[IMP]account_ebics UI improvements

account_ebics/__manifest__.py

@@ -1,9 +1,9 @@
-# Copyright 2009-2023 Noviat.
+# Copyright 2009-2024 Noviat.
 # License LGPL-3 or later (http://www.gnu.org/licenses/lgpl).
 
 {
     "name": "EBICS banking protocol",
-    "version": "16.0.1.8.0",
+    "version": "16.0.1.9.0",
     "license": "LGPL-3",
     "author": "Noviat",
     "website": "https://www.noviat.com/",

account_ebics/models/ebics_userid.py

@@ -1,4 +1,4 @@
-# Copyright 2009-2023 Noviat.
+# Copyright 2009-2024 Noviat.
 # License LGPL-3 or later (http://www.gnu.org/licenses/lgpl).
 
 import base64
@@ -58,7 +58,10 @@ class EbicsUserID(models.Model):
         "The human user also can authorise orders.",
     )
     ebics_config_id = fields.Many2one(
-        comodel_name="ebics.config", string="EBICS Configuration", ondelete="cascade"
+        comodel_name="ebics.config",
+        string="EBICS Configuration",
+        ondelete="cascade",
+        required=True,
     )
     ebics_version = fields.Selection(related="ebics_config_id.ebics_version")
     user_ids = fields.Many2many(
@@ -111,6 +114,9 @@ class EbicsUserID(models.Model):
     ebics_passphrase_invisible = fields.Boolean(
         compute="_compute_ebics_passphrase_view_modifiers"
     )
+    ebics_passphrase_store_readonly = fields.Boolean(
+        compute="_compute_ebics_passphrase_view_modifiers"
+    )
     ebics_sig_passphrase = fields.Char(
         string="EBICS Signature Passphrase",
         help="You can set here a different passphrase for the EBICS "
@@ -146,6 +152,8 @@ class EbicsUserID(models.Model):
     # create self-signed X.509 certificates
     ebics_key_x509 = fields.Boolean(
         string="X509 support",
+        readonly=True,
+        states={"draft": [("readonly", False)]},
         help="Set this flag in order to work with " "self-signed X.509 certificates",
     )
     ebics_key_x509_dn_cn = fields.Char(
@@ -203,7 +211,7 @@ class EbicsUserID(models.Model):
         help="Companies sharing this EBICS contract.",
     )
 
-    @api.depends("name")
+    @api.depends("name", "ebics_config_id.ebics_keys")
     def _compute_ebics_keys_fn(self):
         for rec in self:
             keys_dir = rec.ebics_config_id.ebics_keys
@@ -224,8 +232,10 @@ class EbicsUserID(models.Model):
     def _compute_ebics_passphrase_view_modifiers(self):
         for rec in self:
             rec.ebics_passphrase_invisible = False
+            rec.ebics_passphrase_store_readonly = True
             if rec.state == "draft":
                 rec.ebics_passphrase_required = True
+                rec.ebics_passphrase_store_readonly = False
             elif rec.state == "init":
                 rec.ebics_passphrase_invisible = True
             elif rec.state in ("get_bank_keys", "to_verify"):
@@ -276,7 +286,18 @@ class EbicsUserID(models.Model):
 
     @api.onchange("ebics_passphrase_store")
     def _onchange_ebics_passphrase_store(self):
-        if not self.ebics_passphrase_store and self.state == "active_keys":
+        if self.ebics_passphrase_store:
+            # check passphrase before db store
+            keyring_params = {
+                "keys": self.ebics_keys_fn,
+                "passphrase": self.ebics_passphrase,
+            }
+            try:
+                # TODO: implement check passphrase logic
+                keyring = EbicsKeyRing(**keyring_params)  # noqa: F841
+            except Exception as err:
+                raise UserError(str(err)) from err
+        elif not self.ebics_passphrase_store and self.state != "draft":
             self.ebics_passphrase = False
 
