mirror of
https://github.com/bringout/oca-ocb-security.git
synced 2026-04-22 18:32:08 +02:00
Initial commit: Security packages
This commit is contained in:
commit
bb469e4763
1399 changed files with 278378 additions and 0 deletions
32
odoo-bringout-oca-ocb-auth_totp/doc/ARCHITECTURE.md
Normal file
32
odoo-bringout-oca-ocb-auth_totp/doc/ARCHITECTURE.md
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
# Architecture
|
||||
|
||||
```mermaid
|
||||
flowchart TD
|
||||
U[Users] -->|HTTP| V[Views and QWeb Templates]
|
||||
V --> C[Controllers]
|
||||
V --> W[Wizards – Transient Models]
|
||||
C --> M[Models and ORM]
|
||||
W --> M
|
||||
M --> R[Reports]
|
||||
DX[Data XML] --> M
|
||||
S[Security – ACLs and Groups] -. enforces .-> M
|
||||
|
||||
subgraph Auth_totp Module - auth_totp
|
||||
direction LR
|
||||
M:::layer
|
||||
W:::layer
|
||||
C:::layer
|
||||
V:::layer
|
||||
R:::layer
|
||||
S:::layer
|
||||
DX:::layer
|
||||
end
|
||||
|
||||
classDef layer fill:#eef8ff,stroke:#6ea8fe,stroke-width:1px
|
||||
```
|
||||
|
||||
Notes
|
||||
- Views include tree/form/kanban templates and report templates.
|
||||
- Controllers provide website/portal routes when present.
|
||||
- Wizards are UI flows implemented with `models.TransientModel`.
|
||||
- Data XML loads data/demo records; Security defines groups and access.
|
||||
3
odoo-bringout-oca-ocb-auth_totp/doc/CONFIGURATION.md
Normal file
3
odoo-bringout-oca-ocb-auth_totp/doc/CONFIGURATION.md
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# Configuration
|
||||
|
||||
Refer to Odoo settings for auth_totp. Configure related models, access rights, and options as needed.
|
||||
17
odoo-bringout-oca-ocb-auth_totp/doc/CONTROLLERS.md
Normal file
17
odoo-bringout-oca-ocb-auth_totp/doc/CONTROLLERS.md
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
# Controllers
|
||||
|
||||
HTTP routes provided by this module.
|
||||
|
||||
```mermaid
|
||||
sequenceDiagram
|
||||
participant U as User/Client
|
||||
participant C as Module Controllers
|
||||
participant O as ORM/Views
|
||||
|
||||
U->>C: HTTP GET/POST (routes)
|
||||
C->>O: ORM operations, render templates
|
||||
O-->>U: HTML/JSON/PDF
|
||||
```
|
||||
|
||||
Notes
|
||||
- See files in controllers/ for route definitions.
|
||||
5
odoo-bringout-oca-ocb-auth_totp/doc/DEPENDENCIES.md
Normal file
5
odoo-bringout-oca-ocb-auth_totp/doc/DEPENDENCIES.md
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
# Dependencies
|
||||
|
||||
This addon depends on:
|
||||
|
||||
- [web](../../odoo-bringout-oca-ocb-web)
|
||||
4
odoo-bringout-oca-ocb-auth_totp/doc/FAQ.md
Normal file
4
odoo-bringout-oca-ocb-auth_totp/doc/FAQ.md
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
# FAQ
|
||||
|
||||
- Q: Which Odoo version? A: 16.0 (OCA/OCB packaged).
|
||||
- Q: How to enable? A: Start server with --addon auth_totp or install in UI.
|
||||
7
odoo-bringout-oca-ocb-auth_totp/doc/INSTALL.md
Normal file
7
odoo-bringout-oca-ocb-auth_totp/doc/INSTALL.md
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
# Install
|
||||
|
||||
```bash
|
||||
pip install odoo-bringout-oca-ocb-auth_totp"
|
||||
# or
|
||||
uv pip install odoo-bringout-oca-ocb-auth_totp"
|
||||
```
|
||||
15
odoo-bringout-oca-ocb-auth_totp/doc/MODELS.md
Normal file
15
odoo-bringout-oca-ocb-auth_totp/doc/MODELS.md
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
# Models
|
||||
|
||||
Detected core models and extensions in auth_totp.
|
||||
|
||||
```mermaid
|
||||
classDiagram
|
||||
class auth_totp_device
|
||||
class ir_http
|
||||
class res_users
|
||||
class res_users_apikeys
|
||||
```
|
||||
|
||||
Notes
|
||||
- Classes show model technical names; fields omitted for brevity.
|
||||
- Items listed under _inherit are extensions of existing models.
|
||||
6
odoo-bringout-oca-ocb-auth_totp/doc/OVERVIEW.md
Normal file
6
odoo-bringout-oca-ocb-auth_totp/doc/OVERVIEW.md
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
# Overview
|
||||
|
||||
Packaged Odoo addon: auth_totp. Provides features documented in upstream Odoo 16 under this addon.
