Merge pull request #495 from OCA/15.0

Syncing from upstream OCA/server-auth (15.0)
brain-tec · Sep 19, 2024 · 40328f1 · 40328f1
2 parents aba762c + 241f1b8
commit 40328f1
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -28,7 +28,7 @@ addon | version | maintainers | summary
 [auth_ldaps](auth_ldaps/) | 15.0.1.0.0 |  | Allows to use LDAP over SSL authentication
 [auth_oauth_multi_token](auth_oauth_multi_token/) | 15.0.1.0.1 |  | Allow multiple connection with the same OAuth account
 [auth_oidc](auth_oidc/) | 15.0.1.1.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
-[auth_saml](auth_saml/) | 15.0.1.4.4 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
+[auth_saml](auth_saml/) | 15.0.1.4.5 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
 [auth_session_timeout](auth_session_timeout/) | 15.0.1.0.2 |  | This module disable all inactive sessions since a given delay
 [auth_signup_partner_company](auth_signup_partner_company/) | 15.0.1.0.0 |  | Auth Signup Partner Company
 [auth_signup_verify_email](auth_signup_verify_email/) | 15.0.1.0.0 |  | Force uninvited users to use a good email for signup

diff --git a/auth_saml/README.rst b/auth_saml/README.rst
@@ -7,7 +7,7 @@ SAML2 Authentication
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:3d094315fa5db7ee4f5ad9817157ab66543b35e19f18b4f6844c8291be232302
+   !! source digest: sha256:62c687de47ad385a7704ff7419f44c2d928661ef2602c7d59f61d2d418814a93
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
@@ -60,6 +60,11 @@ This addon requires the python module ``pysaml2``.
 
 ``pysaml2`` requires the binary ``xmlsec1`` (on Debian or Ubuntu you can install it with ``apt-get install xmlsec1``)
 
+When following the requirements.txt from odoo, the cryptography module must not be the latest version, otherwise it is incompatible with pyopenssl 19.
+This is necessary because old cryptography/pyopenssl don't declare minimum supported versions.
+It is possible to use newer version of those libraries, eventually patching the Odoo core to stay compatible.
+As this issue is not related to this module, nothing is enforced at the module level.
+
 Configuration
 =============
 

diff --git a/auth_saml/__manifest__.py b/auth_saml/__manifest__.py
@@ -4,22 +4,15 @@
 
 {
     "name": "SAML2 Authentication",
-    "version": "15.0.1.4.4",
+    "version": "15.0.1.4.5",
     "category": "Tools",
     "author": "XCG Consulting, Odoo Community Association (OCA)",
     "maintainers": ["vincent-hatakeyama"],
     "website": "https://github.com/OCA/server-auth",
     "license": "AGPL-3",
     "depends": ["base_setup", "web"],
     "external_dependencies": {
-        # Place an upper bound on cryptography version to be compatible with
-        # pyopenssl 19 mentioned in Odoo 15's requirements.txt. If we don't do
-        # this, installing this module will try to upgrade cryptography to the latest
-        # version because the minimum required version in pysaml2 (>=3.1) is greater than
-        # version 2.6 (from Odoo's requirement.txt). Since cryptography/pyopenssl don't
-        # declare minimum supported versions, this lead to inconsistencies.
-        # https://github.com/OCA/server-auth/issues/424
-        "python": ["pysaml2", "cryptography<37"],
+        "python": ["pysaml2"],
         "bin": ["xmlsec1"],
         # special definition used by OCA to install packages
         "deb": ["xmlsec1"],

diff --git a/auth_saml/readme/INSTALL.rst b/auth_saml/readme/INSTALL.rst
@@ -1,3 +1,8 @@
 This addon requires the python module ``pysaml2``.
 
 ``pysaml2`` requires the binary ``xmlsec1`` (on Debian or Ubuntu you can install it with ``apt-get install xmlsec1``)
+
+When following the requirements.txt from odoo, the cryptography module must not be the latest version, otherwise it is incompatible with pyopenssl 19.
+This is necessary because old cryptography/pyopenssl don't declare minimum supported versions.
+It is possible to use newer version of those libraries, eventually patching the Odoo core to stay compatible.
+As this issue is not related to this module, nothing is enforced at the module level.
diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,4 @@
 # generated from manifests external_dependencies
-cryptography<37
 email_validator
 lxml
 pysaml2

diff --git a/test-requirements.txt b/test-requirements.txt
@@ -1 +1,3 @@
 responses
+# necessary to avoid incompatibilities with pyopenssl
+cryptography<37