[FIX] auth_totp: Permissions fix and other tweaks

* Slightly reword README * Replace LasLabs logo with OCA one * Overload _build_model in res.users model to add two MFA fields to the model class's list of self-writeable fields, allowing these fields to be edited by users without admin permissions for their own record * Update view_users_form_simple_modif and the unit tests in the module based on the self-writeable field change
7 years ago · 7c6d27e1ff
5 changed files with 17 additions and 5 deletions
--- a/auth_totp/README.rst
+++ b/auth_totp/README.rst
@ -2,9 +2,9 @@
   :target: http://www.gnu.org/licenses/lgpl.html
   :alt: License: LGPL-3

-===========
-MFA Support
-===========
+====================
+MFA Support via TOTP
+====================

 This module adds support for MFA using TOTP (time-based, one-time passwords). 
 It allows users to enable/disable MFA and manage authentication apps/devices 
--- a/auth_totp/models/res_users.py
+++ b/auth_totp/models/res_users.py
@ -13,6 +13,12 @@ from ..exceptions import MfaTokenInvalidError, MfaTokenExpiredError
 class ResUsers(models.Model):
    _inherit = 'res.users'

+    @classmethod
+    def _build_model(cls, pool, cr):
+        ModelCls = super(ResUsers, cls)._build_model(pool, cr)
+        ModelCls.SELF_WRITEABLE_FIELDS += ['mfa_enabled', 'authenticator_ids']
+        return ModelCls
+
    mfa_enabled = fields.Boolean(string='MFA Enabled?')
    authenticator_ids = fields.One2many(
        comodel_name='res.users.authenticator',
--- a/auth_totp/static/description/icon.png
+++ b/auth_totp/static/description/icon.png
--- a/auth_totp/tests/test_res_users.py
+++ b/auth_totp/tests/test_res_users.py
@ -27,6 +27,12 @@ class TestResUsers(TransactionCase):
        self.test_user.authenticator_ids = False
        self.env.uid = self.test_user.id

+    def test_build_model_mfa_fields_in_self_writeable_list(self):
+        '''Should add MFA fields to list of fields users can modify for self'''
+        ResUsersClass = type(self.test_user)
+        self.assertIn('mfa_enabled', ResUsersClass.SELF_WRITEABLE_FIELDS)
+        self.assertIn('authenticator_ids', ResUsersClass.SELF_WRITEABLE_FIELDS)
+
    def test_check_enabled_with_authenticator_mfa_no_auth(self):
        '''Should raise correct error if MFA enabled without authenticators'''
        with self.assertRaisesRegexp(ValidationError, 'locked out'):
--- a/auth_totp/views/res_users.xml
+++ b/auth_totp/views/res_users.xml
@ -16,9 +16,9 @@
                    <div colspan="8" class="oe_mb8">
                        <span>Note: Please add at least one authentication app/device before enabling MFA.</span>
                    </div>
-                    <field name="mfa_enabled"/>
+                    <field name="mfa_enabled" readonly="0"/>
                    <newline/>
-                    <field name="authenticator_ids" widget="many2many_tags" options="{'no_create': True}" colspan="7"/>
+                    <field name="authenticator_ids" widget="many2many_tags" options="{'no_create': True}" colspan="7" readonly="0"/>
                    <button string="Add New App/Device" type="action" name="%(res_users_authenticator_create_action)d" colspan="1"/>
                </group>
            </xpath>