Skip to Content

Password Reset Via OTP

by
Odoo

23.30

v 18.0 Third Party
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Website (website)
Lines of code 670
Technical Name oe_reset_password_via_otp
LicenseOPL-1
Websitehttps://odooerp.ae/
Versions 15.0 16.0 17.0 18.0 19.0
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Website (website)
Lines of code 670
Technical Name oe_reset_password_via_otp
LicenseOPL-1
Websitehttps://odooerp.ae/
Versions 15.0 16.0 17.0 18.0 19.0

Key Features

Secure OTP verification, reset flow, and account recovery controls

OTP reset password flow

Replaces the default reset flow with email OTP verification before users can set a new password.

Email identity validation

Supports login/email identifier matching and validates the verified user before accepting a password update.

OTP security controls

Adds expiration window, verification attempt counting, and temporary lockout after repeated invalid OTP entries.

Resend throttling

Enforces cooldown between OTP resends and applies hourly request limits to reduce abuse and spam behavior.

Hashed OTP verification

Stores OTP hash and validates with secure digest comparison to avoid plain-text OTP verification checks.

Password policy checks

Confirms password match and minimum length before updating credentials in the authenticated reset step.

Cron data cleanup

Scheduled cleanup removes stale verified, rejected, expired, locked, and old unverified OTP records.

Website-native UX

Uses a clear multi-step website form sequence: email submission, OTP entry, and final password update.

Native Odoo integration

Extends standard auth signup integration with frontend assets for OTP input and reset form behavior.

Reset request screen
Reset password form with email input
OTP verification screen
Four-digit OTP verification form
New password update screen
Password update form after OTP verification
Invalid OTP handling
Error flow and OTP resend option
Email OTP template
OTP email content sent to user mailbox
Cleanup cron setup
Scheduled action for OTP cleanup

User guide — Password Reset Via OTP

Follow these steps to install the module, configure email, and complete password reset through OTP verification.

1. Install and prepare email service

  1. Go to Apps, remove the Apps filter, search Password Reset Via OTP, and click Install.
  2. Configure SMTP mail server in Odoo settings.
  3. Confirm website users have valid email/login for OTP receipt.

2. Run reset flow as end user

  1. Open login page and click Reset Password.
  2. Enter account email/login and submit.
  3. Check mailbox and copy the OTP code.

3. Verify OTP and update password

  1. Enter OTP on the verification screen.
  2. Set and confirm the new password after successful verification.
  3. Login with the updated password.

4. OTP validity and failed attempts

  1. OTP is valid for a limited time window.
  2. Invalid OTP submissions increase attempt count.
  3. After too many failed attempts, OTP verification is temporarily locked.
  4. User must request a new OTP after expiry or lock period.

5. Resend OTP controls

  1. Resend is restricted with cooldown between requests.
  2. Hourly resend limit protects from repeated request abuse.
  3. When limit is reached, user receives a clear retry message.

6. Password update safeguards

  • Password reset is allowed only after OTP verification.
  • Confirmed password fields must match and meet minimum length rules.

7. Scheduled cleanup

  • Cron removes old OTP records automatically.
  • Keeps table clean for verified, expired, rejected, and stale unverified records.

8. Dependencies and compatibility

  • Depends on: Website, Auth Signup, Mail, Web, and Base.
  • Scope: Website login reset password flow.
  • Version: Odoo 18 compatible module.

Frequently Asked Questions

1. What does this module add on top of standard reset password?
It adds OTP-based verification before password update, plus expiry, retry limits, resend cooldown, and lock handling for stronger account recovery security.
2. Which Odoo modules are required?
Required dependencies are base, web, website, mail, and auth_signup.
3. How long is OTP valid?
OTP is valid for the configured expiry duration in the controller constants. Expired OTPs are rejected and users must request a new one.
4. What happens after wrong OTP attempts?
Each invalid OTP increments attempt count. After the threshold, verification is locked for a configured number of minutes.
5. Is OTP resend unlimited?
No. Resend requests are protected by cooldown and a maximum requests-per-hour limit.
6. Is OTP stored in plain text?
Verification uses a hashed OTP value and secure digest comparison for validation.
7. Does this module include automated cleanup?
Yes. A scheduled action cleans old OTP records to keep the table optimized.
Module Support & SLA
For support related to this module, contact apps@odooerp.ae
Standard response time (SLA) for support queries is typically 1 to 2 working days.
+971 54 289 8664 Email Us
Oakland partner and services
Support and contact information 
Odoo Proprietary License v1.0

This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).

You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).

It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.

The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.