[IMP] server_environment: hide SMTP passwords

server_environment/server_env.py

@@ -328,7 +328,7 @@ def _is_secret(self, key):
         should be secret.
         :return: list of secret keywords
         """
-        secret_keys = ["passw", "key", "secret", "token"]
+        secret_keys = ["_pass", "passw", "key", "secret", "token"]
         return any(secret_key in key for secret_key in secret_keys)
 
     @api.model

server_environment/tests/common.py

@@ -34,13 +34,24 @@ def set_env_variables(self, public=None, secret=None):
             yield
 
     @contextmanager
-    def load_config(self, public=None, secret=None, serv_config_class=server_env_mixin):
+    def load_config(
+        self,
+        public=None,
+        secret=None,
+        config_dir=None,
+        serv_config_class=server_env_mixin,
+    ):
         original_serv_config = serv_config_class.serv_config
         try:
-            with self.set_config_dir(None), self.set_env_variables(public, secret):
+            with (
+                self.set_config_dir(config_dir),
+                self.set_env_variables(public, secret),
+            ):
                 parser = server_env._load_config()
                 serv_config_class.serv_config = parser
+                server_env.serv_config = parser
                 yield
 
         finally:
             serv_config_class.serv_config = original_serv_config
+            server_env.serv_config = original_serv_config

server_environment/tests/test_server_environment.py

@@ -8,6 +8,17 @@
 from .. import server_env
 from . import common
 
+NO_DEFAULT = [
+    "id",
+    "create_uid",
+    "create_date",
+    "write_uid",
+    "write_date",
+    "display_name",
+    "config",
+    "__last_update",
+]
+
 
 class TestEnv(common.ServerEnvironmentCase):
     def test_view(self):
@@ -21,13 +32,15 @@ def _test_default(self, hidden_pwd=False):
         defaults = rec.default_get([])
         self.assertTrue(defaults)
         self.assertIsInstance(defaults, dict)
+        # Check secrets
         pass_checked = False
         for default in defaults:
-            if "passw" in default:
+            if "passw" in default or "_pass" in default:
                 check = self.assertEqual if hidden_pwd else self.assertNotEqual
                 check(defaults[default], "**********")
                 pass_checked = True
         self.assertTrue(pass_checked)
+        return defaults
 
     @patch.dict(odoo_config.options, {"running_env": "dev"})
     def test_default_dev(self):
@@ -51,7 +64,7 @@ def test_odoosh_dev_from_environ(self):
         self._test_default()
 
     @patch.dict(odoo_config.options, {"running_env": "testing"})
-    def test_value_retrival(self):
+    def test_value_retrieval(self):
         with self.set_config_dir("testfiles"):
             parser = server_env._load_config()
             val = parser.get("external_service.ftp", "user")
@@ -116,3 +129,17 @@ def test_server_environment_disabled_overwrite_options_section_by_env(self):
         with self.set_config_dir("testfiles"):
             server_env._load_config()
             self.assertEqual(odoo_config["odoo_test_option"], "fake odoo config")
+
+    @patch.dict(odoo_config.options, {"running_env": "testing"})
+    def test_default_hidden_password(self):
+        with self.load_config(config_dir="testfiles"):
+            model = self.env["server.config"]
+            model._add_columns()
+            del self.env.registry.model_cache[model._model_classes]
+            self.env.registry.setup_models(self.env.cr)
+        defaults = self._test_default(hidden_pwd=True)
+
+        self.assertIn("odoo_I_admin_passwd", defaults)
+        self.assertIn("odoo_I_db_password", defaults)
+        self.assertIn("odoo_I_smtp_password", defaults)
+        self.assertIn("outgoing_mail_provider_promail_I_smtp_pass", defaults)

server_environment/tests/testfiles/testing/outmail.conf

@@ -0,0 +1,6 @@
+[outgoing_mail.provider_promail]
+smtp_encryption	= ssl
+smtp_host = email.server.invalid
+smtp_pass = THISISNOTPUBLIC
+smtp_port = 912
+smtp_user = user_abc