From f1b2a2b977347f5b77bf8d58e7cf62bb3f9b49f5 Mon Sep 17 00:00:00 2001
From: fkantelberg <florian.kantelberg@initos.com>
Date: Thu, 29 Feb 2024 08:01:23 +0100
Subject: [PATCH] [MIG][16.0] vault_share: Migration and restructuring for 16.0

---
 setup/vault_share/odoo/addons/vault_share     |   1 +
 setup/vault_share/setup.py                    |   6 +
 vault_share/README.rst                        |  28 +-
 vault_share/__manifest__.py                   |  10 +-
 vault_share/controllers/main.py               |   1 +
 vault_share/i18n/es.po                        |  16 +-
 vault_share/i18n/nl.po                        |   4 -
 .../migrations/16.0.1.0.0/post-migrate.py     |  13 +
 vault_share/models/res_config_settings.py     |   2 +-
 vault_share/models/vault_share.py             |  12 +-
 vault_share/readme/DESCRIPTION.rst            |   2 +-
 vault_share/readme/ROADMAP.rst                |   1 +
 vault_share/static/description/index.html     |  24 +-
 .../static/src/backend/fields/templates.xml   |  46 +++
 .../src/backend/fields/vault_field.esm.js     |  45 +++
 .../src/backend/fields/vault_pin_field.esm.js | 110 ++++++
 .../backend/fields/vault_share_field.esm.js   |  15 +
 .../backend/fields/vault_share_file.esm.js    |  15 +
 .../backend/fields/vault_share_mixin.esm.js   | 164 ++++++++
 vault_share/static/src/backend/templates.xml  |  57 ---
 vault_share/static/src/common/utils.esm.js    |   6 +-
 vault_share/static/src/frontend/share.esm.js  |  48 ++-
 vault_share/static/src/legacy/vault_fields.js |  55 ---
 .../static/src/legacy/vault_share_widget.js   | 367 ------------------
 vault_share/tests/test_share.py               |  25 +-
 vault_share/views/templates.xml               |  19 +-
 vault_share/views/vault_share_views.xml       |   5 +-
 27 files changed, 543 insertions(+), 554 deletions(-)
 create mode 120000 setup/vault_share/odoo/addons/vault_share
 create mode 100644 setup/vault_share/setup.py
 create mode 100644 vault_share/migrations/16.0.1.0.0/post-migrate.py
 create mode 100644 vault_share/readme/ROADMAP.rst
 create mode 100644 vault_share/static/src/backend/fields/templates.xml
 create mode 100644 vault_share/static/src/backend/fields/vault_field.esm.js
 create mode 100644 vault_share/static/src/backend/fields/vault_pin_field.esm.js
 create mode 100644 vault_share/static/src/backend/fields/vault_share_field.esm.js
 create mode 100644 vault_share/static/src/backend/fields/vault_share_file.esm.js
 create mode 100644 vault_share/static/src/backend/fields/vault_share_mixin.esm.js
 delete mode 100644 vault_share/static/src/backend/templates.xml
 delete mode 100644 vault_share/static/src/legacy/vault_fields.js
 delete mode 100644 vault_share/static/src/legacy/vault_share_widget.js

diff --git a/setup/vault_share/odoo/addons/vault_share b/setup/vault_share/odoo/addons/vault_share
new file mode 120000
index 0000000000..d8d730a844
--- /dev/null
+++ b/setup/vault_share/odoo/addons/vault_share
@@ -0,0 +1 @@
+../../../../vault_share
\ No newline at end of file
diff --git a/setup/vault_share/setup.py b/setup/vault_share/setup.py
new file mode 100644
index 0000000000..28c57bb640
--- /dev/null
+++ b/setup/vault_share/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)
diff --git a/vault_share/README.rst b/vault_share/README.rst
index 499ee5f481..da29dd4d6c 100644
--- a/vault_share/README.rst
+++ b/vault_share/README.rst
@@ -2,10 +2,13 @@
 Vault - Share
 =============
 
-.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:9a16926a6329561017dac0fa81e331bcd50b83bc373281609831a25e42fb3e0c
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
     :target: https://odoo-community.org/page/development-status
@@ -14,16 +17,16 @@ Vault - Share
     :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
     :alt: License: AGPL-3
 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
-    :target: https://github.com/OCA/server-auth/tree/15.0/vault_share
+    :target: https://github.com/OCA/server-auth/tree/16.0/vault_share
     :alt: OCA/server-auth
 .. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
-    :target: https://translation.odoo-community.org/projects/server-auth-15-0/server-auth-15-0-vault_share
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-vault_share
     :alt: Translate me on Weblate
-.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
-    :target: https://runbot.odoo-community.org/runbot/251/15.0
-    :alt: Try me on Runbot
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
+    :alt: Try me on Runboat
 
-|badge1| |badge2| |badge3| |badge4| |badge5| 
+|badge1| |badge2| |badge3| |badge4| |badge5|
 
 This module implements possibilities to share specific secrets with external users. This bases on the vault implementation and the generated RSA key pair.
 
@@ -37,13 +40,18 @@ This allows an user to share a secret with external users. A share can be genera
 .. contents::
    :local:
 
+Known issues / Roadmap
+======================
+
+* Secure the download of the encrypted file behind a challenge/response
+
 Bug Tracker
 ===========
 
 Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
 In case of trouble, please check there if your issue has already been reported.
-If you spotted it first, help us smashing it by providing a detailed and welcomed
-`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20vault_share%0Aversion:%2015.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20vault_share%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
 
 Do not contact contributors directly about support or help with technical issues.
 
@@ -73,6 +81,6 @@ OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.
 
-This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/15.0/vault_share>`_ project on GitHub.
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/vault_share>`_ project on GitHub.
 
 You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/vault_share/__manifest__.py b/vault_share/__manifest__.py
index 5af9ada04d..7e05ea658a 100644
--- a/vault_share/__manifest__.py
+++ b/vault_share/__manifest__.py
@@ -1,11 +1,11 @@
-# © 2021 Florian Kantelberg - initOS GmbH
+# © 2021-2024 Florian Kantelberg - initOS GmbH
 # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
 
