[IMP] generic oauth providers
bzr revid: al@openerp.com-20120815180913-2y889mtgg15v5lqb
This commit is contained in:
parent
eb50d91461
commit
334bc0ff66
|
@ -1,3 +1,3 @@
|
|||
import controllers
|
||||
import auth_oauth
|
||||
import res_users
|
||||
import oauth_providers
|
||||
|
|
|
@ -30,10 +30,10 @@
|
|||
'website': 'http://www.openerp.com',
|
||||
'depends': ['base', 'web'],
|
||||
'data': [
|
||||
'oauth_providers_data.xml'
|
||||
'auth_oauth_data.xml'
|
||||
],
|
||||
'update_xml': [
|
||||
'oauth_providers.xml'
|
||||
'auth_oauth_view.xml'
|
||||
],
|
||||
'js': [
|
||||
'static/src/js/auth_oauth.js',
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
from openerp.osv import osv, fields
|
||||
|
||||
class oauth_providers(osv.osv):
|
||||
|
||||
class auth_oauth_providers(osv.osv):
|
||||
"""Class defining the configuration values of an OAuth2 provider"""
|
||||
|
||||
_name = 'oauth.providers'
|
||||
_name = 'auth.oauth.provider'
|
||||
_description = 'OAuth2 provider'
|
||||
_order = 'name'
|
||||
|
||||
|
@ -15,14 +14,8 @@ class oauth_providers(osv.osv):
|
|||
'scope' : fields.char('Scope'), # OAUth user data desired to access
|
||||
'validation_endpoint' : fields.char('Validation URL'), # OAuth provider URL to validate tokens
|
||||
'data_endpoint' : fields.char('Data URL'),
|
||||
'redirect_uris' : fields.char('Redirect URIs'),
|
||||
'icon_url' : fields.char('Icon'), # URL of the icon's provider
|
||||
'active' : fields.boolean('Active'),
|
||||
'sequence' : fields.integer(),
|
||||
}
|
||||
|
||||
_sql_constraints = [
|
||||
('name', 'unique(name)', 'The name of the OAuth provider must be unique')
|
||||
]
|
||||
|
||||
oauth_providers()
|
|
@ -1,24 +1,22 @@
|
|||
<?xml version="1.0"?>
|
||||
<openerp>
|
||||
<data noupdate="1">
|
||||
<record id="1" model="oauth.providers">
|
||||
<record id="provider_google" model="auth.oauth.provider">
|
||||
<field name="name">Google OAuth2</field>
|
||||
<field name="client_id">108010644258-duuhmp6pu7li4tsmnqg7j9rvdeklg0ki.apps.googleusercontent.com</field>
|
||||
<field name="auth_endpoint">https://accounts.google.com/o/oauth2/auth</field>
|
||||
<field name="scope">https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile</field>
|
||||
<field name="validation_endpoint">https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=</field>
|
||||
<field name="data_endpoint">https://www.googleapis.com/oauth2/v1/userinfo?access_token=</field>
|
||||
<field name="redirect_uris">https://localhost/</field>
|
||||
<field name="active">True</field>
|
||||
</record>
|
||||
<record id="2" model="oauth.providers">
|
||||
<record id="provider_twitter" model="auth.oauth.provider">
|
||||
<field name="name">Twitter OAuth2</field>
|
||||
<field name="client_id">108010644258-duuhmp6pu7li4tsmnqg7j9rvdeklg0ki.apps.twitterusercontent.com</field>
|
||||
<field name="auth_endpoint">https://api.twitter.com/oauth/request_token</field>
|
||||
<field name="scope"></field>
|
||||
<field name="validation_endpoint">https://api.twitter.com/oauth/authorize?oauth_token=</field>
|
||||
<field name="data_endpoint"></field>
|
||||
<field name="redirect_uris">https://localhost/</field>
|
||||
<field name="active">True</field>
|
||||
</record>
|
||||
</data>
|
|
@ -1,36 +1,31 @@
|
|||
<?xml version="1.0"?>
|
||||
<openerp>
|
||||
<data>
|
||||
<menuitem id="menu_oauth_provider" parent="base.menu_administration" name="OAuth2 Settings" action="" sequence="100" />
|
||||
<record model="ir.ui.view" id="view_oauth_provider_form">
|
||||
<field name="name">oauth.provider.form</field>
|
||||
<field name="model">oauth.providers</field>
|
||||
<field name="name">auth.oauth.provider.form</field>
|
||||
