Raphael Collet (OpenERP) has proposed merging
lp:~openerp-dev/openobject-addons/trunk-oauth-signin-rco into
lp:openobject-addons.
Requested reviews:
Raphael Collet (OpenERP) (rco-openerp)
For more details, see:
https://code.launchpad.net/~openerp-dev/openobject-addons/trunk-oauth-signin-rco/+merge/136111
Make the modules auth_signup and auth_oauth work together.
In other words, one should be able to signup (or reset your password) by
authenticating oneself with oauth.
--
https://code.launchpad.net/~openerp-dev/openobject-addons/trunk-oauth-signin-rco/+merge/136111
Your team OpenERP R&D Team is subscribed to branch
lp:~openerp-dev/openobject-addons/trunk-oauth-signin-rco.
=== modified file 'auth_oauth/res_users.py'
--- auth_oauth/res_users.py 2012-11-16 10:58:20 +0000
+++ auth_oauth/res_users.py 2012-11-27 15:38:22 +0000
@@ -45,6 +45,25 @@
validation.update(data)
return validation
+ def _auth_oauth_signin(self, cr, uid, provider, validation, params, context=None):
+ """ retrieve and sign in the user corresponding to provider and validated access token
+ :param provider: oauth provider id (int)
+ :param validation: result of validation of access token (dict)
+ :param params: oauth parameters (dict)
+ :return: user login (str)
+ :raise: openerp.exceptions.AccessDenied if signin failed
+
+ This method can be overridden to add alternative signin methods.
+ """
+ oauth_uid = validation['user_id']
+ user_ids = self.search(cr, uid, [("oauth_uid", "=", oauth_uid), ('oauth_provider_id', '=', provider)])
+ if not user_ids:
+ raise openerp.exceptions.AccessDenied()
+ assert len(user_ids) == 1
+ user = self.browse(cr, uid, user_ids[0], context=context)
+ user.write({'oauth_access_token': params['access_token']})
+ return user.login
+
def auth_oauth(self, cr, uid, provider, params, context=None):
# Advice by Google (to avoid Confused Deputy Problem)
# if validation.audience != OUR_CLIENT_ID:
@@ -53,39 +72,15 @@
# continue with the process
access_token = params.get('access_token')
validation = self._auth_oauth_validate(cr, uid, provider, access_token)
- # required
- oauth_uid = validation['user_id']
- if not oauth_uid:
- raise openerp.exceptions.AccessDenied()
- email = validation.get('email', 'provider_%d_user_%d' % (provider, oauth_uid))
- login = email
- # optional
- name = validation.get('name', email)
- res = self.search(cr, uid, [("oauth_uid", "=", oauth_uid), ('oauth_provider_id', '=', provider)])
- if res:
- assert len(res) == 1
- user = self.browse(cr, uid, res[0], context=context)
- login = user.login
- user.write({'oauth_access_token': access_token})
- else:
- # New user if signup module available
- if not hasattr(self, '_signup_create_user'):
- raise openerp.exceptions.AccessDenied()
-
- new_user = {
- 'name': name,
- 'login': login,
- 'user_email': email,
- 'oauth_provider_id': provider,
- 'oauth_uid': oauth_uid,
- 'oauth_access_token': access_token,
- 'active': True,
- }
- # TODO pass signup token to allow attach new user to right partner
- self._signup_create_user(cr, uid, new_user)
-
- credentials = (cr.dbname, login, access_token)
- return credentials
+ # required check
+ if not validation.get('user_id'):
+ raise openerp.exceptions.AccessDenied()
+ # retrieve and sign in user
+ login = self._auth_oauth_signin(cr, uid, provider, validation, params, context=context)
+ if not login:
+ raise openerp.exceptions.AccessDenied()
+ # return user credentials
+ return (cr.dbname, login, access_token)
def check_credentials(self, cr, uid, password):
try:
=== modified file 'auth_oauth/static/src/js/auth_oauth.js'
--- auth_oauth/static/src/js/auth_oauth.js 2012-11-16 16:24:21 +0000
+++ auth_oauth/static/src/js/auth_oauth.js 2012-11-27 15:38:22 +0000
@@ -35,27 +35,30 @@
on_oauth_sign_in: function(ev) {
ev.preventDefault();
var index = $(ev.target).data('index');
- var p = this.oauth_providers[index];
- var ret = _.str.sprintf('%s//%s/auth_oauth/signin', location.protocol, location.host);
+ var provider = this.oauth_providers[index];
+ var return_url = _.str.sprintf('%s//%s/auth_oauth/signin', location.protocol, location.host);
if (instance.session.debug) {
- ret += '?debug';
+ return_url += '?debug';
}
- var dbname = self.$("form [name=db]").val();
- var state_object = {
- d: dbname,
- p: p.id
- };
- var state = JSON.stringify(state_object);
+ var state = this._oauth_state(provider);