 {
     "name": "Vault - Share",
     "summary": "Implementation of a mechanism to share secrets",
     "license": "AGPL-3",
-    "version": "15.0.1.1.1",
+    "version": "16.0.1.0.0",
     "website": "https://github.com/OCA/server-auth",
     "application": False,
     "author": "initOS GmbH, Odoo Community Association (OCA)",
@@ -25,15 +25,11 @@
             "vault_share/static/src/common/**/*.js",
             "vault_share/static/src/backend/**/*.js",
             "vault_share/static/src/backend/**/*.scss",
-            "vault_share/static/src/legacy/vault_fields.js",
-            "vault_share/static/src/legacy/vault_share_widget.js",
+            "vault_share/static/src/backend/**/*.xml",
         ],
         "vault_share.assets_frontend": [
             "vault/static/src/common/*.js",
             "vault_share/static/src/frontend/*.js",
         ],
-        "web.assets_qweb": [
-            "vault_share/static/src/backend/**/*.xml",
-        ],
     },
 }
diff --git a/vault_share/controllers/main.py b/vault_share/controllers/main.py
index e51f703cbf..52eb94d1ef 100644
--- a/vault_share/controllers/main.py
+++ b/vault_share/controllers/main.py
@@ -30,6 +30,7 @@ def vault_share(self, token):
                 "iv": secret.iv,
                 "encrypted_file": secret.secret_file,
                 "filename": secret.filename,
+                "iterations": secret.iterations,
             }
         )
         return request.render("vault_share.share", ctx)
diff --git a/vault_share/i18n/es.po b/vault_share/i18n/es.po
index 4750864d5f..a73a93b1cb 100644
--- a/vault_share/i18n/es.po
+++ b/vault_share/i18n/es.po
@@ -7,8 +7,8 @@ msgstr ""
 "Project-Id-Version: Odoo Server 13.0\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2022-06-06 07:44+0000\n"
-"PO-Revision-Date: 2023-06-13 11:09+0000\n"
-"Last-Translator: Víctor Martínez <victor.martinez@tecnativa.com>\n"
+"PO-Revision-Date: 2023-10-30 21:37+0000\n"
+"Last-Translator: Ivorra78 <informatica@totmaterial.es>\n"
 "Language-Team: \n"
 "Language: es\n"
 "MIME-Version: 1.0\n"
@@ -157,7 +157,7 @@ msgstr "Pin"
 #. module: vault_share
 #: model:ir.model.fields,field_description:vault_share.field_vault_share__salt
 msgid "Salt"
-msgstr ""
+msgstr "Sal"
 
 #. module: vault_share
 #. openerp-web
@@ -245,13 +245,13 @@ msgstr "El secreto ha expirado"
 #: code:addons/vault_share/models/vault_share.py:0
 #, python-format
 msgid "The share was accessed by %(name)s via %(ip)s"
-msgstr ""
+msgstr "%(name)s ha accedido a la acción a través de %(ip)s"
 
 #. module: vault_share
 #: code:addons/vault_share/models/vault_share.py:0
 #, python-format
 msgid "The share was created by %(name)s"
-msgstr ""
+msgstr "La acción fue creada por %(name)s"
 
 #. module: vault_share
 #: model:ir.model.fields,field_description:vault_share.field_vault_share__token
@@ -271,21 +271,21 @@ msgstr "Utilizando este enlace y el pin la gente puede acceder al secreto."
 #. module: vault_share
 #: model:ir.model.fields,field_description:vault_share.field_res_company__vault_share_delay
 msgid "Vault Share Delay"
-msgstr ""
+msgstr "Retraso de la Acción de la Bóveda"
 
 #. module: vault_share
 #: code:addons/vault_share/models/vault_share_log.py:0
 #: model:ir.model,name:vault_share.model_vault_share_log
 #, python-format
 msgid "Vault share log"
-msgstr ""
+msgstr "Registro de compartición de la bóveda"
 
 #. module: vault_share
 #: code:addons/vault_share/models/vault_share.py:0
 #: model:ir.model,name:vault_share.model_vault_share
 #, python-format
 msgid "Vault share outgoing secrets"
-msgstr ""
+msgstr "La bóveda comparte secretos de salida"
 
 #, python-format
 #~ msgid "The share was accessed by %s via %s"
diff --git a/vault_share/i18n/nl.po b/vault_share/i18n/nl.po
index 09968ce8c6..5ea11a1ac3 100644
--- a/vault_share/i18n/nl.po
+++ b/vault_share/i18n/nl.po
@@ -159,9 +159,6 @@ msgstr ""
 #. module: vault_share
 #. openerp-web
 #: code:addons/vault_share/static/src/backend/templates.xml:0
-#: code:addons/vault_share/static/src/backend/templates.xml:0
-#: code:addons/vault_share/static/src/backend/templates.xml:0
-#: code:addons/vault_share/static/src/backend/templates.xml:0
 #, python-format
 msgid "Save in a vault"
 msgstr "Opslaan in een kluis"
@@ -196,7 +193,6 @@ msgstr "Deel het geheim"
 #. module: vault_share
 #. openerp-web
 #: code:addons/vault_share/static/src/backend/templates.xml:0
-#: code:addons/vault_share/static/src/backend/templates.xml:0
 #, python-format
 msgid "Share the secret with an external user"
 msgstr "Het geheim delen met een externe gebruiker"
diff --git a/vault_share/migrations/16.0.1.0.0/post-migrate.py b/vault_share/migrations/16.0.1.0.0/post-migrate.py
new file mode 100644
index 0000000000..15c3b22717
--- /dev/null
+++ b/vault_share/migrations/16.0.1.0.0/post-migrate.py
@@ -0,0 +1,13 @@
+# © 2024 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+_logger = logging.getLogger(__name__)
+
+
+def migrate(cr, version):
+    # Before the migration the iterations were hardcoded to 4000
+    _logger.info("Setting iterations for previous records")
+
+    cr.execute("UPDATE vault_share SET iterations = 4000 WHERE iterations IS NULL")
diff --git a/vault_share/models/res_config_settings.py b/vault_share/models/res_config_settings.py
index 15b04def40..4a69c1c18b 100644
--- a/vault_share/models/res_config_settings.py
+++ b/vault_share/models/res_config_settings.py
@@ -20,5 +20,5 @@ class ResConfigSettings(models.TransientModel):
     )
 
     @api.onchange("vault_share_delay")
-    def _on_change_mins(self):
+    def _onchange_vault_share_delay(self):
         self.vault_share_delay = max(0, self.vault_share_delay)
diff --git a/vault_share/models/vault_share.py b/vault_share/models/vault_share.py
index 4b0f119f8a..927e5e3269 100644
--- a/vault_share/models/vault_share.py
+++ b/vault_share/models/vault_share.py
@@ -27,6 +27,7 @@ class VaultShare(models.Model):
     secret_file = fields.Char()
     filename = fields.Char()
     salt = fields.Char(required=True)
+    iterations = fields.Integer()
     iv = fields.Char(required=True)
     pin = fields.Char(required=True, help="The pin needed to decrypt the share.")
     accesses = fields.Integer(
@@ -70,12 +71,13 @@ def get(self, token, ip=None):
 
         return None
 
-    @api.model
-    def create(self, vals):
-        rec = super().create(vals)
+    @api.model_create_multi
+    def create(self, vals_list):
+        res = super().create(vals_list)
         log = _("The share was created by %(name)s")
-        rec.log_ids = [(0, 0, {"name": log % {"name": self.env.user.name}})]
-        return rec
+        for rec in res:
+            rec.log_ids = [(0, 0, {"name": log % {"name": self.env.user.name}})]
+        return res
 
     @api.model
     def clean(self):
diff --git a/vault_share/readme/DESCRIPTION.rst b/vault_share/readme/DESCRIPTION.rst
index 51e526ca52..6348479690 100644
--- a/vault_share/readme/DESCRIPTION.rst
+++ b/vault_share/readme/DESCRIPTION.rst
@@ -1,6 +1,6 @@
 This module implements possibilities to share specific secrets with external users. This bases on the vault implementation and the generated RSA key pair.
 
