Merge branch 'OCA:16.0' into 16.0

.copier-answers.yml

@@ -1,7 +1,8 @@
 # Do NOT update manually; changes here will be overwritten by Copier
-_commit: v1.17.2
+_commit: v1.21.1
 _src_path: gh:oca/oca-addons-repo-template
 ci: GitHub
+convert_readme_fragments_to_markdown: false
 generate_requirements_txt: true
 github_check_license: true
 github_ci_extra_env: {}
@@ -20,4 +21,6 @@ repo_description: Modules for handling various authentication schemes
 repo_name: Server Authentication
 repo_slug: server-auth
 repo_website: https://github.com/OCA/server-auth
+use_pyproject_toml: false
+use_ruff: false
 

.github/workflows/stale.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Stale PRs and issues policy
-        uses: actions/stale@v4
+        uses: actions/stale@v9
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           # General settings.
@@ -48,7 +48,7 @@ jobs:
       # * Issues that are pending more information
       # * Except Issues marked as "no stale"
       - name: Needs more information stale issues policy
-        uses: actions/stale@v4
+        uses: actions/stale@v9
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           ascending: true

.github/workflows/test.yml

@@ -75,7 +75,9 @@ jobs:
         run: oca_init_test_database
       - name: Run tests
         run: oca_run_tests
-      - uses: codecov/codecov-action@v1
+      - uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
       - name: Update .pot files
         run: oca_export_and_push_pot https://x-access-token:${{ secrets.GIT_PUSH_TOKEN }}@github.com/${{ github.repository }}
         if: ${{ matrix.makepot == 'true' && github.event_name == 'push' && github.repository_owner == 'OCA' }}

.gitignore

@@ -3,6 +3,7 @@ __pycache__/
 *.py[cod]
 /.venv
 /.pytest_cache
+/.ruff_cache
 
 # C extensions
 *.so

.pre-commit-config.yaml

@@ -14,6 +14,10 @@ exclude: |
   ^docs/_templates/.*\.html$|
   # Don't bother non-technical authors with formatting issues in docs
   readme/.*\.(rst|md)$|
+  # Ignore build and dist directories in addons
+  /build/|/dist/|
+  # Ignore test files in addons
+  /tests/samples/.*|
   # You don't usually want a bot to modify your legal texts
   (LICENSE.*|COPYING.*)
 default_language_version:
@@ -35,7 +39,7 @@ repos:
         language: fail
         files: '[a-zA-Z0-9_]*/i18n/en\.po$'
   - repo: https://github.com/oca/maintainer-tools
-    rev: 969238e47c07d0c40573acff81d170f63245d738
+    rev: 9a170331575a265c092ee6b24b845ec508e8ef75
     hooks:
       # update the NOT INSTALLABLE ADDONS section above
       - id: oca-update-pre-commit-excluded-addons
@@ -48,6 +52,7 @@ repos:
           - --org-name=OCA
           - --repo-name=server-auth
           - --if-source-changed
+          - --keep-source-digest
   - repo: https://github.com/OCA/odoo-pre-commit-hooks
     rev: v0.0.25
     hooks:

README.md

@@ -31,11 +31,11 @@ addon | version | maintainers | summary
 [auth_ldaps](auth_ldaps/) | 16.0.1.0.0 |  | Allows to use LDAP over SSL authentication
 [auth_oauth_multi_token](auth_oauth_multi_token/) | 16.0.1.0.0 |  | Allow multiple connection with the same OAuth account
 [auth_oauth_ropc](auth_oauth_ropc/) | 16.0.1.0.0 |  | Allow to login with OAuth Resource Owner Password Credentials Grant
-[auth_oidc](auth_oidc/) | 16.0.1.1.1 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
+[auth_oidc](auth_oidc/) | 16.0.1.2.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
 [auth_oidc_environment](auth_oidc_environment/) | 16.0.1.0.0 |  | This module allows to use server env for OIDC configuration
 [auth_saml](auth_saml/) | 16.0.1.0.4 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
 [auth_session_timeout](auth_session_timeout/) | 16.0.1.0.0 |  | This module disable all inactive sessions since a given delay
-[auth_signup_verify_email](auth_signup_verify_email/) | 16.0.1.0.0 |  | Force uninvited users to use a good email for signup
+[auth_signup_verify_email](auth_signup_verify_email/) | 16.0.1.0.1 |  | Force uninvited users to use a good email for signup
 [auth_user_case_insensitive](auth_user_case_insensitive/) | 16.0.1.0.0 |  | Makes the user login field case insensitive
 [base_user_show_email](base_user_show_email/) | 16.0.1.0.0 |  | Untangle user login and email
 [password_security](password_security/) | 16.0.1.0.0 |  | Allow admin to set password security requirements.

