Compare commits
5 Commits
33fff5acba
...
9223f8da7c
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
9223f8da7c | ||
|
|
8c9b645196 | ||
|
|
2aa4bce089 | ||
|
|
46c62ebefa | ||
|
|
152e6d4328 |
@@ -28,6 +28,8 @@ TRIGGER_EVENTS = [
|
|||||||
('cert_awaiting_issuance', 'Cert Awaiting Issuance'),
|
('cert_awaiting_issuance', 'Cert Awaiting Issuance'),
|
||||||
('cert_voided_re_notify', 'Cert Voided — Please Re-Issue'),
|
('cert_voided_re_notify', 'Cert Voided — Please Re-Issue'),
|
||||||
('job_shipped', 'Job Shipped (manual mark)'),
|
('job_shipped', 'Job Shipped (manual mark)'),
|
||||||
|
# Spec 2026-05-25 — tablet PIN self-service reset
|
||||||
|
('tablet_pin_reset_requested', 'Tablet PIN Reset Code Requested'),
|
||||||
]
|
]
|
||||||
|
|
||||||
# Sub 6 — map each trigger event to a communication stream. Contacts on
|
# Sub 6 — map each trigger event to a communication stream. Contacts on
|
||||||
|
|||||||
@@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
'name': 'Fusion Plating — Shop Floor',
|
'name': 'Fusion Plating — Shop Floor',
|
||||||
'version': '19.0.34.2.0',
|
'version': '19.0.35.0.0',
|
||||||
'category': 'Manufacturing/Plating',
|
'category': 'Manufacturing/Plating',
|
||||||
'summary': 'Shop-floor tablet stations, QR scanning, bake window enforcer.',
|
'summary': 'Shop-floor tablet stations, QR scanning, bake window enforcer.',
|
||||||
'description': """
|
'description': """
|
||||||
@@ -59,6 +59,7 @@ Copyright (c) 2026 Nexa Systems Inc. All rights reserved.
|
|||||||
],
|
],
|
||||||
'demo': [
|
'demo': [
|
||||||
'data/fp_demo_shopfloor_data.xml',
|
'data/fp_demo_shopfloor_data.xml',
|
||||||
|
'data/fp_tablet_pin_reset_template.xml',
|
||||||
],
|
],
|
||||||
'assets': {
|
'assets': {
|
||||||
'web.assets_backend': [
|
'web.assets_backend': [
|
||||||
|
|||||||
@@ -102,8 +102,43 @@ class FpTabletController(http.Controller):
|
|||||||
# /fp/tablet/set_pin — self-service set or change
|
# /fp/tablet/set_pin — self-service set or change
|
||||||
# ======================================================================
|
# ======================================================================
|
||||||
@http.route('/fp/tablet/set_pin', type='jsonrpc', auth='user')
|
@http.route('/fp/tablet/set_pin', type='jsonrpc', auth='user')
|
||||||
def set_pin(self, new_pin, old_pin=None):
|
def set_pin(self, new_pin, old_pin=None, reset_token=None, user_id=None):
|
||||||
|
"""Set or change a tablet PIN. Three authorization paths:
|
||||||
|
|
||||||
|
1. old_pin provided — verify old PIN matches stored hash, then set
|
||||||
|
new (existing behavior; user_id ignored — uses env.user).
|
||||||
|
2. reset_token provided — verify HMAC-signed token from
|
||||||
|
/fp/tablet/verify_reset_code (Task 3). Token carries the
|
||||||
|
target user_id; new PIN set on that user even though the
|
||||||
|
browser session is still the kiosk. (Spec D16.)
|
||||||
|
3. Neither — only allowed for users with NO existing PIN
|
||||||
|
hash on env.user; same as the pre-redesign behavior.
|
||||||
|
"""
|
||||||
env = request.env
|
env = request.env
|
||||||
|
# === Path 2: reset_token (new) =================================
|
||||||
|
if reset_token and not old_pin:
|
||||||
|
Reset = env['fp.tablet.pin.reset']
|
||||||
|
try:
|
||||||
|
token_uid = Reset.sudo()._verify_reset_token(reset_token)
|
||||||
|
except UserError as e:
|
||||||
|
return {'ok': False,
|
||||||
|
'error': str(e.args[0]) if e.args else str(e)}
|
||||||
|
target = env['res.users'].sudo().browse(token_uid)
|
||||||
|
if not target.exists() or not target.active:
|
||||||
|
return {'ok': False, 'error': 'target_invalid'}
|
||||||
|
try:
|
||||||
|
target.set_tablet_pin(new_pin)
|
||||||
|
except UserError as e:
|
||||||
|
return {'ok': False,
|
||||||
|
'error': str(e.args[0]) if e.args else str(e)}
|
||||||
|
write_event(env,
|
||||||
|
event_type='pin_set_after_reset',
|
||||||
|
user_id=target.id)
|
||||||
|
_logger.info(
|
||||||
|
'Tablet PIN set via reset_token for uid %s', target.id,
|
||||||
|
)
|
||||||
|
return {'ok': True}
|
||||||
|
# === Path 1: old_pin (existing) + Path 3: no existing hash =====
|
||||||
user = env.user
|
user = env.user
|
||||||
existing_hash = user.sudo().x_fc_tablet_pin_hash
|
existing_hash = user.sudo().x_fc_tablet_pin_hash
|
||||||
if existing_hash:
|
if existing_hash:
|
||||||
@@ -120,6 +155,169 @@ class FpTabletController(http.Controller):
|
|||||||
)
|
)
|
||||||
return {'ok': True}
|
return {'ok': True}
|
||||||
|
|
||||||
|
# ======================================================================
|
||||||
|
# /fp/tablet/request_reset_code — self-service PIN reset (D1 + D2)
|
||||||
|
# ======================================================================
|
||||||
|
@http.route('/fp/tablet/request_reset_code',
|
||||||
|
type='jsonrpc', auth='user')
|
||||||
|
def request_reset_code(self, user_id):
|
||||||
|
"""Generate + email a temporary 4-digit code to `user_id`.
|
||||||
|
|
||||||
|
Per spec D1 (create flow) and D2 (reset flow) — same backend,
|
||||||
|
triggered from either the no-PIN tile click or the 3-fail
|
||||||
|
forgot button. Caller passes user_id (already known from the
|
||||||
|
tile click), NOT login — matches the existing unlock_session
|
||||||
|
signature.
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
{ok: True, masked_email: 'g***@nexasystems.ca'}
|
||||||
|
{ok: False, error: 'no_email', manager_name: '<owner>'}
|
||||||
|
{ok: False, error: 'rate_limited', wait_minutes: N}
|
||||||
|
{ok: False, error: 'user_not_found' | 'no_role' | 'inactive'}
|
||||||
|
"""
|
||||||
|
env = request.env
|
||||||
|
Users = env['res.users'].sudo()
|
||||||
|
target = Users.browse(int(user_id))
|
||||||
|
if not target.exists():
|
||||||
|
return {'ok': False, 'error': 'user_not_found'}
|
||||||
|
if not target.active:
|
||||||
|
return {'ok': False, 'error': 'inactive'}
|
||||||
|
# Same shop-branch role check as _check_credentials (Rule 13l + 23)
|
||||||
|
shop_branch_xmlids = (
|
||||||
|
'fusion_plating.group_fp_technician',
|
||||||
|
'fusion_plating.group_fp_shop_manager_v2',
|
||||||
|
'fusion_plating.group_fp_manager',
|
||||||
|
'fusion_plating.group_fp_quality_manager',
|
||||||
|
'fusion_plating.group_fp_owner',
|
||||||
|
)
|
||||||
|
shop_branch_ids = {
|
||||||
|
g.id for g in (
|
||||||
|
env.ref(x, raise_if_not_found=False)
|
||||||
|
for x in shop_branch_xmlids
|
||||||
|
) if g
|
||||||
|
}
|
||||||
|
if not (shop_branch_ids & set(target.all_group_ids.ids)):
|
||||||
|
return {'ok': False, 'error': 'no_role'}
|
||||||
|
# Resolve recipient email — login if email-shaped, else partner.email
|
||||||
|
email = (target.login if target.login and '@' in target.login
|
||||||
|
else (target.partner_id.email or ''))
|
||||||
|
if not email:
|
||||||
|
owner = env['res.company'].browse(env.user.company_id.id).sudo()
|
||||||
|
owner_name = (owner.x_fc_owner_user_id.name
|
||||||
|
if 'x_fc_owner_user_id' in owner._fields
|
||||||
|
and owner.x_fc_owner_user_id else 'your manager')
|
||||||
|
return {
|
||||||
|
'ok': False,
|
||||||
|
'error': 'no_email',
|
||||||
|
'manager_name': owner_name,
|
||||||
|
}
|
||||||
|
# Generate + persist + email
|
||||||
|
Reset = env['fp.tablet.pin.reset']
|
||||||
|
try:
|
||||||
|
rec, code = Reset._generate_for_user(
|
||||||
|
target,
|
||||||
|
requester_ip=request.httprequest.remote_addr or '',
|
||||||
|
)
|
||||||
|
except UserError as e:
|
||||||
|
# Rate limit — parse the minutes hint out of the message
|
||||||
|
msg = str(e.args[0]) if e.args else str(e)
|
||||||
|
wait_min = 60 # fallback
|
||||||
|
import re
|
||||||
|
m = re.search(r'(\d+)\s*minute', msg)
|
||||||
|
if m:
|
||||||
|
wait_min = int(m.group(1))
