[IMP] password_security: add flag to enable/disable password security policy

ajaniszewska-dev · sebalix · commit 3ccf330e3a55 · 2023-09-22T09:41:19.000+02:00
diff --git a/password_security/models/res_company.py b/password_security/models/res_company.py
@@ -9,6 +9,8 @@
 class ResCompany(models.Model):
     _inherit = "res.company"
 
+    password_policy_enabled = fields.Boolean(default=False)
+
     password_expiration = fields.Integer(
         "Days",
         default=60,
diff --git a/password_security/models/res_config_settings.py b/password_security/models/res_config_settings.py
@@ -6,6 +6,9 @@
 class ResConfigSettings(models.TransientModel):
     _inherit = "res.config.settings"
 
+    password_policy_enabled = fields.Boolean(
+        related="company_id.password_policy_enabled", readonly=False
+    )
     password_expiration = fields.Integer(
         related="company_id.password_expiration", readonly=False
     )
diff --git a/password_security/models/res_users.py b/password_security/models/res_users.py
@@ -55,6 +55,8 @@ def write(self, vals):
     def get_password_policy(self):
         data = super(ResUsers, self).get_password_policy()
         company_id = self.env.user.company_id
+        if not company_id.password_policy_enabled:
+            return data
         data.update(
             {
                 "password_lower": company_id.password_lower,
@@ -69,7 +71,8 @@ def get_password_policy(self):
 
     def _check_password_policy(self, passwords):
         result = super(ResUsers, self)._check_password_policy(passwords)
-
+        if not self.env.user.company_id.password_policy_enabled:
+            return result
         for password in passwords:
             if not password:
                 continue
@@ -115,6 +118,8 @@ def password_match_message(self):
         return "\r".join(message)
 
     def _check_password(self, password):
+        if not self.env.user.company_id.password_policy_enabled:
+            return True
         self._check_password_rules(password)
         self._check_password_history(password)
         return True
@@ -143,6 +148,8 @@ def _check_password_rules(self, password):
 
     def _password_has_expired(self):
         self.ensure_one()
+        if not self.company_id.password_policy_enabled:
+            return False
         if not self.password_write_date:
             return True
 
@@ -165,6 +172,8 @@ def _validate_pass_reset(self):
         :return: True on allowed reset
         """
         for user in self:
+            if not user.company_id.password_policy_enabled:
+                continue
             pass_min = user.company_id.password_minimum
             if pass_min <= 0:
                 continue
@@ -204,7 +213,8 @@ def _check_password_history(self, password):
     def _set_encrypted_password(self, uid, pw):
         """It saves password crypt history for history rules"""
         res = super(ResUsers, self)._set_encrypted_password(uid, pw)
-
+        if not self.env.user.company_id.password_policy_enabled:
+            return res
         self.write({"password_history_ids": [(0, 0, {"password_crypt": pw})]})
         return res
 
diff --git a/password_security/tests/test_password_security_home.py b/password_security/tests/test_password_security_home.py
@@ -33,6 +33,8 @@ def __init__(self):
 class TestPasswordSecurityHome(TransactionCase):
     def setUp(self):
         super(TestPasswordSecurityHome, self).setUp()
+        self.main_comp = self.env.ref("base.main_company")
+        self.main_comp.password_policy_enabled = True
         self.PasswordSecurityHome = main.PasswordSecurityHome
         self.password_security_home = self.PasswordSecurityHome()
         self.passwd = "I am a password!"
@@ -175,6 +177,11 @@ def test_web_auth_signup_invalid_render(self):
 
 @mock.patch("odoo.http.WebRequest.validate_csrf", return_value=True)
 class LoginCase(HttpCase):
+    def setUp(self):
+        super(LoginCase, self).setUp()
+        self.main_comp = self.env.ref("base.main_company")
+        self.main_comp.password_policy_enabled = True
+
     def test_web_login_authenticate(self, *args):
         """It should allow authenticating by login"""
         response = self.url_open(
diff --git a/password_security/tests/test_res_users.py b/password_security/tests/test_res_users.py
@@ -2,10 +2,10 @@
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
 
 from odoo.exceptions import UserError
-from odoo.tests.common import SavepointCase
+from odoo.tests.common import TransactionCase
 
 
-class TestResUsers(SavepointCase):
+class TestResUsers(TransactionCase):
     @classmethod
     def setUpClass(cls):
         super(TestResUsers, cls).setUpClass()
@@ -17,6 +17,7 @@ def setUpClass(cls):
         }
         cls.password = "asdQWE123$%^"
         cls.main_comp = cls.env.ref("base.main_company")
+        cls.main_comp.password_policy_enabled = True
         cls.vals = {
             "name": "User",
             "login": cls.login,
diff --git a/password_security/views/res_config_settings_views.xml b/password_security/views/res_config_settings_views.xml
@@ -18,11 +18,23 @@
             </xpath>
             <!-- Add our password policy fields -->
             <xpath expr="//div[@id='access_rights']" position="before">
-                <div class="col-12 col-lg-6 o_setting_box" title="Password Policy">
-                    <div class="o_setting_left_pane" />
+                <div
+                    class="col-12 col-lg-6 o_setting_box"
+                    id="password_policy"
+                    title="Password Policy"
+                >
+                    <div class="o_setting_left_pane">
+                        <field name="password_policy_enabled" />
+                    </div>
                     <div class="o_setting_right_pane">
-                        <label string="Password Policy" for="password_expiration" />
-                        <div class="content-group">
+                        <label string="Password Policy" for="password_policy_enabled" />
+                        <div class="text-muted">
+                            Set password security requirements
+                        </div>
+                        <div
+                            class="content-group"
+                            attrs="{'invisible': [('password_policy_enabled','=', False)]}"
+                        >
                             <div class="mt16">
                                 <span>
                                     Password expires in

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,9 @@`
`6`	`6`	`class ResConfigSettings(models.TransientModel):`
`7`	`7`	`_inherit = "res.config.settings"`
`8`	`8`
	`9`	`+ password_policy_enabled = fields.Boolean(`
	`10`	`+ related="company_id.password_policy_enabled", readonly=False`
	`11`	`+ )`
`9`	`12`	`password_expiration = fields.Integer(`
`10`	`13`	`related="company_id.password_expiration", readonly=False`
`11`	`14`	`)`