diff --git a/README.md b/README.md index 47eef69785..1b4d3221dd 100644 --- a/README.md +++ b/README.md @@ -23,8 +23,8 @@ addon | version | maintainers | summary --- | --- | --- | --- [auth_admin_passkey](auth_admin_passkey/) | 17.0.1.0.0 | | Allows system administrator to authenticate with any account [auth_admin_passkey_totp_mail_enforce](auth_admin_passkey_totp_mail_enforce/) | 17.0.1.0.0 | | Disable 2FA if Passkey is being used -[auth_api_key](auth_api_key/) | 17.0.1.0.0 | | Authenticate http requests from an API key -[auth_api_key_group](auth_api_key_group/) | 17.0.1.0.0 | [![simahawk](https://github.com/simahawk.png?size=30px)](https://github.com/simahawk) | Allow grouping API keys together. Grouping per se does nothing. This feature is supposed to be used by other modules to limit access to services or records based on groups of keys. +[auth_api_key](auth_api_key/) | 17.0.1.1.0 | | Authenticate http requests from an API key +[auth_api_key_group](auth_api_key_group/) | 17.0.1.0.1 | [![simahawk](https://github.com/simahawk.png?size=30px)](https://github.com/simahawk) | Allow grouping API keys together. Grouping per se does nothing. This feature is supposed to be used by other modules to limit access to services or records based on groups of keys. [auth_api_key_server_env](auth_api_key_server_env/) | 17.0.1.0.0 | | Configure api keys via server env. This can be very useful to avoid mixing your keys between your various environments when restoring databases. All you have to do is to add a new section to your configuration file according to the following convention: [auth_oidc](auth_oidc/) | 17.0.1.0.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider [auth_saml](auth_saml/) | 17.0.1.0.0 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication diff --git a/auth_api_key/README.rst b/auth_api_key/README.rst index 99e2eda85f..e7ed039f96 100644 --- a/auth_api_key/README.rst +++ b/auth_api_key/README.rst @@ -7,12 +7,12 @@ Auth Api Key !! This file is generated by oca-gen-addon-readme !! !! changes will be overwritten. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - !! source digest: sha256:455a0f8646088cc228c9423fcbabbc1d81cabbebd0cac6dcf07bbbe000a6fc87 + !! source digest: sha256:5baa940e682e7653045bd8939d27f501b2409da7a9b3ec1ca80597eb2b79e7b7 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png +.. |badge1| image:: https://img.shields.io/badge/maturity-Production%2FStable-green.png :target: https://odoo-community.org/page/development-status - :alt: Beta + :alt: Production/Stable .. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html :alt: License: LGPL-3 diff --git a/auth_api_key/__manifest__.py b/auth_api_key/__manifest__.py index c894a84d7b..d429a0d465 100644 --- a/auth_api_key/__manifest__.py +++ b/auth_api_key/__manifest__.py @@ -5,10 +5,15 @@ "name": "Auth Api Key", "summary": """ Authenticate http requests from an API key""", - "version": "17.0.1.0.0", + "version": "17.0.1.1.0", "license": "LGPL-3", "author": "ACSONE SA/NV,Odoo Community Association (OCA)", "website": "https://github.com/OCA/server-auth", - "development_status": "Beta", - "data": ["security/ir.model.access.csv", "views/auth_api_key.xml"], + "development_status": "Production/Stable", + "depends": ["base_setup"], + "data": [ + "security/ir.model.access.csv", + "views/auth_api_key.xml", + "views/res_config_settings.xml", + ], } diff --git a/auth_api_key/i18n/auth_api_key.pot b/auth_api_key/i18n/auth_api_key.pot index 16489df0cb..04b3f504a1 100644 --- a/auth_api_key/i18n/auth_api_key.pot +++ b/auth_api_key/i18n/auth_api_key.pot @@ -18,17 +18,37 @@ msgstr "" msgid "API Key" msgstr "" +#. module: auth_api_key +#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__active +msgid "Active" +msgstr "" + #. module: auth_api_key #: model:ir.model.constraint,message:auth_api_key.constraint_auth_api_key_name_uniq msgid "Api Key name must be unique." msgstr "" +#. module: auth_api_key +#: model_terms:ir.ui.view,arch_db:auth_api_key.auth_api_key_form_view +msgid "Archived" +msgstr "" + #. module: auth_api_key #: model:ir.actions.act_window,name:auth_api_key.auth_api_key_act_window #: model:ir.ui.menu,name:auth_api_key.auth_api_key_menu msgid "Auth Api Key" msgstr "" +#. module: auth_api_key +#: model:ir.model,name:auth_api_key.model_res_company +msgid "Companies" +msgstr "" + +#. module: auth_api_key +#: model:ir.model,name:auth_api_key.model_res_config_settings +msgid "Config Settings" +msgstr "" + #. module: auth_api_key #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_uid msgid "Created by" @@ -39,6 +59,17 @@ msgstr "" msgid "Created on" msgstr "" +#. module: auth_api_key +#: model:ir.model.fields,field_description:auth_api_key.field_res_company__archived_user_disable_auth_api_key +#: model:ir.model.fields,field_description:auth_api_key.field_res_config_settings__archived_user_disable_auth_api_key +msgid "Disable API key for archived user" +msgstr "" + +#. module: auth_api_key +#: model_terms:ir.ui.view,arch_db:auth_api_key.res_config_settings_view_form +msgid "Disable API key when archiving user" +msgstr "" + #. module: auth_api_key #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__display_name msgid "Display Name" @@ -54,6 +85,15 @@ msgstr "" msgid "ID" msgstr "" +#. module: auth_api_key +#: model:ir.model.fields,help:auth_api_key.field_res_company__archived_user_disable_auth_api_key +#: model:ir.model.fields,help:auth_api_key.field_res_config_settings__archived_user_disable_auth_api_key +msgid "" +"If checked, when a user is archived/unactivated the same change is " +"propagated to his related api key. It is not retroactive (nothing is done " +"when enabling/disabling this option)." +msgstr "" + #. module: auth_api_key #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__key msgid "Key" diff --git a/auth_api_key/i18n/it.po b/auth_api_key/i18n/it.po index cfb1f39043..af44b74a59 100644 --- a/auth_api_key/i18n/it.po +++ b/auth_api_key/i18n/it.po @@ -21,17 +21,37 @@ msgstr "" msgid "API Key" msgstr "Chiave API" +#. module: auth_api_key +#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__active +msgid "Active" +msgstr "" + #. module: auth_api_key #: model:ir.model.constraint,message:auth_api_key.constraint_auth_api_key_name_uniq msgid "Api Key name must be unique." msgstr "La chiave API deve essere univoca." +#. module: auth_api_key +#: model_terms:ir.ui.view,arch_db:auth_api_key.auth_api_key_form_view +msgid "Archived" +msgstr "" + #. module: auth_api_key #: model:ir.actions.act_window,name:auth_api_key.auth_api_key_act_window #: model:ir.ui.menu,name:auth_api_key.auth_api_key_menu msgid "Auth Api Key" msgstr "Chiave API di autenticazione" +#. module: auth_api_key +#: model:ir.model,name:auth_api_key.model_res_company +msgid "Companies" +msgstr "" + +#. module: auth_api_key +#: model:ir.model,name:auth_api_key.model_res_config_settings +msgid "Config Settings" +msgstr "" + #. module: auth_api_key #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_uid msgid "Created by" @@ -42,6 +62,17 @@ msgstr "Creato da" msgid "Created on" msgstr "Creato il" +#. module: auth_api_key +#: model:ir.model.fields,field_description:auth_api_key.field_res_company__archived_user_disable_auth_api_key +#: model:ir.model.fields,field_description:auth_api_key.field_res_config_settings__archived_user_disable_auth_api_key +msgid "Disable API key for archived user" +msgstr "" + +#. module: auth_api_key +#: model_terms:ir.ui.view,arch_db:auth_api_key.res_config_settings_view_form +msgid "Disable API key when archiving user" +msgstr "" + #. module: auth_api_key #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__display_name msgid "Display Name" @@ -57,6 +88,15 @@ msgstr "Instradamento HTTP" msgid "ID" msgstr "ID" +#. module: auth_api_key +#: model:ir.model.fields,help:auth_api_key.field_res_company__archived_user_disable_auth_api_key +#: model:ir.model.fields,help:auth_api_key.field_res_config_settings__archived_user_disable_auth_api_key +msgid "" +"If checked, when a user is archived/unactivated the same change is " +"propagated to his related api key. It is not retroactive (nothing is done " +"when enabling/disabling this option)." +msgstr "" + #. module: auth_api_key #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__key