Merge pull request #500 from OCA/17.0

Syncing from upstream OCA/server-auth (17.0)
brain-tec · Oct 10, 2024 · a5eed81 · a5eed81
2 parents b92198a + 1abba79
commit a5eed81
Show file tree

Hide file tree

Showing 19 changed files with 219 additions and 26 deletions.
diff --git a/README.md b/README.md
@@ -23,8 +23,8 @@ addon | version | maintainers | summary
 --- | --- | --- | ---
 [auth_admin_passkey](auth_admin_passkey/) | 17.0.1.0.0 |  | Allows system administrator to authenticate with any account
 [auth_admin_passkey_totp_mail_enforce](auth_admin_passkey_totp_mail_enforce/) | 17.0.1.0.0 |  | Disable 2FA if Passkey is being used
-[auth_api_key](auth_api_key/) | 17.0.1.0.0 |  | Authenticate http requests from an API key
-[auth_api_key_group](auth_api_key_group/) | 17.0.1.0.0 | [![simahawk](https://github.com/simahawk.png?size=30px)](https://github.com/simahawk) | Allow grouping API keys together. Grouping per se does nothing. This feature is supposed to be used by other modules to limit access to services or records based on groups of keys.
+[auth_api_key](auth_api_key/) | 17.0.1.1.0 |  | Authenticate http requests from an API key
+[auth_api_key_group](auth_api_key_group/) | 17.0.1.0.1 | [![simahawk](https://github.com/simahawk.png?size=30px)](https://github.com/simahawk) | Allow grouping API keys together. Grouping per se does nothing. This feature is supposed to be used by other modules to limit access to services or records based on groups of keys.
 [auth_api_key_server_env](auth_api_key_server_env/) | 17.0.1.0.0 |  | Configure api keys via server env. This can be very useful to avoid mixing your keys between your various environments when restoring databases. All you have to do is to add a new section to your configuration file according to the following convention:
 [auth_oidc](auth_oidc/) | 17.0.1.0.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
 [auth_saml](auth_saml/) | 17.0.1.0.0 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication

diff --git a/auth_api_key/README.rst b/auth_api_key/README.rst
@@ -7,12 +7,12 @@ Auth Api Key
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:455a0f8646088cc228c9423fcbabbc1d81cabbebd0cac6dcf07bbbe000a6fc87
+   !! source digest: sha256:5baa940e682e7653045bd8939d27f501b2409da7a9b3ec1ca80597eb2b79e7b7
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
-.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+.. |badge1| image:: https://img.shields.io/badge/maturity-Production%2FStable-green.png
     :target: https://odoo-community.org/page/development-status
-    :alt: Beta
+    :alt: Production/Stable
 .. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
     :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
     :alt: License: LGPL-3

diff --git a/auth_api_key/__manifest__.py b/auth_api_key/__manifest__.py
@@ -5,10 +5,15 @@
     "name": "Auth Api Key",
     "summary": """
         Authenticate http requests from an API key""",
-    "version": "17.0.1.0.0",
+    "version": "17.0.1.1.0",
     "license": "LGPL-3",
     "author": "ACSONE SA/NV,Odoo Community Association (OCA)",
     "website": "https://github.com/OCA/server-auth",
-    "development_status": "Beta",
-    "data": ["security/ir.model.access.csv", "views/auth_api_key.xml"],
+    "development_status": "Production/Stable",
+    "depends": ["base_setup"],
+    "data": [
+        "security/ir.model.access.csv",
+        "views/auth_api_key.xml",
+        "views/res_config_settings.xml",
+    ],
 }
diff --git a/auth_api_key/i18n/auth_api_key.pot b/auth_api_key/i18n/auth_api_key.pot
@@ -18,17 +18,37 @@ msgstr ""
 msgid "API Key"
 msgstr ""
 
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__active
+msgid "Active"
+msgstr ""
+
 #. module: auth_api_key
 #: model:ir.model.constraint,message:auth_api_key.constraint_auth_api_key_name_uniq
 msgid "Api Key name must be unique."
 msgstr ""
 
