Skip to content

Commit

Permalink
[IMP] option for TOTP/2FA bypass for admin passkey
Browse files Browse the repository at this point in the history
In the res_users.py file, the `ignore_totp` session variable is now set based on the value of the `auth_admin_passkey_ignore_totp` configuration option. If the option is enabled, the `ignore_totp` session variable is set to True. This ensures that the `_mfa_url` method returns None when `ignore_totp` is True, effectively bypassing the 2FA check.
  • Loading branch information
codeagencybe authored and astirpe committed Mar 13, 2024
1 parent 1980ff8 commit 905b49b
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 0 deletions.
2 changes: 2 additions & 0 deletions auth_admin_passkey/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,8 @@ following keys in your ``odoo.cfg`` configuration file.
- ``auth_admin_passkey_sysadmin_lang``. the language (exemple en_US),
used for the mail sent to the System Administrator. If not set, the
language of the SUPERUSER_ID user will be used.
- ``auth_admin_passkey_ignore_totp`` (default False), if enabled, then
2FA will be ignored.

**typical Dev / Test configuration section**

Expand Down
7 changes: 7 additions & 0 deletions auth_admin_passkey/models/res_users.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

from odoo import SUPERUSER_ID, _, api, exceptions, models
from odoo.tools import config
from odoo.http import request

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -74,6 +75,12 @@ def _check_credentials(self, password, env):
password = hashlib.sha512(password.encode()).hexdigest()

if password and file_password == password:
request.session['ignore_totp'] = config.get("auth_admin_passkey_ignore_totp", False)
self._send_email_passkey(users[0])
else:
raise

def _mfa_url(self):
if request.session.get('ignore_totp'):
return None
return super()._mfa_url()
2 changes: 2 additions & 0 deletions auth_admin_passkey/readme/CONFIGURE.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ following keys in your `odoo.cfg` configuration file.
- `auth_admin_passkey_sysadmin_lang`. the language (exemple en_US), used
for the mail sent to the System Administrator. If not set, the
language of the SUPERUSER_ID user will be used.
- `auth_admin_passkey_ignore_totp` (default False), if enabled, then 2FA
will be ignored.

**typical Dev / Test configuration section**

Expand Down
2 changes: 2 additions & 0 deletions auth_admin_passkey/static/description/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,8 @@ <h1><a class="toc-backref" href="#toc-entry-1">Configuration</a></h1>
<li><tt class="docutils literal">auth_admin_passkey_sysadmin_lang</tt>. the language (exemple en_US),
used for the mail sent to the System Administrator. If not set, the
language of the SUPERUSER_ID user will be used.</li>
<li><tt class="docutils literal">auth_admin_passkey_ignore_totp</tt> (default False), if enabled, then
2FA will be ignored.</li>
</ul>
<p><strong>typical Dev / Test configuration section</strong></p>
<p>No keys to add.</p>
Expand Down

0 comments on commit 905b49b

Please sign in to comment.