msgid "Key" diff --git a/auth_api_key/models/__init__.py b/auth_api_key/models/__init__.py index dee3379fea..7c1ac84290 100644 --- a/auth_api_key/models/__init__.py +++ b/auth_api_key/models/__init__.py @@ -1,2 +1,4 @@ from . import ir_http from . import auth_api_key +from . import res_company +from . import res_config_settings diff --git a/auth_api_key/models/auth_api_key.py b/auth_api_key/models/auth_api_key.py index 416cd4ab7f..dfc61f1c30 100644 --- a/auth_api_key/models/auth_api_key.py +++ b/auth_api_key/models/auth_api_key.py @@ -23,6 +23,11 @@ class AuthApiKey(models.Model): help="""The user used to process the requests authenticated by the api key""", ) + # Not using related to stay backward compatible with having active keys + # for archived users (no need being invoiced by Odoo for api request users) + active = fields.Boolean( + compute="_compute_active", readonly=False, store=True, default=True + ) _sql_constraints = [("name_uniq", "unique(name)", "Api Key name must be unique.")] @@ -48,6 +53,17 @@ def _retrieve_uid_from_api_key(self, key): def _clear_key_cache(self): self.env.registry.clear_cache() + @api.depends( + "user_id.active", "user_id.company_id.archived_user_disable_auth_api_key" + ) + def _compute_active(self): + option_disable_key = self.user_id.company_id.archived_user_disable_auth_api_key + for record in self: + if option_disable_key: + record.active = record.user_id.active + # To stay coherent if the option is disabled the active field is not + # changed. Because the field is stored, it should not be an issue. + @api.model_create_multi def create(self, vals_list): records = super().create(vals_list) diff --git a/auth_api_key/models/res_company.py b/auth_api_key/models/res_company.py new file mode 100644 index 0000000000..adfdf2cb78 --- /dev/null +++ b/auth_api_key/models/res_company.py @@ -0,0 +1,17 @@ +# Copyright 2023 Camptocamp SA +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html) + +from odoo import fields, models + + +class ResCompany(models.Model): + _inherit = "res.company" + + archived_user_disable_auth_api_key = fields.Boolean( + string="Disable API key for archived user", + help=( + "If checked, when a user is archived/unactivated the same change is " + "propagated to his related api key. It is not retroactive (nothing is done " + " when enabling/disabling this option)." + ), + ) diff --git a/auth_api_key/models/res_config_settings.py b/auth_api_key/models/res_config_settings.py new file mode 100644 index 0000000000..f7cc3aeaff --- /dev/null +++ b/auth_api_key/models/res_config_settings.py @@ -0,0 +1,12 @@ +# Copyright 2023 Camptocamp SA +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html) + +from odoo import fields, models + + +class ResConfigSettings(models.TransientModel): + _inherit = "res.config.settings" + + archived_user_disable_auth_api_key = fields.Boolean( + related="company_id.archived_user_disable_auth_api_key", readonly=False + ) diff --git a/auth_api_key/static/description/index.html b/auth_api_key/static/description/index.html index d4234b13ea..4e38bbf0db 100644 --- a/auth_api_key/static/description/index.html +++ b/auth_api_key/static/description/index.html @@ -8,10 +8,11 @@ /* :Author: David Goodger (goodger@python.org) -:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $ +:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $ :Copyright: This stylesheet has been placed in the public domain. Default cascading style sheet for the HTML output of Docutils. +Despite the name, some widely supported CSS2 features are used. See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to customize this style sheet. @@ -274,7 +275,7 @@ margin-left: 2em ; margin-right: 2em } -pre.code .ln { color: grey; } /* line numbers */ +pre.code .ln { color: gray; } /* line numbers */ pre.code, code { background-color: #eeeeee } pre.code .comment, code .comment { color: #5C6576 } pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold } @@ -300,7 +301,7 @@ span.pre { white-space: pre } -span.problematic { +span.problematic, pre.problematic { color: red } span.section-subtitle { @@ -366,9 +367,9 @@

