[17.0][PW] auth_api_key: Port from 14.0

auth_api_key/__manifest__.py

@@ -9,6 +9,11 @@
     "license": "LGPL-3",
     "author": "ACSONE SA/NV,Odoo Community Association (OCA)",
     "website": "https://github.com/OCA/server-auth",
-    "development_status": "Beta",
-    "data": ["security/ir.model.access.csv", "views/auth_api_key.xml"],
+    "development_status": "Production/Stable",
+    "depends": ["base_setup"],
+    "data": [
+        "security/ir.model.access.csv",
+        "views/auth_api_key.xml",
+        "views/res_config_settings.xml",
+    ],
 }

auth_api_key/models/__init__.py

@@ -1,2 +1,4 @@
 from . import ir_http
 from . import auth_api_key
+from . import res_company
+from . import res_config_settings

auth_api_key/models/auth_api_key.py

@@ -23,6 +23,11 @@ class AuthApiKey(models.Model):
         help="""The user used to process the requests authenticated by
         the api key""",
     )
+    # Not using related to stay backward compatible with having active keys
+    # for archived users (no need being invoiced by Odoo for api request users)
+    active = fields.Boolean(
+        compute="_compute_active", readonly=False, store=True, default=True
+    )
 
     _sql_constraints = [("name_uniq", "unique(name)", "Api Key name must be unique.")]
 
@@ -48,6 +53,17 @@ def _retrieve_uid_from_api_key(self, key):
     def _clear_key_cache(self):
         self.env.registry.clear_cache()
 
+    @api.depends(
+        "user_id.active", "user_id.company_id.archived_user_disable_auth_api_key"
+    )
+    def _compute_active(self):
+        option_disable_key = self.user_id.company_id.archived_user_disable_auth_api_key
+        for record in self:
+            if option_disable_key:
+                record.active = record.user_id.active
+            # To stay coherent if the option is disabled the active field is not
+            # changed. Because the field is stored, it should not be an issue.
+
     @api.model_create_multi
     def create(self, vals_list):
         records = super().create(vals_list)

auth_api_key/models/res_company.py

@@ -0,0 +1,17 @@
+# Copyright 2023 Camptocamp SA
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
+
+from odoo import fields, models
+
+
+class ResCompany(models.Model):
+    _inherit = "res.company"
+
+    archived_user_disable_auth_api_key = fields.Boolean(
+        string="Disable API key for archived user",
+        help=(
+            "If checked, when a user is archived/unactivated the same change is "
+            "propagated to his related api key. It is not retroactive (nothing is done "
+            " when enabling/disabling this option)."
+        ),
+    )

auth_api_key/models/res_config_settings.py

@@ -0,0 +1,12 @@
+# Copyright 2023 Camptocamp SA
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
+
+from odoo import fields, models
+
+
+class ResConfigSettings(models.TransientModel):
+    _inherit = "res.config.settings"
+
+    archived_user_disable_auth_api_key = fields.Boolean(
+        related="company_id.archived_user_disable_auth_api_key", readonly=False
+    )

auth_api_key/tests/test_auth_api_key.py

@@ -43,3 +43,28 @@ def test_cache_invalidation(self):
         )
         with self.assertRaises(ValidationError):
             self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key")
+
+    def test_user_archived_unarchived_with_option_on(self):
+        self.env.company.archived_user_disable_auth_api_key = True
+        demo_user = self.env.ref("base.user_demo")
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )
+        demo_user.active = False
+        with self.assertRaises(ValidationError):
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key")
+        demo_user.active = True
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )
+
+    def test_user_archived_unarchived_with_option_off(self):
+        self.env.company.archived_user_disable_auth_api_key = False
+        demo_user = self.env.ref("base.user_demo")
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )
+        demo_user.active = False
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )

auth_api_key/views/auth_api_key.xml

@@ -6,15 +6,22 @@
         <field name="name">auth.api.key.form (in auth_api_key)</field>
         <field name="model">auth.api.key</field>
         <field name="arch" type="xml">
-            <form create="false" edit="false">
+            <form>
                 <sheet>
+                  <field name="active" invisible="1" />
+                  <widget
+                        name="web_ribbon"
+                        title="Archived"
+                        bg_color="bg-danger"
+                        invisible="active"
+                    />
                     <label for="name" class="oe_edit_only" />
                     <h1>
                         <field name="name" class="oe_inline" />
                     </h1>
                     <group name="config" colspan="4" col="4">
                         <field name="user_id" colspan="4" />
-                        <field name="key" colspan="4" />
+                        <field name="key" colspan="4" password="True" />
                     </group>
                 </sheet>
             </form>

auth_api_key/views/res_config_settings.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- Copyright 2023 Camptocamp SA
+     License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
+<odoo>
+
+  <record id="res_config_settings_view_form" model="ir.ui.view">
+    <field name="name">res.config.settings.form.inherit</field>
+    <field name="model">res.config.settings</field>
+    <field name="inherit_id" ref="base_setup.res_config_settings_view_form" />
+    <field name="arch" type="xml">
+      <xpath expr="//block[@id='user_default_rights']" position="inside">
+        <setting
+                    groups="base.group_no_one"
+                    id="api_key_archive_with_user"
+                    string="Disable API key when archiving user"
+                >
+          <field name="archived_user_disable_auth_api_key" />
+        </setting>
+
+      </xpath>
+
+    </field>
+  </record>
+
+</odoo>