania-16-0-l10n_ro_account_anaf_sync"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/l10n-romania&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>This module will make posible to send e-invoice / e-transport to Romanian goverment anaf.ro.</p>
diff --git a/l10n_ro_account_anaf_sync/views/l10n_ro_account_anaf_sync_view.xml b/l10n_ro_account_anaf_sync/views/l10n_ro_account_anaf_sync_view.xml
index 0119c849b..9ae8b2baf 100644
--- a/l10n_ro_account_anaf_sync/views/l10n_ro_account_anaf_sync_view.xml
+++ b/l10n_ro_account_anaf_sync/views/l10n_ro_account_anaf_sync_view.xml
@@ -10,7 +10,6 @@
                 <field name="company_id" />
                 <field name="client_id" />
                 <field name="client_token_valability" />
-                <field name="state" />
             </tree>
         </field>
     </record>
@@ -29,6 +28,7 @@
                         type="object"
                         help="At this step you need a digital certified signature and a browser that recognise it"
                     />
+                    <!-- <TO BE REMOVED SINCE JWT CANNOT BE REVOKED> -->
                     <button
                         class="btn btn-primary"
                         string="Revoke Access Token"
@@ -36,6 +36,13 @@
                         type="object"
                         attrs="{'invisible':['|', ('access_token','=',''), ('access_token','=',False)]}"
                     />
+                    <button
+                        class="btn btn-primary"
+                        string="Refresh Access Token"
+                        name="refresh_access_token"
+                        type="object"
+                        attrs="{'invisible':['|', ('refresh_token','=',''), ('refresh_token','=',False)]}"
+                    />
                 </header>
                 <sheet>
                     <div>
@@ -46,8 +53,6 @@
                     </div>
                     <group string="Config">
                         <group name="main_info">
-                            <field name="state" />
-                            <field name="anaf_einvoice_sync_url" />
                             <field name="client_id" />
                             <field name="client_secret" />
                             <field name="anaf_oauth_url" />
@@ -61,6 +66,17 @@
                             <field name="last_request_datetime" />
                         </group>
                     </group>
+                    <notebook>
+                        <page string="Services">
+                            <field name="anaf_scope_ids">
+                                <tree editable="bottom">
+                                    <field name="scope" />
+                                    <field name="state" />
+                                    <field name="anaf_sync_url" />
+                                </tree>
+                            </field>
+                        </page>
+                    </notebook>
                 </sheet>
                 <div class="oe_chatter">
                     <field name="message_follower_ids" />
diff --git a/l10n_ro_account_edi_ubl/README.rst b/l10n_ro_account_edi_ubl/README.rst
index 71fb33d32..2423d4bd5 100644
--- a/l10n_ro_account_edi_ubl/README.rst
+++ b/l10n_ro_account_edi_ubl/README.rst
@@ -7,7 +7,7 @@ Romania - eFactura Account EDI UBL
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:8f3a520057ae94dc91bce39baff0910e3f68039535b5de6706b6b902ac26e11d
+   !! source digest: sha256:2d0e9812c01ffd181852334eb04ba22ee13cc247f4109df5deebf770f92cdb61
