1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# Part of Odoo. See LICENSE file for full copyright and licensing details.
from odoo.addons.base.tests.common import HttpCaseWithUserDemo, HttpCaseWithUserPortal
from odoo import http
from odoo.tests.common import tagged
@tagged('post_install', '-at_install')
class TestAuthSignupFlowWith2faEnforced(HttpCaseWithUserPortal, HttpCaseWithUserDemo):
def setUp(self):
super().setUp()
self.env['res.config.settings'].create(
{
# Activate free signup
'auth_signup_uninvited': 'b2c',
# Enforce 2FA for all users
'auth_totp_enforce': True,
'auth_totp_policy': 'all_required',
}
).execute()
def test_signup_with_2fa_enforced(self):
"""
Check that registration cleanly succeeds with 2FA enabled and enforced
"""
# ensure the company has an email, otherwise the test fails in no_demo
# because there's no source address
self.env.company.email = "mycompany@example.com"
# Get csrf_token
self.authenticate(None, None)
csrf_token = http.Request.csrf_token(self)
# Values from login form
name = 'toto'
payload = {
'login': 'toto@example.com',
'name': name,
'password': 'mypassword',
'confirm_password': 'mypassword',
'csrf_token': csrf_token,
}
response = self.url_open('/web/signup', data=payload)
new_user = self.env['res.users'].search([('name', '=', name)])
self.assertTrue(new_user)
self.assertEqual(response.status_code, 200, "Signup request should succeed with a 200")
|
