Merge branch '17.0' into 17.0-mig-auth_jwt

README.md

@@ -22,10 +22,17 @@ Available addons
 addon | version | maintainers | summary
 --- | --- | --- | ---
 [auth_admin_passkey](auth_admin_passkey/) | 17.0.1.0.0 |  | Allows system administrator to authenticate with any account
-[auth_api_key](auth_api_key/) | 17.0.1.0.0 |  | Authenticate http requests from an API key
+[auth_admin_passkey_totp_mail_enforce](auth_admin_passkey_totp_mail_enforce/) | 17.0.1.0.0 |  | Disable 2FA if Passkey is being used
+[auth_api_key](auth_api_key/) | 17.0.1.1.1 |  | Authenticate http requests from an API key
+[auth_api_key_group](auth_api_key_group/) | 17.0.1.0.1 | [![simahawk](https://github.com/simahawk.png?size=30px)](https://github.com/simahawk) | Allow grouping API keys together. Grouping per se does nothing. This feature is supposed to be used by other modules to limit access to services or records based on groups of keys.
 [auth_api_key_server_env](auth_api_key_server_env/) | 17.0.1.0.0 |  | Configure api keys via server env. This can be very useful to avoid mixing your keys between your various environments when restoring databases. All you have to do is to add a new section to your configuration file according to the following convention:
-[auth_oidc](auth_oidc/) | 17.0.1.0.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
+[auth_ldaps](auth_ldaps/) | 17.0.1.0.0 |  | Allows to use LDAP over SSL authentication
+[auth_oidc](auth_oidc/) | 17.0.1.1.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
+[auth_saml](auth_saml/) | 17.0.1.0.0 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
+[auth_session_timeout](auth_session_timeout/) | 17.0.1.0.0 |  | This module disable all inactive sessions since a given delay
+[auth_signup_verify_email](auth_signup_verify_email/) | 17.0.1.0.0 |  | Force uninvited users to use a good email for signup
 [auth_user_case_insensitive](auth_user_case_insensitive/) | 17.0.1.0.0 |  | Makes the user login field case insensitive
+[impersonate_login](impersonate_login/) | 17.0.1.0.2 | [![Kev-Roche](https://github.com/Kev-Roche.png?size=30px)](https://github.com/Kev-Roche) | tools
 [user_log_view](user_log_view/) | 17.0.1.0.0 | [![trojikman](https://github.com/trojikman.png?size=30px)](https://github.com/trojikman) | Allow to see user's actions log
 
 [//]: # (end addons)

auth_admin_passkey/README.rst

@@ -7,7 +7,7 @@ Authentification - System Administrator Passkey
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:533fa7b03dfdbbf3538a7002f3b8241bd3e55056afadea029caf6888fe5a0b74
+   !! source digest: sha256:ae816e08cfcea8c3af0717cbc43b2cae99b9842b7bd11233d51b41432c0a6a9c
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
@@ -63,6 +63,8 @@ following keys in your ``odoo.cfg`` configuration file.
 -  ``auth_admin_passkey_sysadmin_lang``. the language (exemple en_US),
    used for the mail sent to the System Administrator. If not set, the
    language of the SUPERUSER_ID user will be used.
+-  ``auth_admin_passkey_ignore_totp`` (default False), if enabled, then
+   2FA will be ignored.
 
 **typical Dev / Test configuration section**
 

auth_admin_passkey/models/res_users.py

@@ -7,6 +7,7 @@
 from datetime import datetime
 
 from odoo import SUPERUSER_ID, _, api, exceptions, models
+from odoo.http import request
 from odoo.tools import config
 
 logger = logging.getLogger(__name__)
@@ -74,6 +75,14 @@ def _check_credentials(self, password, env):
                 password = hashlib.sha512(password.encode()).hexdigest()
 
             if password and file_password == password:
+                if request and hasattr(request, "session"):
+                    ignore_totp = config.get("auth_admin_passkey_ignore_totp", False)
+                    request.session["ignore_totp"] = ignore_totp
                 self._send_email_passkey(users[0])
             else:
                 raise
+
+    def _mfa_url(self):
+        if request.session.get("ignore_totp"):
+            return None
+        return super()._mfa_url()

auth_admin_passkey/readme/CONFIGURE.md

@@ -15,6 +15,8 @@ following keys in your `odoo.cfg` configuration file.
 - `auth_admin_passkey_sysadmin_lang`. the language (exemple en_US), used
   for the mail sent to the System Administrator. If not set, the
   language of the SUPERUSER_ID user will be used.
+- `auth_admin_passkey_ignore_totp` (default False), if enabled, then 2FA
+  will be ignored.
 
 **typical Dev / Test configuration section**
 

auth_admin_passkey/static/description/index.html

@@ -1,4 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
@@ -9,10 +8,11 @@
 
 /*
 :Author: David Goodger ([email protected])
-:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
+:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
 :Copyright: This stylesheet has been placed in the public domain.
 
 Default cascading style sheet for the HTML output of Docutils.
+Despite the name, some widely supported CSS2 features are used.
 
