[IMP] Allow the administator to forbid passwords that contain the login.

OCA · Mar 22, 2019 · 21b897e · 21b897e
1 parent eab572b
commit 21b897e
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 18 deletions.
diff --git a/password_security/__manifest__.py b/password_security/__manifest__.py
@@ -21,6 +21,7 @@
     ],
     "demo": [
         'demo/res_users.xml',
+        'demo/res_company.xml',
     ],
     'installable': True,
 }
diff --git a/password_security/demo/res_company.xml b/password_security/demo/res_company.xml
@@ -0,0 +1,7 @@
+<odoo>
+
+    <record id="base.main_company" model="res.company">
+        <field name="password_no_login">False</field>
+    </record>
+
+</odoo>
diff --git a/password_security/models/res_company.py b/password_security/models/res_company.py
@@ -49,3 +49,8 @@ class ResCompany(models.Model):
         default=24,
         help='Amount of hours until a user may change password again',
     )
+    password_no_login = fields.Boolean(
+        'Password cannot contain Login',
+        default=True,
+        help='Disallow passwords containing the login.',
+    )
diff --git a/password_security/models/res_users.py b/password_security/models/res_users.py
@@ -56,6 +56,8 @@ def password_match_message(self):
             message.append('\n* ' + _('Numeric digit'))
         if company_id.password_special:
             message.append('\n* ' + _('Special character'))
+        if company_id.password_no_login:
+            message.append('\n* ' + _('Must not contain Login'))
         if message:
             message = [_('Must contain the following:')] + message
         if company_id.password_length:
@@ -89,6 +91,9 @@ def _check_password_rules(self, password):
         password_regex.append('.{%d,}$' % company_id.password_length)
         if not re.search(''.join(password_regex), password):
             raise PassError(self.password_match_message())
+        if company_id.password_no_login:
+            if self.login.lower() in password.lower():
+                raise PassError(self.password_match_message())
         return True
 
     @api.multi

diff --git a/password_security/tests/test_res_users.py b/password_security/tests/test_res_users.py
@@ -13,35 +13,35 @@
 @post_install(True)
 class TestResUsers(SavepointCase):
 
-    def setUp(cls):
-        super(TestResUsers, cls).setUp()
-        cls.main_comp = cls.env.ref('base.main_company')
+    def setUp(self):
+        super(TestResUsers, self).setUp()
+        self.main_comp = self.env.ref('base.main_company')
         # Modify users as privileged, but non-root user
-        cls.privileged_user = cls.env['res.users'].create({
+        self.privileged_user = self.env['res.users'].create({
             'name': 'Privileged User',
             'login': 'privileged_user@example.com',
-            'company_id': cls.main_comp.id,
+            'company_id': self.main_comp.id,
             'groups_id': [
-                (4, cls.env.ref('base.group_erp_manager').id),
-                (4, cls.env.ref('base.group_partner_manager').id),
-                (4, cls.env.ref('base.group_user').id),
+                (4, self.env.ref('base.group_erp_manager').id),
+                (4, self.env.ref('base.group_partner_manager').id),
+                (4, self.env.ref('base.group_user').id),
             ],
         })
-        cls.privileged_user.email = cls.privileged_user.login
-        cls.login = 'foslabs@example.com'
-        cls.partner_vals = {
+        self.privileged_user.email = self.privileged_user.login
+        self.login = 'foslabs@example.com'
+        self.partner_vals = {
             'name': 'Partner',
             'is_company': False,
-            'email': cls.login,
+            'email': self.login,
         }
-        cls.password = 'asdQWE123$%^'
-        cls.vals = {
+        self.password = 'asdQWE123$%^'
+        self.vals = {
             'name': 'User',
-            'login': cls.login,
-            'password': cls.password,
-            'company_id': cls.main_comp.id
+            'login': self.login,
+            'password': self.password,
+            'company_id': self.main_comp.id
         }
-        cls.model_obj = cls.env['res.users']
+        self.model_obj = self.env['res.users']
 
     def _new_record(self):
         partner_id = self.env['res.partner'].create(self.partner_vals)
@@ -165,3 +165,11 @@ def test_underscore_is_special_character(self):
         self.assertTrue(self.main_comp.password_special)
         rec_id = self._new_record()
         rec_id._check_password('asdQWE12345_3')
+
+    def test_password_contains_login(self):
+        self.main_comp.password_no_login = True
+        self.assertTrue(self.main_comp.password_no_login)
+        rec_id = self._new_record()
+        rec_id.login = 'suzanne'
+        with self.assertRaises(PassError):
+            rec_id._check_password('Suzanne1966!')
diff --git a/password_security/views/res_company_view.xml b/password_security/views/res_company_view.xml
@@ -22,6 +22,7 @@
                         <group string="Extra">
                             <field name="password_length" />
                             <field name="password_history" />
+                            <field name="password_no_login" />
                         </group>
                     </group>
                     <group name="chars_grp" string="Required Characters">