[RFC] vault: Lost user key password

Question

[RFC] vault: Lost user key password

pedrobaeza opened this issue 2 years ago · 6 comments

A user configures a key and put a password. Several days later, they forget their password. Now Odoo keeps asking for a password that they don't know. Putting a new one doesn't serve, as they need the old one.

How can we handle this?

@Tecnativa TT38832

Answer 1 · 2022-09-07T08:03:46.000Z

Basically the user lost the active key. The cleanest way could be the ability to disable a key (setting current on res.users.key to False). The action should also remove all vault.right of the user removing all access to every vault for the specific user. If user was the only one in a vault the vault is obviously lost too.

Answer 2 · 2022-09-07T10:34:17.000Z

But right now you are not able to deactivate a key. The form doesn't allow to change that checkbox. Should we put the tree editable? Do I make the PR?

Answer 3 · 2022-09-07T10:37:02.000Z

Yes currently you can't. Editable alone isn't working. I guess a button is required because of the extra steps. I can check it until friday I guess. If you need a quick fix: delete res.users.key and vault.right of the user.

Answer 4 · 2022-09-07T10:42:13.000Z

Thanks for the tip and the support. I'm proceeding that way meanwhile. As the person that dug in the module is on holidays, I'm a bit blind right now. I can wait for your proper patch.

Answer 5 · 2022-09-08T19:21:56.000Z

@pedrobaeza #420 #421 should allow the invalidation. While working on it I found that you loose your inboxes when you generate a new key-pair.

Invalidation: vault.inbox and vault.right will be deleted and the key is invalidated setting current to False. On a reload Odoo should ask again to generate a new key pair.

Re-encrypting of vault.inbox: Just create a vault with a secret and send the secret to your own inbox. You can see it under the menu Inbox and can use the eye to decrypt it. If you generate a new key-pair it wasn't decryptable before but should work now.

Answer 6 · 2023-03-12T12:11:29.000Z

There hasn't been any activity on this issue in the past 6 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days.
If you want this issue to never become stale, please ask a PSC member to apply the "no stale" label.