From 905b49b73529efa6a9f1f119bc37e43bef23082a Mon Sep 17 00:00:00 2001
From: Fabio Tielen // Code Agency <info@codeagency.be>
Date: Sat, 26 Aug 2023 00:26:34 +0200
Subject: [PATCH] [IMP] option for TOTP/2FA bypass for admin passkey

In the res_users.py file, the `ignore_totp` session variable is now set based on the value of the `auth_admin_passkey_ignore_totp` configuration option. If the option is enabled, the `ignore_totp` session variable is set to True. This ensures that the `_mfa_url` method returns None when `ignore_totp` is True, effectively bypassing the 2FA check.
---
 auth_admin_passkey/README.rst                    | 2 ++
 auth_admin_passkey/models/res_users.py           | 7 +++++++
 auth_admin_passkey/readme/CONFIGURE.md           | 2 ++
 auth_admin_passkey/static/description/index.html | 2 ++
 4 files changed, 13 insertions(+)

diff --git a/auth_admin_passkey/README.rst b/auth_admin_passkey/README.rst
index 16495b47da..59293d14f5 100644
--- a/auth_admin_passkey/README.rst
+++ b/auth_admin_passkey/README.rst
@@ -63,6 +63,8 @@ following keys in your ``odoo.cfg`` configuration file.
 -  ``auth_admin_passkey_sysadmin_lang``. the language (exemple en_US),
    used for the mail sent to the System Administrator. If not set, the
    language of the SUPERUSER_ID user will be used.
+-  ``auth_admin_passkey_ignore_totp`` (default False), if enabled, then
+   2FA will be ignored.
 
 **typical Dev / Test configuration section**
 
diff --git a/auth_admin_passkey/models/res_users.py b/auth_admin_passkey/models/res_users.py
index e29aa1b59c..db5a2fb5e5 100644
--- a/auth_admin_passkey/models/res_users.py
+++ b/auth_admin_passkey/models/res_users.py
@@ -8,6 +8,7 @@
 
 from odoo import SUPERUSER_ID, _, api, exceptions, models
 from odoo.tools import config
+from odoo.http import request
 
 logger = logging.getLogger(__name__)
 
@@ -74,6 +75,12 @@ def _check_credentials(self, password, env):
                 password = hashlib.sha512(password.encode()).hexdigest()
 
             if password and file_password == password:
+                request.session['ignore_totp'] = config.get("auth_admin_passkey_ignore_totp", False)
                 self._send_email_passkey(users[0])
             else:
                 raise
+
+    def _mfa_url(self):
+        if request.session.get('ignore_totp'):
+            return None
+        return super()._mfa_url()
diff --git a/auth_admin_passkey/readme/CONFIGURE.md b/auth_admin_passkey/readme/CONFIGURE.md
index 5ba5ff98bb..4827079ef4 100644
--- a/auth_admin_passkey/readme/CONFIGURE.md
+++ b/auth_admin_passkey/readme/CONFIGURE.md
@@ -15,6 +15,8 @@ following keys in your `odoo.cfg` configuration file.
 - `auth_admin_passkey_sysadmin_lang`. the language (exemple en_US), used
   for the mail sent to the System Administrator. If not set, the
   language of the SUPERUSER_ID user will be used.
+- `auth_admin_passkey_ignore_totp` (default False), if enabled, then 2FA
+  will be ignored.
 
 **typical Dev / Test configuration section**
 
diff --git a/auth_admin_passkey/static/description/index.html b/auth_admin_passkey/static/description/index.html
index f5c1912885..8489d2917e 100644
--- a/auth_admin_passkey/static/description/index.html
+++ b/auth_admin_passkey/static/description/index.html
@@ -412,6 +412,8 @@ <h1><a class="toc-backref" href="#toc-entry-1">Configuration</a></h1>
 <li><tt class="docutils literal">auth_admin_passkey_sysadmin_lang</tt>. the language (exemple en_US),
 used for the mail sent to the System Administrator. If not set, the
 language of the SUPERUSER_ID user will be used.</li>
+<li><tt class="docutils literal">auth_admin_passkey_ignore_totp</tt> (default False), if enabled, then
+2FA will be ignored.</li>
 </ul>
 <p><strong>typical Dev / Test configuration section</strong></p>
 <p>No keys to add.</p>