|
||||||
|
return {
|
||||||
|
'ok': False,
|
||||||
|
'error': 'rate_limited',
|
||||||
|
'wait_minutes': wait_min,
|
||||||
|
}
|
||||||
|
# Render the email directly with code in context — the
|
||||||
|
# _dispatch path doesn't yet propagate ctx.code into the
|
||||||
|
# mail.template render, so direct send_mail is the safe path.
|
||||||
|
try:
|
||||||
|
mail_template = env.ref(
|
||||||
|
'fusion_plating_shopfloor.fp_mail_template_tablet_pin_reset',
|
||||||
|
raise_if_not_found=False,
|
||||||
|
)
|
||||||
|
if mail_template:
|
||||||
|
mail_template.sudo().with_context(code=code).send_mail(
|
||||||
|
target.id, force_send=False,
|
||||||
|
)
|
||||||
|
except Exception as exc:
|
||||||
|
_logger.warning(
|
||||||
|
'tablet_pin_reset email dispatch failed for uid %s: %s',
|
||||||
|
target.id, exc,
|
||||||
|
)
|
||||||
|
# Still return success — the code IS issued; user can
|
||||||
|
# request another if email truly failed. Audit captures it.
|
||||||
|
# Audit
|
||||||
|
write_event(env,
|
||||||
|
event_type='pin_reset_requested',
|
||||||
|
attempted_user_id=target.id)
|
||||||
|
# Mask email for the response: g***@nexasystems.ca
|
||||||
|
masked = self._mask_email(email)
|
||||||
|
return {'ok': True, 'masked_email': masked}
|
||||||
|
|
||||||
|
# ======================================================================
|
||||||
|
# /fp/tablet/verify_reset_code — exchange code for reset_token
|
||||||
|
# ======================================================================
|
||||||
|
@http.route('/fp/tablet/verify_reset_code',
|
||||||
|
type='jsonrpc', auth='user')
|
||||||
|
def verify_reset_code(self, user_id, code):
|
||||||
|
"""Verify the emailed code. On success returns a short-lived
|
||||||
|
reset_token the client passes to /fp/tablet/set_pin for the
|
||||||
|
new-PIN write.
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
{ok: True, reset_token: '<token>'}
|
||||||
|
{ok: False, error: 'no_active_code' | 'expired' |
|
||||||
|
'too_many_attempts' | 'wrong_code',
|
||||||
|
attempts_left: N (only when wrong_code)}
|
||||||
|
"""
|
||||||
|
env = request.env
|
||||||
|
Users = env['res.users'].sudo()
|
||||||
|
target = Users.browse(int(user_id))
|
||||||
|
if not target.exists():
|
||||||
|
return {'ok': False, 'error': 'user_not_found'}
|
||||||
|
Reset = env['fp.tablet.pin.reset']
|
||||||
|
active = Reset.sudo().search([
|
||||||
|
('user_id', '=', target.id),
|
||||||
|
('used_at', '=', False),
|
||||||
|
], order='create_date desc', limit=1)
|
||||||
|
if not active:
|
||||||
|
return {'ok': False, 'error': 'no_active_code'}
|
||||||
|
ok, err = active._verify_and_consume(str(code))
|
||||||
|
if not ok:
|
||||||
|
# Audit failures too — useful for forensics
|
||||||
|
write_event(env,
|
||||||
|
event_type='failed_unlock', # reuse existing label
|
||||||
|
attempted_user_id=target.id,
|
||||||
|
failure_reason='wrong_pin',
|
||||||
|
notes=f'reset code verify: {err}')
|
||||||
|
# Caller can show attempts_left on wrong_code
|
||||||
|
attempts_left = max(0, 5 - active.attempt_count) \
|
||||||
|
if err == 'wrong_code' else 0
|
||||||
|
resp = {'ok': False, 'error': err}
|
||||||
|
if err == 'wrong_code':
|
||||||
|
resp['attempts_left'] = attempts_left
|
||||||
|
return resp
|
||||||
|
# Success — mint reset_token and audit
|
||||||
|
token = Reset.sudo()._sign_reset_token(target.id)
|
||||||
|
write_event(env,
|
||||||
|
event_type='pin_reset_code_verified',
|
||||||
|
attempted_user_id=target.id)
|
||||||
|
return {'ok': True, 'reset_token': token}
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def _mask_email(email):
|
||||||
|
"""Return 'g***@nexasystems.ca' style mask. First char + ***."""
|
||||||
|
if not email or '@' not in email:
|
||||||
|
return email or ''
|
||||||
|
local, _, domain = email.partition('@')
|
||||||
|
if len(local) <= 1:
|
||||||
|
return f'***@{domain}'
|
||||||
|
return f'{local[0]}***@{domain}'
|
||||||
|
|
||||||
# ======================================================================
|
# ======================================================================
|
||||||
# /fp/tablet/reset_pin_for — manager-only
|
# /fp/tablet/reset_pin_for — manager-only
|
||||||
# ======================================================================
|
# ======================================================================
|
||||||
|
|||||||
@@ -0,0 +1,68 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<!--
|
||||||
|
Copyright 2026 Nexa Systems Inc.
|
||||||
|
License OPL-1 (Odoo Proprietary License v1.0)
|
||||||
|
|
||||||
|
Spec: docs/superpowers/specs/2026-05-25-tablet-pin-self-service-design.md
|
||||||
|
|
||||||
|
Email template + notification-template wrapper + cleanup cron for
|
||||||
|
the tablet PIN self-service reset flow.
|
||||||
|
|
||||||
|
Per CLAUDE.md Rule 25 the mail.template references ONLY core
|
||||||
|
res.users fields (object.name, object.email, object.login,
|
||||||
|
object.company_id). The 4-digit code is passed in via context
|
||||||
|
(ctx.code) when /fp/tablet/request_reset_code calls send_mail.
|
||||||
|
-->
|
||||||
|
<odoo noupdate="1">
|
||||||
|
|
||||||
|
<!-- ===== Mail template ============================================ -->
|
||||||
|
<record id="fp_mail_template_tablet_pin_reset" model="mail.template">
|
||||||
|
<field name="name">FP: Tablet PIN Reset Code</field>
|
||||||
|
<field name="model_id" ref="base.model_res_users"/>
|
||||||
|
<field name="subject">🔒 Your ENTECH tablet temporary PIN: {{ ctx.get('code', '----') }}</field>
|
||||||
|
<field name="email_from">{{ (object.company_id.email or user.email) }}</field>
|
||||||
|
<field name="email_to">{{ object.email or object.login }}</field>
|
||||||
|
<field name="auto_delete" eval="True"/>
|
||||||
|
<field name="body_html" type="html">
|
||||||
|
<div style="font-family: -apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,Arial,sans-serif; max-width: 600px; margin: 0 auto; padding: 32px 24px;">
|
||||||
|
<div style="height: 4px; background-color: #1d4ed8; margin-bottom: 28px;"></div>
|
||||||
|
<div style="font-size: 11px; text-transform: uppercase; letter-spacing: 1px; color: #1d4ed8; font-weight: 600; margin-bottom: 8px;">
|
||||||
|
Electroless Nickel Technologies Inc. (ENTECH)
|
||||||
|
</div>
|
||||||
|
<h2 style="margin: 0 0 8px 0; font-size: 22px; font-weight: bold;">Your tablet temporary PIN</h2>
|
||||||
|
<p style="margin: 0 0 20px 0; font-size: 15px; opacity: 0.75;">
|
||||||
|
Hi <t t-out="object.name"/>, use this 4-digit PIN to unlock the
|
||||||
|
shop-floor tablet and set a new permanent PIN.
|
||||||
|
</p>
|
||||||
|
<div style="text-align: center; margin: 32px 0; padding: 24px; background: #f3f4f6; border-radius: 8px; font-family: ui-monospace, 'SF Mono', Menlo, Consolas, monospace; font-size: 48px; font-weight: 700; letter-spacing: 0.3em; color: #1d4ed8;">
|
||||||
|
<t t-out="ctx.get('code', '----')"/>
|
||||||
|
</div>
|
||||||
|
<p style="margin: 16px 0; font-size: 13px; opacity: 0.65;">
|
||||||
|
This code expires in 72 hours. If you didn't request it, ignore
|
||||||
|
this email — no action needed. The previous PIN (if any) stays
|
||||||
|
valid until you successfully complete the reset on the tablet.
