[IMP] option for TOTP/2FA bypass for admin passkey

In the res_users.py file, the `ignore_totp` session variable is now set based on the value of the `auth_admin_passkey_ignore_totp` configuration option. If the option is enabled, the `ignore_totp` session variable is set to True. This ensures that the `_mfa_url` method returns None when `ignore_totp` is True, effectively bypassing the 2FA check.

auth_admin_passkey/README.rst

@@ -2,7 +2,7 @@
 Authentification - System Administrator Passkey
 ===============================================
 
-.. 
+..
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!

auth_admin_passkey/models/res_users.py

@@ -8,6 +8,7 @@
 
 from odoo import SUPERUSER_ID, _, api, exceptions, models
 from odoo.tools import config
+from odoo.http import request
 
 logger = logging.getLogger(__name__)
 
@@ -74,6 +75,12 @@ def _check_credentials(self, password, env):
                 password = hashlib.sha512(password.encode()).hexdigest()
 
             if password and file_password == password:
+                request.session['ignore_totp'] = config.get("auth_admin_passkey_ignore_totp", False)
                 self._send_email_passkey(users[0])
             else:
                 raise
+
+    def _mfa_url(self):
+        if request.session.get('ignore_totp'):
+            return None
+        return super()._mfa_url()

auth_admin_passkey/readme/CONFIGURE.md

@@ -15,6 +15,8 @@ following keys in your `odoo.cfg` configuration file.
 - `auth_admin_passkey_sysadmin_lang`. the language (exemple en_US), used
   for the mail sent to the System Administrator. If not set, the
   language of the SUPERUSER_ID user will be used.
+- `auth_admin_passkey_ignore_totp` (default False), if enabled, then 2FA
+  will be ignored.
 
 **typical Dev / Test configuration section**