[tryton-commits] changeset in modules/authentication_sms:default Remove password_...

Thu, 21 May 2020 00:07:03 -0700 

changeset cf6e802db022 in modules/authentication_sms:default
details: 
https://hg.tryton.org/modules/authentication_sms?cmd=changeset;node=cf6e802db022
description:
        Remove password_sms authentication method

        issue9303
        review291621002
diffstat:

 CHANGELOG                        |   2 ++
 doc/index.rst                    |  16 ++++++----------
 res.py                           |  13 -------------
 tests/test_authentication_sms.py |  21 ++-------------------
 4 files changed, 10 insertions(+), 42 deletions(-)

diffs (131 lines):

diff -r af95fc6752a1 -r cf6e802db022 CHANGELOG
--- a/CHANGELOG Sun May 10 11:36:22 2020 +0200
+++ b/CHANGELOG Thu May 21 09:05:46 2020 +0200
@@ -1,3 +1,5 @@
+* Remove password_sms authentication method
+
 Version 5.6.0 - 2020-05-04
 * Bug fixes (see mercurial logs for details)
 
diff -r af95fc6752a1 -r cf6e802db022 doc/index.rst
--- a/doc/index.rst     Sun May 10 11:36:22 2020 +0200
+++ b/doc/index.rst     Thu May 21 09:05:46 2020 +0200
@@ -2,19 +2,15 @@
 #########################
 
 The `SMS <https://en.wikipedia.org/wiki/Short_Message_Service>`_ authentication
-module allows to authenticate users via SMS.  There are two authentication
-methods `sms` and `password_sms` which can be used in the `authentications`
-list of the `session` section in the configuration.
+module allows users to authenticate via SMS.  It adds a new authentication
+method `sms`, which can be used in the list of `authentications` in the
+`session` section of the configuration file.
 
-The `sms` method just send a code via SMS to the user. Then the user needs to
+The `sms` method just sends a code via SMS to the user. Then the user needs to
 transcribe the code into the login dialog.
 
-The `password_sms` method send a code only after the user entered a valid
-password. This provides a `two-factor authentication
-<https://en.wikipedia.org/wiki/Two-factor_authentication>`_ method.
-
-Both methods require that the user has a *Mobile* phone number defined
-otherwise he can not be authenticated with those methods.
+This method requires that the user has the correct *Mobile* phone number
+defined otherwise it will not be possible for them to authenticate.
 
 Configuration
 *************
diff -r af95fc6752a1 -r cf6e802db022 res.py
--- a/res.py    Sun May 10 11:36:22 2020 +0200
+++ b/res.py    Thu May 21 09:05:46 2020 +0200
@@ -13,8 +13,6 @@
 from trytond.tools import resolve
 
 logger = logging.getLogger(__name__)
-_has_password_sms = 'password_sms' in config.get(
-    'session', 'authentications', default='password').split(',')
 
 
 def send_sms(text, to):
@@ -35,11 +33,6 @@
     def __setup__(cls):
         super(User, cls).__setup__()
         cls._preferences_fields.append('mobile')
-        cls._buttons['reset_password']['invisible'] &= (
-            ~Eval('email', True) | (not _has_password_sms))
-        cls.password.states['invisible'] &= not _has_password_sms
-        cls.password_reset.states['invisible'] &= not _has_password_sms
-        cls.password_reset_expire.states['invisible'] &= not _has_password_sms
 
     @classmethod
     def _login_sms(cls, login, parameters):
@@ -58,12 +51,6 @@
         msg = gettext('authentication_sms.msg_user_sms_code', login=login)
         raise LoginException('sms_code', msg, type='char')
 
-    @classmethod
-    def _login_password_sms(cls, login, parameters):
-        user_id = cls._login_password(login, parameters)
-        if user_id:
-            return cls._login_sms(login, parameters)
-
 
 class UserLoginSMSCode(ModelSQL):
     """SMS Code
diff -r af95fc6752a1 -r cf6e802db022 tests/test_authentication_sms.py
--- a/tests/test_authentication_sms.py  Sun May 10 11:36:22 2020 +0200
+++ b/tests/test_authentication_sms.py  Thu May 21 09:05:46 2020 +0200
@@ -28,7 +28,7 @@
     def setUp(self):
         super(AuthenticationSMSTestCase, self).setUp()
         methods = config.get('session', 'authentications', default='')
-        config.set('session', 'authentications', 'password_sms')
+        config.set('session', 'authentications', 'sms')
         self.addCleanup(config.set, 'session', 'authentications', methods)
         config.add_section('authentication_sms')
         config.set(
@@ -37,14 +37,6 @@
         self.addCleanup(config.remove_section, 'authentication_sms')
         del sms_queue[:]
 
-        length = config.get('password', 'length', default='')
-        config.set('password', 'length', '4')
-        self.addCleanup(config.set, 'password', 'length', length)
-
-        entropy = config.get('password', 'entropy', default='')
-        config.set('password', 'entropy', '0.8')
-        self.addCleanup(config.set, 'password', 'entropy', entropy)
-
     @with_transaction()
     def test_sms_code_default_code(self):
         pool = Pool()
@@ -107,19 +99,11 @@
         User = pool.get('res.user')
         SMSCode = pool.get('res.user.login.sms_code')
 
-        user = User(
-            name='sms', login='sms', password='secret', mobile='+123456789')
+        user = User(name='sms', login='sms', mobile='+123456789')
         user.save()
 
         with self.assertRaises(LoginException) as cm:
             User.get_login('sms', {})
-        self.assertEqual(cm.exception.name, 'password')
-        self.assertEqual(cm.exception.type, 'password')
-
-        with self.assertRaises(LoginException) as cm:
-            User.get_login('sms', {
-                    'password': 'secret',
-                    })
         self.assertEqual(cm.exception.name, 'sms_code')
         self.assertEqual(cm.exception.type, 'char')
 
@@ -127,7 +111,6 @@
         sms_code = record.code
 
         user_id = User.get_login('sms', {
-                'password': 'secret',
                 'sms_code': sms_code,
                 })
         self.assertEqual(user_id, user.id)

Reply via email to