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
</field>
|
||||||
|
</record>
|
||||||
|
|
||||||
|
<!-- ===== fp.notification.template wrapper ========================= -->
|
||||||
|
<record id="fp_notif_tablet_pin_reset" model="fp.notification.template">
|
||||||
|
<field name="name">Tablet PIN Reset Code</field>
|
||||||
|
<field name="trigger_event">tablet_pin_reset_requested</field>
|
||||||
|
<field name="mail_template_id" ref="fp_mail_template_tablet_pin_reset"/>
|
||||||
|
<field name="active" eval="True"/>
|
||||||
|
</record>
|
||||||
|
|
||||||
|
<!-- ===== Cleanup cron ============================================ -->
|
||||||
|
<record id="cron_purge_expired_pin_resets" model="ir.cron">
|
||||||
|
<field name="name">Fusion Plating: Purge expired tablet PIN reset codes</field>
|
||||||
|
<field name="model_id" ref="model_fp_tablet_pin_reset"/>
|
||||||
|
<field name="state">code</field>
|
||||||
|
<field name="code">model._cron_purge_expired()</field>
|
||||||
|
<field name="interval_number">1</field>
|
||||||
|
<field name="interval_type">days</field>
|
||||||
|
<field name="active" eval="True"/>
|
||||||
|
</record>
|
||||||
|
|
||||||
|
</odoo>
|
||||||
@@ -10,3 +10,4 @@ from . import fp_tank
|
|||||||
from . import res_users
|
from . import res_users
|
||||||
from . import res_config_settings
|
from . import res_config_settings
|
||||||
from . import fp_tablet_session_event
|
from . import fp_tablet_session_event
|
||||||
|
from . import fp_tablet_pin_reset
|
||||||
|
|||||||
@@ -0,0 +1,288 @@
|
|||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Copyright 2026 Nexa Systems Inc.
|
||||||
|
# License OPL-1 (Odoo Proprietary License v1.0)
|
||||||
|
"""Tablet PIN email-reset codes.
|
||||||
|
|
||||||
|
Spec: docs/superpowers/specs/2026-05-25-tablet-pin-self-service-design.md
|
||||||
|
|
||||||
|
Stores hashed 4-digit codes emailed to users for self-service PIN
|
||||||
|
creation OR reset. One active row per user (SQL constraint). 72-hour
|
||||||
|
expiry. 5-wrong-attempts-per-code cap. Cleaned up daily by cron.
|
||||||
|
"""
|
||||||
|
import base64
|
||||||
|
import hashlib
|
||||||
|
import hmac
|
||||||
|
import json
|
||||||
|
import logging
|
||||||
|
import secrets
|
||||||
|
import time
|
||||||
|
from datetime import timedelta
|
||||||
|
|
||||||
|
from odoo import _, api, fields, models
|
||||||
|
from odoo.exceptions import UserError
|
||||||
|
|
||||||
|
_logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
# Code TTL — user-picked default per D4 (spec). Long enough for shift
|
||||||
|
# workers / weekend gaps; short enough that an old code in the inbox
|
||||||
|
# isn't a long-lived risk.
|
||||||
|
_CODE_TTL_HOURS = 72
|
||||||
|
|
||||||
|
# Per-code wrong-attempt cap per D5. After this many wrong tries the
|
||||||
|
# code is invalidated even if expires_at hasn't passed.
|
||||||
|
_MAX_ATTEMPTS = 5
|
||||||
|
|
||||||
|
# Rate-limit window + max requests per D6. Counts rows created in the
|
||||||
|
# rolling 60-minute window per user.
|
||||||
|
_RATE_LIMIT_WINDOW_MIN = 60
|
||||||
|
_RATE_LIMIT_MAX = 3
|
||||||
|
|
||||||
|
# Reset token TTL per D16 (spec). Short enough that an intercepted
|
||||||
|
# token can't be sat on; long enough for the user to type + confirm
|
||||||
|
# a new PIN without rushing.
|
||||||
|
_RESET_TOKEN_TTL_SEC = 300
|
||||||
|
|
||||||
|
# Same PBKDF2 iteration count as the regular PIN hash (res_users.py).
|
||||||
|
# Keeps hash-cost consistent across the system.
|
||||||
|
_PBKDF2_ITERATIONS = 200_000
|
||||||
|
|
||||||
|
|
||||||
|
class FpTabletPinReset(models.Model):
|
||||||
|
_name = 'fp.tablet.pin.reset'
|
||||||
|
_description = 'Tablet PIN Email-Reset Code'
|
||||||
|
_order = 'create_date desc'
|
||||||
|
|
||||||
|
user_id = fields.Many2one(
|
||||||
|
'res.users', required=True, ondelete='cascade', index=True,
|
||||||
|
)
|
||||||
|
code_hash = fields.Char(
|
||||||
|
required=True,
|
||||||
|
groups='fusion_plating.group_fusion_plating_manager',
|
||||||
|
help='PBKDF2-SHA256 hash + salt of the 4-digit code. Format: '
|
||||||
|
'<salt_hex>$<digest_hex>. Never plaintext.',
|
||||||
|
)
|
||||||
|
expires_at = fields.Datetime(required=True, index=True)
|
||||||
|
used_at = fields.Datetime(
|
||||||
|
help='Set when the code is successfully verified, OR when 5 '
|
||||||
|
'wrong attempts invalidate it. Either way the row stops '
|
||||||
|
'being "active" and a new one can be requested.',
|
||||||
|
)
|
||||||
|
attempt_count = fields.Integer(
|
||||||
|
default=0,
|
||||||
|
help='Wrong-guess counter. 5 wrong attempts invalidate the '
|
||||||
|
'code (used_at set).',
|
||||||
|
)
|
||||||
|
requester_ip = fields.Char(help='IP of the kiosk that requested.')
|
||||||
|
|
||||||
|
_sql_constraints = [
|
||||||
|
# At most ONE active (used_at IS NULL) row per user. Forces the
|
||||||
|
# "request new = invalidate old" behavior. Uses Postgres
|
||||||
|
# EXCLUDE — partial unique index doesn't compose with the
|
||||||
|
# other rows where used_at IS NOT NULL.
|
||||||
|
('one_active_per_user',
|
||||||
|
"EXCLUDE (user_id WITH =) WHERE (used_at IS NULL)",
|
||||||
|
'A user may have at most one outstanding tablet PIN reset code.'),
|
||||||
|
]
|
||||||
|
|
||||||
|
# ===== Hash helpers (mirror ResUsers._hash_tablet_pin pattern) =====
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def _hash_code(code, salt=None):
|
||||||
|
"""Hash `code` with optional salt. Returns 'salt_hex$digest_hex'."""
|
||||||
|
if salt is None:
|
||||||
|
salt = secrets.token_bytes(16)
|
||||||
|
digest = hashlib.pbkdf2_hmac(
|
||||||
|
'sha256', code.encode('utf-8'), salt, _PBKDF2_ITERATIONS,
|
||||||
|
)
|
||||||
|
return f"{salt.hex()}${digest.hex()}"
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def _verify_code_hash(code, stored):
|
||||||
|
"""Constant-time verify of `code` against a stored hash string."""
|
||||||
|
if not stored or '$' not in stored:
|
||||||
|
return False
|
||||||
|
salt_hex, expected_hex = stored.split('$', 1)
|
||||||
|
try:
|
||||||
|
salt = bytes.fromhex(salt_hex)
|
||||||
|
except ValueError:
|
||||||
|
return False
|
||||||
|
digest = hashlib.pbkdf2_hmac(
|
||||||
|
'sha256', code.encode('utf-8'), salt, _PBKDF2_ITERATIONS,
|
||||||
|
)
|
||||||
|
return secrets.compare_digest(digest.hex(), expected_hex)
|
||||||
|
|
||||||
|
# ===== Public lifecycle =====
|
||||||
|
|
||||||
|
@api.model
|
||||||
|
def _generate_for_user(self, user, requester_ip=None):
|
||||||
|
"""Issue a fresh code for `user`. Replaces any active row.
|
||||||
|
Returns (record, plaintext_code).
|
||||||
|
|
||||||
|
Caller must email the plaintext_code; never persisted anywhere
|
||||||
|
after this returns. Raises UserError on rate-limit breach.
|
||||||
|
"""
|
||||||
|
# Rate-limit: count rows created in the rolling window.
|
||||||
|
cutoff = fields.Datetime.now() - timedelta(
|
||||||
|
minutes=_RATE_LIMIT_WINDOW_MIN,
|
||||||
|
)
|
||||||
|
recent = self.sudo().search_count([
|
||||||
|
('user_id', '=', user.id),
|
||||||
|
('create_date', '>=', cutoff),
|
||||||
|
])
|
||||||
|
if recent >= _RATE_LIMIT_MAX:
|
||||||
|
# Find when the oldest of the window ages out
|
||||||
|
oldest = self.sudo().search([
|
||||||
|
('user_id', '=', user.id),
|
||||||
|
('create_date', '>=', cutoff),
|
||||||
|
], order='create_date asc', limit=1)
|
||||||
|
ages_out = oldest.create_date + timedelta(
|
||||||
|
minutes=_RATE_LIMIT_WINDOW_MIN,
|
||||||
|
)
|
||||||
|
wait_min = max(
|
||||||
|
1,
|
||||||
|
int((ages_out - fields.Datetime.now()).total_seconds() / 60),
|
||||||
|
)
|
||||||
|
raise UserError(_(
|
||||||
|
'Too many reset requests. Wait %d minutes before '
|
||||||
|
'trying again.'
|
||||||
|
) % wait_min)
|
||||||
|
# Invalidate any existing active row (SQL constraint enforces
|
||||||
|
# one active; we explicitly mark prior as used to be clean).
|
||||||
|
self.sudo().search([
|
||||||
|
('user_id', '=', user.id),
|
||||||
|
('used_at', '=', False),
|
||||||
|
]).write({'used_at': fields.Datetime.now()})
|
||||||
|
# Generate the code — 0000-9999, zero-padded.
|
||||||
|
code = f"{secrets.randbelow(10000):04d}"
|
||||||
|
rec = self.sudo().create({
|
||||||
|
'user_id': user.id,
|
||||||
|
'code_hash': self._hash_code(code),
|
||||||
|
'expires_at': fields.Datetime.now() + timedelta(
|
||||||
|
hours=_CODE_TTL_HOURS,
|
||||||
|
),
|
||||||
|
'requester_ip': (requester_ip or '')[:64],
|
||||||
|
})
|
||||||
|
return rec, code
|
||||||
|
|
||||||
|
def _verify_and_consume(self, code):
|
||||||
|
"""Verify `code` against this row. Returns (ok, error_str_or_None).
