diff --git a/password_security/models/res_users.py b/password_security/models/res_users.py index 8ee63b5aca..39655a0b2a 100644 --- a/password_security/models/res_users.py +++ b/password_security/models/res_users.py @@ -40,16 +40,16 @@ def _get_all_password_params(self): params.get_param("auth_password_policy.minlength", default=0) ), "expiration_days": int( - params.get_param("password_security.expiration_days", default=60) + params.get_param("password_security.expiration_days", default=0) ), "minimum_hours": int( - params.get_param("password_security.minimum_hours", default=60) + params.get_param("password_security.minimum_hours", default=0) ), - "history": int(params.get_param("password_security.history", default=30)), - "lower": int(params.get_param("password_security.lower", default=1)), - "upper": int(params.get_param("password_security.upper", default=1)), - "numeric": int(params.get_param("password_security.numeric", default=1)), - "special": int(params.get_param("password_security.special", default=1)), + "history": int(params.get_param("password_security.history", default=0)), + "lower": int(params.get_param("password_security.lower", default=0)), + "upper": int(params.get_param("password_security.upper", default=0)), + "numeric": int(params.get_param("password_security.numeric", default=0)), + "special": int(params.get_param("password_security.special", default=0)), } return res diff --git a/password_security/tests/test_res_users.py b/password_security/tests/test_res_users.py index 965beabacc..140027ed8d 100644 --- a/password_security/tests/test_res_users.py +++ b/password_security/tests/test_res_users.py @@ -139,6 +139,18 @@ def test_validate_pass_reset_zero(self): rec_id._validate_pass_reset(), ) + def test_absent_policy_param_disables_rule(self): + """An absent policy param disables the rule, not reverts to a default + + The settings page deletes an ``ir.config_parameter`` when it is saved + as 0, so a missing param must read as 0 (disabled) rather than fall + back to a non-zero default. See OCA/server-auth#865. + """ + icp = self.env["ir.config_parameter"].sudo() + icp.search([("key", "=", "password_security.upper")]).unlink() + params = self.model_obj._get_all_password_params() + self.assertEqual(params["upper"], 0) + def test_underscore_is_special_character(self): password_special = int( self.env["ir.config_parameter"]