Merge branch 'OCA:16.0' into 16.0

README.md

@@ -31,20 +31,21 @@ addon | version | maintainers | summary
 [auth_ldaps](auth_ldaps/) | 16.0.1.0.0 |  | Allows to use LDAP over SSL authentication
 [auth_oauth_multi_token](auth_oauth_multi_token/) | 16.0.1.0.0 |  | Allow multiple connection with the same OAuth account
 [auth_oauth_ropc](auth_oauth_ropc/) | 16.0.1.0.0 |  | Allow to login with OAuth Resource Owner Password Credentials Grant
-[auth_oidc](auth_oidc/) | 16.0.1.2.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
+[auth_oidc](auth_oidc/) | 16.0.1.2.1 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
 [auth_oidc_environment](auth_oidc_environment/) | 16.0.1.0.0 |  | This module allows to use server env for OIDC configuration
 [auth_saml](auth_saml/) | 16.0.1.1.0 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
 [auth_session_timeout](auth_session_timeout/) | 16.0.1.0.0 |  | This module disable all inactive sessions since a given delay
 [auth_signup_verify_email](auth_signup_verify_email/) | 16.0.1.0.1 |  | Force uninvited users to use a good email for signup
 [auth_user_case_insensitive](auth_user_case_insensitive/) | 16.0.1.0.0 |  | Makes the user login field case insensitive
 [base_user_show_email](base_user_show_email/) | 16.0.1.0.0 |  | Untangle user login and email
-[password_security](password_security/) | 16.0.1.0.0 |  | Allow admin to set password security requirements.
+[impersonate_login](impersonate_login/) | 16.0.1.0.0 | [![Kev-Roche](https://github.com/Kev-Roche.png?size=30px)](https://github.com/Kev-Roche) | tools
+[password_security](password_security/) | 16.0.1.0.2 |  | Allow admin to set password security requirements.
 [user_log_view](user_log_view/) | 16.0.1.0.0 | [![trojikman](https://github.com/trojikman.png?size=30px)](https://github.com/trojikman) | Allow to see user's actions log
 [users_ldap_groups](users_ldap_groups/) | 16.0.1.0.0 |  | Adds user accounts to groups based on rules defined by the administrator.
 [users_ldap_mail](users_ldap_mail/) | 16.0.1.0.0 | [![joao-p-marques](https://github.com/joao-p-marques.png?size=30px)](https://github.com/joao-p-marques) | LDAP mapping for user name and e-mail
 [users_ldap_populate](users_ldap_populate/) | 16.0.1.0.0 | [![joao-p-marques](https://github.com/joao-p-marques.png?size=30px)](https://github.com/joao-p-marques) | LDAP Populate
-[vault](vault/) | 16.0.1.0.2 |  | Password vault integration in Odoo
-[vault_share](vault_share/) | 16.0.1.0.0 |  | Implementation of a mechanism to share secrets
+[vault](vault/) | 16.0.1.0.3 |  | Password vault integration in Odoo
+[vault_share](vault_share/) | 16.0.1.0.1 |  | Implementation of a mechanism to share secrets
 
 [//]: # (end addons)
 

auth_api_key/i18n/it.po

@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 15.0\n"
 "Report-Msgid-Bugs-To: \n"
-"PO-Revision-Date: 2024-07-18 06:52+0000\n"
+"PO-Revision-Date: 2024-08-17 18:58+0000\n"
 "Last-Translator: mymage <[email protected]>\n"
 "Language-Team: none\n"
 "Language: it\n"
@@ -40,7 +40,7 @@ msgstr "Creato da"
 #. module: auth_api_key
 #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_date
 msgid "Created on"
-msgstr "Creata il"
+msgstr "Creato il"
 
 #. module: auth_api_key
 #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__display_name

auth_oidc/README.rst

@@ -7,7 +7,7 @@ Authentication OpenID Connect
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:0fa6d13be474eeb0ba5716895f4fc42ded1b84285279efbe29a476cead7e5565
+   !! source digest: sha256:0151be3fa09ed3535a518b36fbf8bd9fa122f56d84180c1bc79a14ab9792dbbe
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
@@ -79,14 +79,14 @@ companies can use their AzureAD login without an guest account.
 -  Client ID: Application (client) id
 -  Client Secret: Client secret
 -  Allowed: yes
+-  replace {tenant_id} in urls with your Azure tenant id
 
 or
 
 -  Provider Name: Azure AD Multitenant
 -  Client ID: Application (client) id
 -  Client Secret: Client secret
 -  Allowed: yes
--  replace {tenant_id} in urls with your Azure tenant id
 
 |image2|
 

auth_oidc/__manifest__.py

@@ -4,7 +4,7 @@
 
 {
     "name": "Authentication OpenID Connect",
-    "version": "16.0.1.2.0",
+    "version": "16.0.1.2.1",
     "license": "AGPL-3",
     "author": (
         "ICTSTUDIO, André Schenkels, "

auth_oidc/readme/CONFIGURE.md

@@ -27,14 +27,14 @@ companies can use their AzureAD login without an guest account.
 - Client ID: Application (client) id
 - Client Secret: Client secret
 - Allowed: yes
+- replace {tenant_id} in urls with your Azure tenant id
 
 or
 
 - Provider Name: Azure AD Multitenant
 - Client ID: Application (client) id
 - Client Secret: Client secret
 - Allowed: yes
-- replace {tenant_id} in urls with your Azure tenant id
 
 ![image](../static/description/odoo-azure_ad_multitenant.png)
 

auth_oidc/static/description/index.html

@@ -8,10 +8,11 @@
 
 /*
 :Author: David Goodger ([email protected])
-:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
+:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
 :Copyright: This stylesheet has been placed in the public domain.
 