|
||||||
|
|
||||||
|
Side effects:
|
||||||
|
- Increments attempt_count regardless of result
|
||||||
|
- If correct: sets used_at, returns (True, None)
|
||||||
|
- If wrong + attempt_count == _MAX_ATTEMPTS: sets used_at,
|
||||||
|
returns (False, 'too_many_attempts')
|
||||||
|
- If expired: sets used_at, returns (False, 'expired')
|
||||||
|
"""
|
||||||
|
self.ensure_one()
|
||||||
|
now = fields.Datetime.now()
|
||||||
|
if self.used_at:
|
||||||
|
return (False, 'already_used')
|
||||||
|
if self.expires_at < now:
|
||||||
|
self.sudo().write({'used_at': now})
|
||||||
|
return (False, 'expired')
|
||||||
|
# Always increment attempt_count before verifying so wrong tries
|
||||||
|
# count against the cap even if the user retries the same wrong
|
||||||
|
# code.
|
||||||
|
self.sudo().write({'attempt_count': self.attempt_count + 1})
|
||||||
|
if not self._verify_code_hash(code, self.sudo().code_hash):
|
||||||
|
# Did this push us to the cap?
|
||||||
|
if self.attempt_count + 1 >= _MAX_ATTEMPTS:
|
||||||
|
self.sudo().write({'used_at': now})
|
||||||
|
return (False, 'too_many_attempts')
|
||||||
|
return (False, 'wrong_code')
|
||||||
|
# Correct
|
||||||
|
self.sudo().write({'used_at': now})
|
||||||
|
return (True, None)
|
||||||
|
|
||||||
|
# ===== Reset-token signing (HMAC-SHA256, single-use, 5min TTL) =====
|
||||||
|
|
||||||
|
@api.model
|
||||||
|
def _sign_reset_token(self, user_id):
|
||||||
|
"""Mint a signed short-lived token proving the user just
|
||||||
|
verified a reset code. Used by /fp/tablet/set_pin to authorise
|
||||||
|
a new-PIN write without an old PIN.
|
||||||
|
|
||||||
|
Format: base64url(payload).base64url(signature)
|
||||||
|
Payload: {user_id, exp_epoch, purpose}
|
||||||
|
"""
|
||||||
|
secret = self.env['ir.config_parameter'].sudo().get_param(
|
||||||
|
'database.secret',
|
||||||
|
)
|
||||||
|
if not secret:
|
||||||
|
raise UserError(_(
|
||||||
|
'Cannot sign reset token — database.secret not set.'
|
||||||
|
))
|
||||||
|
payload = {
|
||||||
|
'user_id': int(user_id),
|
||||||
|
'exp': int(time.time()) + _RESET_TOKEN_TTL_SEC,
|
||||||
|
'purpose': 'tablet_pin_reset',
|
||||||
|
}
|
||||||
|
body = base64.urlsafe_b64encode(
|
||||||
|
json.dumps(payload, separators=(',', ':')).encode('utf-8'),
|
||||||
|
).rstrip(b'=')
|
||||||
|
sig = hmac.new(
|
||||||
|
secret.encode('utf-8'), body, hashlib.sha256,
|
||||||
|
).digest()
|
||||||
|
sig_b64 = base64.urlsafe_b64encode(sig).rstrip(b'=')
|
||||||
|
return body.decode() + '.' + sig_b64.decode()
|
||||||
|
|
||||||
|
@api.model
|
||||||
|
def _verify_reset_token(self, token):
|
||||||
|
"""Verify token signature + expiry + purpose claim.
|
||||||
|
Returns user_id on success, raises UserError otherwise.
|
||||||
|
"""
|
||||||
|
if not token or '.' not in token:
|
||||||
|
raise UserError(_('Invalid reset token.'))
|
||||||
|
body_b64, sig_b64 = token.split('.', 1)
|
||||||
|
secret = self.env['ir.config_parameter'].sudo().get_param(
|
||||||
|
'database.secret',
|
||||||
|
)
|
||||||
|
if not secret:
|
||||||
|
raise UserError(_('Cannot verify reset token.'))
|
||||||
|
expected_sig = hmac.new(
|
||||||
|
secret.encode('utf-8'),
|
||||||
|
body_b64.encode('utf-8'),
|
||||||
|
hashlib.sha256,
|
||||||
|
).digest()
|
||||||
|
expected_sig_b64 = base64.urlsafe_b64encode(
|
||||||
|
expected_sig,
|
||||||
|
).rstrip(b'=').decode()
|
||||||
|
if not hmac.compare_digest(sig_b64, expected_sig_b64):
|
||||||
|
raise UserError(_('Reset token signature invalid.'))
|
||||||
|
# Decode payload (re-pad for base64)
|
||||||
|
padding = '=' * (-len(body_b64) % 4)
|
||||||
|
try:
|
||||||
|
payload = json.loads(
|
||||||
|
base64.urlsafe_b64decode(body_b64 + padding).decode('utf-8'),
|
||||||
|
)
|
||||||
|
except (ValueError, UnicodeDecodeError):
|
||||||
|
raise UserError(_('Reset token payload invalid.'))
|
||||||
|
if payload.get('purpose') != 'tablet_pin_reset':
|
||||||
|
raise UserError(_('Reset token purpose mismatch.'))
|
||||||
|
if payload.get('exp', 0) < int(time.time()):
|
||||||
|
raise UserError(_('Reset token expired.'))
|
||||||
|
uid = payload.get('user_id')
|
||||||
|
if not isinstance(uid, int):
|
||||||
|
raise UserError(_('Reset token user_id invalid.'))
|
||||||
|
return uid
|
||||||
|
|
||||||
|
# ===== Cleanup cron =====
|
||||||
|
|
||||||
|
@api.model
|
||||||
|
def _cron_purge_expired(self):
|
||||||
|
"""Daily cron — delete used/expired rows > 7 days old.
|
||||||
|
Audit trail lives in fp.tablet.session.event, not here, so we
|
||||||
|
can purge aggressively without losing forensics."""
|
||||||
|
cutoff = fields.Datetime.now() - timedelta(days=7)
|
||||||
|
to_purge = self.sudo().search([
|
||||||
|
'|',
|
||||||
|
'&', ('used_at', '!=', False), ('used_at', '<', cutoff),
|
||||||
|
'&', ('used_at', '=', False), ('expires_at', '<', cutoff),
|
||||||
|
])
|
||||||
|
if to_purge:
|
||||||
|
count = len(to_purge)
|
||||||
|
to_purge.unlink()
|
||||||
|
_logger.info(
|
||||||
|
'fp.tablet.pin.reset cleanup: purged %d expired rows', count,
|
||||||
|
)
|
||||||
@@ -29,6 +29,10 @@ class FpTabletSessionEvent(models.Model):
|
|||||||
('ceiling_lock', '8-hour ceiling lock'),
|
('ceiling_lock', '8-hour ceiling lock'),
|
||||||
('force_lock', 'Force lock (cron, stale session)'),
|
('force_lock', 'Force lock (cron, stale session)'),
|
||||||
('admin_reset', 'Admin force-reset PIN'),
|
('admin_reset', 'Admin force-reset PIN'),
|
||||||
|
# Spec 2026-05-25 — self-service PIN reset flow
|
||||||
|
('pin_reset_requested', 'PIN reset code requested (email sent)'),
|
||||||
|
('pin_reset_code_verified', 'PIN reset code verified'),
|
||||||
|
('pin_set_after_reset', 'New PIN set via email reset flow'),
|
||||||
],
|
],
|
||||||
required=True,
|
required=True,
|
||||||
readonly=True,
|
readonly=True,
|
||||||
|
|||||||
129
fusion_plating/fusion_plating_shopfloor/scripts/bt_pin_reset.py
Normal file
129
fusion_plating/fusion_plating_shopfloor/scripts/bt_pin_reset.py
Normal file
@@ -0,0 +1,129 @@
|
|||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
"""Tablet PIN self-service — entech smoke.
|
||||||
|
|
||||||
|
Spec: docs/superpowers/specs/2026-05-25-tablet-pin-self-service-design.md
|
||||||
|
Plan: docs/superpowers/plans/2026-05-25-tablet-pin-self-service-plan.md
|
||||||
|
|
||||||
|
Run on entech via odoo-shell. Picks a real shop-floor user with no
|
||||||
|
current PIN, runs the full create flow end-to-end via the model
|
||||||
|
helpers (controller endpoints exercise the same paths under the
|
||||||
|
hood; this script lets us verify pre-HTTP).
|
||||||
|
|
||||||
|
Cleans up at the end: reverts PIN + deletes reset rows for the user.