var params = {
response_type: 'token',
- client_id: p.client_id,
- redirect_uri: ret,
- scope: p.scope,
- state: state,
+ client_id: provider.client_id,
+ redirect_uri: return_url,
+ scope: provider.scope,
+ state: JSON.stringify(state),
};
- var url = p.auth_endpoint + '?' + $.param(params);
+ var url = provider.auth_endpoint + '?' + $.param(params);
window.location = url;
},
+ _oauth_state: function(provider) {
+ // return the state object sent back with the redirected uri
+ var dbname = this.$("form [name=db]").val();
+ return {
+ d: dbname,
+ p: provider.id,
+ };
+ },
});
};
=== added directory 'auth_oauth_signup'
=== added file 'auth_oauth_signup/__init__.py'
--- auth_oauth_signup/__init__.py 1970-01-01 00:00:00 +0000
+++ auth_oauth_signup/__init__.py 2012-11-27 15:38:22 +0000
@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+# OpenERP, Open Source Management Solution
+# Copyright (C) 2012-today OpenERP SA (<http://www.openerp.com>)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>
+#
+##############################################################################
+
+import res_users
=== added file 'auth_oauth_signup/__openerp__.py'
--- auth_oauth_signup/__openerp__.py 1970-01-01 00:00:00 +0000
+++ auth_oauth_signup/__openerp__.py 2012-11-27 15:38:22 +0000
@@ -0,0 +1,39 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+# OpenERP, Open Source Management Solution
+# Copyright (C) 2010-2012 OpenERP SA (<http://openerp.com>).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+
+{
+ 'name': 'Signup with OAuth2 Authentication',
+ 'version': '1.0',
+ 'category': 'Hidden',
+ 'description': """
+Allow users to sign up through OAuth2 Provider.
+===============================================
+""",
+ 'author': 'OpenERP SA',
+ 'website': 'http://www.openerp.com',
+ 'depends': ['auth_oauth', 'auth_signup'],
+ 'data': [],
+ 'js': ['static/src/js/auth_oauth_signup.js'],
+ 'css': [],
+ 'qweb': [],
+ 'installable': True,
+ 'auto_install': True,
+}
=== added file 'auth_oauth_signup/res_users.py'
--- auth_oauth_signup/res_users.py 1970-01-01 00:00:00 +0000
+++ auth_oauth_signup/res_users.py 2012-11-27 15:38:22 +0000
@@ -0,0 +1,55 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+# OpenERP, Open Source Management Solution
+# Copyright (C) 2010-2012 OpenERP SA (<http://openerp.com>).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+
+import logging
+import simplejson
+
+import openerp
+from openerp.osv import osv, fields
+
+_logger = logging.getLogger(__name__)
+
+class res_users(osv.Model):
+ _inherit = 'res.users'
+
+ def _auth_oauth_signin(self, cr, uid, provider, validation, params, context=None):
+ # overridden to use signup method if regular oauth signin fails
+ try:
+ login = super(res_users, self)._auth_oauth_signin(cr, uid, provider, validation, params, context=context)
+
+ except openerp.exceptions.AccessDenied:
+ state = simplejson.loads(params['state'])
+ token = state.get('t')
+ oauth_uid = validation['user_id']
+ email = validation.get('email', 'provider_%d_user_%d' % (provider, oauth_uid))
+ name = validation.get('name', email)
+ values = {
+ 'name': name,
+ 'login': email,
+ 'email': email,
+ 'oauth_provider_id': provider,
+ 'oauth_uid': oauth_uid,
+ 'oauth_access_token': params['access_token'],
+ 'active': True,
+ }
+ _, login, _ = self.signup(cr, uid, values, token, context=context)
+
+ return login
=== added directory 'auth_oauth_signup/static'
=== added directory 'auth_oauth_signup/static/src'
=== added directory 'auth_oauth_signup/static/src/js'
=== added file 'auth_oauth_signup/static/src/js/auth_oauth_signup.js'
--- auth_oauth_signup/static/src/js/auth_oauth_signup.js 1970-01-01 00:00:00 +0000
+++ auth_oauth_signup/static/src/js/auth_oauth_signup.js 2012-11-27 15:38:22 +0000
@@ -0,0 +1,14 @@
+openerp.auth_oauth_signup = function(instance) {
+
+ // override Login._oauth_state to add the signup token in the state
+ instance.web.Login.include({
+ _oauth_state: function(provider) {
+ var state = this._super.apply(this, arguments);
+ if (this.params.token) {
+ state.t = this.params.token;
+ }
+ return state;
+ },
+ });
+
+};
_______________________________________________
Mailing list: https://launchpad.net/~openerp-dev-gtk
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openerp-dev-gtk
More help : https://help.launchpad.net/ListHelp