+#. module: auth_api_key
+#: model_terms:ir.ui.view,arch_db:auth_api_key.auth_api_key_form_view
+msgid "Archived"
+msgstr ""
+
 #. module: auth_api_key
 #: model:ir.actions.act_window,name:auth_api_key.auth_api_key_act_window
 #: model:ir.ui.menu,name:auth_api_key.auth_api_key_menu
 msgid "Auth Api Key"
 msgstr ""
 
+#. module: auth_api_key
+#: model:ir.model,name:auth_api_key.model_res_company
+msgid "Companies"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model,name:auth_api_key.model_res_config_settings
+msgid "Config Settings"
+msgstr ""
+
 #. module: auth_api_key
 #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_uid
 msgid "Created by"
@@ -39,6 +59,17 @@ msgstr ""
 msgid "Created on"
 msgstr ""
 
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_res_company__archived_user_disable_auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_res_config_settings__archived_user_disable_auth_api_key
+msgid "Disable API key for archived user"
+msgstr ""
+
+#. module: auth_api_key
+#: model_terms:ir.ui.view,arch_db:auth_api_key.res_config_settings_view_form
+msgid "Disable API key when archiving user"
+msgstr ""
+
 #. module: auth_api_key
 #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__display_name
 msgid "Display Name"
@@ -54,6 +85,15 @@ msgstr ""
 msgid "ID"
 msgstr ""
 
+#. module: auth_api_key
+#: model:ir.model.fields,help:auth_api_key.field_res_company__archived_user_disable_auth_api_key
+#: model:ir.model.fields,help:auth_api_key.field_res_config_settings__archived_user_disable_auth_api_key
+msgid ""
+"If checked, when a user is archived/unactivated the same change is "
+"propagated to his related api key. It is not retroactive (nothing is done  "
+"when enabling/disabling this option)."
+msgstr ""
+
 #. module: auth_api_key
 #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__key
 msgid "Key"

diff --git a/auth_api_key/i18n/it.po b/auth_api_key/i18n/it.po
@@ -21,17 +21,37 @@ msgstr ""
 msgid "API Key"
 msgstr "Chiave API"
 
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__active
+msgid "Active"
+msgstr ""
+
 #. module: auth_api_key
 #: model:ir.model.constraint,message:auth_api_key.constraint_auth_api_key_name_uniq
 msgid "Api Key name must be unique."
 msgstr "La chiave API deve essere univoca."
 
+#. module: auth_api_key
+#: model_terms:ir.ui.view,arch_db:auth_api_key.auth_api_key_form_view
+msgid "Archived"
+msgstr ""
+
 #. module: auth_api_key
 #: model:ir.actions.act_window,name:auth_api_key.auth_api_key_act_window
 #: model:ir.ui.menu,name:auth_api_key.auth_api_key_menu
 msgid "Auth Api Key"
 msgstr "Chiave API di autenticazione"
 
+#. module: auth_api_key
+#: model:ir.model,name:auth_api_key.model_res_company
+msgid "Companies"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model,name:auth_api_key.model_res_config_settings
+msgid "Config Settings"
+msgstr ""
+
 #. module: auth_api_key
 #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_uid
 msgid "Created by"
@@ -42,6 +62,17 @@ msgstr "Creato da"
 msgid "Created on"
 msgstr "Creato il"
 
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_res_company__archived_user_disable_auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_res_config_settings__archived_user_disable_auth_api_key
+msgid "Disable API key for archived user"
+msgstr ""
+
+#. module: auth_api_key
+#: model_terms:ir.ui.view,arch_db:auth_api_key.res_config_settings_view_form
+msgid "Disable API key when archiving user"
+msgstr ""
+
 #. module: auth_api_key
 #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__display_name
 msgid "Display Name"
@@ -57,6 +88,15 @@ msgstr "Instradamento HTTP"
 msgid "ID"
 msgstr "ID"
 
