Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion password_security/controllers/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,13 @@
class PasswordSecurityHome(AuthSignupHome):
def do_signup(self, qcontext):
password = qcontext.get("password")
user = request.env.user
# If 2FA is activated, request.env.user is not updated to the logged-in user
# at this point. In order to do _check_password on the correct user we
# search by login.
user = (
request.env.user.search([("login", "=", qcontext.get("login"))])
or request.env.user
)
user._check_password(password)
return super().do_signup(qcontext)

Expand Down
2 changes: 1 addition & 1 deletion password_security/models/res_users.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ class ResUsers(models.Model):
_inherit = "res.users"

password_write_date = fields.Datetime(
"Last password update", default=fields.Datetime.now, readonly=True
"Last password update", default=fields.Datetime.now, readonly=True, copy=False
)
password_history_ids = fields.One2many(
string="Password History",
Expand Down
24 changes: 23 additions & 1 deletion password_security/tests/test_signup.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

from unittest import mock

from freezegun import freeze_time
from requests.exceptions import HTTPError

from odoo import http
Expand Down Expand Up @@ -82,7 +83,8 @@ def test_03_create_user_signup(self):

# Stronger password: no error raised
vals["password"] = "asdQWE12345_3"
login, pwd = self.env["res.users"].signup(vals)
with freeze_time("2020-01-01"):
login, pwd = self.env["res.users"].signup(vals)

# check created user
created_user = self.env["res.users"].search([("login", "=", "test_user")])
Expand Down Expand Up @@ -160,3 +162,23 @@ def test_06_web_auth_signup_invalid_render(self):
self.assertEqual(
response.headers["Content-Security-Policy"], "frame-ancestors 'self'"
)

def test_07_cloned_user_password_write_date(self):
"""Users that are cloned should have their password_write_date updated"""
partner = self.env["res.partner"].create({"name": "test partner"})
vals = {
"name": "Test User",
"login": "test_user",
"email": "test_user@odoo.com",
"password": "Test_user_password123$",
"partner_id": partner.id,
}
with freeze_time("2020-01-01"):
self.env["res.users"].signup(vals)

original_user = self.env["res.users"].search([("login", "=", "test_user")])
copied_user = original_user.copy()

self.assertTrue(
copied_user.password_write_date > original_user.password_write_date
)
Loading