94 lines
3.2 KiB
Python
94 lines
3.2 KiB
Python
import urllib2
|
|
import simplejson
|
|
|
|
import openerp
|
|
|
|
from openerp.osv import osv, fields
|
|
|
|
class res_users(osv.Model):
|
|
|
|
_inherit = 'res.users'
|
|
|
|
_columns = {
|
|
'oauth_provider': fields.char('OAuth Provider', size=1024),
|
|
'oauth_uid': fields.char('OAuth User ID', size=256,
|
|
help="Used for disambiguation in case of a shared OpenID URL"),
|
|
'oauth_access_token': fields.char('OAuth Token',
|
|
readonly=True),
|
|
}
|
|
|
|
def auth_oauth_rpc(self, cr, uid, endpoint, access_token, context=None):
|
|
url = endpoint + access_token
|
|
f = urllib2.urlopen(url)
|
|
response = f.read()
|
|
return simplejson.loads(response)
|
|
|
|
def auth_oauth_fetch_user_validation(self, cr, uid, access_token, context=None):
|
|
endpoint = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token='
|
|
return self.auth_oauth_rpc(cr, uid, endpoint, access_token)
|
|
|
|
def auth_oauth_fetch_user_data(self, cr, uid, access_token, context=None):
|
|
endpoint = 'https://www.googleapis.com/oauth2/v1/userinfo?access_token='
|
|
return self.auth_oauth_rpc(cr, uid, endpoint, access_token)
|
|
|
|
def auth_oauth(self, cr, uid, params, context=None):
|
|
# Advice by Google (to avoid Confused Deputy Problem)
|
|
# if validation.audience != OUR_CLIENT_ID:
|
|
# abort()
|
|
# else:
|
|
# continue with the process
|
|
|
|
access_token = params.get('access_token')
|
|
|
|
validation = self.auth_oauth_fetch_user_validation(cr, uid, access_token, context=context)
|
|
if validation.get("error"):
|
|
raise openerp.exceptions.AccessDenied
|
|
|
|
login = validation['email']
|
|
oauth_uid = validation['user_id']
|
|
name = self.auth_oauth_fetch_user_data(cr, uid, params)['name']
|
|
|
|
r = (cr.dbname, login, access_token)
|
|
|
|
res = self.search(cr, uid, [("oauth_uid", "=", oauth_uid)])
|
|
if res:
|
|
self.write(cr, uid, res[0]['id'], {'oauth_access_token':access_token})
|
|
else:
|
|
# New user
|
|
new_user = {
|
|
'name': name,
|
|
'login': login,
|
|
'user_email': login,
|
|
'oauth_provider': 'Google',
|
|
'oauth_uid': oauth_uid,
|
|
'oauth_access_token': access_token,
|
|
'active': True,
|
|
}
|
|
self.auth_signup_create(cr, uid, new_user)
|
|
return r
|
|
|
|
|
|
def check(self, db, uid, passwd):
|
|
try:
|
|
return super(res_users, self).check(db, uid, passwd)
|
|
except openerp.exceptions.AccesDenied:
|
|
if not passwd:
|
|
raise
|
|
try:
|
|
registry = openerp.modules.registry.RegistryManager.get(db)
|
|
cr = registry.db.cursor()
|
|
cr.execute('''SELECT COUNT(1)
|
|
FROM res_users
|
|
WHERE id=%s
|
|
AND oauth_access_token=%s
|
|
AND active=%s''',
|
|
(int(uid), passwd, True))
|
|
if not cr.fetchone()[0]:
|
|
raise
|
|
self._uid_cache.setdefault(db, {})[uid] = passwd
|
|
finally:
|
|
cr.close()
|
|
|
|
|
|
#
|