[IMP] auth_oauth: redirect directly to controller; do not make heuristic on arguments
bzr revid: chs@openerp.com-20121116162421-5yahj18n88yykq2k
This commit is contained in:
parent
ea92f73acc
commit
4a454397f8
|
@ -1,48 +1,101 @@
|
|||
import functools
|
||||
import logging
|
||||
|
||||
import simplejson
|
||||
import werkzeug.urls
|
||||
import werkzeug.utils
|
||||
from werkzeug.exceptions import BadRequest
|
||||
|
||||
import openerp
|
||||
from openerp import SUPERUSER_ID
|
||||
import openerp.addons.web.http as oeweb
|
||||
from openerp.addons.web.controllers.main import db_monodb, set_cookie_and_redirect, login_and_redirect
|
||||
from openerp.modules.registry import RegistryManager
|
||||
|
||||
_logger = logging.getLogger(__name__)
|
||||
|
||||
class OAuthController(openerp.addons.web.http.Controller):
|
||||
#----------------------------------------------------------
|
||||
# helpers
|
||||
#----------------------------------------------------------
|
||||
def fragment_to_query_string(func):
|
||||
@functools.wraps(func)
|
||||
def wrapper(self, req, **kw):
|
||||
if not kw:
|
||||
return """<html><head><script>
|
||||
var l = window.location;
|
||||
var q = l.hash.substring(1);
|
||||
var r = '/' + l.search;
|
||||
if(q.length !== 0) {
|
||||
var s = l.search ? (l.search === '?' ? '' : '&') : '?';
|
||||
r = l.pathname + l.search + s + q;
|
||||
}
|
||||
window.location = r;
|
||||
</script></head><body></body></html>"""
|
||||
return func(self, req, **kw)
|
||||
return wrapper
|
||||
|
||||
|
||||
#----------------------------------------------------------
|
||||
# Controller
|
||||
#----------------------------------------------------------
|
||||
class OAuthController(oeweb.Controller):
|
||||
_cp_path = '/auth_oauth'
|
||||
|
||||
@openerp.addons.web.http.jsonrequest
|
||||
@oeweb.jsonrequest
|
||||
def list_providers(self, req, dbname):
|
||||
try:
|
||||
registry = openerp.modules.registry.RegistryManager.get(dbname)
|
||||
registry = RegistryManager.get(dbname)
|
||||
with registry.cursor() as cr:
|
||||
providers = registry.get('auth.oauth.provider')
|
||||
l = providers.read(cr, openerp.SUPERUSER_ID, providers.search(cr, openerp.SUPERUSER_ID, [('enabled','=',True)]))
|
||||
l = providers.read(cr, SUPERUSER_ID, providers.search(cr, SUPERUSER_ID, [('enabled', '=', True)]))
|
||||
except Exception:
|
||||
l = []
|
||||
return l
|
||||
|
||||
@openerp.addons.web.http.httprequest
|
||||
@oeweb.httprequest
|
||||
@fragment_to_query_string
|
||||
def signin(self, req, **kw):
|
||||
state = simplejson.loads(kw['state'])
|
||||
dbname = state['d']
|
||||
provider = state['p']
|
||||
registry = openerp.modules.registry.RegistryManager.get(dbname)
|
||||
context = state.get('c', {})
|
||||
registry = RegistryManager.get(dbname)
|
||||
with registry.cursor() as cr:
|
||||
try:
|
||||
u = registry.get('res.users')
|
||||
credentials = u.auth_oauth(cr, openerp.SUPERUSER_ID, provider, kw)
|
||||
credentials = u.auth_oauth(cr, SUPERUSER_ID, provider, kw, context=context)
|
||||
cr.commit()
|
||||
return openerp.addons.web.controllers.main.login_and_redirect(req, *credentials)
|
||||
return login_and_redirect(req, *credentials)
|
||||
except AttributeError:
|
||||
# auth_signup is not installed
|
||||
_logger.error("auth_signup not installed on database %s: oauth sign up cancelled."%dbname)
|
||||
_logger.error("auth_signup not installed on database %s: oauth sign up cancelled." % (dbname,))
|
||||
url = "/#action=login&oauth_error=1"
|
||||
except Exception,e:
|
||||
except Exception, e:
|
||||
# signup error
|
||||
_logger.exception("OAuth2: %s" % str(e))
|
||||
url = "/#action=login&oauth_error=2"
|
||||
return openerp.addons.web.controllers.main.set_cookie_and_redirect(req, url)
|
||||
|
||||
return set_cookie_and_redirect(req, url)
|
||||
|
||||
@oeweb.httprequest
|
||||
def oea(self, req, **kw):
|
||||
"""login user via OpenERP Account provider"""
|
||||
dbname = kw.pop('db', None)
|
||||
if not dbname:
|
||||
dbname = db_monodb(req)
|
||||
if not dbname:
|
||||
return BadRequest()
|
||||
|
||||
registry = RegistryManager.get(dbname)
|
||||
with registry.cursor() as cr:
|
||||
IMD = registry['ir.model.data']
|
||||
model, provider_id = IMD.get_object_reference(cr, SUPERUSER_ID, 'auth_oauth', 'provider_openerp')
|
||||
assert model == 'auth.oauth.provider'
|
||||
|
||||
state = {
|
||||
'd': dbname,
|
||||
'p': provider_id,
|
||||
'c': {'no_user_creation': True},
|
||||
}
|
||||
|
||||
kw['state'] = simplejson.dumps(state)
|
||||
return self.signin(req, **kw)
|
||||
|
||||
# vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
|
@ -36,7 +36,10 @@ openerp.auth_oauth = function(instance) {
|
|||
ev.preventDefault();
|
||||
var index = $(ev.target).data('index');
|
||||
var p = this.oauth_providers[index];
|
||||
var ret = location.protocol+"//"+location.host+"/";
|
||||
var ret = _.str.sprintf('%s//%s/auth_oauth/signin', location.protocol, location.host);
|
||||
if (instance.session.debug) {
|
||||
ret += '?debug';
|
||||
}
|
||||
var dbname = self.$("form [name=db]").val();
|
||||
var state_object = {
|
||||
d: dbname,
|
||||
|
@ -55,16 +58,4 @@ openerp.auth_oauth = function(instance) {
|
|||
},
|
||||
});
|
||||
|
||||
instance.web.WebClient = instance.web.WebClient.extend({
|
||||
start: function() {
|
||||
this._super.apply(this, arguments);
|
||||
var params = $.deparam(window.location.hash.substring(1));
|
||||
// alert(JSON.stringify(params));
|
||||
if (params.hasOwnProperty('access_token')) {
|
||||
var url = "/auth_oauth/signin" + '?' + $.param(params);
|
||||
window.location = url;
|
||||
}
|
||||
},
|
||||
});
|
||||
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue