Browse Source

[FIX] auth_totp: Permissions fix and other tweaks

* Slightly reword README
* Replace LasLabs logo with OCA one
* Overload _build_model in res.users model to add two MFA fields to the model
class's list of self-writeable fields, allowing these fields to be edited by
users without admin permissions for their own record
* Update view_users_form_simple_modif and the unit tests in the module based
on the self-writeable field change
pull/703/head
Oleg Bulkin 8 years ago
parent
commit
7c6d27e1ff
  1. 6
      auth_totp/README.rst
  2. 6
      auth_totp/models/res_users.py
  3. BIN
      auth_totp/static/description/icon.png
  4. 6
      auth_totp/tests/test_res_users.py
  5. 4
      auth_totp/views/res_users.xml

6
auth_totp/README.rst

@ -2,9 +2,9 @@
:target: http://www.gnu.org/licenses/lgpl.html
:alt: License: LGPL-3
===========
MFA Support
===========
====================
MFA Support via TOTP
====================
This module adds support for MFA using TOTP (time-based, one-time passwords).
It allows users to enable/disable MFA and manage authentication apps/devices

6
auth_totp/models/res_users.py

@ -13,6 +13,12 @@ from ..exceptions import MfaTokenInvalidError, MfaTokenExpiredError
class ResUsers(models.Model):
_inherit = 'res.users'
@classmethod
def _build_model(cls, pool, cr):
ModelCls = super(ResUsers, cls)._build_model(pool, cr)
ModelCls.SELF_WRITEABLE_FIELDS += ['mfa_enabled', 'authenticator_ids']
return ModelCls
mfa_enabled = fields.Boolean(string='MFA Enabled?')
authenticator_ids = fields.One2many(
comodel_name='res.users.authenticator',

BIN
auth_totp/static/description/icon.png

Before

Width: 600  |  Height: 518  |  Size: 10 KiB

After

Width: 128  |  Height: 128  |  Size: 9.2 KiB

6
auth_totp/tests/test_res_users.py

@ -27,6 +27,12 @@ class TestResUsers(TransactionCase):
self.test_user.authenticator_ids = False
self.env.uid = self.test_user.id
def test_build_model_mfa_fields_in_self_writeable_list(self):
'''Should add MFA fields to list of fields users can modify for self'''
ResUsersClass = type(self.test_user)
self.assertIn('mfa_enabled', ResUsersClass.SELF_WRITEABLE_FIELDS)
self.assertIn('authenticator_ids', ResUsersClass.SELF_WRITEABLE_FIELDS)
def test_check_enabled_with_authenticator_mfa_no_auth(self):
'''Should raise correct error if MFA enabled without authenticators'''
with self.assertRaisesRegexp(ValidationError, 'locked out'):

4
auth_totp/views/res_users.xml

@ -16,9 +16,9 @@
<div colspan="8" class="oe_mb8">
<span>Note: Please add at least one authentication app/device before enabling MFA.</span>
</div>
<field name="mfa_enabled"/>
<field name="mfa_enabled" readonly="0"/>
<newline/>
<field name="authenticator_ids" widget="many2many_tags" options="{'no_create': True}" colspan="7"/>
<field name="authenticator_ids" widget="many2many_tags" options="{'no_create': True}" colspan="7" readonly="0"/>
<button string="Add New App/Device" type="action" name="%(res_users_authenticator_create_action)d" colspan="1"/>
</group>
</xpath>

Loading…
Cancel
Save