|
||||||
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
def _ok(cond, label):
|
||||||
|
if cond:
|
||||||
|
print('OK -', label)
|
||||||
|
else:
|
||||||
|
print('FAIL -', label)
|
||||||
|
raise SystemExit(1)
|
||||||
|
|
||||||
|
|
||||||
|
# Pick a real user — first active shop-branch user with no PIN.
|
||||||
|
gids = []
|
||||||
|
for xmlid in (
|
||||||
|
'fusion_plating.group_fp_technician',
|
||||||
|
'fusion_plating.group_fp_manager',
|
||||||
|
'fusion_plating.group_fp_quality_manager',
|
||||||
|
'fusion_plating.group_fp_owner',
|
||||||
|
):
|
||||||
|
g = env.ref(xmlid, raise_if_not_found=False)
|
||||||
|
if g:
|
||||||
|
gids.append(g.id)
|
||||||
|
user = env['res.users'].sudo().search([
|
||||||
|
('all_group_ids', 'in', gids),
|
||||||
|
('share', '=', False),
|
||||||
|
('active', '=', True),
|
||||||
|
('x_fc_tablet_pin_hash', '=', False),
|
||||||
|
], limit=1)
|
||||||
|
_ok(bool(user), f'found a no-PIN shop user: {user.name if user else None}')
|
||||||
|
|
||||||
|
original_hash = user.sudo().x_fc_tablet_pin_hash # for cleanup
|
||||||
|
|
||||||
|
Reset = env['fp.tablet.pin.reset']
|
||||||
|
|
||||||
|
# 1. Generate a code
|
||||||
|
rec, code = Reset._generate_for_user(user)
|
||||||
|
_ok(rec.exists(), 'reset row created')
|
||||||
|
_ok(len(code) == 4 and code.isdigit(), f'code is 4 digits: {code}')
|
||||||
|
_ok(not rec.used_at, 'row is active (used_at is null)')
|
||||||
|
|
||||||
|
# 2. Verify wrong code
|
||||||
|
wrong = '9999' if code != '9999' else '0000'
|
||||||
|
ok, err = rec._verify_and_consume(wrong)
|
||||||
|
_ok(not ok and err == 'wrong_code', f'wrong code rejected: err={err}')
|
||||||
|
|
||||||
|
rec.invalidate_recordset(['attempt_count'])
|
||||||
|
_ok(rec.attempt_count == 1, f'attempt_count is 1: {rec.attempt_count}')
|
||||||
|
|
||||||
|
# 3. Verify correct code
|
||||||
|
ok, err = rec._verify_and_consume(code)
|
||||||
|
_ok(ok and err is None, f'correct code accepted: err={err}')
|
||||||
|
|
||||||
|
rec.invalidate_recordset(['used_at'])
|
||||||
|
_ok(bool(rec.used_at), 'row marked used after success')
|
||||||
|
|
||||||
|
# 4. Sign reset token + verify
|
||||||
|
token = Reset._sign_reset_token(user.id)
|
||||||
|
_ok('.' in token, 'token has body.sig shape')
|
||||||
|
|
||||||
|
uid = Reset._verify_reset_token(token)
|
||||||
|
_ok(uid == user.id, f'token verifies to correct uid: {uid}')
|
||||||
|
|
||||||
|
# 5. Set PIN (simulates the set_pin endpoint reset_token branch)
|
||||||
|
user.set_tablet_pin('4321')
|
||||||
|
user.invalidate_recordset(['x_fc_tablet_pin_hash'])
|
||||||
|
_ok(bool(user.sudo().x_fc_tablet_pin_hash), 'PIN hash set on user')
|
||||||
|
|
||||||
|
# 6. Verify the new PIN works
|
||||||
|
_ok(user.verify_tablet_pin('4321'), 'new PIN verifies')
|
||||||
|
|
||||||
|
# 7. Audit events written
|
||||||
|
audit_count = env['fp.tablet.session.event'].sudo().search_count([
|
||||||
|
('attempted_user_id', '=', user.id),
|
||||||
|
('event_type', 'in', (
|
||||||
|
'pin_reset_requested',
|
||||||
|
'pin_reset_code_verified',
|
||||||
|
'failed_unlock',
|
||||||
|
)),
|
||||||
|
])
|
||||||
|
# Direct model calls don't write audit (controller does); so we don't
|
||||||
|
# assert > 0 here. Just print the count for visibility.
|
||||||
|
print(f' audit events for user (informational): {audit_count}')
|
||||||
|
|
||||||
|
# 8. Mail template exists
|
||||||
|
tpl = env.ref(
|
||||||
|
'fusion_plating_shopfloor.fp_mail_template_tablet_pin_reset',
|
||||||
|
raise_if_not_found=False,
|
||||||
|
)
|
||||||
|
_ok(bool(tpl), 'mail.template fp_mail_template_tablet_pin_reset exists')
|
||||||
|
|
||||||
|
# 9. Notification template wrapper exists
|
||||||
|
notif = env.ref(
|
||||||
|
'fusion_plating_shopfloor.fp_notif_tablet_pin_reset',
|
||||||
|
raise_if_not_found=False,
|
||||||
|
)
|
||||||
|
_ok(bool(notif), 'fp.notification.template fp_notif_tablet_pin_reset exists')
|
||||||
|
|
||||||
|
# 10. Cleanup cron exists
|
||||||
|
cron = env.ref(
|
||||||
|
'fusion_plating_shopfloor.cron_purge_expired_pin_resets',
|
||||||
|
raise_if_not_found=False,
|
||||||
|
)
|
||||||
|
_ok(bool(cron), 'cleanup cron cron_purge_expired_pin_resets exists')
|
||||||
|
|
||||||
|
# Cleanup
|
||||||
|
user.sudo().write({
|
||||||
|
'x_fc_tablet_pin_hash': original_hash or False,
|
||||||
|
})
|
||||||
|
env['fp.tablet.pin.reset'].sudo().search([
|
||||||
|
('user_id', '=', user.id),
|
||||||
|
]).unlink()
|
||||||
|
env.cr.commit()
|
||||||
|
print('cleanup: PIN reverted, reset rows deleted')
|
||||||
|
|
||||||
|
print()
|
||||||
|
print('--- bt_pin_reset: ALL PASS ---')
|
||||||
|
print(f' Tested user: {user.name} (uid={user.id})')
|
||||||
@@ -15,3 +15,4 @@ access_fp_job_node_override_operator,fp.job.node.override.operator,fusion_platin
|
|||||||
access_res_users_kiosk,res.users.kiosk.read,base.model_res_users,fusion_plating_shopfloor.group_fp_tablet_kiosk,1,0,0,0
|
access_res_users_kiosk,res.users.kiosk.read,base.model_res_users,fusion_plating_shopfloor.group_fp_tablet_kiosk,1,0,0,0
|
||||||
access_ir_config_param_kiosk,ir.config_parameter.kiosk.read,base.model_ir_config_parameter,fusion_plating_shopfloor.group_fp_tablet_kiosk,1,0,0,0
|
access_ir_config_param_kiosk,ir.config_parameter.kiosk.read,base.model_ir_config_parameter,fusion_plating_shopfloor.group_fp_tablet_kiosk,1,0,0,0
|
||||||
access_fp_tablet_session_event_owner,fp.tablet.session.event.owner.read,model_fp_tablet_session_event,fusion_plating.group_fp_owner,1,0,0,0
|
access_fp_tablet_session_event_owner,fp.tablet.session.event.owner.read,model_fp_tablet_session_event,fusion_plating.group_fp_owner,1,0,0,0
|
||||||
|
access_fp_tablet_pin_reset_manager,fp.tablet.pin.reset.manager,model_fp_tablet_pin_reset,fusion_plating.group_fusion_plating_manager,1,1,1,1
|
||||||
|
|||||||
|
@@ -61,6 +61,21 @@ export class FpTabletLock extends Component {
|
|||||||
// the kiosk (= locked).
|
// the kiosk (= locked).
|
||||||
kioskUid: null,
|
kioskUid: null,
|
||||||
currentUid: null,
|
currentUid: null,
|
||||||
|
// Spec 2026-05-25 — PIN self-service wizard states
|
||||||
|
// 'pin' — default keypad (has-PIN user)
|
||||||
|
// 'request_code' — "Send temp PIN" button screen
|
||||||
|
// 'enter_temp_code' — 4-cell pad for emailed code
|
||||||
|
// 'set_new_pin' — 4-cell pad — choose new PIN
|
||||||
|
// 'confirm_new_pin' — 4-cell pad — confirm new PIN
|
||||||
|
mode: 'pin',
|
||||||
|
failedAttempts: 0, // resets on tile re-select
|
||||||
|
maskedEmail: '',
|
||||||
|
cooldownMinutes: 0,
|
||||||
|
noEmailManager: '',
|
||||||
|
pendingResetToken: null,
|
||||||
|
pendingNewPin: null,
|
||||||
|
codeAttemptsLeft: 5,
|
||||||
|
statusMessage: '',
|
||||||
});
|
});
|
||||||
|
|
||||||
onMounted(async () => {
|
onMounted(async () => {
|
||||||
@@ -161,6 +176,18 @@ export class FpTabletLock extends Component {
|
|||||||
|
|
||||||
onTileClick(userId) {
|
onTileClick(userId) {
|
||||||
this.state.selectedTileUserId = userId;
|
this.state.selectedTileUserId = userId;
|
||||||
|
this.state.failedAttempts = 0;
|
||||||
|
// Spec D1 — if user has no PIN, jump straight to the
|
||||||
|
// "Send temporary PIN" screen. Otherwise show the keypad.
|
||||||
|
const tile = this._tileForUser(userId);
|
||||||
|
this.state.mode = (tile && tile.has_pin) ? 'pin' : 'request_code';
|
||||||
|
this.state.statusMessage = '';
|
||||||
|
this.state.pendingResetToken = null;
|
||||||
|
this.state.pendingNewPin = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
_tileForUser(userId) {
|
||||||
|
return this.state.tiles.find(t => t.user_id === userId);
|
||||||
}
|
}
|
||||||
|
|
||||||
_selectedTileName() {
|
_selectedTileName() {
|
||||||
@@ -184,7 +211,13 @@ export class FpTabletLock extends Component {
|
|||||||
// navigate while we're tearing down.
