[FIX] Fixed auth_oauth method
bzr revid: vta@openerp.com-20120814115555-qyveeb9fibs598rh
This commit is contained in:
vta vta@openerp.com
parent
b1e5c9e1ae
commit
ebc010fd39
|
|
@ -1,5 +1,4 @@
|
|||
import logging
|
||||
import urllib2
|
||||
|
||||
import werkzeug.urls
|
||||
import werkzeug.utils
|
||||
|
|
@ -13,25 +12,30 @@ _logger = logging.getLogger(__name__)
|
|||
class OAuthController(openerpweb.Controller):
|
||||
_cp_path = '/auth_oauth'
|
||||
|
||||
def list_providers(self, req, dbname):
|
||||
#dbname = kw.get("state")
|
||||
#registry = openerp.modules.registry.RegistryManager.get(dbname)
|
||||
#with registry.cursor() as cr:
|
||||
# dsfasdf
|
||||
pass
|
||||
|
||||
@openerpweb.httprequest
|
||||
def signin(self, req, **kw):
|
||||
dbname = kw.get("state")
|
||||
registry = openerp.modules.registry.RegistryManager.get(dbname)
|
||||
cr = registry.db.cursor()
|
||||
try:
|
||||
with registry.cursor() as cr:
|
||||
try:
|
||||
u = registry.get('res.users')
|
||||
r = u.auth_oauth(cr, 1, kw)
|
||||
credentials = u.auth_oauth(cr, 1, kw)
|
||||
cr.commit()
|
||||
return openerp.addons.web.controllers.main.login_and_redirect(req, *r)
|
||||
return openerp.addons.web.controllers.main.login_and_redirect(req, *credentials)
|
||||
except AttributeError:
|
||||
# auth_signup is not installed
|
||||
url = "/#action=auth_signup&error=1"
|
||||
except Exception,e:
|
||||
# signup error
|
||||
url = "/#action=auth_signup&error=2"
|
||||
finally:
|
||||
cr.close()
|
||||
return werkzeug.utils.redirect("https://localhost")
|
||||
return werkzeug.utils.redirect("http://localhost:8069")
|
||||
|
||||
|
||||
# vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
|
|||
|
|
@ -17,19 +17,19 @@ class res_users(osv.Model):
|
|||
readonly=True),
|
||||
}
|
||||
|
||||
def auth_oauth_rpc(self, cr, uid, endpoint, params, context=None):
|
||||
url = endpoint + params.get('access_token')
|
||||
def auth_oauth_rpc(self, cr, uid, endpoint, access_token, context=None):
|
||||
url = endpoint + access_token
|
||||
f = urllib2.urlopen(url)
|
||||
validation = f.read()
|
||||
return simplejson.loads(validation)
|
||||
response = f.read()
|
||||
return simplejson.loads(response)
|
||||
|
||||
def auth_oauth_fetch_user_validation(self, cr, uid, params, context=None):
|
||||
def auth_oauth_fetch_user_validation(self, cr, uid, access_token, context=None):
|
||||
endpoint = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token='
|
||||
return self.auth_oauth_rpc(cr, uid, endpoint, params)
|
||||
return self.auth_oauth_rpc(cr, uid, endpoint, access_token)
|
||||
|
||||
def auth_oauth_fetch_user_data(self, cr, uid, params):
|
||||
def auth_oauth_fetch_user_data(self, cr, uid, access_token, context=None):
|
||||
endpoint = 'https://www.googleapis.com/oauth2/v1/userinfo?access_token='
|
||||
return self.auth_oauth_rpc(cr, uid, endpoint, params)
|
||||
return self.auth_oauth_rpc(cr, uid, endpoint, access_token)
|
||||
|
||||
def auth_oauth(self, cr, uid, params, context=None):
|
||||
# Advice by Google (to avoid Confused Deputy Problem)
|
||||
|
|
@ -37,33 +37,36 @@ class res_users(osv.Model):
|
|||
# abort()
|
||||
# else:
|
||||
# continue with the process
|
||||
validation = self.auth_oauth_fetch_user_validation(cr, uid, params)
|
||||
|
||||
access_token = params.get('access_token')
|
||||
|
||||
validation = self.auth_oauth_fetch_user_validation(cr, uid, access_token, context=context)
|
||||
if validation.get("error"):
|
||||
raise openerp.exceptions.AccessDenied
|
||||
|
||||
login = validation['email']
|
||||
oauth_uid = validation['user_id']
|
||||
name = self.auth_oauth_fetch_user_data(cr, uid, params)['name']
|
||||
r = (cr.dbname, login, oauth_uid)
|
||||
try:
|
||||
# check for existing user
|
||||
if not self.auth_signup_check(cr, uid, login, oauth_uid):
|
||||
# new user
|
||||
new_user = {
|
||||
