[FIX] Fixed auth_oauth method
bzr revid: vta@openerp.com-20120814115555-qyveeb9fibs598rh
This commit is contained in:
parent
b1e5c9e1ae
commit
ebc010fd39
|
@ -1,5 +1,4 @@
|
||||||
import logging
|
import logging
|
||||||
import urllib2
|
|
||||||
|
|
||||||
import werkzeug.urls
|
import werkzeug.urls
|
||||||
import werkzeug.utils
|
import werkzeug.utils
|
||||||
|
@ -13,25 +12,30 @@ _logger = logging.getLogger(__name__)
|
||||||
class OAuthController(openerpweb.Controller):
|
class OAuthController(openerpweb.Controller):
|
||||||
_cp_path = '/auth_oauth'
|
_cp_path = '/auth_oauth'
|
||||||
|
|
||||||
|
def list_providers(self, req, dbname):
|
||||||
|
#dbname = kw.get("state")
|
||||||
|
#registry = openerp.modules.registry.RegistryManager.get(dbname)
|
||||||
|
#with registry.cursor() as cr:
|
||||||
|
# dsfasdf
|
||||||
|
pass
|
||||||
|
|
||||||
@openerpweb.httprequest
|
@openerpweb.httprequest
|
||||||
def signin(self, req, **kw):
|
def signin(self, req, **kw):
|
||||||
dbname = kw.get("state")
|
dbname = kw.get("state")
|
||||||
registry = openerp.modules.registry.RegistryManager.get(dbname)
|
registry = openerp.modules.registry.RegistryManager.get(dbname)
|
||||||
cr = registry.db.cursor()
|
with registry.cursor() as cr:
|
||||||
try:
|
|
||||||
try:
|
try:
|
||||||
u = registry.get('res.users')
|
u = registry.get('res.users')
|
||||||
r = u.auth_oauth(cr, 1, kw)
|
credentials = u.auth_oauth(cr, 1, kw)
|
||||||
cr.commit()
|
cr.commit()
|
||||||
return openerp.addons.web.controllers.main.login_and_redirect(req, *r)
|
return openerp.addons.web.controllers.main.login_and_redirect(req, *credentials)
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
# auth_signup is not installed
|
# auth_signup is not installed
|
||||||
url = "/#action=auth_signup&error=1"
|
url = "/#action=auth_signup&error=1"
|
||||||
except Exception,e:
|
except Exception,e:
|
||||||
# signup error
|
# signup error
|
||||||
url = "/#action=auth_signup&error=2"
|
url = "/#action=auth_signup&error=2"
|
||||||
finally:
|
return werkzeug.utils.redirect("http://localhost:8069")
|
||||||
cr.close()
|
|
||||||
return werkzeug.utils.redirect("https://localhost")
|
|
||||||
|
|
||||||
# vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
|
# vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||||
|
|
|
@ -17,19 +17,19 @@ class res_users(osv.Model):
|
||||||
readonly=True),
|
readonly=True),
|
||||||
}
|
}
|
||||||
|
|
||||||
def auth_oauth_rpc(self, cr, uid, endpoint, params, context=None):
|
def auth_oauth_rpc(self, cr, uid, endpoint, access_token, context=None):
|
||||||
url = endpoint + params.get('access_token')
|
url = endpoint + access_token
|
||||||
f = urllib2.urlopen(url)
|
f = urllib2.urlopen(url)
|
||||||
validation = f.read()
|
response = f.read()
|
||||||
return simplejson.loads(validation)
|
return simplejson.loads(response)
|
||||||
|
|
||||||
def auth_oauth_fetch_user_validation(self, cr, uid, params, context=None):
|
def auth_oauth_fetch_user_validation(self, cr, uid, access_token, context=None):
|
||||||
endpoint = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token='
|
endpoint = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token='
|
||||||
return self.auth_oauth_rpc(cr, uid, endpoint, params)
|
return self.auth_oauth_rpc(cr, uid, endpoint, access_token)
|
||||||
|
|
||||||
def auth_oauth_fetch_user_data(self, cr, uid, params):
|
def auth_oauth_fetch_user_data(self, cr, uid, access_token, context=None):
|
||||||
endpoint = 'https://www.googleapis.com/oauth2/v1/userinfo?access_token='
|
endpoint = 'https://www.googleapis.com/oauth2/v1/userinfo?access_token='
|
||||||
return self.auth_oauth_rpc(cr, uid, endpoint, params)
|
return self.auth_oauth_rpc(cr, uid, endpoint, access_token)
|
||||||
|
|
||||||
def auth_oauth(self, cr, uid, params, context=None):
|
def auth_oauth(self, cr, uid, params, context=None):
|
||||||
# Advice by Google (to avoid Confused Deputy Problem)
|
# Advice by Google (to avoid Confused Deputy Problem)
|
||||||
|
@ -37,33 +37,36 @@ class res_users(osv.Model):
|
||||||
# abort()
|
# abort()
|
||||||
# else:
|
# else:
|
||||||
# continue with the process
|
# continue with the process
|
||||||
validation = self.auth_oauth_fetch_user_validation(cr, uid, params)
|
|
||||||
|
access_token = params.get('access_token')
|
||||||
|
|
||||||
|
validation = self.auth_oauth_fetch_user_validation(cr, uid, access_token, context=context)
|
||||||
|
if validation.get("error"):
|
||||||
|
raise openerp.exceptions.AccessDenied
|
||||||
|
|
||||||
login = validation['email']
|
login = validation['email']
|
||||||
oauth_uid = validation['user_id']
