def validate_verifier(self, client_key, token, verifier, request):
if not request.request_token:
request.request_token = self.get_request_token(token)
if (request.request_token and consteq(request.request_token.verifier, verifier) and
consteq(request.request_token.oauth.consumer_key, client_key)):
request.user = request.request_token.user.id
return True
return None
def get_access_token_secret(self, client_key, token, request):
if not request.access_token:
request.access_token = self.get_access_token(token)
if request.access_token and consteq(
request.access_token.oauth.consumer_key, client_key):
return request.access_token.resource_owner_secret
return None
def authenticate_client_id(self, client_id, request, *args, **kwargs):
request = self.ensure_client_parameters(request)
if not client_id:
client_id = request.client_id
if not request.client:
request.client = self.get_client(client_id)
return request.client and consteq(request.client.client_id, client_id)
def validate_refresh_token(self, refresh_token, client, request, *args,
**kwargs):
request.refresh_token = self.get_refresh_token(refresh_token)
if request.refresh_token and consteq(
request.refresh_token.oauth.client_id, client.client_id):
request.user = request.refresh_token.user.id
return True
return False
def validate_code(self, client_id, code, client, request, *args, **kwargs):
if not request.client:
request.client = self.get_client(client_id)
authorization_code = self.get_authorization_code(code)
if authorization_code and consteq(authorization_code.oauth.client_id, request.client.client_id):
request.user = authorization_code.user.id
return True
return False
def post_request(
self, uri, validate_csrf, request_env, data=None, headers=None):
""" Execute a POST request on the test client """
# Mock the http request's environ to allow it to see test records
user = self.logged_user or self.env.ref('base.public_user')
request_env.return_value = self.env(user=user)
# Disable CSRF tokens check during tests
validate_csrf.return_value = consteq('', '')
return self.test_client.post(
uri, data=data, environ_base=self.werkzeug_environ,
headers=headers)
def _redirect_to_record(cls, model, res_id, access_token=None):
# If the current user doesn't have access to the sales order, but provided
# a valid access token, redirect him to the front-end view.
if model == 'plant.plant' and res_id and access_token:
uid = request.session.uid or request.env.ref('base.public_user').id
record_sudo = request.env[model].sudo().browse(res_id).exists()
if record_sudo.access_token and consteq(record_sudo.access_token,
access_token):
return werkzeug.utils.redirect(record_sudo.portal_url)
return super(MailController,
cls)._redirect_to_record(model,
res_id,
access_token=access_token)
def _redirect_to_record(cls, model, res_id, access_token=None):
# If the current user doesn't have access to the sales order, but provided
# a valid access token, redirect him to the front-end view.
if model == 'sale.order' and res_id and access_token:
uid = request.session.uid or request.env.ref('base.public_user').id
record_sudo = request.env[model].sudo().browse(res_id).exists()
try:
record_sudo.sudo(uid).check_access_rights('read')
record_sudo.sudo(uid).check_access_rule('read')
except AccessError:
if record_sudo.access_token and consteq(record_sudo.access_token, access_token):
record_action = record_sudo.with_context(
force_website=True).get_access_action()
if record_action['type'] == 'ir.actions.act_url':
return werkzeug.utils.redirect(record_action['url'])
return super(MailController, cls)._redirect_to_record(model, res_id, access_token=access_token)
def _redirect_to_record(cls, model, res_id, access_token=None):
# If the current user doesn't have access to the sales order, but provided
# a valid access token, redirect him to the front-end view.
if model == 'sale.order' and res_id and access_token:
uid = request.session.uid or request.env.ref('base.public_user').id
record_sudo = request.env[model].sudo().browse(res_id).exists()
try:
record_sudo.sudo(uid).check_access_rights('read')
record_sudo.sudo(uid).check_access_rule('read')
except AccessError:
if record_sudo.access_token and consteq(record_sudo.access_token, access_token):
record_action = record_sudo.with_context(
force_website=True).get_access_action(uid)
if record_action['type'] == 'ir.actions.act_url':
return werkzeug.utils.redirect(record_action['url'])
return super(MailController, cls)._redirect_to_record(model, res_id, access_token=None)
def invalidate_request_token(self, client_key, request_token, request):
if not request.request_token:
request.request_token = self.get_request_token(token)
if request.request_token and consteq(
request.request_token.oauth.consumer_key, client_key):
request.request_token.unlink()
def validate_access_token(self, client_key, token, request):
if not request.access_token:
request.access_token = self.get_access_token(token)
return request.access_token and consteq(
request.access_token.oauth.consumer_key, client_key)
def invalidate_authorization_code(self, client_id, code, request, *args,
**kwargs):
authorization_code = self.get_authorization_code(code)
if authorization_code and consteq(authorization_code.oauth.client_id,
client_id):
authorization_code.unlink()
def validate_refresh_token(self, refresh_token, client, request, *args, **kwargs):
request.refresh_token = self.get_refresh_token(refresh_token)
return request.refresh_token and consteq(request.refresh_token.oauth.client_id, client.client_id)
