oca/oca-ocb-security
2
0
Fork 0
mirror of https://github.com/bringout/oca-ocb-security.git synced 2026-04-21 20:52:01 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

19.0 vanilla

Browse source
This commit is contained in:
Ernad Husremovic 2026-03-09 09:32:28 +01:00
parent 20ddc1b4a3
commit c0efcc53f5
1162 changed files with 125577 additions and 105287 deletions
Download patch file Download diff file Expand all files Collapse all files

45
odoo-bringout-oca-ocb-auth_signup/auth_signup/tests/test_auth_signup.py
View file

@ -1,13 +1,15 @@
# -*- coding: utf-8 -*-
# Part of Odoo. See LICENSE file for full copyright and licensing details.
from contextlib import contextmanager
from unittest.mock import patch
import odoo
from odoo import http
from odoo.addons.base.tests.common import HttpCaseWithUserPortal, HttpCaseWithUserDemo
from odoo.exceptions import AccessError
from odoo.exceptions import AccessError, UserError
from datetime import datetime, timedelta
class TestAuthSignupFlow(HttpCaseWithUserPortal, HttpCaseWithUserDemo):
@ -22,6 +24,14 @@ class TestAuthSignupFlow(HttpCaseWithUserPortal, HttpCaseWithUserDemo):
def _get_free_signup_url(self):
return '/web/signup'
@contextmanager
def patch_captcha_signup(self):
def _verify_request_recaptcha_token(self, captcha):
if captcha != 'signup':
raise UserError("CAPTCHA test")
with patch.object(self.env.registry['ir.http'], '_verify_request_recaptcha_token', _verify_request_recaptcha_token):
yield
def test_confirmation_mail_free_signup(self):
"""
Check if a new user is informed by email when he is registered
@ -45,22 +55,45 @@ class TestAuthSignupFlow(HttpCaseWithUserPortal, HttpCaseWithUserDemo):
}
# Override unlink to not delete the email if the send works.
with patch.object(odoo.addons.mail.models.mail_mail.MailMail, 'unlink', lambda self: None):
with patch.object(odoo.addons.mail.models.mail_mail.MailMail, 'unlink', lambda self: None), self.patch_captcha_signup():
# Call the controller
url_free_signup = self._get_free_signup_url()
self.url_open(url_free_signup, data=payload)
response = self.url_open(url_free_signup, data=payload)
self.assertIn('/web/login_successful?account_created=True', response.url)
# Check if an email is sent to the new userw
new_user = self.env['res.users'].search([('name', '=', name)])
self.assertTrue(new_user)
mail = self.env['mail.message'].search([('message_type', '=', 'email'), ('model', '=', 'res.users'), ('res_id', '=', new_user.id)], limit=1)
mail = self.env['mail.message'].search([('message_type', '=', 'email_outgoing'), ('model', '=', 'res.users'), ('res_id', '=', new_user.id)], limit=1)
self.assertTrue(mail, "The new user must be informed of his registration")
def test_compute_signup_url(self):
user = self.user_demo
user.groups_id -= self.env.ref('base.group_partner_manager')
user.group_ids -= self.env.ref('base.group_partner_manager')
partner = self.partner_portal
partner.signup_prepare()
with self.assertRaises(AccessError):
partner.with_user(user.id).signup_url
partner.with_user(user.id)._get_signup_url()
def test_copy_multiple_users(self):
users = self.env['res.users'].create([
{'login': 'testuser1', 'name': 'Test User 1', 'email': 'test1@odoo.com'},
{'login': 'testuser2', 'name': 'Test User 2', 'email': 'test2@odoo.com'},
])
initial_user_count = self.env['res.users'].search_count([])
users.copy()
self.assertEqual(
self.env['res.users'].search_count([]),
initial_user_count + len(users)
)
def test_notify_unregistered(self):
users = self.env['res.users'].create([
{'login': 'testuser1', 'name': 'Test User 1', 'email': 'test1@odoo.com'},
{'login': 'testuser2', 'name': 'Test User 2', 'email': 'test2@odoo.com'},
])
for u in users:
u.create_date = datetime.now() - timedelta(days=5, minutes=10)
with self.registry.cursor() as cr:
users.with_env(users.env(cr=cr)).send_unregistered_user_reminder(after_days=5, batch_size=100)

