Migration to version 12.0 about server-auth HOT 18 CLOSED

hello @pedrobaeza One of my customers needs auth_saml in 12.0, I see noone's on it -> I take this migration in charge if this is ok with you

from server-auth.

The behavior is different. Has pros and cons. For example, in OCA bans and login attempts were recorded in the database, browsable, unbannable, whitelistable by the admin. With upstream changes, this is all just automatic, stored in a volatile cache that will disappear on next reboot, and transparent to users, but it implements a cooldown that lets the user come back after certain time and be able to login again without disturbing the sysadmin.

Honestly, I think that production-grade brute force protection should be handled through fail2ban or similar tools, as recommended by Odoo, but current upstream behavior seems good enough for most cases.

I think we can drop auth_brute_force. If someone wants to migrate it, though, then its scope should change to extend the weak points of odoo 12 implementation, using the new hooks we have in place, and removing workarounds for odoo/odoo#24187 which is now merged in v12 too.

from server-auth.

@emagdalenaC2i thanks a lot for tracking the progress of the projects. Updating data in all the repos you have checked without more comments for not hammering.

from server-auth.

auth_ldaps via #42 + certificate validation setting

from server-auth.

Enhanced users_ldap_mail alternative in #45

from server-auth.

users_ldap_groups in #46

from server-auth.

Hey folks, my org just started using Odoo and they set us up with v12, but I'd love to start using these modules as soon as possible (SAML especially!). What if anything can I do to accelerate this upgrade process?

from server-auth.

Well, you can migrate it by your means and contribute it back here or finance any contributor for doing it.

from server-auth.

Yes, Alexandre, of course! I'm only taking note of that assignments and watch if there's duplicated work, which doesn't be the case.

from server-auth.

@gurneyalex as a matter of fact, we also need it, yet that's lower priority right now, so feel free to ping me on the review or anything else

from server-auth.

auth_brute_force is not needed in v12 after odoo/odoo@a8d868e was merged. It's upstream now.

from server-auth.

Well, at least we will need some migration scripts. I don't see now any table where storing banned IPs. How is that achieved?

from server-auth.

Please, check auth_api_key - By @sbidoul - #56 that is already merged

There is a PR for the migration of auth_user_case_insensitive - By @Retropikzel - #104

from server-auth.

auth_oauth_multi_token - By @sla-subteno-it - #62 should be closed because it is superseed in #106

from server-auth.

auth_totp #114

from server-auth.

auth_totp_password_security #115

from server-auth.

I have a customer that wants auth_saml_create_user and auth_saml_groups for 12.0. Is anyone working on those or should I start the migration?

from server-auth.

There hasn't been any activity on this issue in the past 6 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days.
If you want this issue to never become stale, please ask a PSC member to apply the "no stale" label.

from server-auth.