auth_admin_passkey/i18n/pt_BR.po

@@ -9,16 +9,17 @@ msgstr ""
 "Project-Id-Version: Odoo Server 10.0\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2017-08-01 02:43+0000\n"
-"PO-Revision-Date: 2019-11-24 19:58+0000\n"
-"Last-Translator: Rodrigo Macedo <[email protected]>\n"
-"Language-Team: Portuguese (Brazil) (https://www.transifex.com/oca/"
-"teams/23907/pt_BR/)\n"
+"PO-Revision-Date: 2024-05-22 11:37+0000\n"
+"Last-Translator: Rodrigo Macedo <[email protected]."
+"translation.odoo-community.org>\n"
+"Language-Team: Portuguese (Brazil) (https://www.transifex.com/oca/teams/"
+"23907/pt_BR/)\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n > 1;\n"
-"X-Generator: Weblate 3.8\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: auth_admin_passkey
 #. odoo-python
@@ -41,11 +42,20 @@ msgid ""
 "- Login date : %(login_date)s\n"
 "\n"
 msgstr ""
+"O usuário administrador do sistema usou sua senha para fazer login com "
+"%(login)s.\n"
+"\n"
+"\n"
+"\n"
+"Informações técnicas abaixo:\n"
+"\n"
+"- Data de login: %(login_date)s\n"
+"\n"
 
 #. module: auth_admin_passkey
 #: model:ir.model,name:auth_admin_passkey.model_res_users
 msgid "User"
-msgstr ""
+msgstr "Usuário"
 
 #, python-format
 #~ msgid "<pre>User with login '%s' has the same password as you.</pre>"

auth_api_key_group/i18n/it.po

@@ -0,0 +1,88 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_api_key_group
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"PO-Revision-Date: 2024-04-03 12:43+0000\n"
+"Last-Translator: mymage <[email protected]>\n"
+"Language-Team: none\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
+
+#. module: auth_api_key_group
+#: model:ir.model,name:auth_api_key_group.model_auth_api_key
+msgid "API Key"
+msgstr "Chiave API"
+
+#. module: auth_api_key_group
+#: model:ir.model,name:auth_api_key_group.model_auth_api_key_group
+msgid "API Key auth group"
+msgstr "Gruppo autorizzazione chiave API"
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__auth_api_key_ids
+msgid "API Keys"
+msgstr "Chiavi API"
+
+#. module: auth_api_key_group
+#: model:ir.actions.act_window,name:auth_api_key_group.auth_api_key_group_act_window
+#: model:ir.ui.menu,name:auth_api_key_group.auth_api_key_group_menu
+msgid "Auth Api Key Groups"
+msgstr "Gruppi autorizzazione chiave API"
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key__auth_api_key_group_ids
+msgid "Auth Groups"
+msgstr "Gruppi autorizzazione"
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__code
+msgid "Code"
+msgstr "Codice"
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__create_uid
+msgid "Created by"
+msgstr "Creato da"
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__create_date
+msgid "Created on"
+msgstr "Creato il"
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__display_name
+msgid "Display Name"
+msgstr "Nome visualizzato"
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__id
+msgid "ID"
+msgstr "ID"
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group____last_update
+msgid "Last Modified on"
+msgstr "Ultima modifica il"
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__write_uid
+msgid "Last Updated by"
+msgstr "Ultimo aggiornamento di"
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__write_date
+msgid "Last Updated on"
+msgstr "Ultimo aggiornamento il"
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__name
+msgid "Name"
+msgstr "Nome"

auth_oidc/README.rst

@@ -7,7 +7,7 @@ Authentication OpenID Connect
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:ede04e51899d4490eb4be0352376feb7833ba8d0546f36fea929c28a99a96d22
+   !! source digest: sha256:0fa6d13be474eeb0ba5716895f4fc42ded1b84285279efbe29a476cead7e5565
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
@@ -90,6 +90,9 @@ or
 
 |image2|
 
+-  Auth Link Params: Add {'prompt':'select_account'} to the auth link to
+   get the account selection screen |image3|
+
 Setup for Keycloak
 ------------------
 
@@ -126,6 +129,7 @@ In Odoo, create a new Oauth Provider with the following parameters:
 .. |image| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/oauth-microsoft_azure-api_permissions.png
 .. |image1| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/oauth-microsoft_azure-optional_claims.png
 .. |image2| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/odoo-azure_ad_multitenant.png
+.. |image3| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/oauth-microsoft_azure-select_account.png
 
