From 3df950dbbb60515facc979cf769da00273541c72 Mon Sep 17 00:00:00 2001
From: Florent Xicluna <florent.xicluna@gmail.com>
Date: Tue, 6 Jan 2026 11:22:16 +0100
Subject: [PATCH] Fix superuser direct login

---
 CHANGES.rst | 4 ++++
 odooly.py   | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 95cf058..c5313dd 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -12,6 +12,10 @@ Changelog
 
 * Json2: set ``Accept: application/json`` HTTP header.
 
+* Fix login with ``__system__`` user.  Note: it is not supported, and
+  disabled during Odoo installation, for safety reason.
+  Use :meth:`Env.sudo` or :meth:`Model.sudo` instead.
+
 
 2.5.1 (2025-11-11)
 ~~~~~~~~~~~~~~~~~~
diff --git a/odooly.py b/odooly.py
index 778d0c7..5f21a90 100644
--- a/odooly.py
+++ b/odooly.py
@@ -695,7 +695,7 @@ def _check_user_password(self, user, password, api_key):
         if self.client._object and not self.db_name:
             raise Error('Error: Not connected')
         assert isinstance(user, str) and user
-        if user == SYSTEM_USER:
+        if user == SYSTEM_USER and self.uid and not password:
             info = self.client._authenticate_system()
             return info['uid'], password, info
         # Read from cache