Two-Factor Authentication (TOTP)

auth_totp
REPOSITORY
REPOSITORYodoo/odoo
GIT
GIThttps://github.com/odoo/odoo.git
GIT FOLDER
GIT FOLDERhttps://github.com/odoo/odoo/tree/19.0/auth_totp
VERSION
VERSION 0.1.0
CATEGORY
CATEGORYExtra Tools
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLEYes
AUTHORS
AUTHORSOdoo S.A.
MAINTAINERS
MAINTAINERSOdoo S.A.
COMMITTERS
COMMITTERSRaphael Collet, Odoo Translation Bot, Thibault Delavallée, Xavier Morel, Aaron Bohy, Toufik Ben Jaa, Julien Castiaux, Julien Mougenot, std-odoo, Tiffany Chang (tic), Gorash, Mathieu Duckerts-Antoine, William Braeckman, Miquel Raïch, Ruben Gomes, Mathieu Walravens, Loan (LSE), Thomas Lefebvre (thle), Louis Wicket (wil), Dylan Kiss (dyki), bram1000, mega, thle-odoo, Andrea Manenti, Pierre Pulinckx, Bastien PIERRE, lse-odoo, Krzysztof Magusiak (krma), Omar (OSAH), kmdi-odoo, Rémy Voet
WEBSITE
WEBSITE
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 01:51:40
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - web
    - base
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
Two-Factor Authentication (TOTP)
================================
Allows users to configure two-factor authentication on their user account
for extra security, using time-based one-time passwords (TOTP).

Once enabled, the user will need to enter a 6-digit code as provided
by their authenticator app before being granted access to the system.
All popular authenticator apps are supported.

Note: logically, two-factor prevents password-based RPC access for users
where it is enabled. In order to be able to execute RPC scripts, the user
can setup API keys to replace their main password.
    

Code Analysis

Views touched (5)
XML IDNameModelTypeStatus
auth_totp_form Two-Factor Authentication ir.ui.view qweb New
res_users_view_search res.users.view.search.inherit.auth.totp res.users xpath Inherits base.view_users_search
view_totp_field users preference: totp res.users xpath Inherits base.view_users_form_simple_modif
view_totp_form user form: add totp status res.users xpath Inherits base.view_users_form
view_totp_wizard auth_totp wizard auth_totp.wizard form New
Models touched (4)

New fields (3)
  • ip Char
    readonly=True
  • limit_type Selection
    readonly=True args: [('send_email', 'Send Email'), ('code_check', 'Code Checking')]
  • user_id Many2one → res.users
    readonly=True required=True args: 'res.users'
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (0)

No public methods.

New fields (5)
  • code Char
    size=7 store=False string='Verification Code'
  • qrcode Binary
    attachment=False compute='_compute_qrcode' readonly=True store=True
  • secret Char
    readonly=True required=True
  • url Char
    compute='_compute_qrcode' readonly=True store=True
  • user_id Many2one → res.users
    readonly=True required=True args: 'res.users'
Public methods (1)
  • enable(self)
    @check_identity