 Share
-=====
+~~~~~
 
 This allows an user to share a secret with external users. A share can be generated from a vault entry or directly created by an user. The secret is symmetrically encrypted by a key derived from a pin. To grant access the user has to transmit the link and pin with the external. If either the access counter reaches 0 or the share expires it will be deleted automatically. Due to the usage of a numeric pin and the browser side decryption a share is vulnerable to brute-force attacks and shouldn't be used as a permanent storage for secrets. For long time uses the user should create an account and a vault should be used.
diff --git a/vault_share/readme/ROADMAP.rst b/vault_share/readme/ROADMAP.rst
new file mode 100644
index 0000000000..3a2ad3154c
--- /dev/null
+++ b/vault_share/readme/ROADMAP.rst
@@ -0,0 +1 @@
+* Secure the download of the encrypted file behind a challenge/response
diff --git a/vault_share/static/description/index.html b/vault_share/static/description/index.html
index 4b080257b0..4f0f75df63 100644
--- a/vault_share/static/description/index.html
+++ b/vault_share/static/description/index.html
@@ -1,20 +1,20 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<meta name="generator" content="Docutils 0.15.1: http://docutils.sourceforge.net/" />
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
 <title>Vault - Share</title>
 <style type="text/css">
 
 /*
 :Author: David Goodger (goodger@python.org)
-:Id: $Id: html4css1.css 7952 2016-07-26 18:15:59Z milde $
+:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
 :Copyright: This stylesheet has been placed in the public domain.
 
 Default cascading style sheet for the HTML output of Docutils.
 
-See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
 customize this style sheet.
 */
 
