Initial commit: Security packages

2026-04-24 00:22:02 +02:00 · 2025-08-29 15:20:51 +02:00 · 2025-08-29 15:20:51 +02:00 · bb469e4763
commit bb469e4763
1399 changed files with 278378 additions and 0 deletions
--- a/odoo-bringout-oca-ocb-auth_totp/auth_totp/models/auth_totp.py
+++ b/odoo-bringout-oca-ocb-auth_totp/auth_totp/models/auth_totp.py
@ -0,0 +1,31 @@
+# -*- coding: utf-8 -*-
+from odoo import api, models
+from odoo.addons.auth_totp.controllers.home import TRUSTED_DEVICE_AGE
+
+import logging
+_logger = logging.getLogger(__name__)
+
+
+class AuthTotpDevice(models.Model):
+
+    # init is overriden in res.users.apikeys to create a secret column 'key'
+    # use a different model to benefit from the secured methods while not mixing
+    # two different concepts
+
+    _name = "auth_totp.device"
+    _inherit = "res.users.apikeys"
+    _description = "Authentication Device"
+    _auto = False
+
+    def _check_credentials_for_uid(self, *, scope, key, uid):
+        """Return True if device key matches given `scope` for user ID `uid`"""
+        assert uid, "uid is required"
+        return self._check_credentials(scope=scope, key=key) == uid
+
+    @api.autovacuum
+    def _gc_device(self):
+        self._cr.execute("""
+            DELETE FROM auth_totp_device
+            WHERE create_date < (NOW() AT TIME ZONE 'UTC' - INTERVAL '%s SECONDS')
+        """, [TRUSTED_DEVICE_AGE])
+        _logger.info("GC'd %d totp devices entries", self._cr.rowcount)