Reputation: 552
Retrieve hashed password in Odoo 13 using API
In Odoo 11 I could retrieve the hashed password from password_crypt field in res_users table, but this doesn't work in Odoo 13 any more.
I used the Odoo 11 credentials to login to other applications, which can't be integrated in Odoo. This authentication stopped working as the password seems to be write only. Now I'm looking for a way to get read access to the Odoo password, any clue how to do that using the API?
I use the following python test code, but password field is empty:
import xmlrpclib
common = xmlrpclib.ServerProxy('{}/xmlrpc/2/common'.format(url))
uid = common.authenticate(db, username, password, {})
models = xmlrpclib.ServerProxy('{}/xmlrpc/2/object'.format(url))
user = models.execute_kw(db, uid, password,
'res.users', 'search_read',
[[['id', '=', 2]]],
{})[0]
print user
Any idea how to read the write only hashed password?
Upvotes: 1
Views: 1619
Answers (1)
Reputation: 614
Since the read() method is overridden on res.users to exclude some fields, such as the password field, I would (not*) recommend to create a method on the res.users that does a SQL read like so:
def read_password(self):
self.ensure_one()
self.env.cr.execute("SELECT password FROM res_users WHERE id=%s", self.id)
*Disclaimer: There is a reason that Odoo hides the password field, so here you are essentially bypassing Odoo's security. You will need to make triple sure that this method is 100% secure. Some ideas:
- Add a check for the correct API key
- Only allow a certain user to execute this method
- Only allow a certain IP source to execute this method
Upvotes: 1
Related Questions
- parameters/fields for odoo's default change password form for update
- Postman authentication for Odoo 14
- Odoo Rest-API Failing to authenticate
- How use XML-RPC in odoo 9 version
- Odoo 10 XMLRPC - Retrieve Image
- Odoo request via Java
- Odoo xml rpc pass self
- Hash a password that is entered in a xml form view
- Login to Odoo from external php system
- OpenERP 7 Login flow