     @api.onchange("swift_3skey")
@@ -288,7 +309,9 @@ class EbicsUserID(models.Model):
         return self.write({"state": "draft"})
 
     def set_to_active_keys(self):
-        return self.write({"state": "active_keys"})
+        vals = {"state": "active_keys"}
+        self._update_passphrase_vals(vals)
+        return self.write(vals)
 
     def set_to_get_bank_keys(self):
         self.ensure_one()
@@ -467,11 +490,7 @@ class EbicsUserID(models.Model):
             "ebics_ini_letter_fn": fn,
             "state": "init",
         }
-        # remove non-stored passphrases from db after successfull init_1
+        self._update_passphrase_vals(vals)
-        if not self.ebics_passphrase_store:
-            vals.update["ebics_passphrase"] = False
-        if self.ebics_sig_passphrase:
-            vals.update["ebics_sig_passphrase"] = False
         return self.write(vals)
 
     def ebics_init_2(self):
@@ -483,13 +502,7 @@ class EbicsUserID(models.Model):
         if self.state != "init":
             raise UserError(_("Set state to 'Initialisation'."))
         vals = {"state": "get_bank_keys"}
-        # remove non-stored passphrases from db
+        self._update_passphrase_vals(vals)
-        # remark: this code is here for extra safety but shouldn't
-        # have any effect since passphrases are invisible in state "init"
-        if not self.ebics_passphrase_store:
-            vals.update["ebics_passphrase"] = False
-        if self.ebics_sig_passphrase:
-            vals.update["ebics_sig_passphrase"] = False
         return self.write(vals)
 
     def ebics_init_3(self):
@@ -548,11 +561,7 @@ class EbicsUserID(models.Model):
             "ebics_public_bank_keys_fn": fn,
             "state": "to_verify",
         }
-        # remove non-stored passphrases from db
+        self._update_passphrase_vals(vals)
-        if not self.ebics_passphrase_store:
-            vals.update["ebics_passphrase"] = False
-        if self.ebics_sig_passphrase:
-            vals.update["ebics_sig_passphrase"] = False
         return self.write(vals)
 
     def ebics_init_4(self):
@@ -575,11 +584,7 @@ class EbicsUserID(models.Model):
         )
         bank.activate_keys()
         vals = {"state": "active_keys"}
-        # remove non-stored passphrases from db
+        self._update_passphrase_vals(vals)
-        if not self.ebics_passphrase_store:
-            vals.update["ebics_passphrase"] = False
-        if self.ebics_sig_passphrase:
-            vals.update["ebics_sig_passphrase"] = False
         return self.write(vals)
 
     def change_passphrase(self):
@@ -597,3 +602,13 @@ class EbicsUserID(models.Model):
             "context": ctx,
             "type": "ir.actions.act_window",
         }
+
+    def _update_passphrase_vals(self, vals):
+        """
+        Remove non-stored passphrases from db after e.g. successfull init_1
+        """
+        if vals["state"] in ("init", "get_bank_keys", "to_verify", "active_keys"):
+            if not self.ebics_passphrase_store:
+                vals["ebics_passphrase"] = False
+            if self.ebics_sig_passphrase:
+                vals["ebics_sig_passphrase"] = False

account_ebics/views/ebics_userid_views.xml

@@ -82,13 +82,16 @@
                     />
           <field name="state" widget="statusbar" />
         </header>
-        <group name="main" attrs="{'readonly': [('state', '!=', 'draft')]}">
+        <group name="invisible" invisible="1">
-          <field name="ebics_keys_found" invisible="1" />
+          <field name="ebics_keys_found" />
-          <field name="ebics_keys_fn" invisible="1" />
+          <field name="ebics_keys_fn" />
-          <field name="ebics_version" invisible="1" />
+          <field name="ebics_version" />
-          <field name="ebics_passphrase_required" invisible="1" />
+          <field name="ebics_passphrase_required" />
-          <field name="ebics_passphrase_invisible" invisible="1" />
+          <field name="ebics_passphrase_invisible" />
+          <field name="ebics_passphrase_store_readonly" />
           <field name="ebics_sig_passphrase_invisible" invisible="1" />
+        </group>
+        <group name="main" attrs="{'readonly': [('state', '!=', 'draft')]}">
           <group name="main-left">
             <field name="name" />
             <field
@@ -96,7 +99,10 @@
                             password="True"
                             attrs="{'required': [('ebics_passphrase_required', '=', True)], 'invisible': [('ebics_passphrase_invisible', '=', True)]}"
                         />
-            <field name="ebics_passphrase_store" />
+            <field
+                            name="ebics_passphrase_store"
+                            attrs="{'readonly': [('ebics_passphrase_store_readonly', '=', True)]}"
+                        />
             <field
                             name="ebics_sig_passphrase"
                             password="True"