New fields (4)
  • totp_enabled Boolean
    compute='_compute_totp_enabled' search='_totp_enable_search' string='Two-factor authentication'
  • totp_last_counter Integer
    copy=False groups=fields.NO_ACCESS
  • totp_secret Char
    compute='_compute_totp_secret' copy=False groups=fields.NO_ACCESS inverse='_inverse_token'
  • totp_trusted_device_ids One2many → auth_totp.device
    string='Trusted Devices' args: 'auth_totp.device', 'user_id'
Public methods (6)
  • SELF_READABLE_FIELDS(self)
    @property
  • action_totp_disable(self)
    @check_identity
  • action_totp_enable_wizard(self)
    @check_identity
  • change_password(self, old_passwd, new_passwd)
    @api.model
  • init(self)
  • revoke_all_devices(self)
    @check_identity
REPOSITORY
REPOSITORYodoo/odoo
GIT
GIThttps://github.com/odoo/odoo.git
GIT FOLDER
GIT FOLDERhttps://github.com/odoo/odoo/tree/18.0/auth_totp
VERSION
VERSION 0.1.0
CATEGORY
CATEGORYExtra Tools
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLEYes
AUTHORS
AUTHORS
MAINTAINERS
MAINTAINERS
COMMITTERS
COMMITTERSOdoo Translation Bot, Denis Ledoux, Xavier Morel, Aaron Bohy, Yannick Tivisse, Odoo Online, Jorge Pinna Puissant, Julien Castiaux, Julien Mougenot, Tiffany Chang (tic), Gorash, William Braeckman, Romain Estievenart, Thomas Lefebvre (thle), Louis Wicket (wil), Thomas Becquevort (thbe), Dylan Kiss (dyki), bram1000, Mahdi Cheikh Rouhou (macr), mega, sami odoo, Louis (wil), Andrea Manenti, Pierre Pulinckx (PIPU), Pierre Pulinckx (pipu), Pierre Pulinckx, Bastien PIERRE, lse-odoo, kmdi-odoo
WEBSITE
WEBSITE
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 01:25:53
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - web
    - base
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
Two-Factor Authentication (TOTP)
================================
Allows users to configure two-factor authentication on their user account
for extra security, using time-based one-time passwords (TOTP).

Once enabled, the user will need to enter a 6-digit code as provided
by their authenticator app before being granted access to the system.
All popular authenticator apps are supported.

Note: logically, two-factor prevents password-based RPC access for users
where it is enabled. In order to be able to execute RPC scripts, the user
can setup API keys to replace their main password.
    

Code Analysis

Views touched (5)
XML IDNameModelTypeStatus
auth_totp_form Two-Factor Authentication ir.ui.view qweb New
res_users_view_search res.users.view.search.inherit.auth.totp res.users xpath Inherits base.view_users_search
view_totp_field users preference: totp res.users group Inherits base.view_users_form_simple_modif
view_totp_form user form: add totp status res.users page Inherits base.view_users_form
view_totp_wizard auth_totp wizard auth_totp.wizard form New
Models touched (3)

New fields (0)

No new fields.

Public methods (0)

No public methods.

New fields (5)
  • code Char
    size=7 string='Verification Code'
  • qrcode Binary
    attachment=False compute='_compute_qrcode' readonly=True store=True
  • secret Char
    readonly=True required=True
  • url Char
    compute='_compute_qrcode' readonly=True store=True
  • user_id Many2one → res.users
    readonly=True required=True args: 'res.users'
Public methods (1)
  • enable(self)
    @check_identity

New fields (3)
  • totp_enabled Boolean
    compute='_compute_totp_enabled' search='_totp_enable_search' string='Two-factor authentication'
  • totp_secret Char
    compute='_compute_totp_secret' copy=False groups=fields.NO_ACCESS inverse='_inverse_token'
  • totp_trusted_device_ids One2many → auth_totp.device
    string='Trusted Devices' args: 'auth_totp.device', 'user_id'
Public methods (6)
  • SELF_READABLE_FIELDS(self)
    @property
  • action_totp_disable(self)
    @check_identity
  • action_totp_enable_wizard(self)
    @check_identity
  • change_password(self, old_passwd, new_passwd)
    @api.model
  • init(self)
  • revoke_all_devices(self)
    @check_identity
REPOSITORY
REPOSITORYodoo/odoo
GIT
GIThttps://github.com/odoo/odoo.git
GIT FOLDER
GIT FOLDERhttps://github.com/odoo/odoo/tree/17.0/auth_totp
VERSION
VERSION 0.1.0
CATEGORY
CATEGORYExtra Tools
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLEYes
AUTHORS
AUTHORS
MAINTAINERS
MAINTAINERS
COMMITTERS
COMMITTERSOdoo Translation Bot, Martin Trigaux, Denis Ledoux, Géry Debongnie, Aaron Bohy, Damien Bouvy, Yannick Tivisse, Jorge Pinna Puissant, Julien Castiaux, Aurélien Warnon, Xavier-Do, Joseph Caburnay, Tiffany Chang (tic), Gorash, Pierre Paridans, William Braeckman, Florian Vranckx, Antoine Vandevenne (anv), Thomas Lefebvre (thle), Thomas Becquevort (thbe), Dylan Kiss (dyki), Michael (mcm), Julien Carion (juca), mega, Louis (wil), Andrea Manenti, Pierre Pulinckx (pipu), Bastien PIERRE
WEBSITE
WEBSITE
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 01:02:04
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - web
    - base
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
Two-Factor Authentication (TOTP)
================================
Allows users to configure two-factor authentication on their user account
for extra security, using time-based one-time passwords (TOTP).