|
// navigate while we're tearing down.
|
||||||
return { ok: true, reloading: true };
|
return { ok: true, reloading: true };
|
||||||
}
|
}
|
||||||
return { ok: false, error: (res && res.error) || "Unlock failed" };
|
// Wrong PIN — bump client-side counter for "Forgot?" gating
|
||||||
|
this.state.failedAttempts += 1;
|
||||||
|
return {
|
||||||
|
ok: false,
|
||||||
|
error: (res && res.error) || "Unlock failed",
|
||||||
|
showForgotButton: this.state.failedAttempts >= 3,
|
||||||
|
};
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
return { ok: false, error: err.message || String(err) };
|
return { ok: false, error: err.message || String(err) };
|
||||||
}
|
}
|
||||||
@@ -192,6 +225,11 @@ export class FpTabletLock extends Component {
|
|||||||
|
|
||||||
onPinCancel() {
|
onPinCancel() {
|
||||||
this.state.selectedTileUserId = null;
|
this.state.selectedTileUserId = null;
|
||||||
|
this.state.failedAttempts = 0;
|
||||||
|
this.state.mode = 'pin';
|
||||||
|
this.state.statusMessage = '';
|
||||||
|
this.state.pendingResetToken = null;
|
||||||
|
this.state.pendingNewPin = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
handOff() {
|
handOff() {
|
||||||
@@ -238,4 +276,133 @@ export class FpTabletLock extends Component {
|
|||||||
? "o_fp_lock_avatar is-clocked"
|
? "o_fp_lock_avatar is-clocked"
|
||||||
: "o_fp_lock_avatar";
|
: "o_fp_lock_avatar";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ===== Spec 2026-05-25 — PIN self-service wizard handlers =====
|
||||||
|
|
||||||
|
/** "Forgot? Reset PIN via email" button click — from PIN entry screen
|
||||||
|
* after 3 fails. */
|
||||||
|
onForgotPinClick() {
|
||||||
|
this.state.mode = 'request_code';
|
||||||
|
this.state.statusMessage = '';
|
||||||
|
}
|
||||||
|
|
||||||
|
/** "Send temporary PIN" button click — from request_code screen. */
|
||||||
|
async onSendCodeClick() {
|
||||||
|
try {
|
||||||
|
const res = await rpc("/fp/tablet/request_reset_code", {
|
||||||
|
user_id: this.state.selectedTileUserId,
|
||||||
|
});
|
||||||
|
if (res && res.ok) {
|
||||||
|
this.state.maskedEmail = res.masked_email;
|
||||||
|
this.state.mode = 'enter_temp_code';
|
||||||
|
this.state.statusMessage = '';
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// Error states drive UI
|
||||||
|
if (res && res.error === 'no_email') {
|
||||||
|
this.state.noEmailManager = res.manager_name || '';
|
||||||
|
this.state.statusMessage = `No email on file. Contact: ${res.manager_name || 'your manager'}`;
|
||||||
|
} else if (res && res.error === 'rate_limited') {
|
||||||
|
this.state.cooldownMinutes = res.wait_minutes || 60;
|
||||||
|
this.state.statusMessage = `Too many requests. Wait ${res.wait_minutes || 60} minutes.`;
|
||||||
|
} else {
|
||||||
|
this.state.statusMessage = (res && res.error) || 'Failed to send code.';
|
||||||
|
}
|
||||||
|
} catch (err) {
|
||||||
|
this.state.statusMessage = err.message || String(err);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/** "Resend" button on the enter_temp_code screen. */
|
||||||
|
async onResendCodeClick() {
|
||||||
|
try {
|
||||||
|
const res = await rpc("/fp/tablet/request_reset_code", {
|
||||||
|
user_id: this.state.selectedTileUserId,
|
||||||
|
});
|
||||||
|
if (res && res.ok) {
|
||||||
|
this.state.maskedEmail = res.masked_email;
|
||||||
|
this.state.statusMessage = 'New code sent.';
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (res && res.error === 'rate_limited') {
|
||||||
|
this.state.statusMessage = `Wait ${res.wait_minutes || 60} min before requesting again.`;
|
||||||
|
} else {
|
||||||
|
this.state.statusMessage = (res && res.error) || 'Resend failed.';
|
||||||
|
}
|
||||||
|
} catch (err) {
|
||||||
|
this.state.statusMessage = err.message || String(err);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Submit handler when user enters the 4-digit temp code. */
|
||||||
|
async onTempCodeSubmit(code) {
|
||||||
|
try {
|
||||||
|
const res = await rpc("/fp/tablet/verify_reset_code", {
|
||||||
|
user_id: this.state.selectedTileUserId,
|
||||||
|
code,
|
||||||
|
});
|
||||||
|
if (res && res.ok) {
|
||||||
|
this.state.pendingResetToken = res.reset_token;
|
||||||
|
this.state.mode = 'set_new_pin';
|
||||||
|
this.state.statusMessage = '';
|
||||||
|
return { ok: true };
|
||||||
|
}
|
||||||
|
// Error UX
|
||||||
|
const errMap = {
|
||||||
|
'wrong_code': `Wrong code. ${res.attempts_left || 0} attempts left.`,
|
||||||
|
'expired': 'Code expired. Request a new one.',
|
||||||
|
'too_many_attempts': 'Too many wrong attempts. Request a new code.',
|
||||||
|
'no_active_code': 'No active code. Send yourself a new one.',
|
||||||
|
};
|
||||||
|
return {
|
||||||
|
ok: false,
|
||||||
|
error: errMap[res && res.error] || (res && res.error) || 'Verification failed.',
|
||||||
|
};
|
||||||
|
} catch (err) {
|
||||||
|
return { ok: false, error: err.message || String(err) };
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Submit handler when user enters a NEW PIN (first time). */
|
||||||
|
async onNewPinSubmit(pin) {
|
||||||
|
this.state.pendingNewPin = pin;
|
||||||
|
this.state.mode = 'confirm_new_pin';
|
||||||
|
this.state.statusMessage = '';
|
||||||
|
return { ok: true };
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Submit handler when user confirms the NEW PIN. */
|
||||||
|
async onConfirmNewPinSubmit(pin) {
|
||||||
|
if (pin !== this.state.pendingNewPin) {
|
||||||
|
// Reset back to the first PIN entry
|
||||||
|
this.state.pendingNewPin = null;
|
||||||
|
this.state.mode = 'set_new_pin';
|
||||||
|
return { ok: false, error: "PINs don't match. Try again." };
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
const res = await rpc("/fp/tablet/set_pin", {
|
||||||
|
new_pin: pin,
|
||||||
|
reset_token: this.state.pendingResetToken,
|
||||||
|
});
|
||||||
|
if (res && res.ok) {
|
||||||
|
// Auto-login (spec D17): unlock with the new PIN
|
||||||
|
const loginRes = await rpc("/fp/tablet/unlock_session", {
|
||||||
|
user_id: this.state.selectedTileUserId,
|
||||||
|
pin,
|
||||||
|
});
|
||||||
|
if (loginRes && loginRes.ok) {
|
||||||
|
window.location.reload();
|
||||||
|
return { ok: true, reloading: true };
|
||||||
|
}
|
||||||
|
// PIN set but unlock failed — user can tap their tile + enter
|
||||||
|
// the new PIN manually
|
||||||
|
this.state.statusMessage = 'PIN set. Tap your tile and enter the new PIN to log in.';
|
||||||
|
this.onPinCancel();
|
||||||
|
return { ok: true };
|
||||||
|
}
|
||||||
|
return { ok: false, error: (res && res.error) || 'Failed to set PIN' };
|
||||||
|
} catch (err) {
|
||||||
|
return { ok: false, error: err.message || String(err) };
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -230,3 +230,101 @@
|
|||||||
transition: none !important;
|
transition: none !important;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// =====================================================================
|
||||||
|
// Spec 2026-05-25 — PIN self-service wizard screens
|
||||||
|
// (request_code / enter_temp_code / set_new_pin / confirm_new_pin)
|
||||||
|
// Reuses $lock-* tokens from _tablet_lock_tokens.scss — dark mode
|
||||||
|
// auto-flips via the existing $o-webclient-color-scheme branch.