|
oauth_uid = validation['user_id']
|
||||||
name = self.auth_oauth_fetch_user_data(cr, uid, params)['name']
|
name = self.auth_oauth_fetch_user_data(cr, uid, params)['name']
|
||||||
r = (cr.dbname, login, oauth_uid)
|
|
||||||
try:
|
r = (cr.dbname, login, access_token)
|
||||||
# check for existing user
|
|
||||||
if not self.auth_signup_check(cr, uid, login, oauth_uid):
|
res = self.search(cr, uid, [("oauth_uid", "=", oauth_uid)])
|
||||||
# new user
|
if res:
|
||||||
new_user = {
|
self.write(cr, uid, res[0]['id'], {'oauth_access_token':access_token})
|
||||||
'name': name,
|
else:
|
||||||
'login': login,
|
# New user
|
||||||
'user_email': login,
|
new_user = {
|
||||||
'password': oauth_uid,
|
'name': name,
|
||||||
'oauth_provider': 'Google',
|
'login': login,
|
||||||
'oauth_uid': oauth_uid,
|
'user_email': login,
|
||||||
'oauth_access_token': params.get('access_token'),
|
'oauth_provider': 'Google',
|
||||||
'active': True,
|
'oauth_uid': oauth_uid,
|
||||||
}
|
'oauth_access_token': access_token,
|
||||||
self.auth_signup_create(cr, uid, new_user)
|
'active': True,
|
||||||
return r
|
}
|
||||||
else:
|
self.auth_signup_create(cr, uid, new_user)
|
||||||
# already existing with same password
|
return r
|
||||||
return r
|
|
||||||
except openerp.exceptions.AccessDenied:
|
|
||||||
# already existing with diffrent password
|
|
||||||
raise
|
|
||||||
|
|
||||||
def check(self, db, uid, passwd):
|
def check(self, db, uid, passwd):
|
||||||
try:
|
try:
|
||||||
|
@ -77,7 +80,7 @@ class res_users(osv.Model):
|
||||||
cr.execute('''SELECT COUNT(1)
|
cr.execute('''SELECT COUNT(1)
|
||||||
FROM res_users
|
FROM res_users
|
||||||
WHERE id=%s
|
WHERE id=%s
|
||||||
AND oauth_key=%s
|
AND oauth_access_token=%s
|
||||||
AND active=%s''',
|
AND active=%s''',
|
||||||
(int(uid), passwd, True))
|
(int(uid), passwd, True))
|
||||||
if not cr.fetchone()[0]:
|
if not cr.fetchone()[0]:
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<openerp>
|
||||||
|
<data>
|
||||||
|
<record id="view_users_form" model="ir.ui.view">
|
||||||
|
<field name="name">res.users.form</field>
|
||||||
|
<field name="model">res.users</field>
|
||||||
|
<field name="type">form</field>
|
||||||
|
<field name="inherit_id" ref="base.view_users_form"/>
|
||||||
|
<field name="arch" type="xml">
|
||||||
|
<xpath expr="//page[@string='Access Rights']" position="after">
|
||||||
|
<page string="Oauth">
|
||||||
|
<group>
|
||||||
|
<field name="oauth_provider"/>
|
||||||
|
<field name="oauth_uid"/>
|
||||||
|
<field name="oauth_access_token"/>
|
||||||
|
</group>
|
||||||
|
</page>
|
||||||
|
</xpath>
|
||||||
|
</field>
|
||||||
|
</record>
|
||||||
|
</data>
|
||||||
|
</openerp>
|
||||||
|
|
|
@ -19,37 +19,28 @@ class res_users(osv.Model):
|
||||||
else:
|
else:
|
||||||
self.pool.get('res.users').create(cr, 1, new_user, context=context)
|
self.pool.get('res.users').create(cr, 1, new_user, context=context)
|
||||||
|
|
||||||
def auth_signup_check(self, cr, uid, login, key, context=None):
|
|
||||||
res = self.search(cr, uid, [("login", "=", login)])
|
|
||||||
if res:
|
|
||||||
user_id = res[0]
|
|
||||||
self.check(cr.dbname, user_id, key)
|
|
||||||
return user_id
|
|
||||||
return False
|
|
||||||
|
|
||||||
def auth_signup(self, cr, uid, name, login, password, context=None):
|
def auth_signup(self, cr, uid, name, login, password, context=None):
|
||||||
r = (cr.dbname, login, password)
|
r = (cr.dbname, login, password)
|
||||||
try:
|
res = self.search(cr, uid, [("login", "=", login)])
|
||||||
# check for existing user
|
if res:
|
||||||
if not self.auth_signup_check(cr, uid, login, password):
|
# Existing user
|
||||||
print "NEW USER"
|
user_id = res[0]
|
||||||
# new user
|
try:
|
||||||
new_user = {
|
self.check(cr.dbname, user_id, password)
|
||||||
'name': name,
|
# Same password
|
||||||
'login': login,
|
except openerp.exceptions.AccessDenied:
|
||||||
'user_email': login,
|
# Different password
|
||||||
'password': password,
|
raise
|
||||||
'active': True,
|
else:
|
||||||
}
|
# New user
|
||||||
self.auth_signup_create(cr, uid, new_user)
|
new_user = {
|
||||||
return r
|
'name': name,
|
||||||
else:
|
'login': login,
|
||||||
print "Existing same"
|
'user_email': login,
|
||||||
# already existing with same password
|
'password': password,
|
||||||
return r
|
'active': True,
|
||||||
except openerp.exceptions.AccessDenied:
|
}
|
||||||
print "Existing different"
|
self.auth_signup_create(cr, uid, new_user)
|
||||||
# already existing with diffrent password
|
return r
|
||||||
raise
|
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue