[MIG][16.0] Migration of vault_share

setup/vault_share/odoo/addons/vault_share

@@ -0,0 +1 @@
+../../../../vault_share

setup/vault_share/setup.py

@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)

vault_share/README.rst

@@ -0,0 +1,86 @@
+=============
+Vault - Share
+=============
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:9a16926a6329561017dac0fa81e331bcd50b83bc373281609831a25e42fb3e0c
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/16.0/vault_share
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-vault_share
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module implements possibilities to share specific secrets with external users. This bases on the vault implementation and the generated RSA key pair.
+
+Share
+=====
+
+This allows an user to share a secret with external users. A share can be generated from a vault entry or directly created by an user. The secret is symmetrically encrypted by a key derived from a pin. To grant access the user has to transmit the link and pin with the external. If either the access counter reaches 0 or the share expires it will be deleted automatically. Due to the usage of a numeric pin and the browser side decryption a share is vulnerable to brute-force attacks and shouldn't be used as a permanent storage for secrets. For long time uses the user should create an account and a vault should be used.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Known issues / Roadmap
+======================
+
+* Secure the download of the encrypted file behind a challenge/response
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20vault_share%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* initOS GmbH
+
+Contributors
+~~~~~~~~~~~~
+
+* Florian Kantelberg <[email protected]>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/vault_share>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

vault_share/__init__.py

@@ -0,0 +1,4 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import controllers, models

vault_share/__manifest__.py

@@ -0,0 +1,35 @@
+# © 2021-2024 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Vault - Share",
+    "summary": "Implementation of a mechanism to share secrets",
+    "license": "AGPL-3",
+    "version": "16.0.1.0.0",
+    "website": "https://github.com/OCA/server-auth",
+    "application": False,
+    "author": "initOS GmbH, Odoo Community Association (OCA)",
+    "category": "Vault",
+    "depends": ["vault"],
+    "data": [
+        "data/ir_cron.xml",
+        "security/ir.model.access.csv",
+        "security/ir_rule.xml",
+        "views/menuitems.xml",
+        "views/res_config_settings_views.xml",
+        "views/templates.xml",
+        "views/vault_share_views.xml",
+    ],
+    "assets": {
+        "web.assets_backend": [
+            "vault_share/static/src/common/**/*.js",
+            "vault_share/static/src/backend/**/*.js",
+            "vault_share/static/src/backend/**/*.scss",
+            "vault_share/static/src/backend/**/*.xml",
+        ],
+        "vault_share.assets_frontend": [
+            "vault/static/src/common/*.js",
+            "vault_share/static/src/frontend/*.js",
+        ],
+    },
+}

vault_share/controllers/__init__.py

@@ -0,0 +1,4 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import main

vault_share/controllers/main.py

@@ -0,0 +1,36 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, http
+from odoo.http import request
+
+_logger = logging.getLogger(__name__)
+
+
+class Controller(http.Controller):
+    @http.route("/vault/share/<string:token>", type="http", auth="public")
+    def vault_share(self, token):
+        ctx = {"disable_footer": True, "token": token}
+        share = request.env["vault.share"].sudo()
+        secret = share.get(token, ip=request.httprequest.remote_addr)
+        if secret is None:
+            ctx["error"] = _("The secret expired")
+            return request.render("vault_share.share", ctx)
+
+        if len(secret) != 1:
+            ctx["error"] = _("Invalid token")
+            return request.render("vault_share.share", ctx)
+
+        ctx.update(
+            {
+                "encrypted": secret.secret,
+                "salt": secret.salt,
+                "iv": secret.iv,
+                "encrypted_file": secret.secret_file,
+                "filename": secret.filename,
+                "iterations": secret.iterations,
+            }
+        )
+        return request.render("vault_share.share", ctx)

vault_share/data/ir_cron.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo noupdate="1">
+    <record id="cron_share_clean" model="ir.cron">
+        <field name="name">Clean outgoing share</field>
+        <field name="model_id" ref="model_vault_share" />
+        <field name="state">code</field>
+        <field name="code">model.clean()</field>
+        <field name="interval_number">1</field>
+        <field name="interval_type">minutes</field>
+        <field name="numbercall">-1</field>
+        <field name="active" eval="True" />
+    </record>
+</odoo>