Initial commit: OCA Server Auth packages (29 packages)

odoo-bringout-oca-server-auth-vault_share/vault_share/models/__init__.py

@@ -0,0 +1,4 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import res_company, res_config_settings, vault_share, vault_share_log

odoo-bringout-oca-server-auth-vault_share/vault_share/models/res_company.py

@@ -0,0 +1,10 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from odoo import fields, models
+
+
+class RecCompany(models.Model):
+    _inherit = "res.company"
+
+    vault_share_delay = fields.Integer(default=0)

odoo-bringout-oca-server-auth-vault_share/vault_share/models/res_config_settings.py

@@ -0,0 +1,24 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class ResConfigSettings(models.TransientModel):
+    _inherit = "res.config.settings"
+
+    vault_share_delay = fields.Integer(
+        string="Delayed Deletion",
+        related="company_id.vault_share_delay",
+        readonly=False,
+        help="Delays the deletion of a share. After the expiration date it continues "
+        "to stay inaccessible",
+    )
+
+    @api.onchange("vault_share_delay")
+    def _onchange_vault_share_delay(self):
+        self.vault_share_delay = max(0, self.vault_share_delay)

odoo-bringout-oca-server-auth-vault_share/vault_share/models/vault_share.py

@@ -0,0 +1,86 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+from datetime import datetime, timedelta
+from uuid import uuid4
+
+from odoo import _, api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class VaultShare(models.Model):
+    _name = "vault.share"
+    _description = _("Vault share outgoing secrets")
+
+    user_id = fields.Many2one("res.users", default=lambda self: self.env.uid)
+    name = fields.Char(required=True)
+    share_link = fields.Char(
+        "Share URL",
+        compute="_compute_url",
+        store=False,
+        help="Using this link and pin people can access the secret.",
+    )
+    token = fields.Char(readonly=True, required=True, default=lambda self: uuid4())
+    secret = fields.Char()
+    secret_file = fields.Char()
+    filename = fields.Char()
+    salt = fields.Char(required=True)
+    iterations = fields.Integer()
+    iv = fields.Char(required=True)
+    pin = fields.Char(required=True, help="The pin needed to decrypt the share.")
+    accesses = fields.Integer(
+        "Access counter",
+        default=5,
+        help="Specifies how often a share can be accessed before deletion.",
+    )
+    expiration = fields.Datetime(
+        default=lambda self: datetime.now() + timedelta(days=7),
+        help="Specifies how long a share can be accessed until deletion.",
+    )
+    log_ids = fields.One2many("vault.share.log", "share_id", "Log", readonly=True)
+
+    _sql_constraints = [
+        (
+            "value_check",
+            "CHECK(secret IS NOT NULL OR secret_file IS NOT NULL)",
+            _("No value found"),
+        ),
+    ]
+
+    @api.depends("token")
+    def _compute_url(self):
+        base_url = self.env["ir.config_parameter"].sudo().get_param("web.base.url")
+        for rec in self:
+            rec.share_link = f"{base_url}/vault/share/{rec.token}"
+
+    @api.model
+    def get(self, token, ip=None):
+        rec = self.search([("token", "=", token)], limit=1)
+        if not rec:
+            return rec
+
+        if datetime.now() < rec.expiration and rec.accesses > 0:
+            rec.accesses -= 1
+            log = _("The share was accessed by %(name)s via %(ip)s")
+            rec.log_ids = [
+                (0, 0, {"name": log % {"name": self.env.user.name, "ip": ip or "n/a"}})
+            ]
+            return rec
+
+        return None
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        res = super().create(vals_list)
+        log = _("The share was created by %(name)s")
+        for rec in res:
+            rec.log_ids = [(0, 0, {"name": log % {"name": self.env.user.name}})]
+        return res
+
+    @api.model
+    def clean(self):
+        now = datetime.now()
+        offset = timedelta(days=self.env.company.vault_share_delay)
+        self.search([("expiration", "<=", now + offset)]).unlink()

odoo-bringout-oca-server-auth-vault_share/vault_share/models/vault_share_log.py

@@ -0,0 +1,22 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class VaultShareLog(models.Model):
+    _name = "vault.share.log"
+    _description = _("Vault share log")
+    _order = "create_date DESC"
+
+    share_id = fields.Many2one(
+        "vault.share",
+        ondelete="cascade",
+        readonly=True,
+        required=True,
+    )
+    name = fields.Char(readonly=True)