Once enabled, the user will need to enter a 6-digit code as provided
by their authenticator app before being granted access to the system.
All popular authenticator apps are supported.

Note: logically, two-factor prevents password-based RPC access for users
where it is enabled. In order to be able to execute RPC scripts, the user
can setup API keys to replace their main password.
    

Code Analysis

Views touched (5)
XML IDNameModelTypeStatus
auth_totp_form Two-Factor Authentication ir.ui.view qweb New
res_users_view_search res.users.view.search.inherit.auth.totp res.users xpath Inherits base.view_users_search
view_totp_field users preference: totp res.users group Inherits base.view_users_form_simple_modif
view_totp_form user form: add totp status res.users xpath Inherits base.view_users_form
view_totp_wizard auth_totp wizard auth_totp.wizard form New
Models touched (4)

New fields (0)

No new fields.

Public methods (0)

No public methods.

New fields (5)
  • code Char
    size=7 string='Verification Code'
  • qrcode Binary
    attachment=False compute='_compute_qrcode' readonly=True store=True
  • secret Char
    readonly=True required=True
  • url Char
    compute='_compute_qrcode' readonly=True store=True
  • user_id Many2one → res.users
    readonly=True required=True args: 'res.users'
Public methods (2)
  • create(self, vals_list)
  • enable(self)
    @check_identity

New fields (0)

No new fields.

Public methods (1)
  • session_info(self)

New fields (3)
  • totp_enabled Boolean
    compute='_compute_totp_enabled' search='_totp_enable_search' string='Two-factor authentication'
  • totp_secret Char
    compute='_compute_totp_secret' copy=False groups=fields.NO_ACCESS inverse='_inverse_token'
  • totp_trusted_device_ids One2many → auth_totp.device
    string='Trusted Devices' args: 'auth_totp.device', 'user_id'
Public methods (6)
  • SELF_READABLE_FIELDS(self)
    @property
  • action_totp_disable(self)
    @check_identity
  • action_totp_enable_wizard(self)
    @check_identity
  • change_password(self, old_passwd, new_passwd)
    @api.model
  • init(self)
  • revoke_all_devices(self)
    @check_identity
REPOSITORY
REPOSITORYodoo/odoo
GIT
GIThttps://github.com/odoo/odoo.git
GIT FOLDER
GIT FOLDERhttps://github.com/odoo/odoo/tree/16.0/auth_totp
VERSION
VERSION 0.1.0
CATEGORY
CATEGORYExtra Tools
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLEYes
AUTHORS
AUTHORS
MAINTAINERS
MAINTAINERS
COMMITTERS
COMMITTERSRaphael Collet, Odoo Translation Bot, Martin Trigaux, Olivier Dony, Denis Ledoux, Xavier Morel, Nicolas Martinelli, Géry Debongnie, Jeremy Kersten, Damien Bouvy, Yannick Tivisse, Julien Castiaux, Romeo Fragomeli, Paul Morelle, std-odoo, David Beguin, Tiffany Chang (tic), Pierre Paridans, William Braeckman, Romain Estievenart, Antoine Vandevenne (anv), luvi, Thomas Lefebvre (thle), amdi-odoo, Bruno Boi, FrancoisGe, Andrea Manenti
WEBSITE
WEBSITE
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:40:46
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - web
    - base
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
Two-Factor Authentication (TOTP)
================================
Allows users to configure two-factor authentication on their user account
for extra security, using time-based one-time passwords (TOTP).

Once enabled, the user will need to enter a 6-digit code as provided
by their authenticator app before being granted access to the system.
All popular authenticator apps are supported.

Note: logically, two-factor prevents password-based RPC access for users
where it is enabled. In order to be able to execute RPC scripts, the user
can setup API keys to replace their main password.
    