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Mature-brightgreen.png
diff --git a/l10n_ro_account_edi_ubl/__manifest__.py b/l10n_ro_account_edi_ubl/__manifest__.py
index c28162e3c..fad3b6fc7 100644
--- a/l10n_ro_account_edi_ubl/__manifest__.py
+++ b/l10n_ro_account_edi_ubl/__manifest__.py
@@ -20,7 +20,7 @@
         "views/cius_template.xml",
     ],
     "license": "AGPL-3",
-    "version": "16.0.1.43.0",
+    "version": "16.0.1.43.1",
     "author": "Terrabit," "NextERP Romania," "Odoo Community Association (OCA)",
     "website": "https://github.com/OCA/l10n-romania",
     "installable": True,
diff --git a/l10n_ro_account_edi_ubl/migrations/16.0.1.40.1/post_migration.py b/l10n_ro_account_edi_ubl/migrations/16.0.1.40.1/post-migration.py
similarity index 100%
rename from l10n_ro_account_edi_ubl/migrations/16.0.1.40.1/post_migration.py
rename to l10n_ro_account_edi_ubl/migrations/16.0.1.40.1/post-migration.py
diff --git a/l10n_ro_account_edi_ubl/migrations/16.0.1.43.1/post-migration.py b/l10n_ro_account_edi_ubl/migrations/16.0.1.43.1/post-migration.py
new file mode 100644
index 000000000..bc75dbce1
--- /dev/null
+++ b/l10n_ro_account_edi_ubl/migrations/16.0.1.43.1/post-migration.py
@@ -0,0 +1,23 @@
+# Copyright (C) 2024 NextERP Romania
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
+from odoo import SUPERUSER_ID, api
+
+
+def migrate(cr, version):
+    if not version:
+        return
+
+    with api.Environment.manage():
+        env = api.Environment(cr, SUPERUSER_ID, {})
+
+        anaf_sync = env["l10n.ro.account.anaf.sync"].search([])
+        for sync in anaf_sync:
+            env["l10n.ro.account.anaf.sync.scope"].create(
+                {
+                    "anaf_sync_id": sync.id,
+                    "scope": "e-factura",
+                    "anaf_sync_production_url": "https://api.anaf.ro/prod/FCTEL/rest",
+                    "anaf_sync_test_url": "https://api.anaf.ro/test/FCTEL/rest",
+                    "state": "production" if sync.state == "automatic" else "test",
+                }
+            )
diff --git a/l10n_ro_account_edi_ubl/models/__init__.py b/l10n_ro_account_edi_ubl/models/__init__.py
index 015afdcd1..8c6ce4a49 100644
--- a/l10n_ro_account_edi_ubl/models/__init__.py
+++ b/l10n_ro_account_edi_ubl/models/__init__.py
@@ -6,3 +6,4 @@
 from . import res_company
 from . import res_config_settings
 from . import res_partner
+from . import l10n_ro_account_anaf_sync_scope
diff --git a/l10n_ro_account_edi_ubl/models/account_edi_format.py b/l10n_ro_account_edi_ubl/models/account_edi_format.py
index d34386539..9586a21ce 100644
--- a/l10n_ro_account_edi_ubl/models/account_edi_format.py
+++ b/l10n_ro_account_edi_ubl/models/account_edi_format.py
@@ -111,8 +111,7 @@ def _post_invoice_edi(self, invoices):
             return super()._post_invoice_edi(invoices)
         res = {}
         for invoice in invoices:
-
-            anaf_config = invoice.company_id.l10n_ro_account_anaf_sync_id
+            anaf_config = invoice.company_id._l10n_ro_get_anaf_sync(scope="e-factura")
             if not anaf_config:
                 res[invoice] = {
                     "success": True,
@@ -199,7 +198,7 @@ def _needs_web_services(self):
         self.ensure_one()
         if self.code != "cius_ro":
             return super()._needs_web_services()
-        anaf_config = self.env.company.l10n_ro_account_anaf_sync_id
+        anaf_config = self.env.company._l10n_ro_get_anaf_sync(scope="e-factura")
         return bool(anaf_config)
 
