Skip to content

[18.0][FIX] password_security: update password_write_date on copy#964

Open
moylop260 wants to merge 1 commit into
OCA:18.0from
vauxoo-dev:18.0-password_security-update_on_copy-andrea
Open

[18.0][FIX] password_security: update password_write_date on copy#964
moylop260 wants to merge 1 commit into
OCA:18.0from
vauxoo-dev:18.0-password_security-update_on_copy-andrea

Conversation

@moylop260

@moylop260 moylop260 commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Forward-port of #713 to 18.0.

Original commit: f8c4092

This keeps the original minimal fix:

  • set password_write_date with copy=False
  • validate signup password against the correct user when 2FA is enabled
  • add regression coverage for cloned users

cc @moylop260

@moylop260
[FIX] password_security: update password_write_date on copy
326e07f 
Sometimes users are created from a template user via copy(). This means a password can be passed in the copy values and never seen by write(), so password_write_date may remain inherited from the template user.

This forward-port keeps the original fix:
- set password_write_date with copy=False
- validate signup password against the correct user when 2FA is enabled
- add regression coverage for cloned users

Forward-port of OCA#713

Original commit: f8c4092

(cherry picked from commit f8c4092)
@moylop260 moylop260 mentioned this pull request Jun 24, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

mod:password_security Module password_security series:18.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@moylop260 @OCA-git-bot