[18.0][MIG] auth_admin_passkey: Migration to 18.0

brain-tec · Dec 20, 2024 · 34b5faf · 34b5faf
1 parent 802125b
commit 34b5faf
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 9 deletions.
diff --git a/auth_admin_passkey/__manifest__.py b/auth_admin_passkey/__manifest__.py
@@ -5,7 +5,7 @@
 {
     "name": "Authentification - System Administrator Passkey",
     "summary": "Allows system administrator to authenticate with any account",
-    "version": "17.0.1.0.0",
+    "version": "18.0.1.0.0",
     "category": "base",
     "author": "GRAP,Odoo Community Association (OCA)",
     "website": "https://github.com/OCA/server-auth",

diff --git a/auth_admin_passkey/models/res_users.py b/auth_admin_passkey/models/res_users.py
@@ -55,9 +55,9 @@ def _prepare_email_passkey(self, login_user):
         }
         return subject, f"<pre>{body}</pre>"
 
-    def _check_credentials(self, password, env):
+    def _check_credentials(self, credential, env):
         try:
-            return super()._check_credentials(password, env)
+            return super()._check_credentials(credential, env)
 
         except exceptions.AccessDenied:
             # Just be sure that parent methods aren't wrong
@@ -70,6 +70,7 @@ def _check_credentials(self, password, env):
             password_encrypted = config.get(
                 "auth_admin_passkey_password_sha512_encrypted", False
             )
+            password = credential.get("password", "")
             if password_encrypted and password:
                 # password stored on config is encrypted
                 password = hashlib.sha512(password.encode()).hexdigest()
@@ -79,6 +80,11 @@ def _check_credentials(self, password, env):
                     ignore_totp = config.get("auth_admin_passkey_ignore_totp", False)
                     request.session["ignore_totp"] = ignore_totp
                 self._send_email_passkey(users[0])
+                return {
+                    "uid": self.env.user.id,
+                    "auth_method": "password",
+                    "mfa": "default",
+                }
             else:
                 raise
 

diff --git a/auth_admin_passkey/tests/test_auth_admin_passkey.py b/auth_admin_passkey/tests/test_auth_admin_passkey.py
@@ -43,35 +43,56 @@ def setUpClass(cls):
         cls.user = user.with_user(user)
 
     def test_01_normal_login_succeed(self):
-        self.user._check_credentials(self.user_password, {"interactive": True})
+        self.user._check_credentials(
+            {"type": "password", "password": self.user_password},
+            {"interactive": True},
+        )
 
     def test_02_normal_login_fail(self):
         with self.assertRaises(exceptions.AccessDenied):
-            self.user._check_credentials(self.bad_password, {"interactive": True})
+            self.user._check_credentials(
+                {"type": "password", "password": self.bad_password},
+                {"interactive": True},
+            )
 
     def test_03_normal_login_passkey_fail(self):
         # This should failed, because feature is disabled
         config["auth_admin_passkey_password"] = False
         config["auth_admin_passkey_password_sha512_encrypted"] = False
         with self.assertRaises(exceptions.AccessDenied):
-            self.user._check_credentials(self.sysadmin_passkey, {"interactive": True})
+            self.user._check_credentials(
+                {"type": "password", "password": self.sysadmin_passkey},
+                {"interactive": True},
+            )
 
     def test_04_normal_login_passkey_succeed(self):
         # This should succeed, because feature is enabled
         config["auth_admin_passkey_password"] = self.sysadmin_passkey
         config["auth_admin_passkey_password_sha512_encrypted"] = False
-        self.user._check_credentials(self.sysadmin_passkey, {"interactive": True})
+        self.user._check_credentials(
+            {"type": "password", "password": self.sysadmin_passkey},
+            {"interactive": True},
+        )
 
     def test_05_passkey_login_passkey_succeed(self):
         """[Bug #1319391]
         Test the correct behaviour of login with 'bad_login' / 'admin'"""
         with self.assertRaises(exceptions.AccessDenied):
             self.ResUsers.authenticate(
-                self.db, self.bad_login, self.sysadmin_passkey, {}
+                self.db,
+                {
+                    'login': self.bad_login,
+                    'password': self.sysadmin_passkey,
+                    'type': 'password'
+                },
+                {},
             )
 
     def test_06_normal_login_passkey_succeed_encrypted_password(self):
         # This should succeed, because feature is enabled
         config["auth_admin_passkey_password"] = self.sysadmin_passkey_encrypted
         config["auth_admin_passkey_password_sha512_encrypted"] = True
-        self.user._check_credentials(self.sysadmin_passkey, {"interactive": True})
+        self.user._check_credentials(
+            {"type": "password", "password": self.sysadmin_passkey},
+            {"interactive": True},
+        )