Merge PR #643 into 17.0

Signed-off-by pedrobaeza
OCA · Dec 29, 2024 · 1bdc7db · 1bdc7db
2 parents def9106 + 1337793
commit 1bdc7db
Show file tree

Hide file tree

Showing 18 changed files with 785 additions and 0 deletions.
diff --git a/auth_ldaps/README.rst b/auth_ldaps/README.rst
@@ -0,0 +1,116 @@
+====================
+LDAPS authentication
+====================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:d0479aff742f2c5f5ff1bfa5a7de7ac307a3d04a5763dbe003aad01cbbd4c393
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/17.0/auth_ldaps
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_ldaps
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=17.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module allows to authenticate using a LDAP over SSL system.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Installation
+============
+
+To verify LDAPS server certificate, you need to:
+
+1. Add the CA certificate of the LDAPS on your server as a trusted
+   certificate
+2. Check the ``Verify certificate`` flag in configuration
+
+Configuration
+=============
+
+To configure this module, you need to:
+
+1. Access Settings / General Settings / LDAP Authentication / LDAP
+   Server
+2. Check the ``Use LDAPS`` flag
+
+Usage
+=====
+
+
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_ldaps%0Aversion:%2017.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* CorporateHub
+* Creu Blanca
+
+Contributors
+------------
+
+-  Enric Tobella <[email protected]>
+
+-  `CorporateHub <https://corporatehub.eu/>`__
+
+   -  Alexey Pelykh <[email protected]>
+
+-  Bhavesh Odedra <[email protected]>
+
+-  `Trobz <https://trobz.com>`__:
+
+      -  Hoang Diep <[email protected]>
+
+Other credits
+-------------
+
+The migration of this module from 15.0 to 16.0 was financially supported
+by Camptocamp
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/17.0/auth_ldaps>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/auth_ldaps/__init__.py b/auth_ldaps/__init__.py
@@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
+
+from . import models
diff --git a/auth_ldaps/__manifest__.py b/auth_ldaps/__manifest__.py
@@ -0,0 +1,19 @@
+# Copyright (C) 2017 Creu Blanca
+# Copyright (C) 2018 Brainbean Apps
+# Copyright 2020 CorporateHub (https://corporatehub.eu)
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
+
+{
+    "name": "LDAPS authentication",
+    "version": "17.0.1.0.0",
+    "category": "Tools",
+    "website": "https://github.com/OCA/server-auth",
+    "author": "CorporateHub, " "Creu Blanca, " "Odoo Community Association (OCA)",
+    "license": "AGPL-3",
+    "installable": True,
+    "application": False,
+    "summary": "Allows to use LDAP over SSL authentication",
+    "depends": ["auth_ldap"],
+    "data": ["views/res_company_ldap_views.xml"],
+    "external_dependencies": {"python": ["python-ldap"]},
+}
diff --git a/auth_ldaps/i18n/auth_ldaps.pot b/auth_ldaps/i18n/auth_ldaps.pot
@@ -0,0 +1,29 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_ldaps
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_ldaps
+#: model:ir.model,name:auth_ldaps.model_res_company_ldap
+msgid "Company LDAP configuration"
+msgstr ""
+
+#. module: auth_ldaps
+#: model:ir.model.fields,field_description:auth_ldaps.field_res_company_ldap__skip_cert_validation
+msgid "Skip certificate validation"
+msgstr ""
+
+#. module: auth_ldaps
+#: model:ir.model.fields,field_description:auth_ldaps.field_res_company_ldap__is_ssl
+msgid "Use LDAPS"
+msgstr ""
diff --git a/auth_ldaps/i18n/it.po b/auth_ldaps/i18n/it.po
@@ -0,0 +1,41 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_ldaps
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 14.0\n"
+"Report-Msgid-Bugs-To: \n"
+"PO-Revision-Date: 2021-03-02 19:45+0000\n"
+"Last-Translator: Sergio Zanchetta <[email protected]>\n"
+"Language-Team: none\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.3.2\n"
+
+#. module: auth_ldaps
+#: model:ir.model,name:auth_ldaps.model_res_company_ldap
+msgid "Company LDAP configuration"
+msgstr "Configurazione LDAP azienda"
+
+#. module: auth_ldaps
+#: model:ir.model.fields,field_description:auth_ldaps.field_res_company_ldap__skip_cert_validation
+msgid "Skip certificate validation"
+msgstr "Saltare verifica del certificato"
+
+#. module: auth_ldaps
+#: model:ir.model.fields,field_description:auth_ldaps.field_res_company_ldap__is_ssl
+msgid "Use LDAPS"
+msgstr "Utilizzare LDAPS"
+
+#~ msgid "Display Name"
+#~ msgstr "Nome visualizzato"
+
+#~ msgid "ID"
+#~ msgstr "ID"
+
+#~ msgid "Last Modified on"
