def _get_outlook_csrf_token(self):
"""Generate a CSRF token that will be verified in `microsoft_outlook_callback`.
This will prevent a malicious person to make an admin user disconnect the mail servers.
"""
self.ensure_one()
_logger.info('Microsoft Outlook: generate CSRF token for %s #%i', self._name, self.id)
return hmac(
env=self.env(su=True),
scope='microsoft_outlook_oauth',
message=(self._name, self.id),
)
def _get_totp_mail_key(self):
self.ensure_one()
return hmac(self.env(su=True), 'auth_totp_mail-code',
(self.id, self.login, self.login_date)).encode()