     def _get_invoice_edi_content(self, move):
@@ -227,7 +226,7 @@ def _get_invoice_edi_content(self, move):
             return attachment.raw
 
     def _l10n_ro_post_invoice_step_1(self, invoice, attachment):
-        anaf_config = invoice.company_id.l10n_ro_account_anaf_sync_id
+        anaf_config = invoice.company_id._l10n_ro_get_anaf_sync(scope="e-factura")
         params = {
             "standard": "UBL" if invoice.move_type == "out_invoice" else "CN",
             "cif": invoice.company_id.partner_id.vat.replace("RO", ""),
@@ -239,7 +238,7 @@ def _l10n_ro_post_invoice_step_1(self, invoice, attachment):
         return res
 
     def _l10n_ro_post_invoice_step_2(self, invoice, attachment):
-        anaf_config = invoice.company_id.l10n_ro_account_anaf_sync_id
+        anaf_config = invoice.company_id._l10n_ro_get_anaf_sync(scope="e-factura")
         params = {"id_incarcare": invoice.l10n_ro_edi_transaction}
         res = self._l10n_ro_anaf_call("/stareMesaj", anaf_config, params, method="GET")
         if res.get("id_descarcare", False):
diff --git a/l10n_ro_account_edi_ubl/models/account_move.py b/l10n_ro_account_edi_ubl/models/account_move.py
index 3809f9d2b..1d05c218b 100644
--- a/l10n_ro_account_edi_ubl/models/account_move.py
+++ b/l10n_ro_account_edi_ubl/models/account_move.py
@@ -170,7 +170,9 @@ def _l10n_ro_prepare_invoice_for_download(self):
 
     def l10n_ro_download_zip_anaf(self, anaf_config=False):
         if not anaf_config:
-            anaf_config = self.env.company.l10n_ro_account_anaf_sync_id.sudo()
+            anaf_config = self.env.company.sudo()._l10n_ro_get_anaf_sync(
+                scope="e-factura"
+            )
         if not anaf_config:
             raise UserError(
                 _("The ANAF configuration is not set. Please set it and try again.")
diff --git a/l10n_ro_account_edi_ubl/models/l10n_ro_account_anaf_sync_scope.py b/l10n_ro_account_edi_ubl/models/l10n_ro_account_anaf_sync_scope.py
new file mode 100644
index 000000000..e89abcde6
--- /dev/null
+++ b/l10n_ro_account_edi_ubl/models/l10n_ro_account_anaf_sync_scope.py
@@ -0,0 +1,62 @@
+import logging
+
+import requests
+
+from odoo import api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class AccountANAFSyncScope(models.Model):
+    _inherit = "l10n.ro.account.anaf.sync.scope"
+
+    scope = fields.Selection(selection_add=[("e-factura", "E-factura")])
+
+    @api.onchange("scope")
+    def _onchange_scope(self):
+        if self.scope == "e-factura":
+            self.anaf_sync_test_url = "https://api.anaf.ro/test/FCTEL/rest"
+            self.anaf_sync_production_url = "https://api.anaf.ro/prod/FCTEL/rest"
+        return super()._onchange_scope()
+
+    def _l10n_ro_einvoice_call(self, func, params, data=None, method="POST"):
+        self.ensure_one()
+        _logger.info("ANAF API call: %s %s" % (func, params))
+        url = self.anaf_sync_url + func
+        access_token = self.anaf_sync_id.access_token
+        headers = {
+            "Content-Type": "application/xml",
+            "Authorization": f"Bearer {access_token}",
+        }
+        test_data = self.env.context.get("test_data", False)
+        if test_data:
+            content = test_data
+            status_code = 200
+        else:
+            if method == "GET":
+                response = requests.get(
+                    url, params=params, data=data, headers=headers, timeout=80
+                )
+            else:
+                response = requests.post(
+                    url, params=params, data=data, headers=headers, timeout=80
+                )
+
+            content = response.content
+            status_code = response.status_code
+            if response.status_code == 400:
+                content = response.json()
+            content_type = ""
+            if response.headers:
+                content_type = response.headers.get("Content-Type", "")
+            if content_type == "application/xml":
+                _logger.info("ANAF API response: %s" % response.text)
+            if "text/plain" in content_type:
+                try:
+                    content = response.json()
+                    if content.get("eroare"):
+                        status_code = 400
+                except Exception:
+                    _logger.info("ANAF API response: %s" % response.text)
+
+        return content, status_code
diff --git a/l10n_ro_account_edi_ubl/models/res_company.py b/l10n_ro_account_edi_ubl/models/res_company.py
index 9e5033f0c..2ed240e6d 100644
--- a/l10n_ro_account_edi_ubl/models/res_company.py
+++ b/l10n_ro_account_edi_ubl/models/res_company.py
@@ -66,15 +66,16 @@ def _l10n_ro_get_anaf_efactura_messages(self, **kwargs):
         start = kwargs.get("start", None)
         end = kwargs.get("end", None)
         pagina = kwargs.get("pagina", 1)
-        filtru = kwargs.get("filtru", {})
+        filtru = kwargs.get("filtru", "")
         messages = kwargs.get("messages", [])
 
