| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Invoicing (account) |
| Lines of code | 1257 |
| Technical Name |
l10n_ro_spv_token_mgr |
| License | OPL-1 |
| Website | https://gencbaris.com/odoo_plugins/ |
| Versions | 18.0 19.0 |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Invoicing (account) |
| Lines of code | 1257 |
| Technical Name |
l10n_ro_spv_token_mgr |
| License | OPL-1 |
| Website | https://gencbaris.com/odoo_plugins/ |
| Versions | 18.0 19.0 |
Romania ANAF SPV - Manager de Token
O singura pereche de token-uri OAuth2 si un certificat, partajate de e-Factura, e-Transport si SAF-T — bring-your-own-key
O singura credentiala pentru tot SPV-ul
Fiecare serviciu de e-Guvernare roman — e-Factura (FCTEL),
e-Transport (ETRANSPORT) si SAF-T D406 — se afla in
spatele aceluiasi server de autorizare OAuth2 ANAF de la
logincert.anaf.ro. Pana acum fiecare modul Odoo isi stoca
propria copie a token-ului de acces, iar fiecare expira pe cont propriu.
Acest modul iti ofera o singura credentiala centrala:
autorizeaz-o o singura data cu certificatul tau digital calificat, iar
fiecare modul de conformitate RO citeste token-ul viu de aici.
Este un manager bring-your-own-key. Inregistrezi aplicatia OAuth2 in propriul cont SPV; noi nu detinem niciodata acreditare ANAF. Secretul de client, token-urile si certificatul sunt stocate doar in baza ta de date si trimise doar la endpoint-ul ANAF pe care il configurezi.
Ce face
Autorizare ghidata
Un asistent in doi pasi construieste exact URL-ul de autorizare ANAF
(response_type code, token_content_type=jwt, stare
anti-CSRF). Il deschizi intr-un browser care detine certificatul tau
calificat, lipesti inapoi codul de autorizare (sau intregul URL de
redirectare) iar modulul il schimba pentru prima pereche de token-uri.
Reimprospatare automata
Token-urile de acces ANAF traiesc 90 de zile iar token-urile de reimprospatare 365 de zile. O actiune programata zilnic reimprospateaza orice token in fereastra sa de reinnoire, rotind perechea exact cum cere ANAF. Grantul de refresh ruleaza fara certificat — fara interventie umana.
Alerte de re-autentificare
Cand token-ul de reimprospatare insusi se apropie de expirare — singurul caz pe care un refresh nu il poate salva — credentiala trece la Re-autentificare Necesara, posteaza in chatter si programeaza o activitate ca sa te reautorizezi cu certificatul la timp.
Potrivirea certificatului
Lipesti certificatul tau public calificat iar modulul ii citeste subiectul, valabilitatea si identificatorul fiscal incorporat, apoi confirma ca se potriveste cu CUI-ul companiei (validat cu algoritmul oficial ANAF al cifrei de control) inainte sa fie folosit vreodata fata de SPV.
Rezumat de functii
| Capacitate | Detaliu |
|---|---|
| URL de autorizare OAuth2 | Grant authorization-code fata de
logincert.anaf.ro/anaf-oauth2/v1/authorize |
| Schimb de cod | Endpoint token /token, token de acces JWT, expirare
acces 90 zile + refresh 365 zile stocate |
| Refresh rotativ | Grantul de refresh inlocuieste perechea; token-urile vechi invalidate pe server |
| Revocare | Endpoint /revoke cu indiciu de tip token, pereche
locala stearsa |
| Masina de stari de ciclu de viata | no_token / valid / expirare / expirat / re-auth-necesara, cu ferestre de avans reglabile |
| Reinnoire programata | Cron zilnic reimprospateaza token-urile scadente si le marcheaza pe cele care au nevoie de certificat |
| Inspectie JWT | Decodare neverificata a claim-urilor token-ului de acces (sub, iat, exp, scope) |
| Inspectie certificat | Subiect X.509, emitent, serie, valabilitate si id fiscal; verificare potrivire CUI |
| Jurnal de audit | Pista append-only de evenimente a fiecarui schimb, refresh, revocare si inspectie |
| Accesor partajat | company.l10n_ro_spv_access_token() returneaza un token
viu oricarui modul RO |
Pentru dezvoltatorii altor module RO
Construieste integrarea ta e-Factura, e-Transport sau SAF-T peste acest manager in loc sa reimplementezi gestionarea token-urilor. Din orice companie:
token = company.l10n_ro_spv_access_token(environment='prod')
Accesorul reimprospateaza transparent un token aproape de expirare, ridica o eroare clara cand doar o noua autorizare cu certificat poate recupera credentiala, si jurnalizeaza fiecare operatiune.
Confidentialitate si limita
Acest modul este un manager de credentiale, nu un intermediar acreditat. Apeleaza ANAF strict cu propria ta aplicatie OAuth2 inregistrata si propriul tau certificat calificat. Nicio credentiala, token sau certificat nu este transmis nicaieri in afara de endpoint-ul ANAF pe care il configurezi, si nimic nu este inclus in modul.
Compatibil cu Odoo 18 si 19, editia Community. Fara dependenta Enterprise.
English
Romania ANAF SPV Token Manager
One OAuth2 token pair and certificate, shared by e-Factura, e-Transport and SAF-T — bring-your-own-key
Every Romanian e-Government service — e-Factura (FCTEL), e-Transport
(ETRANSPORT) and SAF-T D406 — sits behind the same ANAF OAuth2 server
at logincert.anaf.ro. This module gives you one central
credential: authorise it once with your qualified digital certificate, and
every RO compliance module reads the live token from here. It is a
bring-your-own-key manager; we never hold ANAF accreditation.
- Guided authorisation wizard building the exact ANAF authorize URL with anti-CSRF state, then code exchange.
- Automatic renewal: 90-day access / 365-day refresh; a daily cron rotates the pair without the certificate.
- Re-authentication alerts when the refresh token nears expiry (chatter + activity).
- Certificate matching to the company CUI (ANAF control-digit) before use; X.509 and JWT inspection.
- Lifecycle state machine, revoke endpoint, append-only audit log.
- Shared accessor
company.l10n_ro_spv_access_token()returns a live token to any RO module.
A credential manager, not an accredited intermediary. It calls ANAF strictly with your own registered OAuth2 application and qualified certificate; nothing is transmitted anywhere except the ANAF endpoint you configure. Odoo 18 & 19, Community; no Enterprise dependency.
Screenshots
Credentials
Token Events
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module