[FIX] Fixed login to OpenERP with Google OAuth2. Still fails when redirecting an authenticated user.
bzr revid: vta@openerp.com-20120813123333-b4jwsrn106lakbnh
This commit is contained in:
parent
d946d35ee0
commit
7c3a72300c
|
@ -1,4 +1,5 @@
|
|||
import logging
|
||||
import urllib2
|
||||
|
||||
import werkzeug.urls
|
||||
|
||||
|
@ -21,10 +22,10 @@ class OAuthController(openerpweb.Controller):
|
|||
u = registry.get('res.users')
|
||||
r = u.auth_oauth(cr, 1, kw)
|
||||
cr.commit()
|
||||
return openerp.addons.web.controllers.main.login_and_redirect(req, *r)
|
||||
# return openerp.addons.web.controllers.main.login_and_redirect(req, *r)
|
||||
# or
|
||||
req.authenticate(*r)
|
||||
url = "/"
|
||||
# req.authenticate(*r)
|
||||
# url = "/"
|
||||
except AttributeError:
|
||||
# auth_signup is not installed
|
||||
url = "/#action=auth_signup&error=1"
|
||||
|
@ -33,7 +34,6 @@ class OAuthController(openerpweb.Controller):
|
|||
url = "/#action=auth_signup&error=2"
|
||||
finally:
|
||||
cr.close()
|
||||
return ""
|
||||
return werkzeug.utils.redirect(url)
|
||||
return werkzeug.utils.redirect("https://localhost")
|
||||
|
||||
# vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
|
@ -1,23 +1,27 @@
|
|||
import urllib2
|
||||
import simplejson
|
||||
|
||||
import openerp
|
||||
|
||||
from openerp.osv import osv, fields
|
||||
|
||||
class res_users(osv.Model):
|
||||
|
||||
_inherit = 'res.users'
|
||||
|
||||
def auth_oauth(self, cr, uid, params, context=None):
|
||||
print params
|
||||
url = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=' + params.get('access_token')
|
||||
f = urllib2.urlopen(url)
|
||||
validation = f.read()
|
||||
print validation
|
||||
# Advice by Google (to avoid Confused Deputy Problem)
|
||||
# if validation.audience != OUR_CLIENT_ID:
|
||||
# abort()
|
||||
# else:
|
||||
# continue with the process
|
||||
login = self.auth_oauth_fetch_user_validation(cr, uid, params)['email']
|
||||
password = self.auth_oauth_fetch_user_validation(cr, uid, params)['user_id']
|
||||
name = self.auth_oauth_fetch_user_data(cr, uid, params)['name']
|
||||
r = (cr.dbname, login, password)
|
||||
try:
|
||||
# check for existing user
|
||||
if not self.auth_signup_check(cr, uid, login, password):
|
||||
print "NEW USER"
|
||||
# new user
|
||||
new_user = {
|
||||
'name': name,
|
||||
|
@ -26,15 +30,26 @@ class res_users(osv.Model):
|
|||
'password': password,
|
||||
'active': True,
|
||||
}
|
||||
self.auth_signup_create(cr,uid, new_user)
|
||||
self.auth_signup_create(cr, uid, new_user)
|
||||
return r
|
||||
else:
|
||||
print "Existing same"
|
||||
# already existing with same password
|
||||
return r
|
||||
except openerp.exceptions.AccessDenied:
|
||||
print "Existing different"
|
||||
# already existing with diffrent password
|
||||
raise
|
||||
def auth_oauth_rpc(self, cr, uid, endpoint, params, context=None):
|
||||
url = endpoint + params.get('access_token')
|
||||
f = urllib2.urlopen(url)
|
||||
validation = f.read()
|
||||
return simplejson.loads(validation)
|
||||
|
||||
def auth_oauth_fetch_user_validation(self, cr, uid, params, context=None):
|
||||
endpoint = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token='
|
||||
return self.auth_oauth_rpc(cr, uid, endpoint, params)
|
||||
|
||||
def auth_oauth_fetch_user_data(self, cr, uid, params):
|
||||
endpoint = 'https://www.googleapis.com/oauth2/v1/userinfo?access_token='
|
||||
return self.auth_oauth_rpc(cr, uid, endpoint, params)
|
||||
|
||||
#
|
||||
|
|
|
@ -13,7 +13,7 @@ openerp.auth_oauth = function(instance) {
|
|||
response_type: 'token',
|
||||
client_id: '108010644258-duuhmp6pu7li4tsmnqg7j9rvdeklg0ki.apps.googleusercontent.com',
|
||||
redirect_uri: 'https://localhost/',
|
||||
scope: 'https://www.googleapis.com/auth/userinfo.email',
|
||||
scope: 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile',
|
||||
state: state,
|
||||
};
|
||||
var url = endpoint + '?' + $.param(params);
|
||||
|
@ -29,12 +29,9 @@ openerp.auth_oauth = function(instance) {
|
|||
instance.web.WebClient = instance.web.WebClient.extend({
|
||||
start: function() {
|
||||
this._super.apply(this, arguments);
|
||||
var params = $.deparam(window.location.hash);
|
||||
var params = $.deparam(window.location.hash.substring(1));
|
||||
if (params.hasOwnProperty('access_token')) {
|
||||
// fix params for python marshmalling
|
||||
params.state = params["#state"]
|
||||
delete params["#state"]
|
||||
var url = "/auth_oauth/signin" + '?' + $.param(params);
|
||||
var url = "/auth_oauth/signin" + '?' + $.param(params);//alert(JSON.stringify(params));
|
||||
window.location = url;
|
||||
}
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue