[FIX] password_security: Fix expected singleton

Updating the password for more than one user raises "expected singleton" error This fix supports multi case
OCA · Feb 13, 2025 · c172e8d · c172e8d
1 parent 260f262
commit c172e8d
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 14 deletions.
diff --git a/password_security/models/res_users.py b/password_security/models/res_users.py
@@ -8,6 +8,7 @@
 
 from odoo import _, api, fields, models
 from odoo.exceptions import UserError, ValidationError
+from odoo.tools import groupby
 
 
 def delta_now(**kwargs):
@@ -97,23 +98,21 @@ def _check_password(self, password):
         return True
 
     def _check_password_rules(self, password):
-        self.ensure_one()
         if not password:
             return True
-        company_id = self.company_id
         params = self.env["ir.config_parameter"].sudo()
         minlength = params.get_param("auth_password_policy.minlength", default=0)
-        password_regex = [
-            "^",
-            "(?=.*?[a-z]){" + str(company_id.password_lower) + ",}",
-            "(?=.*?[A-Z]){" + str(company_id.password_upper) + ",}",
-            "(?=.*?\\d){" + str(company_id.password_numeric) + ",}",
-            r"(?=.*?[\W_]){" + str(company_id.password_special) + ",}",
-            ".{%d,}$" % int(minlength),
-        ]
-        if not re.search("".join(password_regex), password):
-            raise ValidationError(self.password_match_message())
-
+        for company_id, users in groupby(self, lambda u: u.company_id):
+            password_regex = [
+                "^",
+                "(?=.*?[a-z]){" + str(company_id.password_lower) + ",}",
+                "(?=.*?[A-Z]){" + str(company_id.password_upper) + ",}",
+                "(?=.*?\\d){" + str(company_id.password_numeric) + ",}",
+                r"(?=.*?[\W_]){" + str(company_id.password_special) + ",}",
+                ".{%d,}$" % int(minlength),
+            ]
+            if not re.search("".join(password_regex), password):
+                raise ValidationError(users[0].password_match_message())
         return True
 
     def _password_has_expired(self):

diff --git a/password_security/tests/test_change_password.py b/password_security/tests/test_change_password.py
@@ -1,6 +1,6 @@
 # Copyright 2023 Onestein (<https://www.onestein.eu>)
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
-
+import re
 from unittest import mock
 
 from odoo import http
@@ -134,3 +134,14 @@ def test_04_change_password_check_password_history(self):
         # Log in with new password: ensure we end up on the right page
         res_login2 = self.login("admin", "!asdQWE12345_4")
         self.assertEqual(res_login2.request.path_url, "/web")
+
+    def test_20_write_password(self):
+        """Detects expected singleton errors writing passwords for more than one user"""
+        users = self.env["res.users"].search([], limit=2)
+        self.assertEqual(len(users), 2)
+        res = users.write({"password": "!asdQWE12345"})
+        self.assertTrue(res)
+
+        msg = re.escape(users[0].password_match_message())
+        with self.assertRaisesRegex(ValidationError, msg):
+            users.write({"password": "12345678"})