         company_messages = []
-        anaf_config = self.l10n_ro_account_anaf_sync_id
+        anaf_config = self._l10n_ro_get_anaf_sync(scope="e-factura")
         if not anaf_config:
             _logger.warning("No ANAF configuration for company %s", self.name)
             return company_messages
-        if not anaf_config.access_token:
+        token = anaf_config.anaf_sync_id.access_token
+        if not token:
             _logger.warning("No access token for company %s", self.name)
             return company_messages
         start_time = end_time = 0
@@ -127,7 +128,7 @@ def _l10n_ro_create_anaf_efactura(self):
         # method to be used in cron job to auto download e-invoices from ANAF
         ro_companies = self.search([]).filtered(
             lambda c: c.country_id.code == "RO"
-            and c.l10n_ro_account_anaf_sync_id
+            and c._l10n_ro_get_anaf_sync(scope="e-factura")
             and c.l10n_ro_download_einvoices
         )
 
@@ -159,5 +160,5 @@ def _l10n_ro_create_anaf_efactura(self):
                     )
                     new_invoice = new_invoice._l10n_ro_prepare_invoice_for_download()
                     new_invoice.l10n_ro_download_zip_anaf(
-                        company.l10n_ro_account_anaf_sync_id
+                        company._l10n_ro_get_anaf_sync(scope="e-factura")
                     )
diff --git a/l10n_ro_account_edi_ubl/static/description/index.html b/l10n_ro_account_edi_ubl/static/description/index.html
index cd2978cf1..a0f55edc0 100644
--- a/l10n_ro_account_edi_ubl/static/description/index.html
+++ b/l10n_ro_account_edi_ubl/static/description/index.html
@@ -1,3 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
@@ -366,7 +367,7 @@ <h1 class="title">Romania - eFactura Account EDI UBL</h1>
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:8f3a520057ae94dc91bce39baff0910e3f68039535b5de6706b6b902ac26e11d
+!! source digest: sha256:2d0e9812c01ffd181852334eb04ba22ee13cc247f4109df5deebf770f92cdb61
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
 <p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Mature" src="https://img.shields.io/badge/maturity-Mature-brightgreen.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/l10n-romania/tree/16.0/l10n_ro_account_edi_ubl"><img alt="OCA/l10n-romania" src="https://img.shields.io/badge/github-OCA%2Fl10n--romania-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/l10n-romania-16-0/l10n-romania-16-0-l10n_ro_account_edi_ubl"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/l10n-romania&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>The module will generate E-Invoice XML files according to ANAF E-Invoicing service.</p>
diff --git a/l10n_ro_account_edi_ubl/tests/test_acccount_edi_ubl.py b/l10n_ro_account_edi_ubl/tests/test_acccount_edi_ubl.py
index ed373a1f4..ca1b1a12f 100644
--- a/l10n_ro_account_edi_ubl/tests/test_acccount_edi_ubl.py
+++ b/l10n_ro_account_edi_ubl/tests/test_acccount_edi_ubl.py
@@ -5,6 +5,7 @@
 import json
 import logging
 import time
+from datetime import date, timedelta
 from unittest.mock import patch
 
 import freezegun
@@ -169,7 +170,7 @@ def setUpClass(cls):
         )
         cls.invoice_zip = open(test_file, mode="rb").read()
 
