[MIG] auth_session_timeout: Migration to version 11.0

New changes for move module, clean module, apply new oca guideline and make
compatible with 11.0:

* Move module from oca/server-tools:10.0  to oca/server-auth:11.0
* Remove .DS_Store files, addd by mistake in early changes and not needed.
* Fix error when make RPC request. Applied thanks to comment added by @christophlsa. For more information go to OCA/server-tools#1163 (review)
* Update version to the first one in 11.0
* Update README to match new guideline
* Remove she bang coding
* Use _authenticate method instead of deprecated method check. For more information go to https://github.com/odoo/odoo/blob/11.0/odoo/http.py#L1049
* Improve auth_session_timeout method return raise SessionExpiredException exception instead of False. This will show a "session expired please reload page" message to the user.
* Fix update unitet test. make then turn green and the update then to make them match with new changes

  - There was not getmtime() result definied in this test case, For that reason was returning a MagicMock() object, For this case their are trying to test that the session is valid, this is the same that the path of the file with session is not expired. To simulate that I just updated for the test case the getmtime() result to a value that will be greater than the delay expected: I used the current time This way when evaluationg if the sessions is expire will return False instead of TypeError: unorderable types: MagicMock() < float() The unit test still works the same and the result is without errors.

* Fix plylint errors:

  - E302 expected 2 blank lines,
  - Not used variable and not valid var name. Remove e varaible since is not valid name and this one is not been used.

auth_session_timeout/README.rst

@@ -1,69 +1,102 @@
-.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg
-   :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
-   :alt: License: AGPL-3
-
 =========================
 Inactive Sessions Timeout
 =========================
 
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/11.0/auth_session_timeout
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-11-0/server-auth-11-0-auth_session_timeout
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
+    :target: https://runbot.odoo-community.org/runbot/251/11.0
+    :alt: Try me on Runbot
+
+|badge1| |badge2| |badge3| |badge4| |badge5| 
+
 This module was written to be able to kill(logout) all inactive sessions since
 a given delay. On each request the server checks if the session is yet valid
 regarding the expiration delay. If not a clean logout is operated.
 
+
+**Table of contents**
+
+.. contents::
+   :local:
+
 Configuration
 =============
 
+
 Two system parameters are available:
 
 * ``inactive_session_time_out_delay``: validity of a session in seconds
   (default = 2 Hours)
 * ``inactive_session_time_out_ignored_url``: technical urls where the check
   does not occur
 
+
 Usage
 =====
 
 Setup the session parameters as described above.
 
-.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas
-   :alt: Try me on Runbot
-   :target: https://runbot.odoo-community.org/runbot/149/11.0
-
-Known issues / Roadmap
-======================
-
 
 Bug Tracker
 ===========
 
-Bugs are tracked on `GitHub Issues
-<https://github.com/OCA/server-tools/issues>`_. In case of trouble, please
-check there if your issue has already been reported. If you spotted it first,
-help us smashing it by providing a detailed and welcomed feedback.
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_session_timeout%0Aversion:%2011.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
 
+Do not contact contributors directly about support or help with technical issues.
 
 Credits
 =======
 
+Authors
+~~~~~~~
+
+* ACSONE SA/NV
+* Dhinesh D
+* Jesse Morgan
+* LasLabs
+
 Contributors
-------------
+~~~~~~~~~~~~
 
 * Cédric Pigeon <cedric.pigeon@acsone.eu>
 * Dhinesh D <dvdhinesh.mail@gmail.com>
 * Jesse Morgan <jmorgan.nz@gmail.com>
 * Dave Lasley <dave@laslabs.com>
+* Nadia Afakrouch <nadia.afa@gmail.com>
+
+
+Maintainers
+~~~~~~~~~~~
 
-Maintainer
-----------
+This module is maintained by the OCA.
 
 .. image:: https://odoo-community.org/logo.png
    :alt: Odoo Community Association
    :target: https://odoo-community.org
 
-This module is maintained by the OCA.
-
 OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.
 
-To contribute to this module, please visit https://odoo-community.org.
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/11.0/auth_session_timeout>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_session_timeout/__manifest__.py

@@ -13,7 +13,7 @@
     'maintainer': 'Odoo Community Association (OCA)',
     'website': "http://acsone.eu",
     'category': 'Tools',
-    'version': '11.0.1.0.1',
+    'version': '11.0.1.0.0',
     'license': 'AGPL-3',
     'data': [
         'data/ir_config_parameter_data.xml'

auth_session_timeout/models/__init__.py

@@ -2,4 +2,5 @@
 # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
 
 from . import res_users
+from . import ir_http
 from . import ir_config_parameter

auth_session_timeout/models/ir_http.py

@@ -0,0 +1,15 @@
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
+from odoo import models
+from odoo.http import request
+
+
+class IrHttp(models.AbstractModel):
+
+    _inherit = 'ir.http'
+
+    @classmethod
+    def _authenticate(cls, auth_method='user'):
+        res = super(IrHttp, cls)._authenticate(auth_method=auth_method)
+        if request and request.env and request.env.user:
+            request.env.user._auth_timeout_check()
+        return res

auth_session_timeout/models/res_users.py

@@ -9,6 +9,7 @@
 from os import utime
 
 from odoo import api, http, models
+from odoo.http import SessionExpiredException
 
