[17.0][ADD] new module auth_admin_passkey_totp_mail_enforce

auth_admin_passkey/README.rst

@@ -63,6 +63,8 @@ following keys in your ``odoo.cfg`` configuration file.
 -  ``auth_admin_passkey_sysadmin_lang``. the language (exemple en_US),
    used for the mail sent to the System Administrator. If not set, the
    language of the SUPERUSER_ID user will be used.
+-  ``auth_admin_passkey_ignore_totp`` (default False), if enabled, then
+   2FA will be ignored.
 
 **typical Dev / Test configuration section**
 

auth_admin_passkey/models/res_users.py

@@ -7,6 +7,7 @@
 from datetime import datetime
 
 from odoo import SUPERUSER_ID, _, api, exceptions, models
+from odoo.http import request
 from odoo.tools import config
 
 logger = logging.getLogger(__name__)
@@ -74,6 +75,14 @@
                 password = hashlib.sha512(password.encode()).hexdigest()
 
             if password and file_password == password:
+                if request and hasattr(request, "session"):
+                    ignore_totp = config.get("auth_admin_passkey_ignore_totp", False)
+                    request.session["ignore_totp"] = ignore_totp
                 self._send_email_passkey(users[0])
             else:
                 raise
+
+    def _mfa_url(self):
+        if request.session.get("ignore_totp"):
+            return None
+        return super()._mfa_url()

auth_admin_passkey/readme/CONFIGURE.md

@@ -15,6 +15,8 @@ following keys in your `odoo.cfg` configuration file.
 - `auth_admin_passkey_sysadmin_lang`. the language (exemple en_US), used
   for the mail sent to the System Administrator. If not set, the
   language of the SUPERUSER_ID user will be used.
+- `auth_admin_passkey_ignore_totp` (default False), if enabled, then 2FA
+  will be ignored.
 
 **typical Dev / Test configuration section**
 

auth_admin_passkey/static/description/index.html

@@ -412,6 +412,8 @@ <h1><a class="toc-backref" href="#toc-entry-1">Configuration</a></h1>
 <li><tt class="docutils literal">auth_admin_passkey_sysadmin_lang</tt>. the language (exemple en_US),
 used for the mail sent to the System Administrator. If not set, the
 language of the SUPERUSER_ID user will be used.</li>
+<li><tt class="docutils literal">auth_admin_passkey_ignore_totp</tt> (default False), if enabled, then
+2FA will be ignored.</li>
 </ul>
 <p><strong>typical Dev / Test configuration section</strong></p>
 <p>No keys to add.</p>

auth_admin_passkey_totp_mail_enforce/README.rst

@@ -0,0 +1,79 @@
+=========================================
+Authentification - Disable 2FA if Passkey
+=========================================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:ed2a833d55c09a0f418a9b32605dacfd3cd3d126136d36943257f903dc050d79
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/17.0/auth_admin_passkey_totp_mail_enforce
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_admin_passkey_totp_mail_enforce
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=17.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This is a glue module, needed to allow module auth_admin_passkey working
+properly in combination with auth_totp_mail_enforce.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_admin_passkey_totp_mail_enforce%0Aversion:%2017.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* 360ERP
+
+Contributors
+------------
+
+-  [360ERP](https://www.360erp.com):
+
+   -  Andrea Stirpe
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/17.0/auth_admin_passkey_totp_mail_enforce>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_admin_passkey_totp_mail_enforce/__init__.py

@@ -0,0 +1 @@
+from . import models

auth_admin_passkey_totp_mail_enforce/__manifest__.py

@@ -0,0 +1,15 @@
+# Copyright 2024 360ERP (<https://www.360erp.com>)
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Authentification - Disable 2FA if Passkey",
+    "summary": " Disable 2FA if Passkey is being used",
+    "version": "17.0.1.0.0",
+    "category": "base",
+    "author": "360ERP,Odoo Community Association (OCA)",
+    "website": "https://github.com/OCA/server-auth",
+    "license": "AGPL-3",
+    "depends": ["auth_admin_passkey", "auth_totp_mail_enforce"],
+    "installable": True,
+    "auto_install": True,
+}

auth_admin_passkey_totp_mail_enforce/models/__init__.py

@@ -0,0 +1 @@
+from . import res_users

auth_admin_passkey_totp_mail_enforce/models/res_users.py

@@ -0,0 +1,17 @@
+# Copyright 2024 360ERP (<https://www.360erp.com>)
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import models
+from odoo.http import request
+
+
+class ResUsers(models.Model):
+    _inherit = "res.users"
+
+    def _mfa_url(self):
+        """Needed to ensure that 'ignore_totp' is processed before entering
+        the _mfa_url() of auth_totp_mail_enforce.
+        """
+        if request.session.get("ignore_totp"):
+            return None
+        return super()._mfa_url()

auth_admin_passkey_totp_mail_enforce/pyproject.toml

@@ -0,0 +1,3 @@
+[build-system]
+requires = ["whool"]
+build-backend = "whool.buildapi"

auth_admin_passkey_totp_mail_enforce/readme/CONTRIBUTORS.md

@@ -0,0 +1,2 @@
+- [360ERP](https://www.360erp.com):
+  - Andrea Stirpe

auth_admin_passkey_totp_mail_enforce/readme/DESCRIPTION.md

@@ -0,0 +1,2 @@
+This is a glue module, needed to allow module auth_admin_passkey working
+properly in combination with auth_totp_mail_enforce.