From ebc010fd39507ff60d950e9866325d16c8e7fca2 Mon Sep 17 00:00:00 2001
From: "vta vta@openerp.com" <>
Date: Tue, 14 Aug 2012 13:55:55 +0200
Subject: [PATCH] [FIX] Fixed auth_oauth method

bzr revid: vta@openerp.com-20120814115555-qyveeb9fibs598rh
---
 addons/auth_oauth/controllers/main.py | 20 ++++----
 addons/auth_oauth/res_users.py        | 69 ++++++++++++++-------------
 addons/auth_oauth/res_users.xml       | 23 +++++++++
 addons/auth_signup/res_users.py       | 51 ++++++++------------
 4 files changed, 92 insertions(+), 71 deletions(-)
 create mode 100644 addons/auth_oauth/res_users.xml

diff --git a/addons/auth_oauth/controllers/main.py b/addons/auth_oauth/controllers/main.py
index e0284638291..381602dff46 100644
--- a/addons/auth_oauth/controllers/main.py
+++ b/addons/auth_oauth/controllers/main.py
@@ -1,5 +1,4 @@
 import logging
-import urllib2
 
 import werkzeug.urls
 import werkzeug.utils
@@ -13,25 +12,30 @@ _logger = logging.getLogger(__name__)
 class OAuthController(openerpweb.Controller):
     _cp_path = '/auth_oauth'
 
+    def list_providers(self, req, dbname):
+        #dbname = kw.get("state")
+        #registry = openerp.modules.registry.RegistryManager.get(dbname)
+        #with registry.cursor() as cr:
+        # dsfasdf
+        pass
+
     @openerpweb.httprequest
     def signin(self, req, **kw):
         dbname = kw.get("state")
         registry = openerp.modules.registry.RegistryManager.get(dbname)
-        cr = registry.db.cursor()
-        try:
+        with registry.cursor() as cr:
             try:
                 u = registry.get('res.users')
-                r = u.auth_oauth(cr, 1, kw)
+                credentials = u.auth_oauth(cr, 1, kw)
                 cr.commit()
-                return openerp.addons.web.controllers.main.login_and_redirect(req, *r)
+                return openerp.addons.web.controllers.main.login_and_redirect(req, *credentials)
             except AttributeError:
                 # auth_signup is not installed
                 url = "/#action=auth_signup&error=1"
             except Exception,e:
                 # signup error
                 url = "/#action=auth_signup&error=2"
-        finally:
-            cr.close()
-        return werkzeug.utils.redirect("https://localhost")
+        return werkzeug.utils.redirect("http://localhost:8069")
+
 
 # vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
diff --git a/addons/auth_oauth/res_users.py b/addons/auth_oauth/res_users.py
index 5349cbf529e..98bd020a8c0 100644
--- a/addons/auth_oauth/res_users.py
+++ b/addons/auth_oauth/res_users.py
@@ -17,19 +17,19 @@ class res_users(osv.Model):
                                   readonly=True),
     }
 
-    def auth_oauth_rpc(self, cr, uid, endpoint, params, context=None):
-        url = endpoint + params.get('access_token')
+    def auth_oauth_rpc(self, cr, uid, endpoint, access_token, context=None):
+        url = endpoint + access_token
         f = urllib2.urlopen(url)
-        validation = f.read()
-        return simplejson.loads(validation)
+        response = f.read()
+        return simplejson.loads(response)
 
-    def auth_oauth_fetch_user_validation(self, cr, uid, params, context=None):
+    def auth_oauth_fetch_user_validation(self, cr, uid, access_token, context=None):
         endpoint = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token='    
-        return self.auth_oauth_rpc(cr, uid, endpoint, params)
+        return self.auth_oauth_rpc(cr, uid, endpoint, access_token)
 
-    def auth_oauth_fetch_user_data(self, cr, uid, params):
+    def auth_oauth_fetch_user_data(self, cr, uid, access_token, context=None):
         endpoint = 'https://www.googleapis.com/oauth2/v1/userinfo?access_token='
-        return self.auth_oauth_rpc(cr, uid, endpoint, params)
+        return self.auth_oauth_rpc(cr, uid, endpoint, access_token)
 
