changeset cf6e802db022 in modules/authentication_sms:default details: https://hg.tryton.org/modules/authentication_sms?cmd=changeset;node=cf6e802db022 description: Remove password_sms authentication method
issue9303 review291621002 diffstat: CHANGELOG | 2 ++ doc/index.rst | 16 ++++++---------- res.py | 13 ------------- tests/test_authentication_sms.py | 21 ++------------------- 4 files changed, 10 insertions(+), 42 deletions(-) diffs (131 lines): diff -r af95fc6752a1 -r cf6e802db022 CHANGELOG --- a/CHANGELOG Sun May 10 11:36:22 2020 +0200 +++ b/CHANGELOG Thu May 21 09:05:46 2020 +0200 @@ -1,3 +1,5 @@ +* Remove password_sms authentication method + Version 5.6.0 - 2020-05-04 * Bug fixes (see mercurial logs for details) diff -r af95fc6752a1 -r cf6e802db022 doc/index.rst --- a/doc/index.rst Sun May 10 11:36:22 2020 +0200 +++ b/doc/index.rst Thu May 21 09:05:46 2020 +0200 @@ -2,19 +2,15 @@ ######################### The `SMS <https://en.wikipedia.org/wiki/Short_Message_Service>`_ authentication -module allows to authenticate users via SMS. There are two authentication -methods `sms` and `password_sms` which can be used in the `authentications` -list of the `session` section in the configuration. +module allows users to authenticate via SMS. It adds a new authentication +method `sms`, which can be used in the list of `authentications` in the +`session` section of the configuration file. -The `sms` method just send a code via SMS to the user. Then the user needs to +The `sms` method just sends a code via SMS to the user. Then the user needs to transcribe the code into the login dialog. -The `password_sms` method send a code only after the user entered a valid -password. This provides a `two-factor authentication -<https://en.wikipedia.org/wiki/Two-factor_authentication>`_ method. - -Both methods require that the user has a *Mobile* phone number defined -otherwise he can not be authenticated with those methods. +This method requires that the user has the correct *Mobile* phone number +defined otherwise it will not be possible for them to authenticate. Configuration ************* diff -r af95fc6752a1 -r cf6e802db022 res.py --- a/res.py Sun May 10 11:36:22 2020 +0200 +++ b/res.py Thu May 21 09:05:46 2020 +0200 @@ -13,8 +13,6 @@ from trytond.tools import resolve logger = logging.getLogger(__name__) -_has_password_sms = 'password_sms' in config.get( - 'session', 'authentications', default='password').split(',') def send_sms(text, to): @@ -35,11 +33,6 @@ def __setup__(cls): super(User, cls).__setup__() cls._preferences_fields.append('mobile') - cls._buttons['reset_password']['invisible'] &= ( - ~Eval('email', True) | (not _has_password_sms)) - cls.password.states['invisible'] &= not _has_password_sms - cls.password_reset.states['invisible'] &= not _has_password_sms - cls.password_reset_expire.states['invisible'] &= not _has_password_sms @classmethod def _login_sms(cls, login, parameters): @@ -58,12 +51,6 @@ msg = gettext('authentication_sms.msg_user_sms_code', login=login) raise LoginException('sms_code', msg, type='char') - @classmethod - def _login_password_sms(cls, login, parameters): - user_id = cls._login_password(login, parameters) - if user_id: - return cls._login_sms(login, parameters) - class UserLoginSMSCode(ModelSQL): """SMS Code diff -r af95fc6752a1 -r cf6e802db022 tests/test_authentication_sms.py --- a/tests/test_authentication_sms.py Sun May 10 11:36:22 2020 +0200 +++ b/tests/test_authentication_sms.py Thu May 21 09:05:46 2020 +0200 @@ -28,7 +28,7 @@ def setUp(self): super(AuthenticationSMSTestCase, self).setUp() methods = config.get('session', 'authentications', default='') - config.set('session', 'authentications', 'password_sms') + config.set('session', 'authentications', 'sms') self.addCleanup(config.set, 'session', 'authentications', methods) config.add_section('authentication_sms') config.set( @@ -37,14 +37,6 @@ self.addCleanup(config.remove_section, 'authentication_sms') del sms_queue[:] - length = config.get('password', 'length', default='') - config.set('password', 'length', '4') - self.addCleanup(config.set, 'password', 'length', length) - - entropy = config.get('password', 'entropy', default='') - config.set('password', 'entropy', '0.8') - self.addCleanup(config.set, 'password', 'entropy', entropy) - @with_transaction() def test_sms_code_default_code(self): pool = Pool() @@ -107,19 +99,11 @@ User = pool.get('res.user') SMSCode = pool.get('res.user.login.sms_code') - user = User( - name='sms', login='sms', password='secret', mobile='+123456789') + user = User(name='sms', login='sms', mobile='+123456789') user.save() with self.assertRaises(LoginException) as cm: User.get_login('sms', {}) - self.assertEqual(cm.exception.name, 'password') - self.assertEqual(cm.exception.type, 'password') - - with self.assertRaises(LoginException) as cm: - User.get_login('sms', { - 'password': 'secret', - }) self.assertEqual(cm.exception.name, 'sms_code') self.assertEqual(cm.exception.type, 'char') @@ -127,7 +111,6 @@ sms_code = record.code user_id = User.get_login('sms', { - 'password': 'secret', 'sms_code': sms_code, }) self.assertEqual(user_id, user.id)