<field name="model">auth.oauth.provider</field>
|
||||
<field name="type">form</field>
|
||||
<field name="arch" type="xml">
|
||||
<form string="arch" version="7.0">
|
||||
<header>
|
||||
|
||||
</header>
|
||||
<sheet>
|
||||
<group name="info1" string="" col="">
|
||||
<group>
|
||||
<field name="name" />
|
||||
<field name="client_id" />
|
||||
<field name="active" />
|
||||
</group>
|
||||
<group name="info2" string="" col="">
|
||||
<group>
|
||||
<field name="auth_endpoint" />
|
||||
<field name="scope" />
|
||||
<field name="validation_endpoint" />
|
||||
<field name="data_endpoint" />
|
||||
<field name="redirect_uris" />
|
||||
</group>
|
||||
</sheet>
|
||||
</form>
|
||||
</field>
|
||||
</record>
|
||||
<record model="ir.ui.view" id="view_oauth_provider_list">
|
||||
<field name="name">oauth.provider.list</field>
|
||||
<field name="model">oauth.providers</field>
|
||||
<field name="name">auth.oauth.provider.list</field>
|
||||
<field name="model">auth.oauth.provider</field>
|
||||
<field name="type">tree</field>
|
||||
<field name="arch" type="xml">
|
||||
<tree string="arch" version="7.0">
|
||||
|
@ -42,10 +37,10 @@
|
|||
</record>
|
||||
<record model="ir.actions.act_window" id="action_oauth_provider">
|
||||
<field name="name">Providers</field>
|
||||
<field name="res_model">oauth.providers</field>
|
||||
<field name="res_model">auth.oauth.provider</field>
|
||||
<field name="view_type">form</field>
|
||||
<field name="view_mode">tree,form</field>
|
||||
</record>
|
||||
<menuitem id="menu_oauth_providers" parent="menu_oauth_provider" name="OAuth2 Providers" action="action_oauth_provider" sequence="0" />
|
||||
<menuitem id="menu_oauth_providers" parent="base.menu_users" name="OAuth Providers" action="action_oauth_provider" sequence="30"/>
|
||||
</data>
|
||||
</openerp>
|
|
@ -12,12 +12,13 @@ _logger = logging.getLogger(__name__)
|
|||
class OAuthController(openerpweb.Controller):
|
||||
_cp_path = '/auth_oauth'
|
||||
|
||||
@openerpweb.jsonrequest
|
||||
def list_providers(self, req, dbname):
|
||||
#dbname = kw.get("state")
|
||||
#registry = openerp.modules.registry.RegistryManager.get(dbname)
|
||||
#with registry.cursor() as cr:
|
||||
# dsfasdf
|
||||
pass
|
||||
registry = openerp.modules.registry.RegistryManager.get(dbname)
|
||||
with registry.cursor() as cr:
|
||||
providers = registry.get('auth.oauth.provider')
|
||||
l = providers.read(cr, 1, providers.search(cr, 1, []))
|
||||
return l
|
||||
|
||||
@openerpweb.httprequest
|
||||
def signin(self, req, **kw):
|
||||
|
@ -26,18 +27,18 @@ class OAuthController(openerpweb.Controller):
|
|||
with registry.cursor() as cr:
|
||||
try:
|
||||
u = registry.get('res.users')
|
||||
credentials = u.auth_oauth(cr, 1, kw)
|
||||
credentials = u.auth_oauth(cr, 1, {}, kw)
|
||||
cr.commit()
|
||||
return openerp.addons.web.controllers.main.login_and_redirect(req, *credentials)
|
||||
except AttributeError:
|
||||
# auth_signup is not installed
|
||||
_logger.exception("attribute error")
|
||||
url = "/#action=auth_signup&error=1"
|
||||
_logger.error("auth_signup not installed on database %s: oauth sign up cancelled."%dbname)
|
||||
url = "/#action=login&oauth_error=1"
|
||||
except Exception,e:
|
||||
# signup error
|
||||
_logger.exception('oops')
|
||||
url = "/#action=auth_signup&error=2"
|
||||
return openerp.addons.web.controllers.main.set_cookie_and_redirect(req, "/")
|
||||
url = "/#action=login&oauth_error=2"
|
||||
return openerp.addons.web.controllers.main.set_cookie_and_redirect(req, url)
|
||||
|
||||
|
||||
# vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import logging
|
||||
|
||||
import urllib
|
||||
import urllib2
|
||||
import simplejson
|
||||
|
||||
|
