[FIX] password_security: update password_write_date on copy

Sometimes users are created from a template user via a `copy()`. This has the issue that a password is passed via the `vals` of the copy and therefore never seen by the `write()` function. As a result, the `password_write_date` field is left to the value of the template, which is either outdated or null. A concrete bug that resulted from this is that newly created users were asked to renew their password on their very first login. --- This commit reapplies the same logic of the `write()` method to the `copy()` method as well. It also changes the unit test test_03_create_user_signup to create the user at some time in the past so that ```python assertNotEqual(password_write_date, created_user.password_write_date) ``` makes sense. Finally it fixes the do_signup method to user the current user's password otherwise the password_write_date will be overwritten even when inputting invalid passwords
OCA · Oct 22, 2024 · aa457f9 · aa457f9
1 parent d4fee8b
commit aa457f9
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/password_security/controllers/main.py b/password_security/controllers/main.py
@@ -17,7 +17,7 @@
 class PasswordSecurityHome(AuthSignupHome):
     def do_signup(self, qcontext):
         password = qcontext.get("password")
-        user = request.env.user
+        user = request.env.user.search([("login", "=", qcontext.get("login"))]) or request.env.user
         user._check_password(password)
         return super(PasswordSecurityHome, self).do_signup(qcontext)
 

diff --git a/password_security/models/res_users.py b/password_security/models/res_users.py
@@ -32,6 +32,11 @@ def write(self, vals):
             vals["password_write_date"] = fields.Datetime.now()
         return super(ResUsers, self).write(vals)
 
+    def copy(self, vals):
+        if vals.get("password"):
+            vals["password_write_date"] = fields.Datetime.now()
+        return super(ResUsers, self).copy(vals)
+
     @api.model
     def get_password_policy(self):
         data = super(ResUsers, self).get_password_policy()

diff --git a/password_security/tests/test_signup.py b/password_security/tests/test_signup.py
@@ -4,6 +4,7 @@
 
 from unittest import mock
 
+from freezegun import freeze_time
 from requests.exceptions import HTTPError
 
 from odoo import http
@@ -82,7 +83,8 @@ def test_03_create_user_signup(self):
 
         # Stronger password: no error raised
         vals["password"] = "asdQWE12345_3"
-        login, pwd = self.env["res.users"].signup(vals)
+        with freeze_time("2020-01-01"):
+            login, pwd = self.env["res.users"].signup(vals)
 
         # check created user
         created_user = self.env["res.users"].search([("login", "=", "test_user")])