From 095181334b5f43164133bd47c4ccf79f99c3d881 Mon Sep 17 00:00:00 2001 From: Florent Xicluna Date: Mon, 28 Oct 2024 17:14:49 +0100 Subject: [PATCH] [IMP] server_environment: hide SMTP passwords --- server_environment/server_env.py | 2 +- .../tests/test_server_environment.py | 36 ++++++++++++++++--- .../tests/testfiles/testing/outmail.conf | 6 ++++ 3 files changed, 39 insertions(+), 5 deletions(-) create mode 100644 server_environment/tests/testfiles/testing/outmail.conf diff --git a/server_environment/server_env.py b/server_environment/server_env.py index f18c0312d..e26aa9976 100644 --- a/server_environment/server_env.py +++ b/server_environment/server_env.py @@ -312,7 +312,7 @@ def _is_secret(self, key): should be secret. :return: list of secret keywords """ - secret_keys = ["passw", "key", "secret", "token"] + secret_keys = ["_pass", "passw", "key", "secret", "token"] return any(secret_key in key for secret_key in secret_keys) @api.model diff --git a/server_environment/tests/test_server_environment.py b/server_environment/tests/test_server_environment.py index cfa6878c9..c077b7847 100644 --- a/server_environment/tests/test_server_environment.py +++ b/server_environment/tests/test_server_environment.py @@ -9,6 +9,17 @@ from .. import server_env from . import common +NO_DEFAULT = [ + "id", + "create_uid", + "create_date", + "write_uid", + "write_date", + "display_name", + "config", + "__last_update", +] + class TestEnv(common.ServerEnvironmentCase): def test_view(self): @@ -20,17 +31,20 @@ def _test_default(self, hidden_pwd=False): model = self.env["server.config"] rec = model.create({}) fields = model.fields_get() - self.assertTrue(fields) defaults = rec.default_get(list(fields)) - self.assertTrue(defaults) + fields_with_default = {fld for fld in fields if fld not in NO_DEFAULT} + self.assertTrue(fields_with_default) self.assertIsInstance(defaults, dict) + self.assertEqual(fields_with_default, set(defaults)) + # Check secrets pass_checked = False for default in defaults: - if "passw" in default: + if "passw" in default or "_pass" in default: check = self.assertEqual if hidden_pwd else self.assertNotEqual check(defaults[default], "**********") pass_checked = True self.assertTrue(pass_checked) + return defaults @patch.dict(odoo_config.options, {"running_env": "dev"}) def test_default_dev(self): @@ -54,10 +68,24 @@ def test_odoosh_dev_from_environ(self): self._test_default() @patch.dict(odoo_config.options, {"running_env": "testing"}) - def test_value_retrival(self): + def test_value_retrieval(self): with self.set_config_dir("testfiles"): parser = server_env._load_config() val = parser.get("external_service.ftp", "user") self.assertEqual(val, "testing") val = parser.get("external_service.ftp", "host") self.assertEqual(val, "sftp.example.com") + + @patch.dict(odoo_config.options, {"running_env": "testing"}) + def test_default_hidden_password(self): + with self.load_config(config_dir="testfiles"): + model = self.env["server.config"] + model._add_columns() + del self.env.registry.model_cache[model._model_classes] + self.env.registry.setup_models(self.env.cr) + defaults = self._test_default(hidden_pwd=True) + + self.assertIn("odoo_I_admin_passwd", defaults) + self.assertIn("odoo_I_db_password", defaults) + self.assertIn("odoo_I_smtp_password", defaults) + self.assertIn("outgoing_mail_provider_promail_I_smtp_pass", defaults) diff --git a/server_environment/tests/testfiles/testing/outmail.conf b/server_environment/tests/testfiles/testing/outmail.conf new file mode 100644 index 000000000..cbc0df7ba --- /dev/null +++ b/server_environment/tests/testfiles/testing/outmail.conf @@ -0,0 +1,6 @@ +[outgoing_mail.provider_promail] +smtp_encryption = ssl +smtp_host = email.server.invalid +smtp_pass = THISISNOTPUBLIC +smtp_port = 912 +smtp_user = user_abc