[FIX] res_user check method partial fix.

bzr revid: vta@openerp.com-20120814063413-kymp5dq5sbz2iih8

addons/auth_oauth/controllers/main.py

@@ -2,6 +2,7 @@ import logging
 import urllib2
 
 import werkzeug.urls
+import werkzeug.utils
 
 import openerp.modules.registry
 import openerp.addons.web.controllers.main
@@ -22,10 +23,14 @@ class OAuthController(openerpweb.Controller):
                 u = registry.get('res.users')
                 r = u.auth_oauth(cr, 1, kw)
                 cr.commit()
-                # return openerp.addons.web.controllers.main.login_and_redirect(req, *r)
-                # or
-                # req.authenticate(*r)
-                # url = "/"
+                # tmp = openerp.addons.web.controllers.main.login_and_redirect(req, cr, *r)
+                # req.session.authenticate(db, login, key, {})
+                # redirect = werkzeug.utils.redirect("http://localhost:8069/", 303)
+                # redirect.autocorrect_location_header = False
+                # cookie_val = urllib2.quote(simplejson.dumps(req.session_id))
+                # redirect.set_cookie('instance0|session_id', cookie_val)
+                print r
+                return openerp.addons.web.controllers.main.login_and_redirect(req, *r)
             except AttributeError:
                 # auth_signup is not installed
                 url = "/#action=auth_signup&error=1"

addons/auth_oauth/res_users.py

@@ -9,35 +9,14 @@ class res_users(osv.Model):
 
     _inherit = 'res.users'
 
-    def auth_oauth(self, cr, uid, params, context=None):
-        # Advice by Google (to avoid Confused Deputy Problem)
-        # if validation.audience != OUR_CLIENT_ID:
-        #   abort()
-        # else:
-        #   continue with the process
-        login = self.auth_oauth_fetch_user_validation(cr, uid, params)['email']
-        password = self.auth_oauth_fetch_user_validation(cr, uid, params)['user_id']
-        name = self.auth_oauth_fetch_user_data(cr, uid, params)['name']
-        r = (cr.dbname, login, password)
-        try:
-            # check for existing user
-            if not self.auth_signup_check(cr, uid, login, password):
-                # new user
-                new_user = {
-                    'name': name,
-                    'login': login,
-                    'user_email': login,
-                    'password': password,
-                    'active': True,
-                }
-                self.auth_signup_create(cr, uid, new_user)
-                return r
-            else:
-                # already existing with same password
-                return r
-        except openerp.exceptions.AccessDenied:
-            # already existing with diffrent password
-            raise
+    _columns = {
+        'oauth_provider': fields.char('OAuth Provider', size=1024),
+        'oauth_uid': fields.char('OAuth User ID', size=256,
+                                    help="Used for disambiguation in case of a shared OpenID URL"),
+        'oauth_access_token': fields.char('OAuth Token',
+                                  readonly=True),
+    }
+
     def auth_oauth_rpc(self, cr, uid, endpoint, params, context=None):
         url = endpoint + params.get('access_token')
         f = urllib2.urlopen(url)
@@ -52,4 +31,59 @@ class res_users(osv.Model):
         endpoint = 'https://www.googleapis.com/oauth2/v1/userinfo?access_token='
         return self.auth_oauth_rpc(cr, uid, endpoint, params)
 
+    def auth_oauth(self, cr, uid, params, context=None):
+        # Advice by Google (to avoid Confused Deputy Problem)
+        # if validation.audience != OUR_CLIENT_ID:
+        #   abort()
+        # else:
+        #   continue with the process
+        validation = self.auth_oauth_fetch_user_validation(cr, uid, params)
+        login = validation['email']
+        oauth_uid = validation['user_id']
+        name = self.auth_oauth_fetch_user_data(cr, uid, params)['name']
+        r = (cr.dbname, login, oauth_uid)
+        try:
+            # check for existing user
+            if not self.auth_signup_check(cr, uid, login, oauth_uid):
+                # new user
+                new_user = {
+                    'name': name,
+                    'login': login,
+                    'user_email': login,
+                    'oauth_provider': 'Google',
+                    'oauth_uid': oauth_uid,
+                    'oauth_access_token': params.get('access_token'),
+                    'active': True,
+                }
+                self.auth_signup_create(cr, uid, new_user)
+                return r
+            else:
+                # already existing with same password
+                return r
+        except openerp.exceptions.AccessDenied:
+            # already existing with diffrent password
+            raise    
+
+    def check(self, db, uid, passwd):
+        try:
+            return super(res_users, self).check(db, uid, passwd)
+        except openerp.exceptions.AccesDenied:
+            if not passwd:
+                raise
+            try:
+                registry = openerp.modules.registry.RegistryManager.get(db)
+                cr = registry.db.cursor()
+                cr.execute('''SELECT COUNT(1)
+                                FROM res_users
+                               WHERE id=%s
+                                 AND oauth_key=%s
+                                 AND active=%s''',
+                            (int(uid), passwd, True))
+                if not cr.fetchone()[0]:
+                    raise
+                self._uid_cache.setdefault(db, {})[uid] = passwd
+            finally:
+                cr.close()
+
+
 #