Initial commit: Security packages

odoo-bringout-oca-ocb-auth_password_policy/auth_password_policy/models/__init__.py

@@ -0,0 +1,2 @@
+from . import res_config_settings
+from . import res_users

odoo-bringout-oca-ocb-auth_password_policy/auth_password_policy/models/res_config_settings.py

@@ -0,0 +1,15 @@
+from odoo import api, fields, models, _
+
+
+class ResConfigSettings(models.TransientModel):
+    _inherit = 'res.config.settings'
+
+    minlength = fields.Integer(
+        "Minimum Password Length", config_parameter="auth_password_policy.minlength", default=0,
+        help="Minimum number of characters passwords must contain, set to 0 to disable.")
+
+    @api.onchange('minlength')
+    def _on_change_mins(self):
+        """ Password lower bounds must be naturals
+        """
+        self.minlength = max(0, self.minlength or 0)

odoo-bringout-oca-ocb-auth_password_policy/auth_password_policy/models/res_users.py

@@ -0,0 +1,33 @@
+# -*- coding: utf-8 -*-
+from odoo import api, models, _
+from odoo.exceptions import UserError
+
+
+class ResUsers(models.Model):
+    _inherit = 'res.users'
+
+    @api.model
+    def get_password_policy(self):
+        params = self.env['ir.config_parameter'].sudo()
+        return {
+            'minlength': int(params.get_param('auth_password_policy.minlength', default=0)),
+        }
+
+    def _set_password(self):
+        self._check_password_policy(self.mapped('password'))
+
+        super(ResUsers, self)._set_password()
+
+    def _check_password_policy(self, passwords):
+        failures = []
+        params = self.env['ir.config_parameter'].sudo()
+
+        minlength = int(params.get_param('auth_password_policy.minlength', default=0))
+        for password in passwords:
+            if not password:
+                continue
+            if len(password) < minlength:
+                failures.append(_(u"Passwords must have at least %d characters, got %d.") % (minlength, len(password)))
+
+        if failures:
+            raise UserError(u'\n\n '.join(failures))