From c51b4faf2221678fcd8001d885aac3b391629f9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Alix?= <sebastien.alix@camptocamp.com>
Date: Thu, 23 Mar 2023 15:11:40 +0100
Subject: [PATCH] fixup! fixup! [IMP] password_security: add flag to
 enable/disable password security policy

---
 password_security/models/res_users.py         | 15 ++++++++----
 .../tests/test_password_security_home.py      |  7 ++++++
 password_security/tests/test_res_users.py     |  4 ++--
 .../views/res_config_settings_views.xml       | 24 +++++++++----------
 4 files changed, 30 insertions(+), 20 deletions(-)

diff --git a/password_security/models/res_users.py b/password_security/models/res_users.py
index 732b50309b..787f488883 100644
--- a/password_security/models/res_users.py
+++ b/password_security/models/res_users.py
@@ -46,7 +46,7 @@ def create(self, vals):
         return super(ResUsers, self).create(vals)
 
     def write(self, vals):
-        if vals.get("password") and self.env.user.company_id.password_policy_enabled:
+        if vals.get("password"):
             self._check_password(vals["password"])
             vals["password_write_date"] = fields.Datetime.now()
         return super(ResUsers, self).write(vals)
@@ -70,13 +70,11 @@ def get_password_policy(self):
 
     def _check_password_policy(self, passwords):
         result = super(ResUsers, self)._check_password_policy(passwords)
-        company_id = self.env.user.company_id
 
         for password in passwords:
             if not password:
                 continue
-            if company_id.password_policy_enabled:
-                self._check_password(password)
+            self._check_password(password)
 
         return result
 
@@ -118,6 +116,8 @@ def password_match_message(self):
         return "\r".join(message)
 
     def _check_password(self, password):
+        if not self.env.user.company_id.password_policy_enabled:
+            return True
         self._check_password_rules(password)
         self._check_password_history(password)
         return True
@@ -147,6 +147,8 @@ def _check_password_rules(self, password):
 
     def _password_has_expired(self):
         self.ensure_one()
+        if not self.company_id.password_policy_enabled:
+            return False
         if not self.password_write_date:
             return True
 
@@ -169,6 +171,8 @@ def _validate_pass_reset(self):
         :return: True on allowed reset
         """
         for rec_id in self:
+            if not rec_id.company_id.password_policy_enabled:
+                continue
             pass_min = rec_id.company_id.password_minimum
             if pass_min <= 0:
                 pass
@@ -206,6 +210,7 @@ def _check_password_history(self, password):
     def _set_encrypted_password(self, uid, pw):
         """It saves password crypt history for history rules"""
         res = super(ResUsers, self)._set_encrypted_password(uid, pw)
-
+        if not self.env.user.company_id.password_policy_enabled:
+            return res
         self.write({"password_history_ids": [(0, 0, {"password_crypt": pw})]})
         return res
diff --git a/password_security/tests/test_password_security_home.py b/password_security/tests/test_password_security_home.py
index 65b7495418..7d1e9477b1 100644
--- a/password_security/tests/test_password_security_home.py
+++ b/password_security/tests/test_password_security_home.py
@@ -33,6 +33,8 @@ def __init__(self):
 class TestPasswordSecurityHome(TransactionCase):
     def setUp(self):
         super(TestPasswordSecurityHome, self).setUp()
+        self.main_comp = self.env.ref("base.main_company")
+        self.main_comp.password_policy_enabled = True
         self.PasswordSecurityHome = main.PasswordSecurityHome
         self.password_security_home = self.PasswordSecurityHome()
         self.passwd = "I am a password!"
@@ -219,6 +221,11 @@ def test_web_auth_reset_password_success(self):
 
 @mock.patch("odoo.http.WebRequest.validate_csrf", return_value=True)
 class LoginCase(HttpCase):
+    def setUp(self):
+        super(LoginCase, self).setUp()
+        self.main_comp = self.env.ref("base.main_company")
+        self.main_comp.password_policy_enabled = True
+
     def test_web_login_authenticate(self, *args):
         """It should allow authenticating by login"""
         response = self.url_open(
diff --git a/password_security/tests/test_res_users.py b/password_security/tests/test_res_users.py
index 11207467af..0de0ef3048 100644
--- a/password_security/tests/test_res_users.py
+++ b/password_security/tests/test_res_users.py
@@ -2,10 +2,10 @@
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
 
 from odoo.exceptions import UserError
-from odoo.tests.common import SavepointCase
+from odoo.tests.common import TransactionCase
 
 
-class TestResUsers(SavepointCase):
+class TestResUsers(TransactionCase):
     @classmethod
     def setUpClass(cls):
         super(TestResUsers, cls).setUpClass()
diff --git a/password_security/views/res_config_settings_views.xml b/password_security/views/res_config_settings_views.xml
index c90caf67e8..a1d01cec3d 100644
--- a/password_security/views/res_config_settings_views.xml
+++ b/password_security/views/res_config_settings_views.xml
@@ -18,20 +18,18 @@
             </xpath>
             <!-- Add our password policy fields -->
             <xpath expr="//div[@id='access_rights']" position="before">
-                <div class="col-12 col-lg-6 o_setting_box" title="Password Policy">
-                    <div class="o_setting_left_pane" />
+                <div
+                    class="col-12 col-lg-6 o_setting_box"
+                    id="password_policy"
+                    title="Password Policy"
+                >
+                    <div class="o_setting_left_pane">
+                        <field name="password_policy_enabled" />
+                    </div>
                     <div class="o_setting_right_pane">
-                        <label string="Password Policy" for="password_expiration" />
-                        <div class="content-group">
-                            <div class="mt16">
-                                <span>
-                                    Password policy enabled
-                                    <field
-                                        name="password_policy_enabled"
-                                        class="oe_inline"
-                                    />
-                                </span>
-                            </div>
+                        <label string="Password Policy" for="password_policy_enabled" />
+                        <div class="text-muted">
+                            Set password security requirements
                         </div>
                         <div
                             class="content-group"