-        anaf_config = cls.env.company.l10n_ro_account_anaf_sync_id
+        anaf_config = cls.env.company._l10n_ro_get_anaf_sync(scope="e-factura")
         if not anaf_config:
             anaf_config = cls.env["l10n.ro.account.anaf.sync"].create(
                 {
@@ -177,9 +178,21 @@ def setUpClass(cls):
                     "client_id": "123",
                     "client_secret": "123",
                     "access_token": "123",
+                    "client_token_valability": date.today() + timedelta(days=10),
+                    "anaf_scope_ids": [
+                        (
+                            0,
+                            0,
+                            {
+                                "scope": "e-factura",
+                                "state": "test",
+                                "anaf_sync_test_url": "https://api.anaf.ro/test/FCTEL/rest",
+                            },
+                        )
+                    ],
                 }
             )
-            cls.env.company.l10n_ro_account_anaf_sync_id = anaf_config
+            anaf_config = cls.env.company._l10n_ro_get_anaf_sync(scope="e-factura")
 
     def get_file(self, filename):
         test_file = get_module_resource("l10n_ro_account_edi_ubl", "tests", filename)
@@ -264,8 +277,8 @@ def test_process_documents_web_services_step1_ok(self):
 
     @freezegun.freeze_time("2022-09-04")
     def test_process_documents_web_services_step1_cron(self):
-        anaf_config = self.env.company.l10n_ro_account_anaf_sync_id
-        anaf_config.access_token = "test"
+        anaf_config = self.env.company._l10n_ro_get_anaf_sync(scope="e-factura")
+        anaf_config.anaf_sync_id.access_token = "test"
         self.invoice.action_post()
 
         self.env.company.l10n_ro_edi_residence = 3
@@ -436,8 +449,8 @@ def test_edi_cius_is_required(self):
 
     def test_l10n_ro_get_anaf_efactura_messages(self):
         self.env.company.vat = "RO23685159"
-        anaf_config = self.env.company.l10n_ro_account_anaf_sync_id
-        anaf_config.access_token = "test"
+        anaf_config = self.env.company._l10n_ro_get_anaf_sync(scope="e-factura")
+        anaf_config.anaf_sync_id.access_token = "test"
         msg_dict = {
             "mesaje": [
                 {
@@ -469,8 +482,8 @@ def test_l10n_ro_get_anaf_efactura_messages(self):
             }
         ]
         with patch(
-            "odoo.addons.l10n_ro_account_anaf_sync.models.l10n_ro_account_anaf_sync."
-            "AccountANAFSync._l10n_ro_einvoice_call",
+            "odoo.addons.l10n_ro_account_edi_ubl.models.l10n_ro_account_anaf_sync_scope."
+            "AccountANAFSyncScope._l10n_ro_einvoice_call",
             return_value=(anaf_messages, 200),
         ):
             self.assertEqual(
@@ -478,8 +491,8 @@ def test_l10n_ro_get_anaf_efactura_messages(self):
             )
 
     def test_l10n_ro_create_anaf_efactura(self):
-        anaf_config = self.env.company.l10n_ro_account_anaf_sync_id
-        anaf_config.access_token = "test"
+        anaf_config = self.env.company._l10n_ro_get_anaf_sync(scope="e-factura")
+        anaf_config.anaf_sync_id.access_token = "test"
         self.env.company.l10n_ro_download_einvoices = True
         self.env.company.partner_id.write(
             {
@@ -518,8 +531,8 @@ def test_l10n_ro_create_anaf_efactura(self):
             "._l10n_ro_get_anaf_efactura_messages",
             return_value=messages,
         ), patch(
-            "odoo.addons.l10n_ro_account_anaf_sync.models.l10n_ro_account_anaf_sync."
-            "AccountANAFSync._l10n_ro_einvoice_call",
+            "odoo.addons.l10n_ro_account_edi_ubl.models.l10n_ro_account_anaf_sync_scope."
+            "AccountANAFSyncScope._l10n_ro_einvoice_call",
             return_value=(signed_zip_file, 200),
         ):
             self.env.company._l10n_ro_create_anaf_efactura()
diff --git a/requirements.txt b/requirements.txt
index 15006ba84..71eadfb7e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,4 @@
 # generated from manifests external_dependencies
 num2words>=0.5.8
+PyJWT
 python-dateutil