71
odoo-bringout-oca-ocb-auth_signup/auth_signup/tests/test_reset_password.py
View file

@ -1,27 +1,82 @@
# -*- coding: utf-8 -*-
# Part of Odoo. See LICENSE file for full copyright and licensing details.
from unittest.mock import patch
from odoo.exceptions import UserError
from odoo.addons.mail.models.mail_mail import MailDeliveryException
from odoo.tests.common import HttpCase
from werkzeug.urls import url_parse
class TestResetPassword(HttpCase):
@classmethod
def setUpClass(cls):
super(TestResetPassword, cls).setUpClass()
cls.test_user = cls.env['res.users'].create({
'login': 'test',
'name': 'The King',
'email': 'noop@example.com',
})
def test_reset_password(self):
"""
Test that first signup link and password reset link are different to accomodate for the different behaviour
on first signup if a password is already set user is redirected to login page when accessing that link again
'signup_email' is used in the web controller (web_auth_reset_password) to detect this behaviour
"""
test_user = self.env['res.users'].create({
'login': 'test',
'name': 'The King',
'email': 'noop@example.com',
})
self.assertEqual(test_user.email, url_parse(test_user.with_context(create_user=True).signup_url).decode_query()["signup_email"], "query must contain 'signup_email'")
self.assertEqual(self.test_user.email, url_parse(self.test_user.with_context(create_user=True).partner_id._get_signup_url()).decode_query()["signup_email"], "query must contain 'signup_email'")
# Invalidate signup_url to skip signup process
self.env.invalidate_all()
test_user.action_reset_password()
self.test_user.action_reset_password()
self.assertNotIn("signup_email", url_parse(test_user.signup_url).decode_query(), "query should not contain 'signup_email'")
self.assertNotIn("signup_email", url_parse(self.test_user.partner_id._get_signup_url()).decode_query(), "query should not contain 'signup_email'")
@patch('odoo.addons.mail.models.mail_mail.MailMail.send')
def test_reset_password_mail_server_error(self, mock_send):
"""
Test that action_reset_password() method raises UserError and _action_reset_password() method raises MailDeliveryException.
action_reset_password() method attempts to reset the user's password by executing the private method _action_reset_password().
If any errors occur during the password reset process, a UserError exception is raised with the following behavior:
- If a MailDeliveryException is caught and the exception's second argument is a ConnectionRefusedError,
a UserError is raised with the message "Could not contact the mail server, please check your outgoing email server configuration".
This indicates that the error is related to the mail server and the user should verify their email server settings.
- If a MailDeliveryException is caught but the exception's second argument is not a ConnectionRefusedError,
a UserError is raised with the message "There was an error when trying to deliver your Email, please check your configuration".
This indicates that there was an error during the email delivery process, and the user should review their email configuration.
Note: The _action_reset_password() method, marked as private with the underscore prefix, performs the actual password reset logic
and the original MailDeliveryException occurs from this method.
"""
mock_send.side_effect = MailDeliveryException(
"Unable to connect to SMTP Server",
ConnectionRefusedError("111, 'Connection refused'"),
)
with self.assertRaises(UserError) as cm1:
self.test_user.action_reset_password()
self.assertEqual(
str(cm1.exception),
"Could not contact the mail server, please check your outgoing email server configuration",
)
mock_send.side_effect = MailDeliveryException(
"Unable to connect to SMTP Server",
ValueError("[Errno -2] Name or service not known"),
)
with self.assertRaises(UserError) as cm2:
self.test_user.action_reset_password()
self.assertEqual(
str(cm2.exception),
"There was an error when trying to deliver your Email, please check your configuration",
)
# To check private method _action_reset_password() raises MailDeliveryException when there is no valid smtp server
with self.assertRaises(MailDeliveryException):
self.test_user._action_reset_password()