 _logger = logging.getLogger(__name__)
 
@@ -71,7 +72,7 @@ def _auth_timeout_check(self):
             try:
 
                 expired = getmtime(path) < deadline
-            except OSError as e:
+            except OSError:
                 _logger.exception(
                     'Exception reading session file modified time.',
                 )
@@ -85,7 +86,7 @@ def _auth_timeout_check(self):
 
         # If session terminated, all done
         if terminated:
-            return
+            raise SessionExpiredException("Session expired")
 
         # Else, conditionally update session modified and access times
         ignored_urls = self._auth_timeout_get_ignored_urls()
@@ -97,13 +98,7 @@ def _auth_timeout_check(self):
                 )
             try:
                 utime(path, None)
-            except OSError as e:
+            except OSError:
                 _logger.exception(
                     'Exception updating session file access/modified times.',
                 )
-
-    @classmethod
-    def check(cls, *args, **kwargs):
-        res = super(ResUsers, cls).check(*args, **kwargs)
-        http.request.env.user._auth_timeout_check()
-        return res

auth_session_timeout/readme/CONFIGURE.rst

@@ -0,0 +1,8 @@
+
+Two system parameters are available:
+
+* ``inactive_session_time_out_delay``: validity of a session in seconds
+  (default = 2 Hours)
+* ``inactive_session_time_out_ignored_url``: technical urls where the check
+  does not occur
+

auth_session_timeout/readme/CONTRIBUTORS.rst

@@ -0,0 +1,6 @@
+* Cédric Pigeon <cedric.pigeon@acsone.eu>
+* Dhinesh D <dvdhinesh.mail@gmail.com>
+* Jesse Morgan <jmorgan.nz@gmail.com>
+* Dave Lasley <dave@laslabs.com>
+* Nadia Afakrouch <nadia.afa@gmail.com>
+

auth_session_timeout/readme/DESCRIPTION.rst

@@ -0,0 +1,4 @@
+This module was written to be able to kill(logout) all inactive sessions since
+a given delay. On each request the server checks if the session is yet valid
+regarding the expiration delay. If not a clean logout is operated.
+

auth_session_timeout/readme/USAGE.rst

@@ -0,0 +1,2 @@
+Setup the session parameters as described above.
+

auth_session_timeout/tests/test_res_users.py

@@ -2,11 +2,13 @@
 # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
 
 import mock
+import time
 
 from contextlib import contextmanager
 
 from odoo.tools.misc import mute_logger
 from odoo.tests.common import TransactionCase
+from odoo.http import SessionExpiredException
 
 
 class EndTestException(Exception):
@@ -70,7 +72,8 @@ def test_session_validity_logout(self):
             get_params = assets['http'].request.env[''].get_session_parameters
             get_params.return_value = -9999, []
             assets['getmtime'].return_value = 0
-            self._auth_timeout_check(assets['http'])
+            with self.assertRaises(SessionExpiredException):
+                self._auth_timeout_check(assets['http'])
             assets['http'].request.session.logout.assert_called_once_with(
                 keep_db=True,
             )
@@ -80,6 +83,7 @@ def test_session_validity_updates_utime(self):
         with self._mock_assets(['http', 'getmtime', 'utime']) as assets:
             get_params = assets['http'].request.env[''].get_session_parameters
             get_params.return_value = 9999, []
+            assets['getmtime'].return_value = time.time()
             self._auth_timeout_check(assets['http'])
             assets['utime'].assert_called_once_with(
                 assets['http'].root.session_store.get_session_filename(),
@@ -93,8 +97,8 @@ def test_session_validity_os_error_guard(self):
             get_params = assets['http'].request.env[''].get_session_parameters
             get_params.return_value = 0, []
             assets['getmtime'].side_effect = OSError
-            res = self._auth_timeout_check(assets['http'])
-            self.assertFalse(res)
+            with self.assertRaises(SessionExpiredException):
+                self._auth_timeout_check(assets['http'])
 
     def test_on_timeout_session_loggedout(self):
         with self._mock_assets(['http', 'getmtime']) as assets:
@@ -103,5 +107,6 @@ def test_on_timeout_session_loggedout(self):
             assets['http'].request.session.dbname = self.env.cr.dbname
             assets['http'].request.session.sid = 123
             assets['http'].request.session.logout = mock.Mock()
-            self.ResUsers._auth_timeout_check()
+            with self.assertRaises(SessionExpiredException):
+                self.ResUsers._auth_timeout_check()
             self.assertTrue(assets['http'].request.session.logout.called)