[IMP] password_security: use ir.config_parameter

Replace fields on res.company by ir.config_parameter
Remove dead test for v16 migration script

Author: alexis-via

password_security/__init__.py

@@ -1,4 +1,5 @@
 # Copyright 2015 LasLabs Inc.
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
 
+from .post_install import init_config_parameters
 from . import controllers, models

password_security/__manifest__.py

@@ -5,7 +5,7 @@
 {
     "name": "Password Security",
     "summary": "Allow admin to set password security requirements.",
-    "version": "17.0.1.0.0",
+    "version": "17.0.2.0.0",
     "author": "LasLabs, "
     "Onestein, "
     "Kaushal Prajapati, "
@@ -28,5 +28,6 @@
     "demo": [
         "demo/res_users.xml",
     ],
+    "post_init_hook": "init_config_parameters",
     "installable": True,
 }

password_security/controllers/main.py

@@ -42,7 +42,8 @@ def web_login(self, *args, **kw):
 
     @http.route()
     def web_auth_signup(self, *args, **kw):
-        """Try to catch all the possible exceptions not already handled in the parent method"""
+        """Try to catch all the possible exceptions not already handled
+        in the parent method"""
 
         try:
             qcontext = self.get_auth_signup_qcontext()

password_security/migrations/17.0.2.0.0/post-migration.py

@@ -0,0 +1,27 @@
+# Copyright 2024 Akretion France (http://www.akretion.com/)
+# @author: Alexis de Lattre <[email protected]>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from openupgradelib import openupgrade
+
+
+@openupgrade.migrate()
+def migrate(env, version):
+    env.cr.execute(
+        f"SELECT {openupgrade.get_legacy_name('password_expiration')}, "
+        f"{openupgrade.get_legacy_name('password_minimum')}, "
+        f"{openupgrade.get_legacy_name('password_history')}, "
+        f"{openupgrade.get_legacy_name('password_lower')}, "
+        f"{openupgrade.get_legacy_name('password_upper')}, "
+        f"{openupgrade.get_legacy_name('password_numeric')}, "
+        f"{openupgrade.get_legacy_name('password_special')} "
+        "FROM res_company ORDER BY id LIMIT 1"
+    )
+    res = env.cr.fetchone()
+    env["ir.config_parameter"].set_param("password_security.expiration_days", res[0])
+    env["ir.config_parameter"].set_param("password_security.minimum_hours", res[1])
+    env["ir.config_parameter"].set_param("password_security.history", res[2])
+    env["ir.config_parameter"].set_param("password_security.lower", res[3])
+    env["ir.config_parameter"].set_param("password_security.upper", res[4])
+    env["ir.config_parameter"].set_param("password_security.numeric", res[5])
+    env["ir.config_parameter"].set_param("password_security.special", res[6])

password_security/migrations/17.0.2.0.0/pre-migration.py

@@ -0,0 +1,57 @@
+# Copyright 2024 Akretion France (http://www.akretion.com/)
+# @author: Alexis de Lattre <[email protected]>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+
+from openupgradelib import openupgrade
+
+
+@openupgrade.migrate()
+def migrate(env, version):
+    openupgrade.rename_fields(
+        env,
+        [
+            (
+                "res.company",
+                "res_company",
+                "password_expiration",
+                openupgrade.get_legacy_name("password_expiration"),
+            ),
+            (
+                "res.company",
+                "res_company",
+                "password_lower",
+                openupgrade.get_legacy_name("password_lower"),
+            ),
+            (
+                "res.company",
+                "res_company",
+                "password_upper",
+                openupgrade.get_legacy_name("password_upper"),
+            ),
+            (
+                "res.company",
+                "res_company",
+                "password_numeric",
+                openupgrade.get_legacy_name("password_numeric"),
+            ),
+            (
+                "res.company",
+                "res_company",
+                "password_special",
+                openupgrade.get_legacy_name("password_special"),
+            ),
+            (
+                "res.company",
+                "res_company",
+                "password_history",
+                openupgrade.get_legacy_name("password_history"),
+            ),
+            (
+                "res.company",
+                "res_company",
+                "password_minimum",
+                openupgrade.get_legacy_name("password_minimum"),
+            ),
+        ],
+    )

password_security/models/__init__.py

@@ -1,7 +1,6 @@
 # Copyright 2015 LasLabs Inc.
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
 
-from . import res_company
 from . import res_config_settings
 from . import res_users
 from . import res_users_pass_history

password_security/models/res_company.py

@@ -6,20 +6,59 @@
 class ResConfigSettings(models.TransientModel):
     _inherit = "res.config.settings"
 
+    # Imagine that the ir.config_parameter password_security.numeric has
+    # a default value of 1. If the user sets the value to 0 on the config page,
+    # the ir.config_parameter is deleted... but when the ir.config_parameter is not
+    # present in the database, Odoo displays the default value
+    # on the config page => Odoo displays 1 !
+    # So, when the users sets the value of 0 on the config page, he will see 1
+    # after saving the page !!!
+    # If the default value is 0 (like auth_password_policy.minlength in the
+    # module auth_password_policy of the official addons), there is no problem.
+    # So the solution to avoid this problem and have a non-null default value:
+    # 1) define the ir.config_parameter fields on res.config.settings with default=0
+    # 2) initialize the ir.config_parameter with a default value in the init script
+    # So the default value of the fields below are written in post_install.py
     password_expiration = fields.Integer(
-        related="company_id.password_expiration", readonly=False
+        string="Days",
+        default=0,
+        config_parameter="password_security.expiration_days",
+        help="How many days until passwords expire",
     )
     password_minimum = fields.Integer(
-        related="company_id.password_minimum", readonly=False
+        string="Minimum Hours",
+        default=0,
+        config_parameter="password_security.minimum_hours",
+        help="Number of hours until a user may change password again",
     )
     password_history = fields.Integer(
-        related="company_id.password_history", readonly=False
+        string="History",
+        default=0,
+        config_parameter="password_security.history",
+        help="Disallow reuse of this many previous passwords - use negative "
+        "number for infinite, or 0 to disable",
+    )
+    password_lower = fields.Integer(
+        string="Lowercase",
+        default=0,
+        config_parameter="password_security.lower",
+        help="Require number of lowercase letters",
+    )
+    password_upper = fields.Integer(
+        string="Uppercase",
+        default=0,
+        config_parameter="password_security.upper",
+        help="Require number of uppercase letters",
     )
-    password_lower = fields.Integer(related="company_id.password_lower", readonly=False)
-    password_upper = fields.Integer(related="company_id.password_upper", readonly=False)
     password_numeric = fields.Integer(
-        related="company_id.password_numeric", readonly=False
+        string="Numeric",
+        default=0,
+        config_parameter="password_security.numeric",
+        help="Require number of numeric digits",
     )
     password_special = fields.Integer(
-        related="company_id.password_special", readonly=False
+        string="Special",
+        default=0,
+        config_parameter="password_security.special",
+        help="Require number of unique special characters",
     )