'name': name,
|
||||
'login': login,
|
||||
'user_email': login,
|
||||
'password': oauth_uid,
|
||||
'oauth_provider': 'Google',
|
||||
'oauth_uid': oauth_uid,
|
||||
'oauth_access_token': params.get('access_token'),
|
||||
'active': True,
|
||||
}
|
||||
self.auth_signup_create(cr, uid, new_user)
|
||||
return r
|
||||
else:
|
||||
# already existing with same password
|
||||
return r
|
||||
except openerp.exceptions.AccessDenied:
|
||||
# already existing with diffrent password
|
||||
raise
|
||||
|
||||
r = (cr.dbname, login, access_token)
|
||||
|
||||
res = self.search(cr, uid, [("oauth_uid", "=", oauth_uid)])
|
||||
if res:
|
||||
self.write(cr, uid, res[0]['id'], {'oauth_access_token':access_token})
|
||||
else:
|
||||
# New user
|
||||
new_user = {
|
||||
'name': name,
|
||||
'login': login,
|
||||
'user_email': login,
|
||||
'oauth_provider': 'Google',
|
||||
'oauth_uid': oauth_uid,
|
||||
'oauth_access_token': access_token,
|
||||
'active': True,
|
||||
}
|
||||
self.auth_signup_create(cr, uid, new_user)
|
||||
return r
|
||||
|
||||
|
||||
def check(self, db, uid, passwd):
|
||||
try:
|
||||
|
|
@ -77,7 +80,7 @@ class res_users(osv.Model):
|
|||
cr.execute('''SELECT COUNT(1)
|
||||
FROM res_users
|
||||
WHERE id=%s
|
||||
AND oauth_key=%s
|
||||
AND oauth_access_token=%s
|
||||
AND active=%s''',
|
||||
(int(uid), passwd, True))
|
||||
if not cr.fetchone()[0]:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<openerp>
|
||||
<data>
|
||||
<record id="view_users_form" model="ir.ui.view">
|
||||
<field name="name">res.users.form</field>
|
||||
<field name="model">res.users</field>
|
||||
<field name="type">form</field>
|
||||
<field name="inherit_id" ref="base.view_users_form"/>
|
||||
<field name="arch" type="xml">
|
||||
<xpath expr="//page[@string='Access Rights']" position="after">
|
||||
<page string="Oauth">
|
||||
<group>
|
||||
<field name="oauth_provider"/>
|
||||
<field name="oauth_uid"/>
|
||||
<field name="oauth_access_token"/>
|
||||
</group>
|
||||
</page>
|
||||
</xpath>
|
||||
</field>
|
||||
</record>
|
||||
</data>
|
||||
</openerp>
|
||||
|
||||
|
|
@ -19,37 +19,28 @@ class res_users(osv.Model):
|
|||
else:
|
||||
self.pool.get('res.users').create(cr, 1, new_user, context=context)
|
||||
|
||||
def auth_signup_check(self, cr, uid, login, key, context=None):
|
||||
res = self.search(cr, uid, [("login", "=", login)])
|
||||
if res:
|
||||
user_id = res[0]
|
||||
self.check(cr.dbname, user_id, key)
|
||||
return user_id
|
||||
return False
|
||||
|
||||
def auth_signup(self, cr, uid, name, login, password, context=None):
|
||||
r = (cr.dbname, login, password)
|
||||
try:
|
||||
# check for existing user
|
||||
if not self.auth_signup_check(cr, uid, login, password):
|
||||
print "NEW USER"
|
||||
# new user
|
||||
new_user = {
|
||||
'name': name,
|
||||
'login': login,
|
||||
'user_email': login,
|
||||
'password': password,
|
||||
'active': True,
|
||||
}
|
||||
self.auth_signup_create(cr, uid, new_user)
|
||||
return r
|
||||
else:
|
||||
print "Existing same"
|
||||
# already existing with same password
|
||||
return r
|
||||
except openerp.exceptions.AccessDenied:
|
||||
print "Existing different"
|
||||
# already existing with diffrent password
|
||||
raise
|
||||
res = self.search(cr, uid, [("login", "=", login)])
|
||||
if res:
|
||||
# Existing user
|
||||
user_id = res[0]
|
||||
try:
|
||||
self.check(cr.dbname, user_id, password)
|
||||
# Same password
|
||||
except openerp.exceptions.AccessDenied:
|
||||
# Different password
|
||||
raise
|
||||
else:
|
||||
# New user
|
||||
new_user = {
|
||||
'name': name,
|
||||
'login': login,
|
||||
'user_email': login,
|
||||
'password': password,
|
||||
'active': True,
|
||||
}
|
||||
self.auth_signup_create(cr, uid, new_user)
|
||||
return r
|
||||
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in New Issue