[18.0][MIG] password_security#773
Merged
OCA-git-bot merged 79 commits intoOCA:18.0from Jun 14, 2025
Merged
Conversation
* [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
* Bump versions * Installable to True * Add Usage section to ReadMe w/ Runbot link * `_crypt_context` now directly exposes the `CryptContext` * Change all instances of openerp to odoo
* Add current time as password_write_date for admin user in demo, disabling the reset prompt - fixes OCA#652
* Switch security to be on correct model to fix OCA#674
…ord invalid (OCA#859) * [FIX] password_security: Fix password stored * [REF] password_security: use a unified check_password private method to validate rules and history password
* Add logic to overloaded web_login action to log out users with expired passwords, preventing the password reset from being ignored * Add unit test for new logic
This translates to Spanish all missing translations, 31 in total.
Since some implementation details are changed, I had to change some tests that were actually testing the implementation instead of the desired result of the method.
In a normal Odoo deployment, somebody in group *Administration / Access Rights* should be able to create users; but if this addon is installed, it gets this error:
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: Res Users Password History, Operation: create)
This is now tested and fixed.
[The `website` addon returns an aditional redirection][1] that makes these tests fail if ran after installing `website`. The tests were checking the returned value in a funky way anyways. Now, instead of checking the final returned value, we check directly the parameters sent to the redirection method. [1]: https://github.com/odoo/odoo/blob/3b85900fafc9469dca6e7c01fca6dac4f55d20f5/addons/website/controllers/main.py#L85-L89
Avoided requiring the module twice in JS.
Currently translated at 57.9% (22 of 38 strings) Translation: server-auth-12.0/server-auth-12.0-password_security Translate-URL: https://translation.odoo-community.org/projects/server-auth-12-0/server-auth-12-0-password_security/hr/
Replace fields on res.company by ir.config_parameter Remove dead test for v16 migration script
Contributor
|
Hi @sbidoul, |
IsabelAForgeFlow
force-pushed
the
18.0-mig-password_security
branch
3 times, most recently
from
a1c95dc to
5fff96b
Compare
LauraCForgeFlow
force-pushed
the
18.0-mig-password_security
branch
3 times, most recently
from
16da4aa to
d022825
Compare
|
Good day @IsabelAForgeFlow, @LauraCForgeFlow: is this PR ready for review? |
Contributor
Author
Yes! |
hailangvn
approved these changes
Jun 6, 2025
hailangvn
left a comment
hailangvn
left a comment
There was a problem hiding this comment.
LGTM except for small changes. Thanks for the work.
| { | ||
| "name": "Password Security", | ||
| "summary": "Allow admin to set password security requirements.", | ||
| "version": "18.0.2.0.0", |
There was a problem hiding this comment.
It is just small correction.
Suggested change
| "version": "18.0.2.0.0", | |
| "version": "18.0.1.0.0", |
There was a problem hiding this comment.
Is this migration still applicable for 18.0.1.0.0 version?
There was a problem hiding this comment.
Similarly, is this migration still applicable?
To avoid conflicts with 'auth_saml' module.
LauraCForgeFlow
force-pushed
the
18.0-mig-password_security
branch
from
9d090a0 to
148c6e5
Compare
Contributor
|
@hailangvn We changed the version and removed the migration scripts (in fact, they were no longer necessary). Thanks for the review! :) |
LauraCForgeFlow
approved these changes
Jun 10, 2025
Abranes
approved these changes
Jun 14, 2025
Member
|
/ocabot migration password_security |
Contributor
|
Hey, thanks for contributing! Proceeding to merge this for you. |
Contributor
|
Congratulations, your PR was merged at cdbd00c. Thanks a lot for contributing to OCA. ❤️ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Migration to 18.0
Depends on:
It also includes this improvement, in a separate commit: