16.0 mig auth sms

.github/workflows/pre-commit.yml

@@ -13,7 +13,7 @@ jobs:
   pre-commit:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-python@v2
         with:
           python-version: "3.11"

.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Detect unreleased dependencies
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - run: |
           for reqfile in requirements.txt test-requirements.txt ; do
               if [ -f ${reqfile} ] ; then
@@ -62,7 +62,7 @@ jobs:
       INCLUDE: "${{ matrix.include }}"
       EXCLUDE: "${{ matrix.exclude }}"
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           persist-credentials: false
       - name: Install addons and dependencies

README.md

@@ -31,20 +31,21 @@ addon | version | maintainers | summary
 [auth_ldaps](auth_ldaps/) | 16.0.1.0.0 |  | Allows to use LDAP over SSL authentication
 [auth_oauth_multi_token](auth_oauth_multi_token/) | 16.0.1.0.0 |  | Allow multiple connection with the same OAuth account
 [auth_oauth_ropc](auth_oauth_ropc/) | 16.0.1.0.0 |  | Allow to login with OAuth Resource Owner Password Credentials Grant
-[auth_oidc](auth_oidc/) | 16.0.1.2.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
+[auth_oidc](auth_oidc/) | 16.0.1.2.2 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
 [auth_oidc_environment](auth_oidc_environment/) | 16.0.1.0.0 |  | This module allows to use server env for OIDC configuration
 [auth_saml](auth_saml/) | 16.0.1.1.0 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
 [auth_session_timeout](auth_session_timeout/) | 16.0.1.0.0 |  | This module disable all inactive sessions since a given delay
 [auth_signup_verify_email](auth_signup_verify_email/) | 16.0.1.0.1 |  | Force uninvited users to use a good email for signup
 [auth_user_case_insensitive](auth_user_case_insensitive/) | 16.0.1.0.0 |  | Makes the user login field case insensitive
 [base_user_show_email](base_user_show_email/) | 16.0.1.0.0 |  | Untangle user login and email
-[password_security](password_security/) | 16.0.1.0.0 |  | Allow admin to set password security requirements.
+[impersonate_login](impersonate_login/) | 16.0.1.0.0 | [![Kev-Roche](https://github.com/Kev-Roche.png?size=30px)](https://github.com/Kev-Roche) | tools
+[password_security](password_security/) | 16.0.1.0.2 |  | Allow admin to set password security requirements.
 [user_log_view](user_log_view/) | 16.0.1.0.0 | [![trojikman](https://github.com/trojikman.png?size=30px)](https://github.com/trojikman) | Allow to see user's actions log
-[users_ldap_groups](users_ldap_groups/) | 16.0.1.0.0 |  | Adds user accounts to groups based on rules defined by the administrator.
+[users_ldap_groups](users_ldap_groups/) | 16.0.1.0.1 |  | Adds user accounts to groups based on rules defined by the administrator.
 [users_ldap_mail](users_ldap_mail/) | 16.0.1.0.0 | [![joao-p-marques](https://github.com/joao-p-marques.png?size=30px)](https://github.com/joao-p-marques) | LDAP mapping for user name and e-mail
 [users_ldap_populate](users_ldap_populate/) | 16.0.1.0.0 | [![joao-p-marques](https://github.com/joao-p-marques.png?size=30px)](https://github.com/joao-p-marques) | LDAP Populate
 [vault](vault/) | 16.0.1.0.3 |  | Password vault integration in Odoo
-[vault_share](vault_share/) | 16.0.1.0.0 |  | Implementation of a mechanism to share secrets
+[vault_share](vault_share/) | 16.0.1.0.1 |  | Implementation of a mechanism to share secrets
 
 [//]: # (end addons)
 

auth_api_key/i18n/it.po

@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 15.0\n"
 "Report-Msgid-Bugs-To: \n"
-"PO-Revision-Date: 2024-07-18 06:52+0000\n"
+"PO-Revision-Date: 2024-08-17 18:58+0000\n"
 "Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
@@ -40,7 +40,7 @@ msgstr "Creato da"
 #. module: auth_api_key
 #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_date
 msgid "Created on"
-msgstr "Creata il"
+msgstr "Creato il"
 
 #. module: auth_api_key
 #: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__display_name

auth_oauth_ropc/i18n/it.po

@@ -6,15 +6,15 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 16.0\n"
 "Report-Msgid-Bugs-To: \n"
-"PO-Revision-Date: 2024-01-05 10:34+0000\n"
+"PO-Revision-Date: 2024-10-29 12:06+0000\n"
 "Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 4.17\n"
+"X-Generator: Weblate 5.6.2\n"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__active
@@ -29,7 +29,7 @@ msgstr "URL autorizzazione"
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__client_id
 msgid "Client ID"
-msgstr "ID client"
+msgstr "ID cliente"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__client_secret

auth_oidc/README.rst

@@ -7,7 +7,7 @@ Authentication OpenID Connect
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:0fa6d13be474eeb0ba5716895f4fc42ded1b84285279efbe29a476cead7e5565
+   !! source digest: sha256:f94abf0fc8ee2d5c9fde9f36b0b3ece7a612d0e4338f01a71b5e8fc0d1be0f72
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
@@ -79,14 +79,14 @@ companies can use their AzureAD login without an guest account.
 -  Client ID: Application (client) id
 -  Client Secret: Client secret
 -  Allowed: yes
+-  replace {tenant_id} in urls with your Azure tenant id
 
 or
 
 -  Provider Name: Azure AD Multitenant
 -  Client ID: Application (client) id
 -  Client Secret: Client secret
 -  Allowed: yes
--  replace {tenant_id} in urls with your Azure tenant id
 
 |image2|
 
@@ -112,6 +112,9 @@ In Odoo, create a new Oauth Provider with the following parameters:
 -  Provider name: Keycloak (or any name you like that identify your
    keycloak provider)
 -  Auth Flow: OpenID Connect (authorization code flow)
+-  Token Map : many options are possible like
+   ``preferred_username:user_id`` or ``email:user_id`` . This can be
+   combined
 -  Client ID: the same Client ID you entered when configuring the client
    in Keycloak
 -  Client Secret: found in keycloak on the client Credentials tab

auth_oidc/__manifest__.py

@@ -4,7 +4,7 @@
 
 {
     "name": "Authentication OpenID Connect",
-    "version": "16.0.1.2.0",
+    "version": "16.0.1.2.2",
     "license": "AGPL-3",
     "author": (
         "ICTSTUDIO, André Schenkels, "

auth_oidc/readme/CONFIGURE.md

@@ -27,14 +27,14 @@ companies can use their AzureAD login without an guest account.
 - Client ID: Application (client) id
 - Client Secret: Client secret
 - Allowed: yes
+- replace {tenant_id} in urls with your Azure tenant id
 
 or
 
 - Provider Name: Azure AD Multitenant
 - Client ID: Application (client) id
 - Client Secret: Client secret
 - Allowed: yes
-- replace {tenant_id} in urls with your Azure tenant id
 
 ![image](../static/description/odoo-azure_ad_multitenant.png)
 
@@ -61,6 +61,8 @@ In Odoo, create a new Oauth Provider with the following parameters:
 - Provider name: Keycloak (or any name you like that identify your
   keycloak provider)
 - Auth Flow: OpenID Connect (authorization code flow)
+- Token Map : many options are possible like `preferred_username:user_id` or
+  `email:user_id` . This can be combined
 - Client ID: the same Client ID you entered when configuring the client
   in Keycloak
 - Client Secret: found in keycloak on the client Credentials tab

auth_oidc/static/description/index.html

@@ -8,10 +8,11 @@
 
 /*
 :Author: David Goodger (goodger@python.org)
-:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
+:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
 :Copyright: This stylesheet has been placed in the public domain.
 
 Default cascading style sheet for the HTML output of Docutils.
+Despite the name, some widely supported CSS2 features are used.
 
 See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
 customize this style sheet.
@@ -274,7 +275,7 @@
   margin-left: 2em ;
   margin-right: 2em }
 
-pre.code .ln { color: grey; } /* line numbers */
+pre.code .ln { color: gray; } /* line numbers */
 pre.code, code { background-color: #eeeeee }
 pre.code .comment, code .comment { color: #5C6576 }
 pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
@@ -300,7 +301,7 @@
 span.pre {
   white-space: pre }
 
