From 5668b6aca1d8944ec5be7d75807b7e96196cb9af Mon Sep 17 00:00:00 2001
From: Florent Xicluna <florent.xicluna@camptocamp.com>
Date: Mon, 28 Oct 2024 17:14:49 +0100
Subject: [PATCH] [IMP] server_environment: hide SMTP passwords

---
 server_environment/server_env.py              |  2 +-
 server_environment/tests/common.py            | 19 +++++++++---
 .../tests/test_server_environment.py          | 31 +++++++++++++++++--
 .../tests/testfiles/testing/outmail.conf      |  6 ++++
 4 files changed, 50 insertions(+), 8 deletions(-)
 create mode 100644 server_environment/tests/testfiles/testing/outmail.conf

diff --git a/server_environment/server_env.py b/server_environment/server_env.py
index f8e8d024a..14ea27010 100644
--- a/server_environment/server_env.py
+++ b/server_environment/server_env.py
@@ -328,7 +328,7 @@ def _is_secret(self, key):
         should be secret.
         :return: list of secret keywords
         """
-        secret_keys = ["passw", "key", "secret", "token"]
+        secret_keys = ["_pass", "passw", "key", "secret", "token"]
         return any(secret_key in key for secret_key in secret_keys)
 
     @api.model
diff --git a/server_environment/tests/common.py b/server_environment/tests/common.py
index 7e13ac01d..555c657b2 100644
--- a/server_environment/tests/common.py
+++ b/server_environment/tests/common.py
@@ -34,13 +34,22 @@ def set_env_variables(self, public=None, secret=None):
             yield
 
     @contextmanager
-    def load_config(self, public=None, secret=None, serv_config_class=server_env_mixin):
+    def load_config(
+        self,
+        public=None,
+        secret=None,
+        config_dir=None,
+        serv_config_class=server_env_mixin,
+    ):
         original_serv_config = serv_config_class.serv_config
         try:
-            with self.set_config_dir(None), self.set_env_variables(public, secret):
-                parser = server_env._load_config()
-                serv_config_class.serv_config = parser
-                yield
+            with self.set_config_dir(config_dir):
+                with self.set_env_variables(public, secret):
+                    parser = server_env._load_config()
+                    serv_config_class.serv_config = parser
+                    server_env.serv_config = parser
+                    yield
 
         finally:
             serv_config_class.serv_config = original_serv_config
+            server_env.serv_config = original_serv_config
diff --git a/server_environment/tests/test_server_environment.py b/server_environment/tests/test_server_environment.py
index 9ae8e5280..c8469519f 100644
--- a/server_environment/tests/test_server_environment.py
+++ b/server_environment/tests/test_server_environment.py
@@ -8,6 +8,17 @@
 from .. import server_env
 from . import common
 
+NO_DEFAULT = [
+    "id",
+    "create_uid",
+    "create_date",
+    "write_uid",
+    "write_date",
+    "display_name",
+    "config",
+    "__last_update",
+]
+
 
 class TestEnv(common.ServerEnvironmentCase):
     def test_view(self):
@@ -21,13 +32,15 @@ def _test_default(self, hidden_pwd=False):
         defaults = rec.default_get([])
         self.assertTrue(defaults)
         self.assertIsInstance(defaults, dict)
+        # Check secrets
         pass_checked = False
         for default in defaults:
-            if "passw" in default:
+            if "_pass" in default:
                 check = self.assertEqual if hidden_pwd else self.assertNotEqual
                 check(defaults[default], "**********")
                 pass_checked = True
         self.assertTrue(pass_checked)
+        return defaults
 
     @patch.dict(odoo_config.options, {"running_env": "dev"})
     def test_default_dev(self):
@@ -51,7 +64,7 @@ def test_odoosh_dev_from_environ(self):
         self._test_default()
 
     @patch.dict(odoo_config.options, {"running_env": "testing"})
-    def test_value_retrival(self):
+    def test_value_retrieval(self):
         with self.set_config_dir("testfiles"):
             parser = server_env._load_config()
             val = parser.get("external_service.ftp", "user")
@@ -116,3 +129,17 @@ def test_server_environment_disabled_overwrite_options_section_by_env(self):
         with self.set_config_dir("testfiles"):
             server_env._load_config()
             self.assertEqual(odoo_config["odoo_test_option"], "fake odoo config")
+
+    @patch.dict(odoo_config.options, {"running_env": "testing"})
+    def test_default_hidden_password(self):
+        with self.load_config(config_dir="testfiles"):
+            model = self.env["server.config"]
+            model._add_columns()
+            del self.env.registry.model_cache[model._model_classes]
+            self.env.registry.setup_models(self.env.cr)
+        defaults = self._test_default(hidden_pwd=True)
+
+        self.assertIn("odoo_I_admin_passwd", defaults)
+        self.assertIn("odoo_I_db_password", defaults)
+        self.assertIn("odoo_I_smtp_password", defaults)
+        self.assertIn("outgoing_mail_provider_promail_I_smtp_pass", defaults)
diff --git a/server_environment/tests/testfiles/testing/outmail.conf b/server_environment/tests/testfiles/testing/outmail.conf
new file mode 100644
index 000000000..cbc0df7ba
--- /dev/null
+++ b/server_environment/tests/testfiles/testing/outmail.conf
@@ -0,0 +1,6 @@
+[outgoing_mail.provider_promail]
+smtp_encryption	= ssl
+smtp_host = email.server.invalid
+smtp_pass = THISISNOTPUBLIC
+smtp_port = 912
+smtp_user = user_abc