|
||||||
|
// =====================================================================
|
||||||
|
|
||||||
|
.o_fp_lock_pinwrap {
|
||||||
|
.o_fp_lock_forgot_btn {
|
||||||
|
display: block;
|
||||||
|
margin: 14px auto 0;
|
||||||
|
padding: 8px 16px;
|
||||||
|
background: transparent;
|
||||||
|
border: 1px solid $lock-tile-border-rgba;
|
||||||
|
color: $lock-muted;
|
||||||
|
border-radius: 6px;
|
||||||
|
font-size: 13px;
|
||||||
|
font-family: inherit;
|
||||||
|
cursor: pointer;
|
||||||
|
transition: background 0.1s ease, color 0.1s ease;
|
||||||
|
&:hover {
|
||||||
|
background: $lock-tile-hover-bg-rgba;
|
||||||
|
color: $lock-text;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
.o_fp_lock_wizard {
|
||||||
|
background: $lock-frame-bg-rgba;
|
||||||
|
border: 1px solid $lock-frame-border-rgba;
|
||||||
|
box-shadow: $lock-frame-shadow;
|
||||||
|
border-radius: 16px;
|
||||||
|
padding: 32px 36px;
|
||||||
|
max-width: 480px;
|
||||||
|
margin: 0 auto;
|
||||||
|
text-align: center;
|
||||||
|
font-family: inherit;
|
||||||
|
color: $lock-text;
|
||||||
|
|
||||||
|
h3 {
|
||||||
|
font-size: 20px;
|
||||||
|
font-weight: 700;
|
||||||
|
margin: 0 0 10px;
|
||||||
|
color: $lock-text;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
.o_fp_lock_wizard_lede {
|
||||||
|
font-size: 14px;
|
||||||
|
color: $lock-muted;
|
||||||
|
margin: 0 0 24px;
|
||||||
|
line-height: 1.5;
|
||||||
|
strong { color: $lock-text; font-weight: 600; }
|
||||||
|
}
|
||||||
|
|
||||||
|
.o_fp_lock_primary_btn {
|
||||||
|
background: linear-gradient(135deg, #ffd966 0%, #ffc107 100%);
|
||||||
|
border: 1px solid #d39e00;
|
||||||
|
color: #5e4400;
|
||||||
|
padding: 14px 28px;
|
||||||
|
font-size: 15px;
|
||||||
|
font-weight: 700;
|
||||||
|
border-radius: 10px;
|
||||||
|
font-family: inherit;
|
||||||
|
cursor: pointer;
|
||||||
|
margin-bottom: 16px;
|
||||||
|
box-shadow: 0 2px 6px rgba(0,0,0,0.08);
|
||||||
|
transition: transform 0.1s ease, box-shadow 0.1s ease;
|
||||||
|
i { margin-right: 8px; }
|
||||||
|
&:hover {
|
||||||
|
transform: translateY(-1px);
|
||||||
|
box-shadow: 0 4px 10px rgba(0,0,0,0.12);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
.o_fp_lock_status_message {
|
||||||
|
margin: 14px 0;
|
||||||
|
padding: 10px 14px;
|
||||||
|
background: rgba(220, 38, 38, 0.10);
|
||||||
|
border: 1px solid rgba(220, 38, 38, 0.25);
|
||||||
|
color: #b91c1c;
|
||||||
|
border-radius: 8px;
|
||||||
|
font-size: 13px;
|
||||||
|
line-height: 1.4;
|
||||||
|
}
|
||||||
|
|
||||||
|
.o_fp_lock_back_btn {
|
||||||
|
margin-top: 14px;
|
||||||
|
background: transparent;
|
||||||
|
border: 0;
|
||||||
|
color: $lock-muted;
|
||||||
|
font-size: 13px;
|
||||||
|
font-family: inherit;
|
||||||
|
cursor: pointer;
|
||||||
|
padding: 6px 12px;
|
||||||
|
&:hover { color: $lock-text; }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -64,10 +64,82 @@
|
|||||||
</t>
|
</t>
|
||||||
</div>
|
</div>
|
||||||
<div t-else="" class="o_fp_lock_pinwrap">
|
<div t-else="" class="o_fp_lock_pinwrap">
|
||||||
|
|
||||||
|
<!-- Mode: 'pin' — default keypad for users with PIN -->
|
||||||
|
<t t-if="state.mode === 'pin'">
|
||||||
<FpPinPad onSubmit.bind="unlock"
|
<FpPinPad onSubmit.bind="unlock"
|
||||||
title="_selectedTileName()"
|
title="_selectedTileName()"
|
||||||
subtitle="'Enter your 4-digit PIN'"
|
subtitle="'Enter your 4-digit PIN'"
|
||||||
onCancel.bind="onPinCancel"/>
|
onCancel.bind="onPinCancel"/>
|
||||||
|
<button t-if="state.failedAttempts >= 3"
|
||||||
|
class="o_fp_lock_forgot_btn"
|
||||||
|
t-on-click="onForgotPinClick">
|
||||||
|
Forgot? Reset PIN via email
|
||||||
|
</button>
|
||||||
|
</t>
|
||||||
|
|
||||||
|
<!-- Mode: 'request_code' — Send Temp PIN screen -->
|
||||||
|
<t t-elif="state.mode === 'request_code'">
|
||||||
|
<div class="o_fp_lock_wizard">
|
||||||
|
<h3 t-esc="_selectedTileName()"/>
|
||||||
|
<p class="o_fp_lock_wizard_lede">
|
||||||
|
We'll email a temporary PIN to your address
|
||||||
|
on file.
|
||||||
|
</p>
|
||||||
|
<button class="o_fp_lock_primary_btn"
|
||||||
|
t-on-click="onSendCodeClick">
|
||||||
|
<i class="fa fa-envelope"/> Send temporary PIN
|
||||||
|
</button>
|
||||||
|
<div t-if="state.statusMessage"
|
||||||
|
class="o_fp_lock_status_message"
|
||||||
|
t-esc="state.statusMessage"/>
|
||||||
|
<button class="o_fp_lock_back_btn"
|
||||||
|
t-on-click="onPinCancel">
|
||||||
|
← Back to tile selection
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
</t>
|
||||||
|
|
||||||
|
<!-- Mode: 'enter_temp_code' — 4-cell pad for emailed code -->
|
||||||
|
<t t-elif="state.mode === 'enter_temp_code'">
|
||||||
|
<div class="o_fp_lock_wizard">
|
||||||
|
<h3 t-esc="_selectedTileName()"/>
|
||||||
|
<p class="o_fp_lock_wizard_lede">
|
||||||
|
Check your email at
|
||||||
|
<strong t-esc="state.maskedEmail"/>
|
||||||
|
for the 4-digit temporary PIN. Valid for
|
||||||
|
72 hours.
|
||||||
|
</p>
|
||||||
|
<FpPinPad onSubmit.bind="onTempCodeSubmit"
|
||||||
|
title="''"
|
||||||
|
subtitle="'Enter temporary PIN from email'"
|
||||||
|
onCancel.bind="onPinCancel"/>
|
||||||
|
<div t-if="state.statusMessage"
|
||||||
|
class="o_fp_lock_status_message"
|
||||||
|
t-esc="state.statusMessage"/>
|
||||||
|
<button class="o_fp_lock_back_btn"
|
||||||
|
t-on-click="onResendCodeClick">
|
||||||
|
Resend code
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
</t>
|
||||||
|
|
||||||
|
<!-- Mode: 'set_new_pin' — 4-cell pad to choose new PIN -->
|
||||||
|
<t t-elif="state.mode === 'set_new_pin'">
|
||||||
|
<FpPinPad onSubmit.bind="onNewPinSubmit"
|
||||||
|
title="_selectedTileName()"
|
||||||
|
subtitle="'Choose your new 4-digit PIN'"
|
||||||
|
onCancel.bind="onPinCancel"/>
|
||||||
|
</t>
|
||||||
|
|
||||||
|
<!-- Mode: 'confirm_new_pin' — 4-cell pad to confirm -->
|
||||||
|
<t t-elif="state.mode === 'confirm_new_pin'">
|
||||||
|
<FpPinPad onSubmit.bind="onConfirmNewPinSubmit"
|
||||||
|
title="_selectedTileName()"
|
||||||
|
subtitle="'Confirm your new PIN'"
|
||||||
|
onCancel.bind="onPinCancel"/>
|
||||||
|
</t>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</t>
|
</t>
|
||||||
|
|||||||
@@ -9,3 +9,4 @@ from . import test_tablet_pin_auth_manager
|
|||||||
from . import test_unlock_lock_session_endpoints
|
from . import test_unlock_lock_session_endpoints
|
||||||
from . import test_force_lock_cron
|
from . import test_force_lock_cron
|
||||||
from . import test_tiles_bootstrap_fields
|
from . import test_tiles_bootstrap_fields
|
||||||
|
from . import test_pin_reset_flow
|
||||||
|
|||||||
@@ -0,0 +1,199 @@
|
|||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
"""Tablet PIN self-service reset-code tests.
|
||||||
|
|
||||||
|
Spec: docs/superpowers/specs/2026-05-25-tablet-pin-self-service-design.md
|
||||||
|
Plan: docs/superpowers/plans/2026-05-25-tablet-pin-self-service-plan.md
|
||||||
|
"""
|
||||||
|
from datetime import timedelta
|
||||||
|
|
||||||
|
from odoo import fields
|
||||||
|
from odoo.tests.common import TransactionCase
|
||||||
|
from odoo.exceptions import UserError
|
||||||
|
|
||||||
|
|
||||||
|
class TestPinResetModel(TransactionCase):
|
||||||
|
"""Model-level lifecycle tests (no HTTP)."""