|
||||
|
||||
- Source: OCA/OCB 16.0, addon auth_totp
|
||||
- License: LGPL-3
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
# Patch: Remove App Store Download Links
|
||||
|
||||
## Module: auth_totp
|
||||
|
||||
### Description
|
||||
This patch removes mobile app store download links (Apple App Store and Google Play Store) from the Two-Factor Authentication (TOTP) setup wizard.
|
||||
|
||||
### Files Modified
|
||||
- `auth_totp/wizard/auth_totp_wizard_views.xml`
|
||||
|
||||
### Changes Made
|
||||
|
||||
#### File: auth_totp/wizard/auth_totp_wizard_views.xml
|
||||
**Lines removed: 22-29**
|
||||
|
||||
Removed the following section containing mobile app store download links:
|
||||
```xml
|
||||
<div class="d-block d-md-none">
|
||||
<a href="https://play.google.com/store/search?q=authenticator&c=apps" class="mx-2" target="blank">
|
||||
<img alt="On Google Play" style="width: 24px;" src="/base_setup/static/src/img/logo_google_play.png"/>
|
||||
</a>
|
||||
<a href="http://appstore.com/2fa" class="mx-2" target="blank">
|
||||
<img alt="On Apple Store" style="width: 24px;" src="/base_setup/static/src/img/logo_apple_store.png"/>
|
||||
</a>
|
||||
</div>
|
||||
```
|
||||
|
||||
### Impact
|
||||
- Users will no longer see direct download links to mobile app stores when setting up 2FA
|
||||
- The instruction text for installing authenticator apps remains intact
|
||||
- The QR code and manual key entry functionality is unaffected
|
||||
- All other TOTP wizard functionality remains unchanged
|
||||
|
||||
### Reason
|
||||
Removal of proprietary mobile app store references to maintain a more neutral, open-source focused user experience.
|
||||
|
||||
---
|
||||
**Patch Created:** 2025-08-27
|
||||
**Applied By:** Claude Code Assistant
|
||||
3
odoo-bringout-oca-ocb-auth_totp/doc/REPORTS.md
Normal file
3
odoo-bringout-oca-ocb-auth_totp/doc/REPORTS.md
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# Reports
|
||||
|
||||
This module does not define custom reports.
|
||||
41
odoo-bringout-oca-ocb-auth_totp/doc/SECURITY.md
Normal file
41
odoo-bringout-oca-ocb-auth_totp/doc/SECURITY.md
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
# Security
|
||||
|
||||
Access control and security definitions in auth_totp.
|
||||
|
||||
## Access Control Lists (ACLs)
|
||||
|
||||
Model access permissions defined in:
|
||||
- **[ir.model.access.csv](../auth_totp/security/ir.model.access.csv)**
|
||||
- 2 model access rules
|
||||
|
||||
## Record Rules
|
||||
|
||||
Row-level security rules defined in:
|
||||
|
||||
## Security Groups & Configuration
|
||||
|
||||
Security groups and permissions defined in:
|
||||
- **[security.xml](../auth_totp/security/security.xml)**
|
||||
|
||||
```mermaid
|
||||
graph TB
|
||||
subgraph "Security Layers"
|
||||
A[Users] --> B[Groups]
|
||||
B --> C[Access Control Lists]
|
||||
C --> D[Models]
|
||||
B --> E[Record Rules]
|
||||
E --> F[Individual Records]
|
||||
end
|
||||
```
|
||||
|
||||
Security files overview:
|
||||
- **[ir.model.access.csv](../auth_totp/security/ir.model.access.csv)**
|
||||
- Model access permissions (CRUD rights)
|
||||
- **[security.xml](../auth_totp/security/security.xml)**
|
||||
- Security groups, categories, and XML-based rules
|
||||
|
||||
Notes
|
||||
- Access Control Lists define which groups can access which models
|
||||
- Record Rules provide row-level security (filter records by user/group)
|
||||
- Security groups organize users and define permission sets
|
||||
- All security is enforced at the ORM level by Odoo
|
||||
5
odoo-bringout-oca-ocb-auth_totp/doc/TROUBLESHOOTING.md
Normal file
5
odoo-bringout-oca-ocb-auth_totp/doc/TROUBLESHOOTING.md
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
# Troubleshooting
|
||||
|
||||
- Ensure Python and Odoo environment matches repo guidance.
|
||||
- Check database connectivity and logs if startup fails.
|
||||
- Validate that dependent addons listed in DEPENDENCIES.md are installed.
|
||||
7
odoo-bringout-oca-ocb-auth_totp/doc/USAGE.md
Normal file
7
odoo-bringout-oca-ocb-auth_totp/doc/USAGE.md
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
# Usage
|
||||
|
||||
Start Odoo including this addon (from repo root):
|
||||
|
||||
```bash
|
||||
python3 scripts/nix_odoo_web_server.py --db-name mydb --addon auth_totp
|
||||
```
|
||||
8
odoo-bringout-oca-ocb-auth_totp/doc/WIZARDS.md
Normal file
8
odoo-bringout-oca-ocb-auth_totp/doc/WIZARDS.md
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
# Wizards
|
||||
|
||||
Transient models exposed as UI wizards in auth_totp.
|
||||
|
||||
```mermaid
|
||||
classDiagram
|
||||
class TOTPWizard
|
||||
```
|
||||
Loading…
Add table
Add a link
Reference in a new issue