@@ -366,20 +366,28 @@ <h1 class="title">Vault - Share</h1>
 <!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! source digest: sha256:9a16926a6329561017dac0fa81e331bcd50b83bc373281609831a25e42fb3e0c
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
-<p><a class="reference external" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external" href="https://github.com/OCA/server-auth/tree/15.0/vault_share"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external" href="https://translation.odoo-community.org/projects/server-auth-15-0/server-auth-15-0-vault_share"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external" href="https://runbot.odoo-community.org/runbot/251/15.0"><img alt="Try me on Runbot" src="https://img.shields.io/badge/runbot-Try%20me-875A7B.png" /></a></p>
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/16.0/vault_share"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-vault_share"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>This module implements possibilities to share specific secrets with external users. This bases on the vault implementation and the generated RSA key pair.</p>
 <div class="section" id="share">
 <h1>Share</h1>
 <p>This allows an user to share a secret with external users. A share can be generated from a vault entry or directly created by an user. The secret is symmetrically encrypted by a key derived from a pin. To grant access the user has to transmit the link and pin with the external. If either the access counter reaches 0 or the share expires it will be deleted automatically. Due to the usage of a numeric pin and the browser side decryption a share is vulnerable to brute-force attacks and shouldn’t be used as a permanent storage for secrets. For long time uses the user should create an account and a vault should be used.</p>
 <p><strong>Table of contents</strong></p>
 </div>
+<div class="section" id="known-issues-roadmap">
+<h1>Known issues / Roadmap</h1>
+<ul class="simple">
+<li>Secure the download of the encrypted file behind a challenge/response</li>
+</ul>
+</div>
 <div class="section" id="bug-tracker">
 <h1>Bug Tracker</h1>
 <p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-auth/issues">GitHub Issues</a>.
 In case of trouble, please check there if your issue has already been reported.
-If you spotted it first, help us smashing it by providing a detailed and welcomed
-<a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20vault_share%0Aversion:%2015.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20vault_share%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
 <p>Do not contact contributors directly about support or help with technical issues.</p>
 </div>
 <div class="section" id="credits">
@@ -403,7 +411,7 @@ <h2>Maintainers</h2>
 <p>OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.</p>
-<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-auth/tree/15.0/vault_share">OCA/server-auth</a> project on GitHub.</p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-auth/tree/16.0/vault_share">OCA/server-auth</a> project on GitHub.</p>
 <p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
 </div>
 </div>
diff --git a/vault_share/static/src/backend/fields/templates.xml b/vault_share/static/src/backend/fields/templates.xml
new file mode 100644
index 0000000000..90dab33f05
--- /dev/null
+++ b/vault_share/static/src/backend/fields/templates.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<templates id="template" xml:space="preserve">
+    <t
+        t-name="vault.FieldShareVault"
+        t-inherit="vault.FieldVault"
+        t-inherit-mode="primary"
+        owl="1"
+    >
+        <xpath expr="//div[@t-elif='props.readonly']" position="attributes">
+            <attribute name="t-elif">!isNew</attribute>
+        </xpath>
+    </t>
+
+    <t
+        t-name="vault.FileShareVault"
+        t-inherit="web.BinaryField"
+        t-inherit-mode="primary"
+        owl="1"
+    >
+        <xpath expr="//t[@t-if='!props.readonly']" position="attributes">
+            <attribute name="t-if">isNew</attribute>
+        </xpath>
+    </t>
+
+    <t t-name="vault.FieldPinVault" owl="1">
+        <div class="o_vault o_vault_error" t-if="!supported()">
+            <span>*******</span>
+        </div>
+        <div class="o_vault" t-else="">
+            <t t-call="vault.Field.buttons" />
+            <span t-esc="formattedValue" t-ref="span" />
+        </div>
+    </t>
+
+    <t t-inherit="vault.FieldVault" t-inherit-mode="extension" owl="1">
+        <xpath expr="//span[hasclass('o_vault_buttons')]" position="inside">
+            <button
+                t-if="shareButton"
+                class="btn btn-secondary btn-sm fa fa-external-link o_vault_share"
+                title="Share the secret with an external user"
+                aria-label="Share the secret with an external user"
+                t-on-click="_onShareValue"
+            />
+        </xpath>
+    </t>
+</templates>
diff --git a/vault_share/static/src/backend/fields/vault_field.esm.js b/vault_share/static/src/backend/fields/vault_field.esm.js
new file mode 100644
index 0000000000..57190388cb
--- /dev/null
+++ b/vault_share/static/src/backend/fields/vault_field.esm.js
@@ -0,0 +1,45 @@
+/** @odoo-module **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import VaultField from "vault.field";
+import {_lt} from "@web/core/l10n/translation";
+import {patch} from "@web/core/utils/patch";
+import sh_utils from "vault.share.utils";
+import utils from "vault.utils";
+import vault from "vault";
+
+// Extend the widget to share
+patch(VaultField.prototype, "vault_share", {
+    /**
+     * Share the value for an external user
+     *
+     * @private
+     */
+    async _onShareValue() {
+        const iv = await utils.generate_iv_base64();
+        const pin = sh_utils.generate_pin(sh_utils.PinSize);
+        const salt = utils.generate_bytes(utils.SaltLength).buffer;
+        const key = await utils.derive_key(pin, salt, utils.Derive.iterations);
+        const public_key = await vault.get_public_key();
+        const value = await this._decrypt(this.value);
+
+        this.action.doAction({
+            type: "ir.actions.act_window",
+            title: _lt("Share the secret"),
+            target: "new",
+            res_model: "vault.share",
+            views: [[false, "form"]],
+            context: {
+                default_secret: await utils.sym_encrypt(key, value, iv),
+                default_pin: await utils.asym_encrypt(
+                    public_key,
+                    pin + utils.generate_iv_base64()
+                ),
+                default_iterations: utils.Derive.iterations,
+                default_iv: iv,
+                default_salt: utils.toBase64(salt),
+            },
+        });
+    },
+});
diff --git a/vault_share/static/src/backend/fields/vault_pin_field.esm.js b/vault_share/static/src/backend/fields/vault_pin_field.esm.js
new file mode 100644
index 0000000000..b64a6a2ba9
--- /dev/null
+++ b/vault_share/static/src/backend/fields/vault_pin_field.esm.js
@@ -0,0 +1,110 @@
+/** @odoo-module **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import {Component, useRef, useState} from "@odoo/owl";
+import VaultMixin from "vault.mixin";
+import {_lt} from "@web/core/l10n/translation";
+import {registry} from "@web/core/registry";
+import sh_utils from "vault.share.utils";
+import {useService} from "@web/core/utils/hooks";
+import utils from "vault.utils";
+import vault from "vault";
+
+export default class VaultPinField extends VaultMixin(Component) {
+    setup() {
+        super.setup();
+
+        this.action = useService("action");
+        this.span = useRef("span");
+        this.state = useState({
+            decrypted: false,
+            decryptedValue: "",
+        });
+
+        this.context = this.env.searchModel.context;
+        this.props.readonly = true;
+    }
+
+    get sendButton() {
+        return false;
+    }
+    get generateButton() {
+        return false;
+    }
+    get saveButton() {
+        return false;
+    }
+
+    /**
+     * Get the decrypted value or a placeholder
+     *
+     * @returns the decrypted value or a placeholder
+     */
+    get formattedValue() {
+        if (!this.props.value) return "";
+        if (this.state.decrypted) return this.state.decryptedValue || "*******";
+        return "*******";
+    }
+
+    /**
+     * Decrypt the value using the private key of the vault and slice it to
+     * the actual pin size because there is a salt following
+     *
+     * @private
+     * @param {String} data
+     * @returns the decrypted data
+     */
+    async _decrypt(data) {
+        if (!data) return data;
+
+        const pin_size = this.context.pin_size || sh_utils.PinSize;
+
+        const private_key = await vault.get_private_key();
+        const plain = await utils.asym_decrypt(private_key, data);
+        return plain.slice(0, pin_size);
+    }
+
+    /**
+     * Copy the decrypted secret to the clipboard
+     *
+     * @param {Object} ev
+     */
+    async _onCopyValue(ev) {
+        ev.stopPropagation();
+
+        const value = await this._decrypt(this.props.value);
+        await navigator.clipboard.writeText(value);
+    }
+
+    /**
+     * Toggle between visible and invisible secret
+     *
+     * @param {Object} ev
+     */
+    async _onShowValue(ev) {
+        ev.stopPropagation();
+
+        this.state.decrypted = !this.state.decrypted;
+        if (this.state.decrypted) {
+            this.state.decryptedValue = await this._decrypt(this.props.value);
+        } else {
+            this.state.decryptedValue = "";
+        }
+
+        await this.showValue();
+    }
+
+    /**
+     * Update the value shown
+     */
+    async showValue() {
+        this.span.el.innerHTML = this.formattedValue;
+    }
+}
+
+VaultPinField.displayName = _lt("Vault Pin Field");