Code Analysis

Views touched (5)
XML IDNameModelTypeStatus
auth_totp_form Two-Factor Authentication ir.ui.view qweb New
res_users_view_search res.users.view.search.inherit.auth.totp res.users xpath Inherits base.view_users_search
view_totp_field users preference: totp res.users group Inherits base.view_users_form_simple_modif
view_totp_form user form: add totp status res.users xpath Inherits base.view_users_form
view_totp_wizard auth_totp wizard auth_totp.wizard form New
Models touched (4)

New fields (0)

No new fields.

Public methods (0)

No public methods.

New fields (5)
  • code Char
    size=7 string='Verification Code'
  • qrcode Binary
    attachment=False compute='_compute_qrcode' readonly=True store=True
  • secret Char
    readonly=True required=True
  • url Char
    compute='_compute_qrcode' readonly=True store=True
  • user_id Many2one → res.users
    readonly=True required=True args: 'res.users'
Public methods (2)
  • create(self, vals_list)
  • enable(self)
    @check_identity

New fields (0)

No new fields.

Public methods (1)
  • session_info(self)

New fields (3)
  • totp_enabled Boolean
    compute='_compute_totp_enabled' search='_search_totp_enable' string='Two-factor authentication'
  • totp_secret Char
    compute='_compute_totp_secret' copy=False groups=fields.NO_ACCESS inverse='_inverse_totp_secret' search='_search_totp_enable'
  • totp_trusted_device_ids One2many → auth_totp.device
    string='Trusted Devices' args: 'auth_totp.device', 'user_id'
Public methods (6)
  • SELF_READABLE_FIELDS(self)
    @property
  • action_totp_disable(self)
    @check_identity
  • action_totp_enable_wizard(self)
    @check_identity
  • change_password(self, old_passwd, new_passwd)
    @api.model
  • init(self)
  • revoke_all_devices(self)
    @check_identity
REPOSITORY
REPOSITORYodoo/odoo
GIT
GIThttps://github.com/odoo/odoo.git
GIT FOLDER
GIT FOLDERhttps://github.com/odoo/odoo/tree/15.0/auth_totp
VERSION
VERSION 0.1.0
CATEGORY
CATEGORYExtra Tools
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLEYes
AUTHORS
AUTHORS
MAINTAINERS
MAINTAINERS
COMMITTERS
COMMITTERSRaphael Collet, Odoo Translation Bot, Martin Trigaux, Olivier Dony, Thibault Delavallée, Denis Ledoux, Xavier Morel, Aaron Bohy, Jeremy Kersten, Yannick Tivisse, Xavier-Do, Romeo Fragomeli, Victor Feyens, Julien Mougenot, David Beguin, Kevin Baptiste, Thomas Lefebvre (thle), Bruno Boi
WEBSITE
WEBSITE
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:25:26
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - web
    - base
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
Two-Factor Authentication (TOTP)
================================
Allows users to configure two-factor authentication on their user account
for extra security, using time-based one-time passwords (TOTP).

Once enabled, the user will need to enter a 6-digit code as provided
by their authenticator app before being granted access to the system.
All popular authenticator apps are supported.

Note: logically, two-factor prevents password-based RPC access for users
where it is enabled. In order to be able to execute RPC scripts, the user
can setup API keys to replace their main password.
    

Code Analysis

Views touched (5)
XML IDNameModelTypeStatus
auth_totp_form Two-Factor Authentication ir.ui.view qweb New
res_users_view_search res.users.view.search.inherit.auth.totp res.users xpath Inherits base.view_users_search
view_totp_field users preference: totp res.users group Inherits base.view_users_form_simple_modif
view_totp_form user form: add totp status res.users xpath Inherits base.view_users_form
view_totp_wizard auth_totp wizard auth_totp.wizard form New
Models touched (4)

New fields (0)

No new fields.

Public methods (0)

No public methods.

New fields (5)
  • code Char
    size=7 string='Verification Code'
  • qrcode Binary
    attachment=False compute='_compute_qrcode' readonly=True store=True
  • secret Char
    readonly=True required=True
  • url Char
    compute='_compute_qrcode' readonly=True store=True
  • user_id Many2one → res.users
    readonly=True required=True args: 'res.users'
Public methods (2)
  • create(self, vals_list)
  • enable(self)
    @check_identity

New fields (0)

No new fields.