+#~ msgstr "Ultima modifica il"
diff --git a/auth_ldaps/models/__init__.py b/auth_ldaps/models/__init__.py
@@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
+
+from . import res_company_ldap
diff --git a/auth_ldaps/models/res_company_ldap.py b/auth_ldaps/models/res_company_ldap.py
@@ -0,0 +1,57 @@
+# Copyright (C) Creu Blanca
+# Copyright (C) 2018 Brainbean Apps
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
+
+
+import logging
+
+import ldap
+
+from odoo import fields, models
+from odoo.tools.misc import str2bool
+
+_logger = logging.getLogger(__name__)
+
+
+class CompanyLDAP(models.Model):
+    _inherit = "res.company.ldap"
+
+    is_ssl = fields.Boolean(string="Use LDAPS", default=False)
+    skip_cert_validation = fields.Boolean(
+        string="Skip certificate validation", default=False
+    )
+
+    def _get_ldap_dicts(self):
+        res = super()._get_ldap_dicts()
+        for rec in res:
+            ldap = self.sudo().browse(rec["id"])
+            rec["is_ssl"] = ldap.is_ssl or False
+            rec["skip_cert_validation"] = ldap.skip_cert_validation or False
+        return res
+
+    def _connect(self, conf):
+        if conf["is_ssl"]:
+            uri = "ldaps://%s:%d" % (conf["ldap_server"], conf["ldap_server_port"])
+            connection = ldap.initialize(uri)
+            ldap_chase_ref_disabled = (
+                self.env["ir.config_parameter"]
+                .sudo()
+                .get_param("auth_ldap.disable_chase_ref")
+            )
+            if str2bool(ldap_chase_ref_disabled):
+                connection.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
+            if conf["skip_cert_validation"]:
+                connection.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
+                # this creates a new tls context, which is required to apply
+                # the options, but it also clears the default options defined
+                # in the openldap's configuration file, such as the TLS_CACERT
+                # option, which specifies the file containing the trusted
+                # certificates. this causes certificate verification to fail,
+                # even if it would succeed with the default options. this is
+                # why this is only called if we want to skip certificate
+                # verification.
+                connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
+            if conf["ldap_tls"]:
+                connection.start_tls_s()
+            return connection
+        return super()._connect(conf)
diff --git a/auth_ldaps/pyproject.toml b/auth_ldaps/pyproject.toml
@@ -0,0 +1,3 @@
+[build-system]
+requires = ["whool"]
+build-backend = "whool.buildapi"
diff --git a/auth_ldaps/readme/CONFIGURE.md b/auth_ldaps/readme/CONFIGURE.md
@@ -0,0 +1,5 @@
+To configure this module, you need to:
+
+1.  Access Settings / General Settings / LDAP Authentication / LDAP
+    Server
+2.  Check the `Use LDAPS` flag
diff --git a/auth_ldaps/readme/CONTRIBUTORS.md b/auth_ldaps/readme/CONTRIBUTORS.md
@@ -0,0 +1,11 @@
+- Enric Tobella \<<[email protected]>\>
+
+- [CorporateHub](https://corporatehub.eu/)
+
+  - Alexey Pelykh \<<[email protected]>\>
+
+- Bhavesh Odedra \<<[email protected]>\>
+
+- [Trobz](https://trobz.com):
+
+  > - Hoang Diep \<<[email protected]>\>
diff --git a/auth_ldaps/readme/CREDITS.md b/auth_ldaps/readme/CREDITS.md
@@ -0,0 +1,2 @@
+The migration of this module from 15.0 to 16.0 was financially supported
+by Camptocamp
diff --git a/auth_ldaps/readme/DESCRIPTION.md b/auth_ldaps/readme/DESCRIPTION.md
@@ -0,0 +1 @@
+This module allows to authenticate using a LDAP over SSL system.
diff --git a/auth_ldaps/readme/INSTALL.md b/auth_ldaps/readme/INSTALL.md
@@ -0,0 +1,5 @@
+To verify LDAPS server certificate, you need to:
+
+1.  Add the CA certificate of the LDAPS on your server as a trusted
+    certificate
+2.  Check the `Verify certificate` flag in configuration
diff --git a/auth_ldaps/readme/USAGE.md b/auth_ldaps/readme/USAGE.md
@@ -0,0 +1 @@
+
diff --git a/auth_ldaps/static/description/icon.png b/auth_ldaps/static/description/icon.png
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).

		from . import models
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).

		from . import res_company_ldap
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		The migration of this module from 15.0 to 16.0 was financially supported
		by Camptocamp
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		This module allows to authenticate using a LDAP over SSL system.