-span.problematic {
+span.problematic, pre.problematic {
   color: red }
 
 span.section-subtitle {
@@ -366,7 +367,7 @@ <h1 class="title">Authentication OpenID Connect</h1>
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:0fa6d13be474eeb0ba5716895f4fc42ded1b84285279efbe29a476cead7e5565
+!! source digest: sha256:f94abf0fc8ee2d5c9fde9f36b0b3ece7a612d0e4338f01a71b5e8fc0d1be0f72
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
 <p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/16.0/auth_oidc"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_oidc"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>This module allows users to login through an OpenID Connect provider
@@ -437,14 +438,14 @@ <h2><a class="toc-backref" href="#toc-entry-3">Setup for Microsoft Azure</a></h2
 <li>Client ID: Application (client) id</li>
 <li>Client Secret: Client secret</li>
 <li>Allowed: yes</li>
+<li>replace {tenant_id} in urls with your Azure tenant id</li>
 </ul>
 <p>or</p>
 <ul class="simple">
 <li>Provider Name: Azure AD Multitenant</li>
 <li>Client ID: Application (client) id</li>
 <li>Client Secret: Client secret</li>
 <li>Allowed: yes</li>
-<li>replace {tenant_id} in urls with your Azure tenant id</li>
 </ul>
 <p><img alt="image2" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/odoo-azure_ad_multitenant.png" /></p>
 <ul class="simple">
@@ -469,6 +470,9 @@ <h2><a class="toc-backref" href="#toc-entry-4">Setup for Keycloak</a></h2>
 <li>Provider name: Keycloak (or any name you like that identify your
 keycloak provider)</li>
 <li>Auth Flow: OpenID Connect (authorization code flow)</li>
+<li>Token Map : many options are possible like
+<tt class="docutils literal">preferred_username:user_id</tt> or <tt class="docutils literal">email:user_id</tt> . This can be
+combined</li>
 <li>Client ID: the same Client ID you entered when configuring the client
 in Keycloak</li>
 <li>Client Secret: found in keycloak on the client Credentials tab</li>
@@ -579,7 +583,9 @@ <h2><a class="toc-backref" href="#toc-entry-19">Contributors</a></h2>
 <div class="section" id="maintainers">
 <h2><a class="toc-backref" href="#toc-entry-20">Maintainers</a></h2>
 <p>This module is maintained by the OCA.</p>
-<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<a class="reference external image-reference" href="https://odoo-community.org">
+<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
+</a>
 <p>OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.</p>

auth_saml/views/auth_saml.xml

@@ -21,7 +21,10 @@
     </template>
     <template id="auth_saml.login" inherit_id="web.login" name="Samlv2 Login buttons">
         <xpath expr="//form" position="before">
-            <t t-set="form_small" t-value="len(saml_providers) &gt; 2" />
+            <t
+                t-set="form_small"
+                t-value="saml_providers and len(saml_providers) &gt; 2 or False"
+            />
         </xpath>
         <xpath expr="//div[hasclass('o_login_auth')]" position="inside">
             <t t-call="auth_saml.providers" />

auth_sms/README.rst

@@ -0,0 +1,132 @@
+=================================
+Two factor authentication via SMS
+=================================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:744503b1e32edd0f7f70943a95a2bfff0489985e29584afa7934b48853b943dd
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/16.0/auth_sms
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_sms
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module allows you to use SMS as second factor for user authentication.
+
+While SMS is not the most secure way of delivering a secret, it's still safer
+than no multi factor authentication at all.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+#. Go to Settings/Technical/SMS providers and configure a provider.
+   While you can configure multiple ones, the addon will always pick the
+   topmost active provider for authorization.
+#. On a user, enable the `Use SMS verification` checkbox
+
+The addon understands the following configuration parameters:
+
+   auth_sms.code_chars
+      The characters used to generate a code. Default is generated from
+      Python's string.ascii_letters + string.digits.
+
+      You can repeat characters here to make some more or less probable to be
+      used.
+
+   auth_sms.code_length
+      The length of a code to be sent to the user via SMS. Default is 8.
+
+   auth_sms.rate_limit_limit, auth_sms.rate_limit_hours
+      The amount of sms to send for one user within a certain amount of time.
+      Default is to send at most 10 SMS within 24 hours.
+
+Usage
+=====
+
+After a user has filled in the correct credentials, she will be taken to a second form where she's asked for the code that has been sent via SMS.
+
+Known issues / Roadmap
+======================
+
+* add a config wizard to configure parameters
+* add a button to send another code
+* make SMS codes time out (currently they live as long as the session they were
+  generated for)
+* make being able to turn on 2FA depend on some security group
+* create some auth_mfa_code module and move a lot of code there to have a
+  common base for all MFA modules that generate some extra code to fill in
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_sms%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Therp BV
+
+Contributors
+~~~~~~~~~~~~
+
+* Holger Brunn <hbrunn@therp.nl>
+
+Other credits
+~~~~~~~~~~~~~
+
+* Odoo Community Association: `Icon <https://github.com/OCA/maintainer-tools/blob/master/template/module/static/description/icon.svg>`_.
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-NL66278| image:: https://github.com/NL66278.png?size=40px
+    :target: https://github.com/NL66278
+    :alt: NL66278
+
+Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-NL66278| 
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/auth_sms>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_sms/__init__.py

@@ -0,0 +1,4 @@
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
+from . import models
+from . import controllers
+from . import exceptions