     def auth_oauth(self, cr, uid, params, context=None):
         # Advice by Google (to avoid Confused Deputy Problem)
@@ -37,33 +37,36 @@ class res_users(osv.Model):
         #   abort()
         # else:
         #   continue with the process
-        validation = self.auth_oauth_fetch_user_validation(cr, uid, params)
+
+        access_token = params.get('access_token')
+
+        validation = self.auth_oauth_fetch_user_validation(cr, uid, access_token, context=context)
+        if validation.get("error"):
+            raise openerp.exceptions.AccessDenied
+
         login = validation['email']
         oauth_uid = validation['user_id']
         name = self.auth_oauth_fetch_user_data(cr, uid, params)['name']
-        r = (cr.dbname, login, oauth_uid)
-        try:
-            # check for existing user
-            if not self.auth_signup_check(cr, uid, login, oauth_uid):
-                # new user
-                new_user = {
-                    'name': name,
-                    'login': login,
-                    'user_email': login,
-                    'password': oauth_uid,
-                    'oauth_provider': 'Google',
-                    'oauth_uid': oauth_uid,
-                    'oauth_access_token': params.get('access_token'),
-                    'active': True,
-                }
-                self.auth_signup_create(cr, uid, new_user)
-                return r
-            else:
-                # already existing with same password
-                return r
-        except openerp.exceptions.AccessDenied:
-            # already existing with diffrent password
-            raise    
+
+        r = (cr.dbname, login, access_token)
+        
+        res = self.search(cr, uid, [("oauth_uid", "=", oauth_uid)])
+        if res:
+            self.write(cr, uid, res[0]['id'], {'oauth_access_token':access_token})
+        else:
+            # New user
+            new_user = {
+                'name': name,
+                'login': login,
+                'user_email': login,
+                'oauth_provider': 'Google',
+                'oauth_uid': oauth_uid,
+                'oauth_access_token': access_token,
+                'active': True,
+            }
+            self.auth_signup_create(cr, uid, new_user)
+        return r
+
 
     def check(self, db, uid, passwd):
         try:
@@ -77,7 +80,7 @@ class res_users(osv.Model):
                 cr.execute('''SELECT COUNT(1)
                                 FROM res_users
                                WHERE id=%s
-                                 AND oauth_key=%s
+                                 AND oauth_access_token=%s
                                  AND active=%s''',
                             (int(uid), passwd, True))
                 if not cr.fetchone()[0]:
diff --git a/addons/auth_oauth/res_users.xml b/addons/auth_oauth/res_users.xml
new file mode 100644
index 00000000000..995dbfbd52a
--- /dev/null
+++ b/addons/auth_oauth/res_users.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<openerp>
+    <data>   
+        <record id="view_users_form" model="ir.ui.view">
+            <field name="name">res.users.form</field>
+            <field name="model">res.users</field>
+            <field name="type">form</field>
+            <field name="inherit_id" ref="base.view_users_form"/>
+            <field name="arch" type="xml">
+                <xpath expr="//page[@string='Access Rights']" position="after">
+                    <page string="Oauth">
+                        <group>
+                            <field name="oauth_provider"/>
+                            <field name="oauth_uid"/>
+                            <field name="oauth_access_token"/>
+                        </group>
+                    </page>
+                </xpath>
+            </field>
+        </record>
+    </data>
+</openerp>
+
diff --git a/addons/auth_signup/res_users.py b/addons/auth_signup/res_users.py
index 0076787cc6d..1d77a3f9473 100644
--- a/addons/auth_signup/res_users.py
+++ b/addons/auth_signup/res_users.py
@@ -19,37 +19,28 @@ class res_users(osv.Model):
         else:
             self.pool.get('res.users').create(cr, 1, new_user, context=context)
 
-    def auth_signup_check(self, cr, uid, login, key, context=None):
-        res = self.search(cr, uid, [("login", "=", login)])
-        if res:
-            user_id = res[0]
-            self.check(cr.dbname, user_id, key)
-            return user_id
-        return False
-
     def auth_signup(self, cr, uid, name, login, password, context=None):
         r = (cr.dbname, login, password)
-        try:
-            # check for existing user
-            if not self.auth_signup_check(cr, uid, login, password):
-                print "NEW USER"
-                # new user
-                new_user = {
-                    'name': name,
-                    'login': login,
-                    'user_email': login,
-                    'password': password,
-                    'active': True,
-                }
-                self.auth_signup_create(cr, uid, new_user)
-                return r
-            else:
-                print "Existing same"
-                # already existing with same password
-                return r
-        except openerp.exceptions.AccessDenied:
-            print "Existing different"
-            # already existing with diffrent password
-            raise
+        res = self.search(cr, uid, [("login", "=", login)])
+        if res:
+            # Existing user
+            user_id = res[0]
+            try:
+                self.check(cr.dbname, user_id, password)
+                # Same password
+            except openerp.exceptions.AccessDenied:
+                # Different password
+                raise
+        else:
+            # New user
+            new_user = {
+                'name': name,
+                'login': login,
+                'user_email': login,
+                'password': password,
+                'active': True,
+            }
+            self.auth_signup_create(cr, uid, new_user)
+        return r
 
 #