Auth Api Key

!! This file is generated by oca-gen-addon-readme !! !! changes will be overwritten. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -!! source digest: sha256:455a0f8646088cc228c9423fcbabbc1d81cabbebd0cac6dcf07bbbe000a6fc87 +!! source digest: sha256:5baa940e682e7653045bd8939d27f501b2409da7a9b3ec1ca80597eb2b79e7b7 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! --> -

Beta License: LGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

+

Production/Stable License: LGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

Authenticate http requests from an API key.

API keys are codes passed in (in the http header API-KEY) by programs calling an API in order to identify -in this case- the calling program’s @@ -442,7 +443,9 @@

Contributors

Maintainers

This module is maintained by the OCA.

-Odoo Community Association + +Odoo Community Association +

OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.

diff --git a/auth_api_key/tests/test_auth_api_key.py b/auth_api_key/tests/test_auth_api_key.py index b8e0804097..7908c42eb7 100644 --- a/auth_api_key/tests/test_auth_api_key.py +++ b/auth_api_key/tests/test_auth_api_key.py @@ -43,3 +43,28 @@ def test_cache_invalidation(self): ) with self.assertRaises(ValidationError): self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key") + + def test_user_archived_unarchived_with_option_on(self): + self.env.company.archived_user_disable_auth_api_key = True + demo_user = self.env.ref("base.user_demo") + self.assertEqual( + self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id + ) + demo_user.active = False + with self.assertRaises(ValidationError): + self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key") + demo_user.active = True + self.assertEqual( + self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id + ) + + def test_user_archived_unarchived_with_option_off(self): + self.env.company.archived_user_disable_auth_api_key = False + demo_user = self.env.ref("base.user_demo") + self.assertEqual( + self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id + ) + demo_user.active = False + self.assertEqual( + self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id + ) diff --git a/auth_api_key/views/auth_api_key.xml b/auth_api_key/views/auth_api_key.xml index c2305274ae..d0543249a2 100644 --- a/auth_api_key/views/auth_api_key.xml +++ b/auth_api_key/views/auth_api_key.xml @@ -6,15 +6,22 @@ auth.api.key.form (in auth_api_key) auth.api.key -
+ + +
diff --git a/auth_api_key/views/res_config_settings.xml b/auth_api_key/views/res_config_settings.xml new file mode 100644 index 0000000000..61438d4a22 --- /dev/null +++ b/auth_api_key/views/res_config_settings.xml @@ -0,0 +1,25 @@ + + + + + + res.config.settings.form.inherit + res.config.settings + + + + + + + + + + + + + diff --git a/auth_api_key_group/README.rst b/auth_api_key_group/README.rst index 52ecabd066..99f1505159 100644 --- a/auth_api_key_group/README.rst +++ b/auth_api_key_group/README.rst @@ -7,7 +7,7 @@ Auth API key group !! This file is generated by oca-gen-addon-readme !! !! changes will be overwritten. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - !! source digest: sha256:e02ddd7cdf4a2102769e291238d178e3fae95781337a62fa9c2cd6b3c671cc05 + !! source digest: sha256:c4f45ecac162b98c7950c5344d4fb35f4d3d2d8691fe68fb4e48b8b23cc76953 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png @@ -55,7 +55,7 @@ Credits Authors ------- -* Camptcamp +* Camptocamp Contributors ------------ diff --git a/auth_api_key_group/__manifest__.py b/auth_api_key_group/__manifest__.py index bd3f4e82db..22d7d29714 100644 --- a/auth_api_key_group/__manifest__.py +++ b/auth_api_key_group/__manifest__.py @@ -1,4 +1,4 @@ -# Copyright 2021 Camptcamp SA +# Copyright 2021 Camptocamp SA # @author: Simone Orsi # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl). @@ -10,10 +10,11 @@ Grouping per se does nothing. This feature is supposed to be used by other modules to limit access to services or records based on groups of keys. """, - "version": "17.0.1.0.0", + "version": "17.0.1.0.1", + "development_status": "Beta", "license": "LGPL-3", "website": "https://github.com/OCA/server-auth", - "author": "Camptcamp,Odoo Community Association (OCA)", + "author": "Camptocamp,Odoo Community Association (OCA)", "maintainers": ["simahawk"], "depends": ["auth_api_key"], "data": [ diff --git a/auth_api_key_group/models/auth_api_key.py b/auth_api_key_group/models/auth_api_key.py index 5743900ce0..46ff9ae907 100644 --- a/auth_api_key_group/models/auth_api_key.py +++ b/auth_api_key_group/models/auth_api_key.py @@ -1,4 +1,4 @@ -# Copyright 2021 Camptcamp SA +# Copyright 2021 Camptocamp SA # @author: Simone Orsi # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl). diff --git a/auth_api_key_group/models/auth_api_key_group.py b/auth_api_key_group/models/auth_api_key_group.py index 28f34f5e85..1887287a9b 100644 --- a/auth_api_key_group/models/auth_api_key_group.py +++ b/auth_api_key_group/models/auth_api_key_group.py @@ -1,4 +1,4 @@ -# Copyright 2021 Camptcamp SA +# Copyright 2021 Camptocamp SA # @author: Simone Orsi # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl). diff --git a/auth_api_key_group/static/description/index.html b/auth_api_key_group/static/description/index.html index 006a7a198c..1b4f2ee1f1 100644 --- a/auth_api_key_group/static/description/index.html +++ b/auth_api_key_group/static/description/index.html @@ -367,7 +367,7 @@

Auth API key group

!! This file is generated by oca-gen-addon-readme !! !! changes will be overwritten. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -!! source digest: sha256:e02ddd7cdf4a2102769e291238d178e3fae95781337a62fa9c2cd6b3c671cc05 +!! source digest: sha256:c4f45ecac162b98c7950c5344d4fb35f4d3d2d8691fe68fb4e48b8b23cc76953 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->

Beta License: LGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

Allow grouping API keys together.

@@ -400,7 +400,7 @@

Credits

Authors

    -
  • Camptcamp
    • +
  • Camptocamp
diff --git a/auth_api_key_group/tests/test_auth_api_key_group.py b/auth_api_key_group/tests/test_auth_api_key_group.py index 75581bbf16..846bc9750b 100644 --- a/auth_api_key_group/tests/test_auth_api_key_group.py +++ b/auth_api_key_group/tests/test_auth_api_key_group.py @@ -1,4 +1,4 @@ -# Copyright 2021 Camptcamp SA +# Copyright 2021 Camptocamp SA # @author: Simone Orsi # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).