 Default cascading style sheet for the HTML output of Docutils.
+Despite the name, some widely supported CSS2 features are used.
 
 See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
 customize this style sheet.
@@ -274,7 +275,7 @@
   margin-left: 2em ;
   margin-right: 2em }
 
-pre.code .ln { color: grey; } /* line numbers */
+pre.code .ln { color: gray; } /* line numbers */
 pre.code, code { background-color: #eeeeee }
 pre.code .comment, code .comment { color: #5C6576 }
 pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
@@ -300,7 +301,7 @@
 span.pre {
   white-space: pre }
 
-span.problematic {
+span.problematic, pre.problematic {
   color: red }
 
 span.section-subtitle {
@@ -366,7 +367,7 @@ <h1 class="title">Authentication OpenID Connect</h1>
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:0fa6d13be474eeb0ba5716895f4fc42ded1b84285279efbe29a476cead7e5565
+!! source digest: sha256:0151be3fa09ed3535a518b36fbf8bd9fa122f56d84180c1bc79a14ab9792dbbe
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
 <p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/16.0/auth_oidc"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_oidc"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>This module allows users to login through an OpenID Connect provider
@@ -437,14 +438,14 @@ <h2><a class="toc-backref" href="#toc-entry-3">Setup for Microsoft Azure</a></h2
 <li>Client ID: Application (client) id</li>
 <li>Client Secret: Client secret</li>
 <li>Allowed: yes</li>
+<li>replace {tenant_id} in urls with your Azure tenant id</li>
 </ul>
 <p>or</p>
 <ul class="simple">
 <li>Provider Name: Azure AD Multitenant</li>
 <li>Client ID: Application (client) id</li>
 <li>Client Secret: Client secret</li>
 <li>Allowed: yes</li>
-<li>replace {tenant_id} in urls with your Azure tenant id</li>
 </ul>
 <p><img alt="image2" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/odoo-azure_ad_multitenant.png" /></p>
 <ul class="simple">
@@ -579,7 +580,9 @@ <h2><a class="toc-backref" href="#toc-entry-19">Contributors</a></h2>
 <div class="section" id="maintainers">
 <h2><a class="toc-backref" href="#toc-entry-20">Maintainers</a></h2>
 <p>This module is maintained by the OCA.</p>
-<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<a class="reference external image-reference" href="https://odoo-community.org">
+<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
+</a>
 <p>OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.</p>

impersonate_login/README.rst

@@ -0,0 +1,116 @@
+=================
+Impersonate Login
+=================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:4875867f60d80f01c7bb74137a9f9bbdc0dceffde3bd47d96af9d897cd8de1f6
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/16.0/impersonate_login
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-impersonate_login
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module allows one user (for example, a member of the support team)
+to log in as another user. The impersonation session can be exited by
+clicking on the button "Back to Original User".
+
+To ensure that any abuse of this feature will not go unnoticed, the
+following measures are in place:
+
+-  In the chatter, it is displayed who is the user that is logged as
+   another user.
+-  Mails and messages are sent from the original user.
+-  Impersonated logins are logged and can be consulted through the
+   Settings -> Technical menu.
+-  
+
+There is an alternative module to allow logins as another user
+(auth_admin_passkey), but it does not support these security mechanisms.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+The impersonating user must belong to group "Impersonate Users".
+
+Usage
+=====
+
+1. In the menu that is displayed when clicking on the user avatar on the
+   top right corner, or in the res.users list, click "Switch Login" to
+   impersonate another user.
+2. On the top-right corner, the button "Back to Original User" is
+   displayed in case the current user is being impersonated.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20impersonate_login%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* Akretion
+
+Contributors
+------------
+
+-  Kévin Roche <[email protected]>
+-  `360ERP <https://www.360erp.com>`__:
+
+   -  Andrea Stirpe
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-Kev-Roche| image:: https://github.com/Kev-Roche.png?size=40px
+    :target: https://github.com/Kev-Roche
+    :alt: Kev-Roche
+
+Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-Kev-Roche| 
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/impersonate_login>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

impersonate_login/__init__.py

@@ -0,0 +1,2 @@
+from . import models
+from .hooks import pre_init_hook

impersonate_login/__manifest__.py

@@ -0,0 +1,32 @@
+# Copyright 2024 Akretion (https://www.akretion.com).
+# @author Kévin Roche <[email protected]>
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Impersonate Login",
+    "summary": "tools",
+    "version": "16.0.1.0.0",
+    "category": "Tools",
+    "website": "https://github.com/OCA/server-auth",
+    "author": "Akretion, Odoo Community Association (OCA)",
+    "maintainers": ["Kev-Roche"],
+    "license": "AGPL-3",
+    "application": False,
+    "installable": True,
+    "depends": [
+        "web",
+        "mail",
+    ],
+    "data": [
+        "security/group.xml",
+        "security/ir.model.access.csv",
+        "views/res_users.xml",
+        "views/impersonate_log.xml",
+    ],
+    "assets": {
+        "web.assets_backend": [
+            "impersonate_login/static/src/js/user_menu.esm.js",
+        ],
+    },
+    "pre_init_hook": "pre_init_hook",
+}

impersonate_login/hooks.py

@@ -0,0 +1,19 @@
+# Copyright 2024 360ERP (<https://www.360erp.com>)
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+
+def pre_init_hook(cr):
+    """
+    Pre-create the impersonated_author_id column in the mail_message table
+    to prevent the ORM from invoking its compute method on a large volume
+    of existing mail messages.
+    """
+    logger = logging.getLogger(__name__)
+    logger.info("Add mail_message.impersonated_author_id column if not exists")
+    cr.execute(
+        "ALTER TABLE mail_message "
+        "ADD COLUMN IF NOT EXISTS "
+        "impersonated_author_id INTEGER"
+    )