Skip to content

Commit

Permalink
[FIX] password_security: update password_write_date on copy
Browse files Browse the repository at this point in the history
Sometimes users are created from a template user via a `copy()`.
This has the issue that a password is passed via the `vals` of the copy
and therefore never seen by the `write()` function.

As a result, the `password_write_date` field is left to the value of the
template, which is either outdated or null.

A concrete bug that resulted from this is that newly created users were
asked to renew their password on their very first login.

---

This commit reapplies the same logic of the `write()` method to the
`copy()` method as well.

It also changes the unit test test_03_create_user_signup to create the
user at some time in the past so that
```python
assertNotEqual(password_write_date, created_user.password_write_date)
```
makes sense.
  • Loading branch information
maneandrea committed Oct 16, 2024
1 parent d4fee8b commit 4de5b6e
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
5 changes: 5 additions & 0 deletions password_security/models/res_users.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,11 @@ def write(self, vals):
vals["password_write_date"] = fields.Datetime.now()
return super(ResUsers, self).write(vals)

def copy(self, vals):
if vals.get("password"):
vals["password_write_date"] = fields.Datetime.now()
return super(ResUsers, self).copy(vals)

@api.model
def get_password_policy(self):
data = super(ResUsers, self).get_password_policy()
Expand Down
4 changes: 3 additions & 1 deletion password_security/tests/test_signup.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

from unittest import mock

from freezegun import freeze_time
from requests.exceptions import HTTPError

from odoo import http
Expand Down Expand Up @@ -82,7 +83,8 @@ def test_03_create_user_signup(self):

# Stronger password: no error raised
vals["password"] = "asdQWE12345_3"
login, pwd = self.env["res.users"].signup(vals)
with freeze_time("2020-01-01"):
login, pwd = self.env["res.users"].signup(vals)

# check created user
created_user = self.env["res.users"].search([("login", "=", "test_user")])
Expand Down

0 comments on commit 4de5b6e

Please sign in to comment.