Public methods (1)
  • session_info(self)

New fields (3)
  • totp_enabled Boolean
    compute='_compute_totp_enabled' search='_search_totp_enable' string='Two-factor authentication'
  • totp_secret Char
    compute='_compute_totp_secret' copy=False groups=fields.NO_ACCESS inverse='_inverse_totp_secret' search='_search_totp_enable'
  • totp_trusted_device_ids One2many → auth_totp.device
    string='Trusted Devices' args: 'auth_totp.device', 'user_id'
Public methods (6)
  • SELF_READABLE_FIELDS(self)
    @property
  • action_totp_disable(self)
    @check_identity
  • action_totp_enable_wizard(self)
    @check_identity
  • change_password(self, old_passwd, new_passwd)
    @api.model
  • init(self)
  • revoke_all_devices(self)
    @check_identity
REPOSITORY
REPOSITORYodoo/odoo
GIT
GIThttps://github.com/odoo/odoo.git
GIT FOLDER
GIT FOLDERhttps://github.com/odoo/odoo/tree/14.0/auth_totp
VERSION
VERSION 0.1.0
CATEGORY
CATEGORYExtra Tools
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLEYes
AUTHORS
AUTHORS
MAINTAINERS
MAINTAINERS
COMMITTERS
COMMITTERSOdoo Translation Bot, Martin Trigaux, Olivier Dony, Denis Ledoux, Xavier Morel, Jeremy Kersten, GitHub, Xavier-Do, Victor Feyens, bve-odoo, Thomas Lefebvre (thle)
WEBSITE
WEBSITE
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:14:27
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - web
    - base
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
Two-Factor Authentication (TOTP)
================================
Allows users to configure two-factor authentication on their user account
for extra security, using time-based one-time passwords (TOTP).

Once enabled, the user will need to enter a 6-digit code as provided
by their authenticator app before being granted access to the system.
All popular authenticator apps are supported.

Note: logically, two-factor prevents password-based RPC access for users
where it is enabled. In order to be able to execute RPC scripts, the user
can setup API keys to replace their main password.
    

Code Analysis

Views touched (6)
XML IDNameModelTypeStatus
assets_tests assets_tests ir.ui.view qweb Inherits web.assets_tests
auth_totp_form Two-Factor Authentication ir.ui.view qweb New
view_totp_field users preference: totp res.users button Inherits base.view_users_form_simple_modif
view_totp_form user form: add totp status res.users xpath Inherits base.view_users_form
view_totp_list users list: add totp status res.users tree Inherits base.view_users_tree
view_totp_wizard auth_totp wizard auth_totp.wizard form New
Models touched (3)

New fields (5)
  • code Char
    size=7 string='Verification Code'
  • qrcode Binary
    attachment=False compute='_compute_qrcode' readonly=True store=True
  • secret Char
    readonly=True required=True
  • url Char
    compute='_compute_qrcode' readonly=True store=True
  • user_id Many2one → res.users
    readonly=True required=True args: 'res.users'
Public methods (1)
  • enable(self)
    @check_identity

New fields (0)

No new fields.

Public methods (1)
  • session_info(self)

New fields (4)
  • api_key_ids One2many
    domain=[('scope', '!=', TRUSTED_DEVICE_SCOPE)]
  • totp_enabled Boolean
    compute='_compute_totp_enabled' search='_search_totp_enable' string='Two-factor authentication'
  • totp_secret Char
    compute='_compute_totp_secret' copy=False groups=fields.NO_ACCESS inverse='_inverse_totp_secret'
  • totp_trusted_device_ids One2many → res.users.apikeys
    domain=[('scope', '=', TRUSTED_DEVICE_SCOPE)] string='Trusted Devices' args: 'res.users.apikeys', 'user_id'
Public methods (4)
  • change_password(self, old_passwd, new_passwd)
    @api.model
  • revoke_all_devices(self)
    @check_identity
  • totp_disable(self)
    @check_identity
  • totp_enable_wizard(self)
    @check_identity