[18.0][MIG] auth_brute_force: Migration to 18.0 #870
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To fix OCA/server-tools#1125 I needed to refactor the addon. To whitelist IPs now you use a config parameter, which renders res.banned.remote model unneeded. The fix is affected by odoo/odoo#24183 and will not work until it gets fixed upstream due to the technical limitations implied.
- The `whitelisted` field needs to exist in view to be usable. - The correct class is `decoration-danger` for tree views.
…#1251) Include HACK for odoo/odoo#24833, which explains the false positive problem we were having here: an addon being importable doesn't mean it is installed.
- Remove Python coding headers. - Remove v10 migration scripts. - Standard py2-py3 changes. - Do not encode POST data in tests, Odoo now uses `requests` for `HttpCase` connections.
…s#1258) In Odoo v9, every request calls `res.users.check()`, which stores one authentication attempt per request, which is false. Besides, it easily leads to hitting ip-api.com rate limits, so now that API is only asked when seeing in form view (simply by setting the computed field as not stored). Also, form view was hidden, so it's now visible.
By implementing nestable savepoints in the TestCursor (courtesy of Holger Brunn), the failed login attempts are preserved during the test.
Currently translated at 62.5% (15 of 24 strings) Translation: server-auth-11.0/server-auth-11.0-auth_brute_force Translate-URL: https://translation.odoo-community.org/projects/server-auth-11-0/server-auth-11-0-auth_brute_force/it/
Currently translated at 62.5% (15 of 24 strings) Translation: server-auth-11.0/server-auth-11.0-auth_brute_force Translate-URL: https://translation.odoo-community.org/projects/server-auth-11-0/server-auth-11-0-auth_brute_force/it/
Currently translated at 62.5% (15 of 24 strings) Translation: server-auth-11.0/server-auth-11.0-auth_brute_force Translate-URL: https://translation.odoo-community.org/projects/server-auth-11-0/server-auth-11-0-auth_brute_force/it/
jans23
force-pushed
the
18.0-mig-auth_brute_force
branch
from
cfc5b23 to
290649d
Compare
Contributor
legalsylvain
left a comment
legalsylvain
left a comment
There was a problem hiding this comment.
Hi. Thanks for porting this module !
Could you create readme fragments in a new folder readme ? (as per other OCA modules ? )
thanks !
Otherwise, LGTM. Code review / no test.
jans23
force-pushed
the
18.0-mig-auth_brute_force
branch
from
290649d to
14bdfd0
Compare
|
I added "readme" fragments as requested. |
auth_brute_force/readme/ROADMAP.md
Outdated
| @@ -0,0 +1,12 @@ | |||
| * Remove 🐒 patch for https://github.com/odoo/odoo/issues/24183 in v12. | |||
Contributor
There was a problem hiding this comment.
Do you think if this roadmap section is still valid ?or obsolete ?
Contributor
There was a problem hiding this comment.
(you removed the according code in the python file)
Comment on lines
13
to
22
| def strtobool(val): | ||
| val = str(val).strip().lower() | ||
| if val in ("y", "yes", "true", "t", "1", "on"): | ||
| return True | ||
| elif val in ("n", "no", "false", "f", "0", "off"): | ||
| return False | ||
| else: | ||
| raise ValueError(f"Invalid truth value: {val}") | ||
|
|
||
|
|
Contributor
There was a problem hiding this comment.
odoo removed this function. I think we can remove it also.
correct value are True or False.
| check_remote = strtobool( | ||
| self.env["ir.config_parameter"] | ||
| .sudo() | ||
| .get_param("auth_brute_force.check_remote", "True") |
Contributor
There was a problem hiding this comment.
.get_param("auth_brute_force.check_remote", "True")
->
.get_param("auth_brute_force.check_remote", True)
auth_brute_force/readme/ROADMAP.md
Outdated
| @@ -0,0 +1,12 @@ | |||
| * Remove 🐒 patch for https://github.com/odoo/odoo/issues/24183 in v12. | |||
Contributor
There was a problem hiding this comment.
(you removed the according code in the python file)
auth_brute_force/models/res_users.py
Outdated
|
|
||
| @classmethod | ||
| def authenticate(cls, db, login, password, user_agent_env): | ||
| def authenticate(cls, db, password, user_agent_env): |
Contributor
There was a problem hiding this comment.
The V18 signature is
def authenticate(cls, db, credential, user_agent_env):
auth_brute_force/models/res_users.py
Outdated
| # Override all auth-related core methods | ||
| @classmethod | ||
| def _login(cls, db, login, password): | ||
| def _login(cls, db, password, user_agent_env): |
Contributor
There was a problem hiding this comment.
the correct signature is
def _login(cls, db, credential, user_agent_env):
hitesh-erpharbor
force-pushed
the
18.0-mig-auth_brute_force
branch
7 times, most recently
from
0899d7e to
d1c4800
Compare
hitesh-erpharbor
force-pushed
the
18.0-mig-auth_brute_force
branch
from
d1c4800 to
d70b89c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.