+VaultPinField.supportedTypes = ["char"];
+VaultPinField.template = "vault.FieldPinVault";
+
+registry.category("fields").add("vault_pin", VaultPinField);
diff --git a/vault_share/static/src/backend/fields/vault_share_field.esm.js b/vault_share/static/src/backend/fields/vault_share_field.esm.js
new file mode 100644
index 0000000000..a7fd110fef
--- /dev/null
+++ b/vault_share/static/src/backend/fields/vault_share_field.esm.js
@@ -0,0 +1,15 @@
+/** @odoo-module alias=vault.share.field **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import VaultField from "vault.field";
+import VaultShareMixin from "vault.share.mixin";
+import {_lt} from "@web/core/l10n/translation";
+import {registry} from "@web/core/registry";
+
+export default class VaultShareField extends VaultShareMixin(VaultField) {}
+
+VaultShareField.displayName = _lt("Vault Share Field");
+VaultShareField.template = "vault.FieldShareVault";
+
+registry.category("fields").add("vault_share_field", VaultShareField);
diff --git a/vault_share/static/src/backend/fields/vault_share_file.esm.js b/vault_share/static/src/backend/fields/vault_share_file.esm.js
new file mode 100644
index 0000000000..4b8f45130f
--- /dev/null
+++ b/vault_share/static/src/backend/fields/vault_share_file.esm.js
@@ -0,0 +1,15 @@
+/** @odoo-module alias=vault.share.file **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import VaultFile from "vault.file";
+import VaultShareMixin from "vault.share.mixin";
+import {_lt} from "@web/core/l10n/translation";
+import {registry} from "@web/core/registry";
+
+export default class VaultShareFile extends VaultShareMixin(VaultFile) {}
+
+VaultShareFile.displayName = _lt("Vault Share Field");
+VaultShareFile.template = "vault.FileShareVault";
+
+registry.category("fields").add("vault_share_file", VaultShareFile);
diff --git a/vault_share/static/src/backend/fields/vault_share_mixin.esm.js b/vault_share/static/src/backend/fields/vault_share_mixin.esm.js
new file mode 100644
index 0000000000..ac84f3b822
--- /dev/null
+++ b/vault_share/static/src/backend/fields/vault_share_mixin.esm.js
@@ -0,0 +1,164 @@
+/** @odoo-module alias=vault.share.mixin **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import sh_utils from "vault.share.utils";
+import utils from "vault.utils";
+import vault from "vault";
+
+export default (x) => {
+    class Extended extends x {
+        setup() {
+            super.setup();
+
+            this.context = this.env.searchModel.context;
+        }
+
+        get shareButton() {
+            return false;
+        }
+        get sendButton() {
+            return false;
+        }
+        get isNew() {
+            return this.props.record.isNew;
+        }
+
+        /**
+         * Encrypt the pin with a random salt to make it hard to guess him by
+         * encrypting every possilbilty with the public key. Store the pin in the
+         * proper field
+         *
+         * @private
+         * @param {String} pin
+         */
+        async _storePin(pin) {
+            const salt = utils.generate_iv_base64();
+            const crypted_pin = await utils.asym_encrypt(
+                await vault.get_public_key(),
+                pin + salt
+            );
+            await this._setFieldValue(this.props.fieldPin, crypted_pin);
+        }
+
+        /**
+         * Get the iterations
+         *
+         * @returns iterations for the password derivation
+         */
+        async _getIterations() {
+            const record = this.props.record;
+            if (!record) return utils.Derive.iterations;
+            const iterations = record.data.iterations || utils.Derive.iterations;
+            await this._setFieldValue(this.props.fieldIterations, iterations);
+            return iterations;
+        }
+
+        /**
+         * Returns the pin from the class, record data, or generate a new pin if
+         * none s currently available
+         *
+         * @private
+         * @returns the pin
+         */
+        async _getPin() {
+            const record = this.props.record;
+            if (!record) return null;
+
+            const pin_size = this.context.pin_size || sh_utils.PinSize;
+
+            let pin = record.data[this.props.fieldPin];
+            if (pin) {
+                // Decrypt the pin and slice him to the configured pin size
+                const private_key = await vault.get_private_key();
+                const plain = await utils.asym_decrypt(private_key, pin);
+                if (!plain) return null;
+
+                pin = plain.slice(0, pin_size);
+                return pin;
+            }
+
+            // Generate a new pin and store it
+            pin = sh_utils.generate_pin(pin_size);
+            await this._storePin(pin);
+            return pin;
+        }
+
+        /**
+         * Returns the salt from the class, record data, or generate a new salt if
+         * none is currently available
+         *
+         * @private
+         * @returns the salt
+         */
+        async _getSalt() {
+            const record = this.props.record;
+            if (!record) return null;
+
+            let salt = record.data[this.props.fieldSalt];
+            if (salt) return salt;
+
+            // Generate a new salt and store him
+            salt = utils.toBase64(utils.generate_bytes(utils.SaltLength).buffer);
+            await this._setFieldValue(this.props.fieldSalt, salt);
+            return salt;
+        }
+
+        /**
+         * Decrypt the encrypted data using the pin, IV and salt
+         *
+         * @private
+         * @param {String} crypted
+         * @returns the decrypted secret
+         */
+        async _decrypt(crypted) {
+            if (!utils.supported()) return null;
+
+            if (crypted === false) return false;
+
+            if (!this.props.value) return this.props.value;
+
+            const iv = await this._getIV();
+            const pin = await this._getPin();
+            const salt = utils.fromBase64(await this._getSalt());
+            const iterations = await this._getIterations();
+
+            const key = await utils.derive_key(pin, salt, iterations);
+            return await utils.sym_decrypt(key, crypted, iv);
+        }
+
+        /**
+         * Encrypt the data using the pin, IV and salt
+         *
+         * @private
+         * @param {String} data
+         * @returns the encrypted secret
+         */
+        async _encrypt(data) {
+            if (!utils.supported()) return null;
+
+            const iv = await this._getIV();
+            const pin = await this._getPin();
+            const salt = utils.fromBase64(await this._getSalt());
+            const iterations = await this._getIterations();
+
+            const key = await utils.derive_key(pin, salt, iterations);
+            return await utils.sym_encrypt(key, data, iv);
+        }
+    }
+
+    Extended.defaultProps = {
+        ...x.defaultProps,
+        fieldPin: "pin",
+        fieldSalt: "salt",
+        fieldIterations: "iterations",
+    };
+    Extended.props = {
+        ...x.props,
+        fieldIterations: {type: String, optional: true},
+        fieldPin: {type: String, optional: true},
+        fieldSalt: {type: String, optional: true},
+    };
+
+    return Extended;
+};
diff --git a/vault_share/static/src/backend/templates.xml b/vault_share/static/src/backend/templates.xml
deleted file mode 100644
index f8a2c9b9c9..0000000000
--- a/vault_share/static/src/backend/templates.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<templates id="template" xml:space="preserve">
-    <t t-name="FieldVaultShare">
-        <div class="o_vault o_vault_error" t-if="!widget.supported()">
-            <span>*******</span>
-        </div>
-        <input class="o_vault_share" t-elif="widget.mode == 'edit'" t-esc="value" />
-        <div class="o_vault" t-else="">
-            <t t-call="vault.buttons" />
-            <button
-                class="btn fa fa-save o_vault_save"
-                title="Save in a vault"
-                aria-label="Save in a vault"
-            />
-
-            <span class="o_vault_share" t-esc="value" />
-        </div>
-    </t>
-
-    <t t-name="FileVaultShare">
-        <div class="o_vault o_vault_error" t-if="!widget.supported()">
-            <span>*******</span>
-        </div>
-        <t t-elif="widget.mode == 'edit'" t-call="FieldBinaryFile" />
-        <div class="o_vault" t-else="">
-            <button
-                class="btn fa fa-save o_vault_save"
-                title="Save in a vault"
-                aria-label="Save in a vault"
-            />
-
-            <span class="link"><span class="fa fa-download" /> <t
-                    t-esc="filename"
-                /></span>
-        </div>
-    </t>
-
-    <t t-name="FieldPinVault">
-        <div class="o_vault o_vault_error" t-if="!widget.supported()">
-            <span>*******</span>
-        </div>
-        <div class="o_vault" t-else="">
-            <t t-call="vault.buttons" />
-            <span class="o_vault_value" t-esc="value" />
-        </div>
-    </t>
-
-    <t t-extend="FieldVault">
-        <t t-jquery="span.o_vault_value" t-operation="before">
-            <button
-                class="btn fa fa-external-link o_vault_share"
-                title="Share the secret with an external user"
-                aria-label="Share the secret with an external user"
-            />
-        </t>
-    </t>
-</templates>
diff --git a/vault_share/static/src/common/utils.esm.js b/vault_share/static/src/common/utils.esm.js
index 790858a529..0523dbb47b 100644
--- a/vault_share/static/src/common/utils.esm.js
+++ b/vault_share/static/src/common/utils.esm.js
@@ -1,11 +1,11 @@
 /** @odoo-module alias=vault.share.utils **/
-// © 2021-2022 Florian Kantelberg - initOS GmbH
+// © 2021-2024 Florian Kantelberg - initOS GmbH
 // License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
 
