Initial commit: Security packages

odoo-bringout-oca-ocb-auth_totp/doc/ARCHITECTURE.md

@@ -0,0 +1,32 @@
+# Architecture
+
+```mermaid
+flowchart TD
+    U[Users] -->|HTTP| V[Views and QWeb Templates]
+    V --> C[Controllers]
+    V --> W[Wizards – Transient Models]
+    C --> M[Models and ORM]
+    W --> M
+    M --> R[Reports]
+    DX[Data XML] --> M
+    S[Security – ACLs and Groups] -. enforces .-> M
+
+    subgraph Auth_totp Module - auth_totp
+      direction LR
+      M:::layer
+      W:::layer
+      C:::layer
+      V:::layer
+      R:::layer
+      S:::layer
+      DX:::layer
+    end
+
+    classDef layer fill:#eef8ff,stroke:#6ea8fe,stroke-width:1px
+```
+
+Notes
+- Views include tree/form/kanban templates and report templates.
+- Controllers provide website/portal routes when present.
+- Wizards are UI flows implemented with `models.TransientModel`.
+- Data XML loads data/demo records; Security defines groups and access.

odoo-bringout-oca-ocb-auth_totp/doc/CONFIGURATION.md

@@ -0,0 +1,3 @@
+# Configuration
+
+Refer to Odoo settings for auth_totp. Configure related models, access rights, and options as needed.

odoo-bringout-oca-ocb-auth_totp/doc/CONTROLLERS.md

@@ -0,0 +1,17 @@
+# Controllers
+
+HTTP routes provided by this module.
+
+```mermaid
+sequenceDiagram
+    participant U as User/Client
+    participant C as Module Controllers
+    participant O as ORM/Views
+
+    U->>C: HTTP GET/POST (routes)
+    C->>O: ORM operations, render templates
+    O-->>U: HTML/JSON/PDF
+```
+
+Notes
+- See files in controllers/ for route definitions.

odoo-bringout-oca-ocb-auth_totp/doc/DEPENDENCIES.md

@@ -0,0 +1,5 @@
+# Dependencies
+
+This addon depends on:
+
+- [web](../../odoo-bringout-oca-ocb-web)

odoo-bringout-oca-ocb-auth_totp/doc/FAQ.md

@@ -0,0 +1,4 @@
+# FAQ
+
+- Q: Which Odoo version? A: 16.0 (OCA/OCB packaged).
+- Q: How to enable? A: Start server with --addon auth_totp or install in UI.

odoo-bringout-oca-ocb-auth_totp/doc/INSTALL.md

@@ -0,0 +1,7 @@
+# Install
+
+```bash
+pip install odoo-bringout-oca-ocb-auth_totp"
+# or
+uv pip install odoo-bringout-oca-ocb-auth_totp"
+```

odoo-bringout-oca-ocb-auth_totp/doc/MODELS.md

@@ -0,0 +1,15 @@
+# Models
+
+Detected core models and extensions in auth_totp.
+
+```mermaid
+classDiagram
+    class auth_totp_device
+    class ir_http
+    class res_users
+    class res_users_apikeys
+```
+
+Notes
+- Classes show model technical names; fields omitted for brevity.
+- Items listed under _inherit are extensions of existing models.

odoo-bringout-oca-ocb-auth_totp/doc/OVERVIEW.md

@@ -0,0 +1,6 @@
+# Overview
+
+Packaged Odoo addon: auth_totp. Provides features documented in upstream Odoo 16 under this addon.
+
+- Source: OCA/OCB 16.0, addon auth_totp
+- License: LGPL-3

odoo-bringout-oca-ocb-auth_totp/doc/PATCH_REMOVE_APP_STORE.md

@@ -0,0 +1,39 @@
+# Patch: Remove App Store Download Links
+
+## Module: auth_totp
+
+### Description
+This patch removes mobile app store download links (Apple App Store and Google Play Store) from the Two-Factor Authentication (TOTP) setup wizard.
+
+### Files Modified
+- `auth_totp/wizard/auth_totp_wizard_views.xml`
+
+### Changes Made
+
+#### File: auth_totp/wizard/auth_totp_wizard_views.xml
+**Lines removed: 22-29**
+
+Removed the following section containing mobile app store download links:
+```xml
+<div class="d-block d-md-none">
+    <a href="https://play.google.com/store/search?q=authenticator&amp;c=apps" class="mx-2" target="blank">
+        <img alt="On Google Play" style="width: 24px;" src="/base_setup/static/src/img/logo_google_play.png"/>
+    </a>
+    <a href="http://appstore.com/2fa" class="mx-2" target="blank">
+        <img alt="On Apple Store" style="width: 24px;" src="/base_setup/static/src/img/logo_apple_store.png"/>
+    </a>
+</div>
+```
+
+### Impact
+- Users will no longer see direct download links to mobile app stores when setting up 2FA
+- The instruction text for installing authenticator apps remains intact
+- The QR code and manual key entry functionality is unaffected
+- All other TOTP wizard functionality remains unchanged
+
+### Reason
+Removal of proprietary mobile app store references to maintain a more neutral, open-source focused user experience.
+
+---
+**Patch Created:** 2025-08-27  
+**Applied By:** Claude Code Assistant

odoo-bringout-oca-ocb-auth_totp/doc/REPORTS.md

@@ -0,0 +1,3 @@
+# Reports
+
+This module does not define custom reports.

odoo-bringout-oca-ocb-auth_totp/doc/SECURITY.md

@@ -0,0 +1,41 @@
+# Security
+
+Access control and security definitions in auth_totp.
+
+## Access Control Lists (ACLs)
+
+Model access permissions defined in:
+- **[ir.model.access.csv](../auth_totp/security/ir.model.access.csv)**
+  - 2 model access rules
+
+## Record Rules
+
+Row-level security rules defined in:
+
+## Security Groups & Configuration
+
+Security groups and permissions defined in:
+- **[security.xml](../auth_totp/security/security.xml)**
+
+```mermaid
+graph TB
+    subgraph "Security Layers"
+        A[Users] --> B[Groups]
+        B --> C[Access Control Lists]
+        C --> D[Models]
+        B --> E[Record Rules]
+        E --> F[Individual Records]
+    end
+```
+
+Security files overview:
+- **[ir.model.access.csv](../auth_totp/security/ir.model.access.csv)**
+  - Model access permissions (CRUD rights)
+- **[security.xml](../auth_totp/security/security.xml)**
+  - Security groups, categories, and XML-based rules
+
+Notes
+- Access Control Lists define which groups can access which models
+- Record Rules provide row-level security (filter records by user/group)
+- Security groups organize users and define permission sets
+- All security is enforced at the ORM level by Odoo

odoo-bringout-oca-ocb-auth_totp/doc/TROUBLESHOOTING.md

@@ -0,0 +1,5 @@
+# Troubleshooting
+
+- Ensure Python and Odoo environment matches repo guidance.
+- Check database connectivity and logs if startup fails.
+- Validate that dependent addons listed in DEPENDENCIES.md are installed.

odoo-bringout-oca-ocb-auth_totp/doc/USAGE.md

@@ -0,0 +1,7 @@
+# Usage
+
+Start Odoo including this addon (from repo root):
+
+```bash
+python3 scripts/nix_odoo_web_server.py --db-name mydb --addon auth_totp
+```

odoo-bringout-oca-ocb-auth_totp/doc/WIZARDS.md

@@ -0,0 +1,8 @@
+# Wizards
+
+Transient models exposed as UI wizards in auth_totp.
+
+```mermaid
+classDiagram
+    class TOTPWizard
+```