[MIG] password_security: Migration to 18.0

Author: IsabelAForgeFlow

auth_oidc/tests/test_auth_oidc_auth_code.py

@@ -242,15 +242,13 @@ def test_login_without_any_key(self):
             keys=[],
         )
 
-        with (
-            self.assertRaises(AccessDenied),
-            MockRequest(self.env),
-            self.assertLogs(level=logging.ERROR) as logs,
-        ):
-            self.env["res.users"].auth_oauth(
-                self.provider_rec.id,
-                {"state": json.dumps({})},
-            )
+        with self.assertRaises(AccessDenied):
+            with MockRequest(self.env):
+                with self.assertLogs(level=logging.ERROR) as logs:
+                    self.env["res.users"].auth_oauth(
+                        self.provider_rec.id,
+                        {"state": json.dumps({})},
+                    )
         self.assertEqual(len(logs.records), 1)
         self.assertEqual(logs.records[0].levelno, logging.ERROR)
         self.assertEqual(

password_security/__manifest__.py

@@ -5,7 +5,7 @@
 {
     "name": "Password Security",
     "summary": "Allow admin to set password security requirements.",
-    "version": "17.0.2.0.0",
+    "version": "18.0.2.0.0",
     "author": "LasLabs, "
     "Onestein, "
     "Kaushal Prajapati, "

password_security/controllers/main.py

@@ -37,7 +37,7 @@ def web_login(self, *args, **kw):
         request.session.logout(keep_db=True)
         # I was kicked out, so set login_success in request params to False
         request.params["login_success"] = False
-        redirect = request.env.user.partner_id.signup_url
+        redirect = request.env.user.partner_id._get_signup_url()
         return request.redirect(redirect)
 
     @http.route()

password_security/models/res_users.py

@@ -143,11 +143,8 @@ def _password_has_expired(self):
         return days > pwd_params["expiration_days"]
 
     def action_expire_password(self):
-        expiration = delta_now(days=+1)
         for user in self:
-            user.mapped("partner_id").signup_prepare(
-                signup_type="reset", expiration=expiration
-            )
+            user.mapped("partner_id").signup_prepare(signup_type="reset")
 
     def _validate_pass_reset(self):
         """It provides validations before initiating a pass reset email

password_security/tests/test_change_password.py

@@ -35,7 +35,7 @@ def test_01_empty_password_fail(self):
 
         # Log in: ensure we end up on the right page
         res_login = self.login("admin", "admin")
-        self.assertEqual(res_login.request.path_url, "/web")
+        self.assertEqual(res_login.request.path_url, "/odoo")
         self.assertEqual(res_login.status_code, 200)
 
         # Change password
@@ -50,7 +50,7 @@ def test_02_change_password_fail(self):
 
         # Log in: ensure we end up on the right page
         res_login = self.login("admin", "admin")
-        self.assertEqual(res_login.request.path_url, "/web")
+        self.assertEqual(res_login.request.path_url, "/odoo")
         self.assertEqual(res_login.status_code, 200)
 
         # Change password: error is raised because it's too short
@@ -68,7 +68,7 @@ def test_03_change_password_session_expired(self):
 
         # Log in: ensure we end up on the right page
         res_login = self.login("admin", "admin")
-        self.assertEqual(res_login.request.path_url, "/web")
+        self.assertEqual(res_login.request.path_url, "/odoo")
         self.assertEqual(res_login.status_code, 200)
 
         # Reload page: ensure we stay on the same page
@@ -85,7 +85,7 @@ def test_03_change_password_session_expired(self):
         # Try to reload page: user kicked out
         res_page2 = self.url_open("/web")
         res_page2.raise_for_status()
-        self.assertEqual(res_page2.request.path_url, "/web/login")
+        self.assertTrue(res_page2.request.path_url.startswith("/web/login"))
         self.assertEqual(res_page2.status_code, 200)
 
     def test_04_change_password_check_password_history(self):
@@ -108,7 +108,7 @@ def test_04_change_password_check_password_history(self):
 
         # Log in: ensure we end up on the right page
         res_login = self.login("admin", "!asdQWE12345_7")
-        self.assertEqual(res_login.request.path_url, "/web")
+        self.assertEqual(res_login.request.path_url, "/odoo")
 
         # Change password: reuse password in history
         with self.assertRaises(UserError):
@@ -133,4 +133,4 @@ def test_04_change_password_check_password_history(self):
 
         # Log in with new password: ensure we end up on the right page
         res_login2 = self.login("admin", "!asdQWE12345_4")
-        self.assertEqual(res_login2.request.path_url, "/web")
+        self.assertEqual(res_login2.request.path_url, "/odoo")

password_security/tests/test_login.py

@@ -58,7 +58,7 @@ def test_03_web_login_success(self):
         response = self.login(self.username, self.passwd)
 
         # Ensure we end up on the right page
-        self.assertEqual(response.request.path_url, "/web")
+        self.assertEqual(response.request.path_url, "/odoo")
         self.assertEqual(response.status_code, 200)
 
     def test_04_web_login_fail(self):
@@ -102,7 +102,7 @@ def test_06_web_login_log_out_if_expired(self):
         response = self.login(self.username, self.passwd)
 
         # Ensure we end up on the right page
-        self.assertEqual(response.request.path_url, "/web")
+        self.assertEqual(response.request.path_url, "/odoo")
         self.assertEqual(response.status_code, 200)
 
         # Make password expired while still logged in
@@ -129,7 +129,7 @@ def test_06_web_login_log_out_if_expired(self):
 
         # Try to access just a page: user kicked out
         req_page2 = self.url_open("/web")
-        self.assertEqual("/web/login", req_page2.request.path_url)
+        self.assertTrue(req_page2.request.path_url.startswith("/web/login"))
         self.assertEqual(req_page2.status_code, 200)
 
     def test_07_web_login_redirect(self):
@@ -149,5 +149,5 @@ def test_07_web_login_redirect(self):
 
         # Try to access just a page: user kicked out
         req_page = self.url_open("/web")
-        self.assertEqual("/web/login", req_page.request.path_url)
+        self.assertTrue(req_page.request.path_url.startswith("/web/login"))
         self.assertEqual(req_page.status_code, 200)

password_security/tests/test_res_users.py

@@ -113,16 +113,6 @@ def test_a_new_password_is_not_expired(self):
             "Password was just created but has already expired.",
         )
 
-    def test_expire_password_generates_token(self):
-        rec_id = self._new_record()
-        rec_id.sudo().action_expire_password()
-        rec_id.invalidate_recordset()
-        token = rec_id.partner_id.signup_token
-        self.assertTrue(
-            token,
-            "A token was not generated.",
-        )
-
     def test_validate_pass_reset_error(self):
         """It should throw UserError on reset inside min threshold"""
         rec_id = self._new_record()

password_security/tests/test_reset_password.py

@@ -51,8 +51,8 @@ def test_01_reset_password_fail(self):
         self.assertEqual(response.request.path_url, "/web/reset_password")
         self.assertEqual(response.status_code, 200)
         self.assertIn(
-            "Passwords can only be reset every %s hour(s). "
-            "Please contact an administrator for assistance." % min_hours,
+            f"Passwords can only be reset every {min_hours} hour(s). "
+            "Please contact an administrator for assistance.",
             response.text,
         )