We are migrating from Django to Odoo 16
I have migrated with sql the table auth_users from Django to res_users in Odoo 16. Then I added in a extra addon :class Users(models.Model):
_inherit = "res.users"
@tools.ormcache()
def _crypt_context(self):
"""
add 'django_pbkdf2_sha256', 'django_salted_sha1' for old user migrated from django
"""
cfg = self.env['ir.config_parameter'].sudo()
return CryptContext(
# kdf which can be verified by the context. The default encryption
# kdf is the first of the list
['pbkdf2_sha512', 'django_pbkdf2_sha256', 'django_salted_sha1'],
# deprecated algorithms are still verified as usual, but
# ``needs_update`` will indicate that the stored hash should be
# replaced by a more recent algorithm.
deprecated=['auto'],
pbkdf2_sha512__rounds=max(MIN_ROUNDS, int(cfg.get_param('password.hashing.rounds', 0))),
)
Then I can loggin in odoo 16 with an old credential from Dango. And I see in the res_user that CryptContext had moved the password from a django_pbkdf2_sha256 scheme to a new one with pbkdf2_sha512 scheme.
GREAT ! but ...
When I upgrade any addon with _inherit = "res.users", Odoo move all password with old scheme to new one = the first in scheme option of _crypt_context, but WITHOUT taking account the other scheme in this _crypt_context.
INFO ... odoo.modules.registry: a module (with inherit res_user): creating or updating database tables ...
take 3 hours for 20 000 users
and move all password with old scheme to new one as the old scheme was 'plaintext'. I have checked this _crypt_context.verify(old_password_from_django, new password odoo) = True. So, of course users have lost their original password.
In addition, If I change the first scheme to 'sha256_crypt' for exemple, the upload of such module, move only the password of django scheme in sha256_crypt not the one with pbkdf2_sha512. Why ? I suppose pbkdf2_sha512 is newest than sha256_crypt ?
I'would appreciate a lot any idea to avoid me to ask for 20 000 loggin before uploading module.