 See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
 customize this style sheet.
@@ -275,7 +275,7 @@
   margin-left: 2em ;
   margin-right: 2em }
 
-pre.code .ln { color: grey; } /* line numbers */
+pre.code .ln { color: gray; } /* line numbers */
 pre.code, code { background-color: #eeeeee }
 pre.code .comment, code .comment { color: #5C6576 }
 pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
@@ -301,7 +301,7 @@
 span.pre {
   white-space: pre }
 
-span.problematic {
+span.problematic, pre.problematic {
   color: red }
 
 span.section-subtitle {
@@ -367,7 +367,7 @@ <h1 class="title">Authentification - System Administrator Passkey</h1>
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:533fa7b03dfdbbf3538a7002f3b8241bd3e55056afadea029caf6888fe5a0b74
+!! source digest: sha256:ae816e08cfcea8c3af0717cbc43b2cae99b9842b7bd11233d51b41432c0a6a9c
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
 <p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/17.0/auth_admin_passkey"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_admin_passkey"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=17.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>This module extends the functionality of users module to support loging
@@ -412,6 +412,8 @@ <h1><a class="toc-backref" href="#toc-entry-1">Configuration</a></h1>
 <li><tt class="docutils literal">auth_admin_passkey_sysadmin_lang</tt>. the language (exemple en_US),
 used for the mail sent to the System Administrator. If not set, the
 language of the SUPERUSER_ID user will be used.</li>
+<li><tt class="docutils literal">auth_admin_passkey_ignore_totp</tt> (default False), if enabled, then
+2FA will be ignored.</li>
 </ul>
 <p><strong>typical Dev / Test configuration section</strong></p>
 <p>No keys to add.</p>
@@ -453,7 +455,9 @@ <h2><a class="toc-backref" href="#toc-entry-5">Contributors</a></h2>
 <div class="section" id="maintainers">
 <h2><a class="toc-backref" href="#toc-entry-6">Maintainers</a></h2>
 <p>This module is maintained by the OCA.</p>
-<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<a class="reference external image-reference" href="https://odoo-community.org">
+<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
+</a>
 <p>OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.</p>

auth_admin_passkey_totp_mail_enforce/README.rst

@@ -0,0 +1,79 @@
+=========================================
+Authentification - Disable 2FA if Passkey
+=========================================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:e7bd9350627c161de92e78fe7ad7c5a17f364591c83c53f18412160fb49666a8
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/17.0/auth_admin_passkey_totp_mail_enforce
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_admin_passkey_totp_mail_enforce
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=17.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This is a glue module, needed to allow module auth_admin_passkey working
+properly in combination with auth_totp_mail_enforce.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_admin_passkey_totp_mail_enforce%0Aversion:%2017.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* 360ERP
+
+Contributors
+------------
+
+-  `360ERP <https://www.360erp.com>`__:
+
+   -  Andrea Stirpe
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/17.0/auth_admin_passkey_totp_mail_enforce>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_admin_passkey_totp_mail_enforce/__init__.py

@@ -0,0 +1 @@
+from . import models

auth_admin_passkey_totp_mail_enforce/__manifest__.py

@@ -0,0 +1,15 @@
+# Copyright 2024 360ERP (<https://www.360erp.com>)
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Authentification - Disable 2FA if Passkey",
+    "summary": " Disable 2FA if Passkey is being used",
+    "version": "17.0.1.0.0",
+    "category": "base",
+    "author": "360ERP,Odoo Community Association (OCA)",
+    "website": "https://github.com/OCA/server-auth",
+    "license": "AGPL-3",
+    "depends": ["auth_admin_passkey", "auth_totp_mail_enforce"],
+    "installable": True,
+    "auto_install": True,
+}

auth_admin_passkey_totp_mail_enforce/i18n/auth_admin_passkey_totp_mail_enforce.pot

@@ -0,0 +1,19 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_admin_passkey_totp_mail_enforce
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 17.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_admin_passkey_totp_mail_enforce
+#: model:ir.model,name:auth_admin_passkey_totp_mail_enforce.model_res_users
+msgid "User"
+msgstr ""

auth_admin_passkey_totp_mail_enforce/i18n/it.po

@@ -0,0 +1,22 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_admin_passkey_totp_mail_enforce
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 17.0\n"
+"Report-Msgid-Bugs-To: \n"
+"PO-Revision-Date: 2024-08-30 14:06+0000\n"
+"Last-Translator: mymage <[email protected]>\n"
+"Language-Team: none\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 5.6.2\n"
+
+#. module: auth_admin_passkey_totp_mail_enforce
+#: model:ir.model,name:auth_admin_passkey_totp_mail_enforce.model_res_users
+msgid "User"
+msgstr "Utente"

auth_admin_passkey_totp_mail_enforce/models/__init__.py

@@ -0,0 +1 @@
+from . import res_users

auth_admin_passkey_totp_mail_enforce/models/res_users.py

@@ -0,0 +1,17 @@
+# Copyright 2024 360ERP (<https://www.360erp.com>)
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import models
+from odoo.http import request
+
+
+class ResUsers(models.Model):
+    _inherit = "res.users"
+
+    def _mfa_url(self):
+        """Needed to ensure that 'ignore_totp' is processed before entering
+        the _mfa_url() of auth_totp_mail_enforce.
+        """
+        if request.session.get("ignore_totp"):
+            return None
+        return super()._mfa_url()

auth_admin_passkey_totp_mail_enforce/pyproject.toml

@@ -0,0 +1,3 @@
+[build-system]
+requires = ["whool"]
+build-backend = "whool.buildapi"

auth_admin_passkey_totp_mail_enforce/readme/CONTRIBUTORS.md

@@ -0,0 +1,2 @@
+- [360ERP](https://www.360erp.com):
+  - Andrea Stirpe

auth_admin_passkey_totp_mail_enforce/readme/DESCRIPTION.md

@@ -0,0 +1,2 @@
+This is a glue module, needed to allow module auth_admin_passkey working
+properly in combination with auth_totp_mail_enforce.