 Usage
 =====

auth_oidc/__manifest__.py

@@ -4,7 +4,7 @@
 
 {
     "name": "Authentication OpenID Connect",
-    "version": "16.0.1.1.1",
+    "version": "16.0.1.2.0",
     "license": "AGPL-3",
     "author": (
         "ICTSTUDIO, André Schenkels, "

auth_oidc/controllers/main.py

@@ -6,6 +6,7 @@
 import hashlib
 import logging
 import secrets
+from ast import literal_eval
 
 from werkzeug.urls import url_decode, url_encode
 
@@ -43,6 +44,12 @@ def list_providers(self):
                     if "openid" not in provider["scope"].split():
                         _logger.error("openid connect scope must contain 'openid'")
                     params["scope"] = provider["scope"]
+
+                # append provider specific auth link params
+                if provider["auth_link_params"]:
+                    params_upd = literal_eval(provider["auth_link_params"])
+                    params.update(params_upd)
+
                 # auth link that the user will click
                 provider["auth_link"] = "{}?{}".format(
                     provider["auth_endpoint"], url_encode(params)

auth_oidc/data/auth_oauth_data.xml

@@ -17,6 +17,7 @@
         >https://login.microsoftonline.com/organizations/discovery/v2.0/keys</field>
         <field name="css_class">fa fa-fw fa-windows</field>
         <field name="body">Log in with Microsoft</field>
+        <field name="auth_link_params">{'prompt':'select_account'}</field>
     </record>
     <record id="provider_azuread_single" model="auth.oauth.provider">
         <field name="name">Azure AD Single Tenant</field>
@@ -35,5 +36,6 @@
         >https://login.microsoftonline.com/{tenant_id}/discovery/v2.0/keys</field>
         <field name="css_class">fa fa-fw fa-windows</field>
         <field name="body">Log in with Microsoft</field>
+        <field name="auth_link_params">{'prompt':'select_account'}</field>
     </record>
 </odoo>

auth_oidc/demo/local_keycloak.xml

@@ -17,4 +17,24 @@
             name="jwks_uri"
         >http://localhost:8080/auth/realms/master/protocol/openid-connect/certs</field>
     </record>
+    <record id="provider_azuread_multi" model="auth.oauth.provider">
+        <field name="name">Azure AD Multitenant</field>
+        <field name="flow">id_token_code</field>
+        <field name="client_id">auth_oidc-test</field>
+        <field name="enabled">True</field>
+        <field name="token_map">upn:user_id upn:email</field>
+        <field
+            name="auth_endpoint"
+        >https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize</field>
+        <field name="scope">profile openid</field>
+        <field
+            name="token_endpoint"
+        >https://login.microsoftonline.com/organizations/oauth2/v2.0/token</field>
+        <field
+            name="jwks_uri"
+        >https://login.microsoftonline.com/organizations/discovery/v2.0/keys</field>
+        <field name="css_class">fa fa-fw fa-windows</field>
+        <field name="body">Log in with Microsoft</field>
+        <field name="auth_link_params">{'prompt':'select_account'}</field>
+    </record>
 </odoo>

auth_oidc/i18n/auth_oidc.pot

@@ -13,11 +13,23 @@ msgstr ""
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: \n"
 
+#. module: auth_oidc
+#: model:ir.model.fields,help:auth_oidc.field_auth_oauth_provider__auth_link_params
+msgid ""
+"Additional parameters for the auth link. For example: "
+"{'prompt':'select_account'}"
+msgstr ""
+
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__flow
 msgid "Auth Flow"
 msgstr ""
 
+#. module: auth_oidc
+#: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__auth_link_params
+msgid "Auth Link Params"
+msgstr ""
+
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__client_secret
 msgid "Client Secret"

auth_oidc/i18n/es.po

@@ -16,11 +16,23 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
 "X-Generator: Weblate 4.17\n"
 
+#. module: auth_oidc
+#: model:ir.model.fields,help:auth_oidc.field_auth_oauth_provider__auth_link_params
+msgid ""
+"Additional parameters for the auth link. For example: "
+"{'prompt':'select_account'}"
+msgstr ""
+
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__flow
 msgid "Auth Flow"
 msgstr "Flujo de autenticación"
 
+#. module: auth_oidc
+#: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__auth_link_params
+msgid "Auth Link Params"
+msgstr ""
+
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__client_secret
 msgid "Client Secret"
@@ -75,9 +87,9 @@ msgstr "Requerido para OpenID Connect."
 #. module: auth_oidc
 #: model:ir.model.fields,help:auth_oidc.field_auth_oauth_provider__token_map
 msgid ""
-"Some Oauth providers don't map keys in their responses exactly as required."
-"  It is important to ensure user_id and email at least are mapped. For "
-"OpenID Connect user_id is the sub key in the standard."
+"Some Oauth providers don't map keys in their responses exactly as required.  "
+"It is important to ensure user_id and email at least are mapped. For OpenID "
+"Connect user_id is the sub key in the standard."
 msgstr ""
 "Algunos proveedores de Oauth no mapean las claves en sus respuestas "
 "exactamente como se requiere.  Es importante asegurarse de que al menos "