-
-
Notifications
You must be signed in to change notification settings - Fork 68
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[IMP] webservice: allow web application flow
- Loading branch information
1 parent
6c44edc
commit ca7801d
Showing
7 changed files
with
166 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
# generated from manifests external_dependencies | ||
oauthlib | ||
requests-oauthlib |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
from . import components | ||
from . import models | ||
from . import controllers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,10 +3,12 @@ | |
# @author Simone Orsi <[email protected]> | ||
# @author Alexandre Fayolle <[email protected]> | ||
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). | ||
|
||
import logging | ||
|
||
from odoo import _, api, exceptions, fields, models | ||
|
||
_logger = logging.getLogger(__name__) | ||
|
||
|
||
class WebserviceBackend(models.Model): | ||
|
||
|
@@ -31,14 +33,33 @@ class WebserviceBackend(models.Model): | |
password = fields.Char(auth_type="user_pwd") | ||
api_key = fields.Char(string="API Key", auth_type="api_key") | ||
api_key_header = fields.Char(string="API Key header", auth_type="api_key") | ||
oauth2_flow = fields.Selection( | ||
[ | ||
("backend_application", "Backend Application (Client Credentials Grant)"), | ||
("authorization_code", "Web Application (Authorization Code Grant)"), | ||
], | ||
readonly=False, | ||
store=True, | ||
compute="_compute_oauth2_flow", | ||
) | ||
oauth2_clientid = fields.Char(string="Client ID", auth_type="oauth2") | ||
oauth2_client_secret = fields.Char(string="Client Secret", auth_type="oauth2") | ||
oauth2_token_url = fields.Char(string="Token URL", auth_type="oauth2") | ||
oauth2_authorization_url = fields.Char(string="Authorization URL") | ||
oauth2_audience = fields.Char( | ||
string="Audience" | ||
# no auth_type because not required | ||
) | ||
oauth2_scope = fields.Char(help="scope of the the authorization") | ||
oauth2_token = fields.Char(help="the OAuth2 token (serialized JSON)") | ||
redirect_url = fields.Char( | ||
compute="_compute_redirect_url", | ||
help="The redirect URL to be used as part of the OAuth2 authorisation flow", | ||
) | ||
oauth2_state = fields.Char( | ||
help="random key generated when authorization flow starts " | ||
"to ensure that no CSRF attack happen" | ||
) | ||
content_type = fields.Selection( | ||
[ | ||
("application/json", "JSON"), | ||
|
@@ -82,7 +103,10 @@ def _valid_field_parameter(self, field, name): | |
return name in extra_params or super()._valid_field_parameter(field, name) | ||
|
||
def call(self, method, *args, **kwargs): | ||
return getattr(self._get_adapter(), method)(*args, **kwargs) | ||
_logger.debug("backend %s: call %s %s %s", self.name, method, args, kwargs) | ||
response = getattr(self._get_adapter(), method)(*args, **kwargs) | ||
_logger.debug("backend %s: response: \n%s", self.name, response) | ||
return response | ||
|
||
def _get_adapter(self): | ||
with self.work_on(self._name) as work: | ||
|
@@ -94,9 +118,37 @@ def _get_adapter(self): | |
def _get_adapter_protocol(self): | ||
protocol = self.protocol | ||
if self.auth_type.startswith("oauth2"): | ||
protocol += f"+{self.auth_type}" | ||
protocol += f"+{self.auth_type}-{self.oauth2_flow}" | ||
return protocol | ||
|
||
@api.depends("auth_type") | ||
def _compute_oauth2_flow(self): | ||
for rec in self: | ||
if rec.auth_type != "oauth2": | ||
rec.oauth2_flow = False | ||
|
||
@api.depends("auth_type", "oauth2_flow") | ||
def _compute_redirect_url(self): | ||
get_param = self.env["ir.config_parameter"].sudo().get_param | ||
base_url = get_param("web.base.url") | ||
for rec in self: | ||
if rec.auth_type == "oauth2" and rec.oauth2_flow == "authorization_code": | ||
rec.redirect_url = ( | ||
f"https://{base_url}/webservice/{rec.id}/oauth2/redirect" | ||
) | ||
else: | ||
rec.redirect_url = False | ||
|
||
def button_authorize(self): | ||
_logger.info("Button OAuth2 Authorize") | ||
authorize_url = self._get_adapter().redirect_to_authorize() | ||
_logger.info("Redirecting to %s", authorize_url) | ||
return { | ||
"type": "ir.actions.act_url", | ||
"url": authorize_url, | ||
"target": "self", | ||
} | ||
|
||
@property | ||
def _server_env_fields(self): | ||
base_fields = super()._server_env_fields | ||
|
@@ -109,8 +161,11 @@ def _server_env_fields(self): | |
"api_key": {}, | ||
"api_key_header": {}, | ||
"content_type": {}, | ||
"oauth2_flow": {}, | ||
"oauth2_scope": {}, | ||
"oauth2_clientid": {}, | ||
"oauth2_client_secret": {}, | ||
"oauth2_authorization_url": {}, | ||
"oauth2_token_url": {}, | ||
"oauth2_audience": {}, | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters