Conversation
amh-mw
left a comment
amh-mw
left a comment
There was a problem hiding this comment.
I was just starting to migrate this module myself, but noticed that you have already made some good progress, so let me see if I can help you out instead. I am still investigating the "object unbound" test failures.
| with mock.patch("%s.request" % IMPORT) as request: | ||
| with mock.patch("%s.ensure_db" % IMPORT) as ensure: | ||
| with mock.patch("%s.http" % IMPORT) as http: | ||
| http.redirect_with_hash.return_value = MockResponse() |
There was a problem hiding this comment.
Mock request.redirect here instead?
| ".{%d,}$" % int(company_id.password_length), | ||
| ] | ||
| if not re.search("".join(password_regex), password): | ||
| raise UserError(self.password_match_message()) |
There was a problem hiding this comment.
Throw ValidationError here instead to match auth_saml test expectations?
There was a problem hiding this comment.
Alternately, #457 should work around this without having to change any exception classes.
There was a problem hiding this comment.
@amh-mw, I've done changes as per your feedback.
dsolanki-initos
force-pushed
the
15.0-mig-password_security
branch
from
b8608ea to
544587a
Compare
amh-mw
left a comment
amh-mw
left a comment
There was a problem hiding this comment.
It looks like odoo.http.request is a proxy for werkzeug.local.LocalStack and the "object unbound" errors are due to the stack being accessed when it does not have a current request. There are some examples of how to work around this, i.e. odoo.addons.website.tools.MockRequest and the setUp function of odoo/addons/base/tests/test_xmlrpc.py, but nothing readily usable. I've worked up a small patch 1 that pushes mock requests onto the stack for the duration of the tests.
Footnotes
@amh-mw, Thank you for the suggestion regarding the test case failure, I'll test your patch locally and give you update regarding it. |
dsolanki-initos
force-pushed
the
15.0-mig-password_security
branch
from
b03721a to
46c4666
Compare
|
@amh-mw, The test case failure due to "object unbound" is fixed with your suggested patch. Also, fixed other errors Please review it. Thank you for the support |
There was a problem hiding this comment.
Rather than review the full hundred files, I have individually reviewed the last four commits. I think you need to git fetch upstream, then git rebase -i upstream/15.0, deleting merge commit 285b284 and squashing 46c4666 into the migration commit, then force push back up to get a clean commit history. Otherwise LGTM.
|
I'll fix the commits as per your feedback. |
* [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
* Bump versions * Installable to True * Add Usage section to ReadMe w/ Runbot link * `_crypt_context` now directly exposes the `CryptContext` * Change all instances of openerp to odoo
* Add current time as password_write_date for admin user in demo, disabling the reset prompt - fixes OCA#652
* Switch security to be on correct model to fix OCA#674
…ord invalid (OCA#859) * [FIX] password_security: Fix password stored * [REF] password_security: use a unified check_password private method to validate rules and history password
* Add logic to overloaded web_login action to log out users with expired passwords, preventing the password reset from being ignored * Add unit test for new logic
This translates to Spanish all missing translations, 31 in total.
Since some implementation details are changed, I had to change some tests that were actually testing the implementation instead of the desired result of the method.
In a normal Odoo deployment, somebody in group *Administration / Access Rights* should be able to create users; but if this addon is installed, it gets this error:
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: Res Users Password History, Operation: create)
This is now tested and fixed.
[The `website` addon returns an aditional redirection][1] that makes these tests fail if ran after installing `website`. The tests were checking the returned value in a funky way anyways. Now, instead of checking the final returned value, we check directly the parameters sent to the redirection method. [1]: https://github.com/odoo/odoo/blob/3b85900fafc9469dca6e7c01fca6dac4f55d20f5/addons/website/controllers/main.py#L85-L89
Currently translated at 100.0% (56 of 56 strings) Translation: server-auth-14.0/server-auth-14.0-password_security Translate-URL: https://translation.odoo-community.org/projects/server-auth-14-0/server-auth-14-0-password_security/fi/
Currently translated at 26.7% (15 of 56 strings) Translation: server-auth-14.0/server-auth-14.0-password_security Translate-URL: https://translation.odoo-community.org/projects/server-auth-14-0/server-auth-14-0-password_security/sv/
Currently translated at 39.2% (22 of 56 strings) Translation: server-auth-14.0/server-auth-14.0-password_security Translate-URL: https://translation.odoo-community.org/projects/server-auth-14-0/server-auth-14-0-password_security/sv/
dsolanki-initos
force-pushed
the
15.0-mig-password_security
branch
from
46c4666 to
873b81b
Compare
amh-mw
left a comment
amh-mw
left a comment
There was a problem hiding this comment.
@OCA/core-maintainers LGTM. Merge?
|
@OCA/tools-maintainers Ready for review and merge? |
| if company_id.password_special: | ||
| message.append( | ||
| _("\n* Special character (at least % characters)") | ||
| _("\n* Special character (at least %s characters)") |
There was a problem hiding this comment.
If you change it here, you should also update it in the .pot file.
| _("Cannot use the most recent %d passwords") | ||
| % rec_id.company_id.password_history | ||
| ) | ||
| return |
There was a problem hiding this comment.
It does nothing, I'll remove it.
|
This PR has the |
dsolanki-initos
force-pushed
the
15.0-mig-password_security
branch
from
873b81b to
ee0a84e
Compare
|
/ocabot migration password_security |
|
/ocabot merge nobump |
|
On my way to merge this fine PR! |
|
Congratulations, your PR was merged at 631b05e. Thanks a lot for contributing to OCA. ❤️ |
Syncing from upstream OCA/server-auth (16.0)
20 participants
No description provided.