+#. module: auth_api_key
+#: model:ir.model.fields,help:auth_api_key.field_res_company__archived_user_disable_auth_api_key
+#: model:ir.model.fields,help:auth_api_key.field_res_config_settings__archived_user_disable_auth_api_key
+msgid ""
+"If checked, when a user is archived/unactivated the same change is "
+"propagated to his related api key. It is not retroactive (nothing is done  "
+"when enabling/disabling this option)."
+msgstr ""
+
 #. module: auth_api_key
 #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__key
 msgid "Key"

diff --git a/auth_api_key/models/__init__.py b/auth_api_key/models/__init__.py
@@ -1,2 +1,4 @@
 from . import ir_http
 from . import auth_api_key
+from . import res_company
+from . import res_config_settings
diff --git a/auth_api_key/models/auth_api_key.py b/auth_api_key/models/auth_api_key.py
@@ -23,6 +23,11 @@ class AuthApiKey(models.Model):
         help="""The user used to process the requests authenticated by
         the api key""",
     )
+    # Not using related to stay backward compatible with having active keys
+    # for archived users (no need being invoiced by Odoo for api request users)
+    active = fields.Boolean(
+        compute="_compute_active", readonly=False, store=True, default=True
+    )
 
     _sql_constraints = [("name_uniq", "unique(name)", "Api Key name must be unique.")]
 
@@ -48,6 +53,17 @@ def _retrieve_uid_from_api_key(self, key):
     def _clear_key_cache(self):
         self.env.registry.clear_cache()
 
+    @api.depends(
+        "user_id.active", "user_id.company_id.archived_user_disable_auth_api_key"
+    )
+    def _compute_active(self):
+        option_disable_key = self.user_id.company_id.archived_user_disable_auth_api_key
+        for record in self:
+            if option_disable_key:
+                record.active = record.user_id.active
+            # To stay coherent if the option is disabled the active field is not
+            # changed. Because the field is stored, it should not be an issue.
+
     @api.model_create_multi
     def create(self, vals_list):
         records = super().create(vals_list)

diff --git a/auth_api_key/models/res_company.py b/auth_api_key/models/res_company.py
@@ -0,0 +1,17 @@
+# Copyright 2023 Camptocamp SA
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
+
+from odoo import fields, models
+
+
+class ResCompany(models.Model):
+    _inherit = "res.company"
+
+    archived_user_disable_auth_api_key = fields.Boolean(
+        string="Disable API key for archived user",
+        help=(
+            "If checked, when a user is archived/unactivated the same change is "
+            "propagated to his related api key. It is not retroactive (nothing is done "
+            " when enabling/disabling this option)."
+        ),
+    )
diff --git a/auth_api_key/models/res_config_settings.py b/auth_api_key/models/res_config_settings.py
@@ -0,0 +1,12 @@
+# Copyright 2023 Camptocamp SA
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
+
+from odoo import fields, models
+
+
+class ResConfigSettings(models.TransientModel):
+    _inherit = "res.config.settings"
+
+    archived_user_disable_auth_api_key = fields.Boolean(
+        related="company_id.archived_user_disable_auth_api_key", readonly=False
+    )
diff --git a/auth_api_key/static/description/index.html b/auth_api_key/static/description/index.html
@@ -8,10 +8,11 @@
 
 /*
 :Author: David Goodger ([email protected])
-:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
+:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
 :Copyright: This stylesheet has been placed in the public domain.
 
 Default cascading style sheet for the HTML output of Docutils.
+Despite the name, some widely supported CSS2 features are used.
 
 See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
 customize this style sheet.
@@ -274,7 +275,7 @@
   margin-left: 2em ;
   margin-right: 2em }
 
-pre.code .ln { color: grey; } /* line numbers */
+pre.code .ln { color: gray; } /* line numbers */
 pre.code, code { background-color: #eeeeee }
 pre.code .comment, code .comment { color: #5C6576 }
 pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
@@ -300,7 +301,7 @@
 span.pre {
   white-space: pre }
 
-span.problematic {
+span.problematic, pre.problematic {
   color: red }
 
 span.section-subtitle {
@@ -366,9 +367,9 @@ <h1 class="title">Auth Api Key</h1>
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:455a0f8646088cc228c9423fcbabbc1d81cabbebd0cac6dcf07bbbe000a6fc87
+!! source digest: sha256:5baa940e682e7653045bd8939d27f501b2409da7a9b3ec1ca80597eb2b79e7b7
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
-<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/17.0/auth_api_key"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_api_key"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=17.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Production/Stable" src="https://img.shields.io/badge/maturity-Production%2FStable-green.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/17.0/auth_api_key"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_api_key"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=17.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>Authenticate http requests from an API key.</p>
 <p>API keys are codes passed in (in the http header API-KEY) by programs
 calling an API in order to identify -in this case- the calling program’s
@@ -442,7 +443,9 @@ <h2><a class="toc-backref" href="#toc-entry-6">Contributors</a></h2>
 <div class="section" id="maintainers">
 <h2><a class="toc-backref" href="#toc-entry-7">Maintainers</a></h2>
 <p>This module is maintained by the OCA.</p>
-<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<a class="reference external image-reference" href="https://odoo-community.org">
+<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
+</a>
 <p>OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.</p>

diff --git a/auth_api_key/tests/test_auth_api_key.py b/auth_api_key/tests/test_auth_api_key.py
@@ -43,3 +43,28 @@ def test_cache_invalidation(self):
         )
         with self.assertRaises(ValidationError):
             self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key")
+
+    def test_user_archived_unarchived_with_option_on(self):
+        self.env.company.archived_user_disable_auth_api_key = True
+        demo_user = self.env.ref("base.user_demo")
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )
+        demo_user.active = False
+        with self.assertRaises(ValidationError):
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key")
+        demo_user.active = True
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )
+
+    def test_user_archived_unarchived_with_option_off(self):
+        self.env.company.archived_user_disable_auth_api_key = False
+        demo_user = self.env.ref("base.user_demo")
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )
+        demo_user.active = False
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )
diff --git a/auth_api_key/views/auth_api_key.xml b/auth_api_key/views/auth_api_key.xml
@@ -6,15 +6,22 @@
         <field name="name">auth.api.key.form (in auth_api_key)</field>
         <field name="model">auth.api.key</field>
         <field name="arch" type="xml">
-            <form create="false" edit="false">
+            <form>
                 <sheet>
+                  <field name="active" invisible="1" />
+                  <widget
+                        name="web_ribbon"
+                        title="Archived"
+                        bg_color="bg-danger"
+                        invisible="active"
+                    />
                     <label for="name" class="oe_edit_only" />
                     <h1>
                         <field name="name" class="oe_inline" />
                     </h1>
                     <group name="config" colspan="4" col="4">
                         <field name="user_id" colspan="4" />
-                        <field name="key" colspan="4" />
+                        <field name="key" colspan="4" password="True" />
                     </group>
                 </sheet>
             </form>

diff --git a/auth_api_key/views/res_config_settings.xml b/auth_api_key/views/res_config_settings.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- Copyright 2023 Camptocamp SA
+     License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
+<odoo>
+
+  <record id="res_config_settings_view_form" model="ir.ui.view">
+    <field name="name">res.config.settings.form.inherit</field>
+    <field name="model">res.config.settings</field>
+    <field name="inherit_id" ref="base_setup.res_config_settings_view_form" />
+    <field name="arch" type="xml">
+      <xpath expr="//block[@id='user_default_rights']" position="inside">
+        <setting
+                    groups="base.group_no_one"
+                    id="api_key_archive_with_user"
+                    string="Disable API key when archiving user"
+                >
+          <field name="archived_user_disable_auth_api_key" />
+        </setting>
+
+      </xpath>
+
+    </field>
+  </record>
+
+</odoo>