-const PinSize = 5;
-
 import utils from "vault.utils";
 
+const PinSize = 5;
+
 function generate_pin(pin_size) {
     return utils.generate_secret(pin_size, "0123456789");
 }
diff --git a/vault_share/static/src/frontend/share.esm.js b/vault_share/static/src/frontend/share.esm.js
index af9b28d0b3..db8b771856 100644
--- a/vault_share/static/src/frontend/share.esm.js
+++ b/vault_share/static/src/frontend/share.esm.js
@@ -1,5 +1,5 @@
 /** @odoo-module **/
-// © 2021-2022 Florian Kantelberg - initOS GmbH
+// © 2021-2024 Florian Kantelberg - initOS GmbH
 // License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
 
 import utils from "vault.utils";
@@ -8,36 +8,68 @@ const data = {};
 
 // Find the elements in the document and check if they have values
 function find_elements() {
-    for (const id of ["encrypted", "salt", "iv", "encrypted_file", "filename"])
+    for (const id of [
+        "encrypted",
+        "salt",
+        "iv",
+        "encrypted_file",
+        "filename",
+        "iterations",
+    ])
         if (!data[id]) {
             const element = document.getElementById(id);
             data[id] = element && element.value;
         }
 }
 
+function toggle_alert(element, successful) {
+    if (element) {
+        element.classList.add(successful ? "alert-success" : "alert-danger");
+        element.classList.remove(successful ? "alert-danger" : "alert-success");
+    }
+}
+
+function show(selector) {
+    const element = document.querySelector(selector);
+    if (element) element.classList.remove("o_hidden");
+}
+
+function hide(selector) {
+    const element = document.querySelector(selector);
+    if (element) element.classList.add("o_hidden");
+}
+
 document.getElementById("pin").onchange = async function () {
     if (!utils.supported()) return;
 
     find_elements();
 
     // Derive the key from the pin
-    const key = await utils.derive_key(this.value, utils.fromBase64(data.salt), 4000);
+    const key = await utils.derive_key(
+        this.value,
+        utils.fromBase64(data.salt),
+        data.iterations
+    );
 
+    hide("#secret_group");
+    hide("#file_group");
+
+    const pin = document.getElementById("pin");
     const secret = document.getElementById("secret");
     const secret_file = document.getElementById("secret_file");
     if (!secret && !secret_file) return;
 
     // There is no secret to decrypt
     if (!this.value) {
-        secret.setAttribute("class", "alert alert-danger col-12");
-        secret_file.setAttribute("class", "alert alert-danger col-12");
+        toggle_alert(pin, false);
         return;
     }
 
     // Decrypt the data and show the value
     if (data.encrypted) {
         secret.value = await utils.sym_decrypt(key, data.encrypted, data.iv);
-        secret.setAttribute("class", "alert alert-success col-12");
+        toggle_alert(pin, secret.value);
+        show("#secret_group");
     }
 