@ -10,40 +11,36 @@ from openerp.osv import osv, fields
|
|||
_logger = logging.getLogger(__name__)
|
||||
|
||||
class res_users(osv.Model):
|
||||
|
||||
_inherit = 'res.users'
|
||||
|
||||
_columns = {
|
||||
'oauth_provider': fields.char('OAuth Provider', size=1024),
|
||||
'oauth_uid': fields.char('OAuth User ID', size=256,
|
||||
help="Used for disambiguation in case of a shared OpenID URL"),
|
||||
'oauth_access_token': fields.char('OAuth Token',
|
||||
readonly=True),
|
||||
'oauth_provider': fields.many2one('auth.oauth.provider','OAuth Provider'),
|
||||
'oauth_uid': fields.char('OAuth User ID', help="Oauth Provider user_id"),
|
||||
'oauth_access_token': fields.char('OAuth Token', readonly=True),
|
||||
}
|
||||
|
||||
def auth_oauth_rpc(self, cr, uid, endpoint, access_token, context=None):
|
||||
url = endpoint + access_token
|
||||
params = urllib.urlencode({'access_token':access_token})
|
||||
url = endpoint + '?' + params
|
||||
f = urllib2.urlopen(url)
|
||||
response = f.read()
|
||||
return simplejson.loads(response)
|
||||
|
||||
def auth_oauth_fetch_user_validation(self, cr, uid, access_token, context=None):
|
||||
endpoint = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token='
|
||||
endpoint = 'https://www.googleapis.com/oauth2/v1/tokeninfo'
|
||||
return self.auth_oauth_rpc(cr, uid, endpoint, access_token)
|
||||
|
||||
def auth_oauth_fetch_user_data(self, cr, uid, access_token, context=None):
|
||||
endpoint = 'https://www.googleapis.com/oauth2/v1/userinfo?access_token='
|
||||
endpoint = 'https://www.googleapis.com/oauth2/v1/userinfo'
|
||||
return self.auth_oauth_rpc(cr, uid, endpoint, access_token)
|
||||
|
||||
def auth_oauth(self, cr, uid, params, context=None):
|
||||
def auth_oauth(self, cr, uid, config, params, context=None):
|
||||
# Advice by Google (to avoid Confused Deputy Problem)
|
||||
# if validation.audience != OUR_CLIENT_ID:
|
||||
# abort()
|
||||
# else:
|
||||
# continue with the process
|
||||
|
||||
access_token = params.get('access_token')
|
||||
|
||||
validation = self.auth_oauth_fetch_user_validation(cr, uid, access_token, context=context)
|
||||
if validation.get("error"):
|
||||
raise openerp.exceptions.AccessDenied
|
||||
|
@ -51,8 +48,7 @@ class res_users(osv.Model):
|
|||
login = validation['email']
|
||||
oauth_uid = validation['user_id']
|
||||
name = self.auth_oauth_fetch_user_data(cr, uid, access_token)['name']
|
||||
|
||||
r = (cr.dbname, login, oauth_uid)
|
||||
credentials = (cr.dbname, login, access_token)
|
||||
|
||||
res = self.search(cr, uid, [("oauth_uid", "=", oauth_uid)])
|
||||
if res:
|
||||
|
@ -69,8 +65,7 @@ class res_users(osv.Model):
|
|||
'active': True,
|
||||
}
|
||||
self.auth_signup_create(cr, uid, new_user)
|
||||
return r
|
||||
|
||||
return credentials
|
||||
|
||||
def check(self, db, uid, passwd):
|
||||
try:
|
||||
|
@ -93,5 +88,4 @@ class res_users(osv.Model):
|
|||
finally:
|
||||
cr.close()
|
||||
|
||||
res_users()
|
||||
#
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -1,13 +1,11 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<templates id="template" xml:space="preserve">
|
||||
|
||||
<t t-extend="Login">
|
||||
<t t-jquery=".oe_login_pane form ul" t-operation="after">
|
||||
<ul class="oe_login_oauth">
|
||||
<li>OR</li>
|
||||
<li><a href="#">Login with Google</a></li>
|
||||
</ul>
|
||||
<t t-name="auth_oauth.Login.button">
|
||||
<t t-foreach="widget.oauth_providers" t-as="p">
|
||||
<a href="#" class="oe_oauth_sign_in" t-att-data-index="p_index">
|
||||
Login with <t t-esc="p.name"/> icon <t t-esc="p.icon_url"/>
|
||||
</a>
|
||||
<br/>
|
||||
</t>
|
||||
</t>
|
||||
|
||||
</t>
|
||||
</templates>
|
Loading…
Reference in New Issue