Fix test_disallow_user_password

auth_saml/README.rst

@@ -17,13 +17,13 @@ SAML2 Authentication
     :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
     :alt: License: AGPL-3
 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
-    :target: https://github.com/OCA/server-auth/tree/17.0/auth_saml
+    :target: https://github.com/OCA/server-auth/tree/18.0/auth_saml
     :alt: OCA/server-auth
 .. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
-    :target: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_saml
+    :target: https://translation.odoo-community.org/projects/server-auth-18-0/server-auth-18-0-auth_saml
     :alt: Translate me on Weblate
 .. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
-    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=17.0
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=18.0
     :alt: Try me on Runboat
 
 |badge1| |badge2| |badge3| |badge4| |badge5|
@@ -36,14 +36,14 @@ On) between Odoo and other applications of your ecosystem.
 
 **Benefits**:
 
--  Reducing the time spent typing different passwords for different
-   accounts.
--  Reducing the time spent in IT support for password oversights.
--  Centralizing authentication systems.
--  Securing all input levels / exit / access to multiple systems without
-   prompting users.
--  The centralization of access control information for compliance
-   testing to different standards.
+- Reducing the time spent typing different passwords for different
+  accounts.
+- Reducing the time spent in IT support for password oversights.
+- Centralizing authentication systems.
+- Securing all input levels / exit / access to multiple systems without
+  prompting users.
+- The centralization of access control information for compliance
+  testing to different standards.
 
 **Table of contents**
 
@@ -91,23 +91,23 @@ login screen.
 Known issues / Roadmap
 ======================
 
--  clean up ``auth_saml.request``
+- clean up ``auth_saml.request``
 
 Changelog
 =========
 
-18.0.1.0.0
+16.0.1.0.0
 ----------
 
-Initial migration for 18.0.
+Initial migration for 16.0.
 
 Bug Tracker
 ===========
 
 Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
 In case of trouble, please check there if your issue has already been reported.
 If you spotted it first, help us to smash it by providing a detailed and welcomed
-`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_saml%0Aversion:%2017.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_saml%0Aversion:%2018.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
 
 Do not contact contributors directly about support or help with technical issues.
 
@@ -122,32 +122,28 @@ Authors
 Contributors
 ------------
 
--  `XCG Consulting <https://xcg-consulting.fr/>`__:
+- `XCG Consulting <https://xcg-consulting.fr/>`__:
 
-   -  Florent Aide <[email protected]>
-   -  Vincent Hatakeyama <[email protected]>
-   -  Alexandre Brun
-   -  Houzéfa Abbasbhay <[email protected]>
-   -  Szeka Wong <[email protected]>
+  - Florent Aide <[email protected]>
+  - Vincent Hatakeyama <[email protected]>
+  - Alexandre Brun
+  - Houzéfa Abbasbhay <[email protected]>
+  - Szeka Wong <[email protected]>
 
--  Jeremy Co Kim Len <[email protected]>
--  Jeffery Chen Fan <[email protected]>
--  Bhavesh Odedra <[email protected]>
--  `Tecnativa <https://www.tecnativa.com/>`__:
+- Jeremy Co Kim Len <[email protected]>
+- Jeffery Chen Fan <[email protected]>
+- Bhavesh Odedra <[email protected]>
+- `Tecnativa <https://www.tecnativa.com/>`__:
 
-   -  Jairo Llopis
+  - Jairo Llopis
 
--  `GlodoUK <https://www.glodo.uk/>`__:
+- `GlodoUK <https://www.glodo.uk/>`__:
 
-   -  Karl Southern
+  - Karl Southern
 
--  `TAKOBI <https://takobi.online/>`__:
+- `TAKOBI <https://takobi.online/>`__:
 
-   -  Lorenzo Battistini
-
-- `Letzdoo <https://www.letzdoo.com/>`__:
-
-   -  Jérôme Sonnet
+  - Lorenzo Battistini
 
 Maintainers
 -----------

auth_saml/models/res_users.py

@@ -84,11 +84,15 @@ def _check_credentials(self, credential, env):
         and the interesting code is inside the "except" clause.
         """
         try:
-            # Attempt a regular login (via other auth addons) first.
-            return super()._check_credentials(credential, env)
+            if self.allow_saml_and_password():
+                # If both SAML and password are allowed we can try first the normal auth
+                return super()._check_credentials(credential, env)
+            else:
+                # If only SAML we go to the except clause
+                raise AccessDenied() from None
 
         except (AccessDenied, passlib.exc.PasswordSizeError):
-            if not (credential['type'] == 'saml_token' and credential['token']):
+            if not (credential["type"] == "saml_token" and credential["token"]):
                 raise
             passwd_allowed = (
                 env["interactive"] or not self.env.user._rpc_api_keys_only()
@@ -108,12 +112,12 @@ def _check_credentials(self, credential, env):
                 )
                 if token:
                     return {
-                        'uid': self.env.user.id,
-                        'auth_method': 'saml',
-                        'mfa': 'default',
+                        "uid": self.env.user.id,
+                        "auth_method": "saml",
+                        "mfa": "default",
                     }
             raise AccessDenied() from None
-        
+
     @api.model
     def _saml_allowed_user_ids(self) -> Set[int]:  # noqa
         """Users that can have a password even if the option to disallow it is set.