[IMP] option for TOTP/2FA bypass for admin passkey

In the res_users.py file, the `ignore_totp` session variable is now set based on the value of the `auth_admin_passkey_ignore_totp` configuration option. If the option is enabled, the `ignore_totp` session variable is set to True. This ensures that the `_mfa_url` method returns None when `ignore_totp` is True, effectively bypassing the 2FA check.
OCA · Mar 13, 2024 · 8bd6f78 · 8bd6f78
1 parent 1980ff8
commit 8bd6f78
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 0 deletions.
diff --git a/auth_admin_passkey/README.rst b/auth_admin_passkey/README.rst
@@ -63,6 +63,8 @@ following keys in your ``odoo.cfg`` configuration file.
 -  ``auth_admin_passkey_sysadmin_lang``. the language (exemple en_US),
    used for the mail sent to the System Administrator. If not set, the
    language of the SUPERUSER_ID user will be used.
+-  ``auth_admin_passkey_ignore_totp`` (default False), if enabled, then
+   2FA will be ignored.
 
 **typical Dev / Test configuration section**
 

diff --git a/auth_admin_passkey/models/res_users.py b/auth_admin_passkey/models/res_users.py
@@ -7,6 +7,7 @@
 from datetime import datetime
 
 from odoo import SUPERUSER_ID, _, api, exceptions, models
+from odoo.http import request
 from odoo.tools import config
 
 logger = logging.getLogger(__name__)
@@ -74,6 +75,14 @@ def _check_credentials(self, password, env):
                 password = hashlib.sha512(password.encode()).hexdigest()
 
             if password and file_password == password:
+                request.session["ignore_totp"] = config.get(
+                    "auth_admin_passkey_ignore_totp", False
+                )
                 self._send_email_passkey(users[0])
             else:
                 raise
+
+    def _mfa_url(self):
+        if request.session.get("ignore_totp"):
+            return None
+        return super()._mfa_url()
diff --git a/auth_admin_passkey/readme/CONFIGURE.md b/auth_admin_passkey/readme/CONFIGURE.md
@@ -15,6 +15,8 @@ following keys in your `odoo.cfg` configuration file.
 - `auth_admin_passkey_sysadmin_lang`. the language (exemple en_US), used
   for the mail sent to the System Administrator. If not set, the
   language of the SUPERUSER_ID user will be used.
+- `auth_admin_passkey_ignore_totp` (default False), if enabled, then 2FA
+  will be ignored.
 
 **typical Dev / Test configuration section**
 

diff --git a/auth_admin_passkey/static/description/index.html b/auth_admin_passkey/static/description/index.html
@@ -412,6 +412,8 @@ <h1><a class="toc-backref" href="#toc-entry-1">Configuration</a></h1>
 <li><tt class="docutils literal">auth_admin_passkey_sysadmin_lang</tt>. the language (exemple en_US),
 used for the mail sent to the System Administrator. If not set, the
 language of the SUPERUSER_ID user will be used.</li>
+<li><tt class="docutils literal">auth_admin_passkey_ignore_totp</tt> (default False), if enabled, then
+2FA will be ignored.</li>
 </ul>
 <p><strong>typical Dev / Test configuration section</strong></p>
 <p>No keys to add.</p>