     if (data.encrypted_file) {
@@ -48,9 +80,11 @@ document.getElementById("pin").onchange = async function () {
         const arr = new Uint8Array(buffer);
         for (let i = 0; i < content.length; i++) arr[i] = content.charCodeAt(i);
         const file = new Blob([arr]);
+
         secret_file.text = data.filename;
         secret_file.setAttribute("href", window.URL.createObjectURL(file));
-        secret_file.setAttribute("class", "alert alert-success col-12");
         secret_file.setAttribute("download", data.filename);
+        toggle_alert(pin, content);
+        show("#file_group");
     }
 };
diff --git a/vault_share/static/src/legacy/vault_fields.js b/vault_share/static/src/legacy/vault_fields.js
deleted file mode 100644
index 23c8071051..0000000000
--- a/vault_share/static/src/legacy/vault_fields.js
+++ /dev/null
@@ -1,55 +0,0 @@
-// © 2021 Florian Kantelberg - initOS GmbH
-// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
-
-odoo.define("vault.share.fields", function (require) {
-    "use strict";
-
-    const core = require("web.core");
-    const sh_utils = require("vault.share.utils");
-    const utils = require("vault.utils");
-    const vault = require("vault");
-    const vault_fields = require("vault.fields");
-
-    const _t = core._t;
-
-    // Extend the widget to share
-    vault_fields.VaultField.include({
-        events: _.extend(vault_fields.VaultField.prototype.events, {
-            "click .o_vault_share": "_onShareValue",
-        }),
-
-        /**
-         * Share the value for an external user
-         *
-         * @private
-         * @param {OdooEvent} ev
-         */
-        _onShareValue: async function (ev) {
-            ev.stopPropagation();
-
-            const iv = await utils.generate_iv_base64();
-            const pin = sh_utils.generate_pin(sh_utils.PinSize);
-            const salt = utils.generate_bytes(utils.SaltLength).buffer;
-            const key = await utils.derive_key(pin, salt, 4000);
-            const public_key = await vault.get_public_key();
-            const value = await this._decrypt(this.value);
-
-            this.do_action({
-                type: "ir.actions.act_window",
-                title: _t("Share the secret"),
-                target: "new",
-                res_model: "vault.share",
-                views: [[false, "form"]],
-                context: {
-                    default_secret: await utils.sym_encrypt(key, value, iv),
-                    default_pin: await utils.asym_encrypt(
-                        public_key,
-                        pin + utils.generate_iv_base64()
-                    ),
-                    default_iv: iv,
-                    default_salt: utils.toBase64(salt),
-                },
-            });
-        },
-    });
-});
diff --git a/vault_share/static/src/legacy/vault_share_widget.js b/vault_share/static/src/legacy/vault_share_widget.js
deleted file mode 100644
index a985fc06d6..0000000000
--- a/vault_share/static/src/legacy/vault_share_widget.js
+++ /dev/null
@@ -1,367 +0,0 @@
-// © 2021 Florian Kantelberg - initOS GmbH
-// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
-
-odoo.define("vault.share.widget", function (require) {
-    "use strict";
-
-    const basic_fields = require("web.basic_fields");
-    const core = require("web.core");
-    const registry = require("web.field_registry");
-    const sh_utils = require("vault.share.utils");
-    const utils = require("vault.utils");
-    const vault = require("vault");
-    const vault_fields = require("vault.fields");
-
-    const QWeb = core.qweb;
-
-    // Widget used to view the encrypted pin
-    const VaultPinField = basic_fields.InputField.extend(vault_fields.VaultAbstract, {
-        supportedFieldTypes: ["char"],
-        events: _.extend({}, basic_fields.InputField.prototype.events, {
-            "click .o_vault_show": "_onShowValue",
-            "click .o_vault_clipboard": "_onCopyValue",
-        }),
-        template: "FieldPinVault",
-
-        /**
-         * Prepare the widget by evaluating the field attributes and setting the defaults
-         *
-         * @override
-         */
-        init: function () {
-            this._super.apply(this, arguments);
-
-            this.pin_size = this.attrs.pin_size || sh_utils.PinSize;
-        },
-
-        /**
-         * Decrypt the value using the private key of the vault and slice it to
-         * the actual pin size because there is a salt following
-         *
-         * @private
-         * @param {String} data
-         * @returns the decrypted data
-         */
-        _decrypt: async function (data) {
-            if (!data) return data;
-
-            const private_key = await vault.get_private_key();
-            const plain = await utils.asym_decrypt(private_key, data);
-            return plain.slice(0, this.pin_size);
-        },
-
-        /**
-         * Render the decrypted value or the stars
-         *
-         * @private
-         */
-        _renderReadonly: function () {
-            this._renderValue(this.decrypted_value || "********");
-        },
-
-        /**
-         * Render the decrypted value or the stars
-         *
-         * @private
-         */
-        _renderEdit: function () {
-            this._renderValue(this.decrypted_value || "********");
-        },
-
-        /**
-         * Render the field using the template
-         *
-         * @private
-         * @param {String} value
-         */
-        _renderValue: function (value) {
-            const self = this;
-            this.$el.html(
-                QWeb.render(this.template, {
-                    widget: self,
-                    value: value,
-                    show: !this.decrypted,
-                })
-            );
-        },
-    });
-
-    // Widget used to create shared outgoing secrets encrypted with a pin
-    const VaultShareField = vault_fields.VaultField.extend({
-        events: _.extend({}, vault_fields.VaultField.prototype.events, {
-            "click .o_vault_save": "_onSaveValue",
-        }),
-        template: "FieldVaultShare",
-
-        /**
-         * Prepare the widget by evaluating the field attributes and setting the defaults
-         *
-         * @override
-         */
-        init: function () {
-            this._super.apply(this, arguments);
-
-            this.pin_size = this.attrs.pin_size || sh_utils.PinSize;
-            this.field_salt = this.attrs.salt || "salt";
-            this.field_pin = this.attrs.pin || "pin";
-        },
-
-        /**
-         * Encrypt the pin with a random salt to make it hard to guess him by
-         * encrypting every possilbilty with the public key. Store the pin in the
-         * proper field
-         *
-         * @private
-         */
-        _storePin: async function () {
-            const salt = utils.generate_iv_base64();
-            const crypted_pin = await utils.asym_encrypt(
-                await vault.get_public_key(),
-                this.pin + salt
-            );
-            this._setFieldValue(this.field_pin, crypted_pin);
-        },
-
-        /**
-         * Returns the pin from the class, record data, or generate a new pin if
-         * none s currently available
-         *
-         * @private
-         * @returns the pin
-         */
-        _getPin: async function () {
-            if (this.pin) return this.pin;
-
-            this.pin = this.recordData[this.field_pin];
-            if (this.pin) {
-                // Decrypt the pin and slice him to the configured pin size
-                const private_key = await vault.get_private_key();
-                const plain = await utils.asym_decrypt(private_key, this.pin);
-                this.pin = plain.slice(0, this.pin_size);
-                return this.pin;
-            }
-
-            // Generate a new pin and store it
-            this.pin = sh_utils.generate_pin(this.pin_size);
-            await this._storePin();
-            return this.pin;
-        },
-
-        /**
-         * Returns the salt from the class, record data, or generate a new salt if
-         * none is currently available
-         *
-         * @private
-         * @returns the salt
-         */
-        _getSalt: function () {
-            if (this.salt) return this.salt;
-
-            this.salt = this.recordData[this.field_salt];
-            if (this.salt) return this.salt;
-
-            // Generate a new salt and store him
-            this.salt = utils.toBase64(utils.generate_bytes(utils.SaltLength).buffer);
-            this._setFieldValue(this.field_salt, this.salt);
-            return this.salt;
-        },
-
-        /**
-         * Decrypt the encrypted data using the pin, IV and salt
-         *
-         * @private
-         * @param {String} crypted
-         */
-        _decrypt: async function (crypted) {
-            if (crypted === false) return false;
-
-            if (!utils.supported()) return null;
-
-            const iv = this._getIV();
-            const pin = await this._getPin();
-            const salt = utils.fromBase64(this._getSalt());
-
-            const key = await utils.derive_key(pin, salt, 4000);
-            return await utils.sym_decrypt(key, crypted, iv);
-        },
-
-        /**
-         * Encrypt the data using the pin, IV and salt
-         *
-         * @private
-         * @param {String} data
-         */
-        _encrypt: async function (data) {
-            if (!utils.supported()) return null;
-
-            const iv = this._getIV();
-            const pin = await this._getPin();
-            const salt = utils.fromBase64(this._getSalt());
-
-            const key = await utils.derive_key(pin, salt, 4000);
-            return await utils.sym_encrypt(key, data, iv);
-        },
-
-        /**
-         * Resets the content to the formated value in readonly mode.
-         *
-         * @override
-         * @private
-         */
-        _renderReadonly: function () {
-            const self = this;
-            this.$el.html(
-                QWeb.render(this.template, {
-                    widget: self,
-                    value: this.decrypted_value || "********",
-                    show: !this.decrypted,
-                })
-            );
-        },
-
-        /**
-         * @override
-         * @returns {String} the content of the input
-         */
-        _getValue: function () {
-            return this.$input.val();
-        },
-    });
-
-    // Widget used to view shared incoming secrets encrypted with public keys
-    const VaultShareFile = vault_fields.VaultFile.extend({
-        store_model: "vault.file",
-        template: "FileVaultShare",
-        events: _.extend({}, vault_fields.VaultFile.prototype.events, {
-            "click .o_vault_save": "_onSaveValue",
-        }),
-
-        /**
-         * Prepare the widget by evaluating the field attributes and setting the defaults
-         *
-         * @override
-         */
-        init: function () {
-            this._super.apply(this, arguments);
-
-            this.field_key = this.attrs.key || "key";
-            this.pin_size = this.attrs.pin_size || sh_utils.PinSize;
-            this.field_salt = this.attrs.salt || "salt";
-            this.field_pin = this.attrs.pin || "pin";
-        },
-
-        /**
-         * Encrypt the pin with a random salt to make it hard to guess him by
-         * encrypting every possilbilty with the public key. Store the pin in the
-         * proper field
-         *
-         * @private
-         */
-        _storePin: async function () {
-            const salt = utils.generate_iv_base64();
-            const crypted_pin = await utils.asym_encrypt(
-                await vault.get_public_key(),
-                this.pin + salt
-            );
-            this._setFieldValue(this.field_pin, crypted_pin);
-        },
-
-        /**
-         * Returns the pin from the class, record data, or generate a new pin if
-         * none s currently available
-         *
-         * @private
-         * @returns the pin
-         */
-        _getPin: async function () {
-            if (this.pin) return this.pin;
-
-            this.pin = this.recordData[this.field_pin];
-            if (this.pin) {
-                // Decrypt the pin and slice him to the configured pin size
-                const private_key = await vault.get_private_key();
-                const plain = await utils.asym_decrypt(private_key, this.pin);
-                this.pin = plain.slice(0, this.pin_size);
-                return this.pin;
-            }
-
-            // Generate a new pin and store it
-            this.pin = sh_utils.generate_pin(this.pin_size);
-            await this._storePin();
-            return this.pin;
-        },
-
-        /**
-         * Returns the salt from the class, record data, or generate a new salt if
-         * none is currently available
-         *
-         * @private
-         * @returns the salt
-         */
-        _getSalt: function () {
-            if (this.salt) return this.salt;
-
-            this.salt = this.recordData[this.field_salt];
-            if (this.salt) return this.salt;
-
-            // Generate a new salt and store him
-            this.salt = utils.toBase64(utils.generate_bytes(utils.SaltLength).buffer);
-            this._setFieldValue(this.field_salt, this.salt);
-            return this.salt;
-        },
-
-        _renderReadonly: function () {
-            this.do_toggle(Boolean(this.value));
-            if (this.value) {
-                this.$el.html(
-                    QWeb.render(this.template, {
-                        widget: this,
-                        filename: this.filename_value,
-                    })
-                );
-
-                const $el = this.$(".link");
-                if (this.recordData.id) $el.css("cursor", "pointer");
-                else $el.css("cursor", "not-allowed");
-            }
-        },
-
-        /**
-         * Decrypt the encrypted data using the pin, IV and salt
-         *
-         * @private
-         * @param {String} crypted
-         */
-        _decrypt: async function (crypted) {
-            if (!utils.supported()) return null;
-
-            const iv = this._getIV();
-            const pin = await this._getPin();
-            const salt = utils.fromBase64(this._getSalt());
-
-            const key = await utils.derive_key(pin, salt, 4000);
-            return await utils.sym_decrypt(key, crypted, iv);
-        },
-
-        /**
-         * Encrypt the data using the pin, IV and salt
-         *
-         * @private
-         * @param {String} data
-         */
-        _encrypt: async function (data) {
-            if (!utils.supported()) return null;
-
-            const iv = this._getIV();
-            const pin = await this._getPin();
-            const salt = utils.fromBase64(this._getSalt());
-
-            const key = await utils.derive_key(pin, salt, 4000);
-            return await utils.sym_encrypt(key, data, iv);
-        },
-    });
-
-    registry.add("vault_pin", VaultPinField);
-    registry.add("vault_share", VaultShareField);
-    registry.add("vault_share_file", VaultShareFile);
-});
diff --git a/vault_share/tests/test_share.py b/vault_share/tests/test_share.py
index 1627b660ed..5225bdca04 100644
--- a/vault_share/tests/test_share.py
+++ b/vault_share/tests/test_share.py
@@ -1,6 +1,7 @@
 # © 2021 Florian Kantelberg - initOS GmbH
 # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
 
