Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[16.0]FIX auth_saml: password reset when deactivating the config settings #601

Merged
merged 1 commit into from
Jan 8, 2024
Merged

[16.0]FIX auth_saml: password reset when deactivating the config settings #601

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions auth_saml/models/ir_config_parameter.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,13 @@ def write(self, vals):
if self.filtered(lambda param: param.key == ALLOW_SAML_UID_AND_PASSWORD):
self.env["res.users"].allow_saml_and_password_changed()
return result

def unlink(self):
"""Redefined to update users when our parameter is deleted."""
param_saml = self.filtered(
lambda param: param.key == ALLOW_SAML_UID_AND_PASSWORD
)
result = super().unlink()
if result and param_saml:
self.env["res.users"].allow_saml_and_password_changed()
return result
25 changes: 24 additions & 1 deletion auth_saml/tests/test_pysaml.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ def test_login_with_saml(self):
# User should now be able to log in with the token
self.authenticate(user="[email protected]", password=token)

def test_disallow_user_password_when_changing_setting(self):
def test_disallow_user_password_when_changing_ir_config_parameter(self):
"""Test that disabling users from having both a password and SAML ids remove
users password."""
# change the option
Expand Down Expand Up @@ -336,3 +336,26 @@ def test_redirect_after_login(self):
self.base_url()
+ "/web#action=37&model=ir.module.module&view_type=kanban&menu_id=5",
)

def test_disallow_user_password_when_changing_settings(self):
"""Test that disabling the setting will remove passwords from related users"""
# We activate the settings to allow password login
self.env["res.config.settings"].create(
{
"allow_saml_uid_and_internal_password": True,
}
).execute()

# Test the user can login with the password
self.authenticate(user="[email protected]", password="NesTNSte9340D720te>/-A")

self.env["res.config.settings"].create(
{
"allow_saml_uid_and_internal_password": False,
}
).execute()

with self.assertRaises(AccessDenied):
self.authenticate(
user="[email protected]", password="NesTNSte9340D720te>/-A"
)
Loading