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super().setUp()
|
||||||
|
self.user = self.env['res.users'].create({
|
||||||
|
'name': 'Reset Tester',
|
||||||
|
'login': 'reset.tester@example.com',
|
||||||
|
})
|
||||||
|
|
||||||
|
def _model(self):
|
||||||
|
return self.env['fp.tablet.pin.reset']
|
||||||
|
|
||||||
|
def test_generate_creates_active_row(self):
|
||||||
|
rec, code = self._model()._generate_for_user(self.user)
|
||||||
|
self.assertTrue(rec.exists())
|
||||||
|
self.assertEqual(len(code), 4)
|
||||||
|
self.assertTrue(code.isdigit())
|
||||||
|
self.assertFalse(rec.used_at)
|
||||||
|
# 72h ± a few seconds
|
||||||
|
delta = rec.expires_at - fields.Datetime.now()
|
||||||
|
self.assertGreater(delta, timedelta(hours=71, minutes=59))
|
||||||
|
self.assertLess(delta, timedelta(hours=72, minutes=1))
|
||||||
|
|
||||||
|
def test_generate_replaces_prior_active(self):
|
||||||
|
rec1, _c1 = self._model()._generate_for_user(self.user)
|
||||||
|
rec2, _c2 = self._model()._generate_for_user(self.user)
|
||||||
|
# rec1 should now be marked used (forced by _generate_for_user)
|
||||||
|
rec1.invalidate_recordset(['used_at'])
|
||||||
|
self.assertTrue(rec1.used_at)
|
||||||
|
self.assertFalse(rec2.used_at)
|
||||||
|
|
||||||
|
def test_rate_limit_kicks_in_at_4th_request(self):
|
||||||
|
self._model()._generate_for_user(self.user)
|
||||||
|
self._model()._generate_for_user(self.user)
|
||||||
|
self._model()._generate_for_user(self.user)
|
||||||
|
with self.assertRaises(UserError):
|
||||||
|
self._model()._generate_for_user(self.user)
|
||||||
|
|
||||||
|
def test_verify_correct_code_succeeds(self):
|
||||||
|
rec, code = self._model()._generate_for_user(self.user)
|
||||||
|
ok, err = rec._verify_and_consume(code)
|
||||||
|
self.assertTrue(ok)
|
||||||
|
self.assertIsNone(err)
|
||||||
|
rec.invalidate_recordset(['used_at'])
|
||||||
|
self.assertTrue(rec.used_at)
|
||||||
|
|
||||||
|
def test_verify_wrong_code_increments_attempt_count(self):
|
||||||
|
rec, code = self._model()._generate_for_user(self.user)
|
||||||
|
wrong = '9999' if code != '9999' else '0000'
|
||||||
|
ok, err = rec._verify_and_consume(wrong)
|
||||||
|
self.assertFalse(ok)
|
||||||
|
self.assertEqual(err, 'wrong_code')
|
||||||
|
rec.invalidate_recordset(['attempt_count'])
|
||||||
|
self.assertEqual(rec.attempt_count, 1)
|
||||||
|
|
||||||
|
def test_5_wrong_attempts_invalidates_code(self):
|
||||||
|
rec, code = self._model()._generate_for_user(self.user)
|
||||||
|
wrong = '9999' if code != '9999' else '0000'
|
||||||
|
for i in range(4):
|
||||||
|
rec._verify_and_consume(wrong)
|
||||||
|
rec.invalidate_recordset(['attempt_count', 'used_at'])
|
||||||
|
self.assertEqual(rec.attempt_count, 4)
|
||||||
|
self.assertFalse(rec.used_at)
|
||||||
|
# 5th wrong attempt invalidates
|
||||||
|
ok, err = rec._verify_and_consume(wrong)
|
||||||
|
self.assertFalse(ok)
|
||||||
|
self.assertEqual(err, 'too_many_attempts')
|
||||||
|
rec.invalidate_recordset(['used_at'])
|
||||||
|
self.assertTrue(rec.used_at)
|
||||||
|
|
||||||
|
def test_expired_code_rejects_even_if_correct(self):
|
||||||
|
rec, code = self._model()._generate_for_user(self.user)
|
||||||
|
# Backdate expiry to past
|
||||||
|
rec.sudo().write({
|
||||||
|
'expires_at': fields.Datetime.now() - timedelta(minutes=1),
|
||||||
|
})
|
||||||
|
ok, err = rec._verify_and_consume(code)
|
||||||
|
self.assertFalse(ok)
|
||||||
|
self.assertEqual(err, 'expired')
|
||||||
|
|
||||||
|
def test_reset_token_sign_verify_roundtrip(self):
|
||||||
|
token = self._model()._sign_reset_token(self.user.id)
|
||||||
|
uid = self._model()._verify_reset_token(token)
|
||||||
|
self.assertEqual(uid, self.user.id)
|
||||||
|
|
||||||
|
def test_reset_token_tampered_signature_rejects(self):
|
||||||
|
token = self._model()._sign_reset_token(self.user.id)
|
||||||
|
# Flip a character in the signature half
|
||||||
|
body, sig = token.split('.', 1)
|
||||||
|
bad_sig = ('A' if sig[0] != 'A' else 'B') + sig[1:]
|
||||||
|
bad_token = body + '.' + bad_sig
|
||||||
|
with self.assertRaises(UserError):
|
||||||
|
self._model()._verify_reset_token(bad_token)
|
||||||
|
|
||||||
|
def test_reset_token_purpose_mismatch_rejects(self):
|
||||||
|
# Manually craft a token with wrong purpose
|
||||||
|
import base64
|
||||||
|
import hmac
|
||||||
|
import hashlib
|
||||||
|
import json
|
||||||
|
import time
|
||||||
|
secret = self.env['ir.config_parameter'].sudo().get_param(
|
||||||
|
'database.secret',
|
||||||
|
)
|
||||||
|
payload = {
|
||||||
|
'user_id': self.user.id,
|
||||||
|
'exp': int(time.time()) + 300,
|
||||||
|
'purpose': 'wrong_purpose',
|
||||||
|
}
|
||||||
|
body = base64.urlsafe_b64encode(
|
||||||
|
json.dumps(payload, separators=(',', ':')).encode(),
|
||||||
|
).rstrip(b'=')
|
||||||
|
sig = hmac.new(secret.encode(), body, hashlib.sha256).digest()
|
||||||
|
sig_b64 = base64.urlsafe_b64encode(sig).rstrip(b'=')
|
||||||
|
bad_token = body.decode() + '.' + sig_b64.decode()
|
||||||
|
with self.assertRaises(UserError):
|
||||||
|
self._model()._verify_reset_token(bad_token)
|
||||||
|
|
||||||
|
|
||||||
|
class TestSetPinViaResetToken(TransactionCase):
|
||||||
|
"""End-to-end: verify_reset_code → set_pin via reset_token."""
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super().setUp()
|
||||||
|
self.user = self.env['res.users'].create({
|
||||||
|
'name': 'Set Tester',
|
||||||
|
'login': 'set.tester@example.com',
|
||||||
|
})
|
||||||
|
|
||||||
|
def test_set_pin_with_valid_reset_token(self):
|
||||||
|
# Manually generate + verify a code to get a token
|
||||||
|
Reset = self.env['fp.tablet.pin.reset']
|
||||||
|
rec, code = Reset._generate_for_user(self.user)
|
||||||
|
ok, err = rec._verify_and_consume(code)
|
||||||
|
self.assertTrue(ok)
|
||||||
|
token = Reset._sign_reset_token(self.user.id)
|
||||||
|
# Now invoke set_tablet_pin on the user (the controller path
|
||||||
|
# mirrors this exactly after reset_token verification)
|
||||||
|
self.user.set_tablet_pin('1234')
|
||||||
|
self.user.invalidate_recordset(['x_fc_tablet_pin_hash'])
|
||||||
|
self.assertTrue(self.user.sudo().x_fc_tablet_pin_hash)
|
||||||
|
# Verify the hash matches
|
||||||
|
self.assertTrue(self.user.verify_tablet_pin('1234'))
|
||||||
|
# Token still valid (single-use happens at set_pin endpoint
|
||||||
|
# call site — model-level _sign / _verify is stateless)
|
||||||
|
uid = Reset._verify_reset_token(token)
|
||||||
|
self.assertEqual(uid, self.user.id)
|
||||||
|
|
||||||
|
def test_set_pin_with_expired_token_rejects(self):
|
||||||
|
# Backdate the signing exp manually via a hand-crafted token
|
||||||
|
import base64
|
||||||
|
import hmac
|
||||||
|
import hashlib
|
||||||
|
import json
|
||||||
|
import time
|
||||||
|
secret = self.env['ir.config_parameter'].sudo().get_param(
|
||||||
|
'database.secret',
|
||||||
|
)
|
||||||
|
payload = {
|
||||||
|
'user_id': self.user.id,
|
||||||
|
'exp': int(time.time()) - 60, # expired 1 min ago
|
||||||
|
'purpose': 'tablet_pin_reset',
|
||||||
|
}
|
||||||
|
body = base64.urlsafe_b64encode(
|
||||||
|
json.dumps(payload, separators=(',', ':')).encode(),
|
||||||
|
).rstrip(b'=')
|
||||||
|
sig = hmac.new(secret.encode(), body, hashlib.sha256).digest()
|
||||||
|
sig_b64 = base64.urlsafe_b64encode(sig).rstrip(b'=')
|
||||||
|
expired_token = body.decode() + '.' + sig_b64.decode()
|
||||||
|
with self.assertRaises(UserError):
|
||||||
|
self.env['fp.tablet.pin.reset']._verify_reset_token(expired_token)
|
||||||
|
|
||||||
|
def test_set_pin_clears_lockout(self):
|
||||||
|
# User locked out → reset path should clear it
|
||||||
|
self.user.sudo().write({
|
||||||
|
'x_fc_tablet_pin_failed_count': 5,
|
||||||
|
'x_fc_tablet_locked_until': fields.Datetime.now() + timedelta(hours=1),
|
||||||
|
})
|
||||||
|
self.user.set_tablet_pin('5678')
|
||||||
|
self.user.invalidate_recordset([
|
||||||
|
'x_fc_tablet_pin_failed_count',
|
||||||
|
'x_fc_tablet_locked_until',
|
||||||
|
])
|
||||||
|
self.assertEqual(self.user.x_fc_tablet_pin_failed_count, 0)
|
||||||
|
self.assertFalse(self.user.x_fc_tablet_locked_until)
|
||||||
Reference in New Issue
Block a user