+import json
 import logging
 from datetime import datetime
 from uuid import uuid4
@@ -16,19 +17,20 @@
 
 
 class TestShare(TransactionCase):
-    def setUp(self):
-        super().setUp()
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
 
-        self.user = self.env.user
-        self.vals = {
-            "name": f"Share {self.user.name}",
+        cls.user = cls.env.user
+        cls.vals = {
+            "name": f"Share {cls.user.name}",
             "secret": "secret",
             "salt": "sa17",
             "iv": "1v",
             "pin": "12345",
         }
 
-        self.share = self.env["vault.share"].create(self.vals)
+        cls.share = cls.env["vault.share"].create(cls.vals)
 
     @mute_logger("odoo.sql_db")
     def test_share(self):
@@ -56,18 +58,21 @@ def test_share(self):
     def test_vault_share(self):
         def return_context(template, context):
             self.assertEqual(template, "vault_share.share")
-            return context
+            return json.dumps(context)
+
+        def load(response):
+            return json.loads(response.data)
 
         with MockRequest(self.env) as request_mock:
             request_mock.render = return_context
             controller = main.Controller()
 
-            response = controller.vault_share("")
+            response = load(controller.vault_share(""))
             self.assertIn("error", response)
 
-            response = controller.vault_share(self.share.token)
+            response = load(controller.vault_share(self.share.token))
             self.assertEqual(response["salt"], self.share.salt)
 
             self.share.accesses = 0
-            response = controller.vault_share(self.share.token)
+            response = load(controller.vault_share(self.share.token))
             self.assertIn("error", response)
diff --git a/vault_share/views/templates.xml b/vault_share/views/templates.xml
index 7649731e52..093369c127 100644
--- a/vault_share/views/templates.xml
+++ b/vault_share/views/templates.xml
@@ -13,10 +13,11 @@
             <input type="hidden" id="filename" t-att-value="filename" />
             <input type="hidden" id="salt" t-att-value="salt" />
             <input type="hidden" id="iv" t-att-value="iv" />
+            <input type="hidden" id="iterations" t-att-value="iterations" />
 
-            <div class="form-group">
+            <div class="form-group" t-if="not error">
                 <label for="pin">Enter the pin:</label>
-                <input type="text" id="pin" class="form-control" />
+                <input type="text" id="pin" class="form-control col-12 alert-danger" />
             </div>
 
             <p class="alert alert-danger" t-if="error" role="alert" t-esc="error" />
@@ -27,21 +28,21 @@
                 t-esc="message"
             />
 
-            <div class="form-group" t-if="encrypted">
+            <div id="secret_group" class="form-group o_hidden" t-if="encrypted">
                 <label for="secret">Shared secret:</label>
                 <input
                     type="text"
                     id="secret"
                     readonly="readonly"
-                    class="alert alert-danger col-12"
+                    class="col-12 form-control"
                 />
             </div>
 
-            <div class="form-group" t-if="encrypted_file">
-                <label for="secret">Shared file:</label><vr /><a
-                    href=""
-                    id="secret_file"
-                />
+            <div id="file_group" class="form-group o_hidden" t-if="encrypted_file">
+                <label for="secret">Shared file:</label>
+                <div class="col-12">
+                    <a href="" id="secret_file" class="form-control" />
+                </div>
             </div>
         </t>
     </template>
diff --git a/vault_share/views/vault_share_views.xml b/vault_share/views/vault_share_views.xml
index da61c5ec4c..ad45e74b05 100644
--- a/vault_share/views/vault_share_views.xml
+++ b/vault_share/views/vault_share_views.xml
@@ -19,14 +19,15 @@
                         <field name="token" invisible="1" />
                         <field name="iv" invisible="1" />
                         <field name="salt" invisible="1" />
+                        <field name="iterations" invisible="1" />
                         <field name="filename" invisible="1" />
 
                         <field name="name" />
-                        <field name="share_link" widget="url" class="oe_read_only" />
+                        <field name="share_link" widget="url" />
                         <field name="pin" widget="vault_pin" />
                         <field name="expiration" />
                         <field name="accesses" />
-                        <field name="secret" widget="vault_share" />
+                        <field name="secret" widget="vault_share_field" />
                         <field
                             name="secret_file"
                             filename="filename"