Tuesday, November 23, 2021

How to disable attachments in chatter module of odoo?



The reason to disable attachment may be anything like
 1. There is no actual need from client for attachment
 2. Server Space constraint/restriction
 3. Avoiding malicious file upload (security reson -  VAPT observation) etc.,

To remove add attachment option from chatter module
File : /<your_path_to_odoo>/addons/portal/static/src/xml/portal_chatter.xml
Comment the following line: (In odoo14 - to be precise at line no - 55 )
    <button class="o_portal_chatter_attachment_btn btn btn-secondary" type="button" title="Add attachment">
           <i class="fa fa-paperclip"/>
        </button>
        
       <!-- <button class="o_portal_chatter_attachment_btn btn btn-secondary" type="button" title="Add attachment">
           <i class="fa fa-paperclip"/>
        </button> -->


For your reference and perusal screenshots before and after the code block comment.

Before commenting attachment code block
 
chatter module after attachment comment

 

 

Wednesday, November 17, 2021

Modify/Implement session expiration in odoo (version - 14)


    The internet deployments of odoo is vulnarable in terms of auto session expiration.
    
    It is indeed the auto session expiration is implemented in odoo(version-14).  But, the session expiration will  happen if and only if the inactivity is 7 days (A full week - 60*68*24*7) long.  Which is realllly a huge time to auto
 expire a session. The following code is responsible for auto session expiration.
 

 File -> /<your_path_to_odoo_source>/odoo-14/odoo/http.py
 Search for "def session_gc" - (to be precise line number 1164 of odoo-14 version)
 
 def session_gc(session_store):
    if random.random() < 0.001:
        # we keep session one week
        #last_week = time.time() - 60*60*24*7 #- old code with 1 week implementation
        last_10min = time.time() - 60*10 #- new code with 10 min implementation
        for fname in os.listdir(session_store.path):
            path = os.path.join(session_store.path, fname)
            try:
                #if os.path.getmtime(path) < last_week: #- old code with 1 week implementation
                if os.path.getmtime(path) < last_10min: #- new code with 10 min implementation
                    os.unlink(path)
            except OSError:
                pass

The above code changed from the actual implementation of 7 days to new implementation of 10 minutes auto session expiry.

Now, restart the odoo for changes to get effect (python3 odoo-bin -c /<your_odoo_odoo-14_path/debian/odoo.conf).

Friday, November 12, 2021

How to redirect http requests to https?


Add the following lines to the /etc/apache2/sites-enabled/000-default.conf file in side <VirtualHost *:80> </VirtualHost> block (In debian based linux)

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}