odoo/odoo#121764
Created by fw-bot
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- label
- odoo-dev:master-14.0-fix-force-smtp-username-for-outlook-oauth-jorv-LyKk-fw
- head
- 010c3b9ec6fdcf1c3290953f00a14e6f25a5062a
- merged
- 2 years ago by Joel Rodrigues Vitória (jorv)
| odoo/odoo | |
|---|---|
| 14.0 | #121048 |
| 15.0 | #121526 |
| saas-15.2 | #121538 |
| 16.0 | #121541 |
| saas-16.1 | #121642 |
| saas-16.2 | #121685 |
| saas-16.3 | #121700 |
| 17.0 | |
| saas-17.4 | |
| 18.0 | |
| saas-18.1 | |
| saas-18.2 | |
| saas-18.3 | |
| master | #121764 |
[FW][FIX] microsoft_outlook, google_gmail: require username for OAuth2
Current behavior:
Connections for outgoing email servers using Outlook/Office365 or
Gmail accounts will establish an OAuth2 authentication for the smtp server.
Through the ir_mail_server form view, one can fetch the necessary
tokens by logging in into their Microsoft/Gmail account.
Not specifying an username (smtp_user) on the ir_mail_server record
will not produce an error while fetching those tokens.
But when trying to test the connection or use that server to send an email,
even if the FROM header is correctly set (i.e. the account email address
authorized to sent emails), the smtp connection will fail. This is due
to the fact that when smtp_user == False, the respective method
_generate_outlook_oauth2_string or respectively _generate_oauth2_string
will not be called and send the necessary OAuth2 string when sending
an email through the smtp connection.
This will lead to a 5.7.57 Client not authenticated to send mail. error.
After this change:
Add specific UserErrors that get called if smpt_user == False before
the actions in open_google_gmail_uri and open_microsoft_outlook_uri
get called. This forces the user to input a smpt_user (field Username)
before the login page for OAuth2 gets called to fetch the tokens.
Note: there is no check if the user inputs the right username, only
that the field is not empty. So it is still possible to input an
invalid username.
I confirm I have signed the CLA and read the PR guidelines at www.odoo.com/submit-pr