From 4de5b6ef44ab1668a57d21bb865ca0ec3d409056 Mon Sep 17 00:00:00 2001 From: Andrea Manenti Date: Wed, 16 Oct 2024 17:25:21 +0000 Subject: [PATCH] [FIX] password_security: update password_write_date on copy Sometimes users are created from a template user via a `copy()`. This has the issue that a password is passed via the `vals` of the copy and therefore never seen by the `write()` function. As a result, the `password_write_date` field is left to the value of the template, which is either outdated or null. A concrete bug that resulted from this is that newly created users were asked to renew their password on their very first login. --- This commit reapplies the same logic of the `write()` method to the `copy()` method as well. It also changes the unit test test_03_create_user_signup to create the user at some time in the past so that ```python assertNotEqual(password_write_date, created_user.password_write_date) ``` makes sense. --- password_security/models/res_users.py | 5 +++++ password_security/tests/test_signup.py | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/password_security/models/res_users.py b/password_security/models/res_users.py index 79c74418f2..7424520585 100644 --- a/password_security/models/res_users.py +++ b/password_security/models/res_users.py @@ -32,6 +32,11 @@ def write(self, vals): vals["password_write_date"] = fields.Datetime.now() return super(ResUsers, self).write(vals) + def copy(self, vals): + if vals.get("password"): + vals["password_write_date"] = fields.Datetime.now() + return super(ResUsers, self).copy(vals) + @api.model def get_password_policy(self): data = super(ResUsers, self).get_password_policy() diff --git a/password_security/tests/test_signup.py b/password_security/tests/test_signup.py index b600f4cd12..9d6467c89a 100644 --- a/password_security/tests/test_signup.py +++ b/password_security/tests/test_signup.py @@ -4,6 +4,7 @@ from unittest import mock +from freezegun import freeze_time from requests.exceptions import HTTPError from odoo import http @@ -82,7 +83,8 @@ def test_03_create_user_signup(self): # Stronger password: no error raised vals["password"] = "asdQWE12345_3" - login, pwd = self.env["res.users"].signup(vals) + with freeze_time("2020-01-01"): + login, pwd = self.env["res.users"].signup(vals) # check created user created_user = self.env["res.users"].search([("login", "=", "test_user")])