def oea(self, **kw):
"""login user via OpenERP Account provider"""
dbname = kw.pop('db', None)
if not dbname:
dbname = db_monodb()
if not dbname:
return BadRequest()
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
IMD = registry['ir.model.data']
try:
model, provider_id = IMD.get_object_reference(cr, SUPERUSER_ID, 'auth_oauth', 'provider_openerp')
except ValueError:
return set_cookie_and_redirect('/web?db=%s' % dbname)
assert model == 'auth.oauth.provider'
state = {
'd': dbname,
'p': provider_id,
'c': {'no_user_creation': True},
}
kw['state'] = simplejson.dumps(state)
return self.signin(**kw)
def weixin_name_email(self, **kw):
qcontext = request.params.copy()
if kw.get('email') and kw.get('name'):
import re
def validateEmail(email):
if email:
if len(email) > 7:
if re.match("^.+\\@(\\[?)[a-zA-Z0-9\\-\\.]+\\.([a-zA-Z]{2,3}|[0-9]{1,3})(\\]?)$", email) != None:
return 1
return 0
if not validateEmail(kw['email']) or kw['name'] == '':
qcontext['error'] = _('name or email error')
if 'error' not in qcontext and kw.get('state') and kw.get('access_token') and kw.get('name') and kw.get('email'):
dbname = kw['state']
registry = RegistryManager.get(dbname)
u = registry.get('res.users')
with registry.cursor() as cr:
try:
credentials = u.weixin_auth_signup(cr, SUPERUSER_ID, kw)
url='/web'
cr.commit()
return login_and_redirect(*credentials, redirect_url=url)
except Exception, e:
_logger.exception("OAuth2: %s" % str(e))
url = "/weixin/login?oauth_error=2"
return set_cookie_and_redirect(url)
class OAuthController(http.Controller):
@http.route('/auth_oauth/signin', type='http', auth='none')
@fragment_to_query_string
def signin(self, **kw):
state = json.loads(kw['state'])
dbname = state['d']
if not http.db_filter([dbname]):
return BadRequest()
provider = state['p']
context = state.get('c', {})
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
try:
u = registry.get('res.users')
credentials = u.auth_oauth(cr,
SUPERUSER_ID,
provider,
kw,
context=context)
cr.commit()
action = state.get('a')
menu = state.get('m')
redirect = werkzeug.url_unquote_plus(
state['r']) if state.get('r') else False
url = '/web'
if redirect:
url = redirect
elif action:
url = '/web#action=%s' % action
elif menu:
url = '/web#menu_id=%s' % menu
resp = login_and_redirect(*credentials, redirect_url=url)
#Since /web is hardcoded, verify user has right to land on it
if urlparse.urlparse(
resp.location).path == '/web' and not request.registry[
'res.users'].has_group(request.cr, request.uid,
'base.group_user'):
resp.location = '/'
return resp
except AttributeError:
# auth_signup is not installed
_logger.error(
"auth_signup not installed on database %s: oauth sign up cancelled."
% (dbname, ))
url = "/web/login?oauth_error=1"
except openerp.exceptions.AccessDenied:
# oauth credentials not valid, user could be on a temporary session
_logger.info(
'OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies'
)
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception, e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/web/login?oauth_error=2"
return set_cookie_and_redirect(url)
def oea(self, **kw):
"""login user via Odoo Account provider"""
dbname = kw.pop('db', None)
if not dbname:
dbname = db_monodb()
if not dbname:
return BadRequest()
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
IMD = registry['ir.model.data']
try:
model, provider_id = IMD.get_object_reference(
cr, SUPERUSER_ID, 'auth_oauth', 'provider_openerp')
except ValueError:
return set_cookie_and_redirect('/web?db=%s' % dbname)
assert model == 'auth.oauth.provider'
state = {
'd': dbname,
'p': provider_id,
'c': {
'no_user_creation': True
},
}
kw['state'] = simplejson.dumps(state)
return self.signin(**kw)
class OAuthController(oeweb.Controller):
_cp_path = '/auth_oauth'
@oeweb.jsonrequest
def list_providers(self, req, dbname):
try:
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
providers = registry.get('auth.oauth.provider')
l = providers.read(
cr, SUPERUSER_ID,
providers.search(cr, SUPERUSER_ID,
[('enabled', '=', True)]))
except Exception:
l = []
return l
@oeweb.httprequest
@fragment_to_query_string
def signin(self, req, **kw):
state = simplejson.loads(kw['state'])
dbname = state['d']
provider = state['p']
context = state.get('c', {})
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
try:
u = registry.get('res.users')
credentials = u.auth_oauth(cr,
SUPERUSER_ID,
provider,
kw,
context=context)
cr.commit()
action = state.get('a', None)
url = '/#action=' + action if action else '/'
return login_and_redirect(req, *credentials, redirect_url=url)
except AttributeError:
# auth_signup is not installed
_logger.error(
"auth_signup not installed on database %s: oauth sign up cancelled."
% (dbname, ))
url = "/#action=login&oauth_error=1"
except openerp.exceptions.AccessDenied:
# oauth credentials not valid, user could be on a temporary session
_logger.info(
'OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies'
)
url = "/#action=login&oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception, e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/#action=login&oauth_error=2"
return set_cookie_and_redirect(req, url)
def login(self, request, code=None, error=None, **kward):
state = self.retrieve_state(kward.get("state", False))
dbname = self.get_dbname(request, state)
result = self._validate_token(request, dbname, code, error)
if not result or 'error' in result:
return set_cookie_and_redirect(
request,
'/#action=login&loginerror=1&' + urllib.urlencode(result))
return login_and_redirect(request, dbname, result.get('login', False),
result.get('token', False))
def login(self, request, code=None, error=None, **kward):
state = self.retrieve_state(kward.get("state", False))
dbname = self.get_dbname(request, state)
result = self._validate_token(request, dbname, code, error)
if not result or 'error' in result:
return set_cookie_and_redirect(request,
'/#action=login&loginerror=1&' +
urllib.urlencode(result))
return login_and_redirect(request, dbname, result.get('login', False),
result.get('token', False))
class OAuthController_extend(OAuthController):
@http.route('/auth_oauth/signin', type='http', auth='none')
@fragment_to_query_string
def signin(self, **kw):
kw = simplejson.loads(simplejson.dumps(kw).replace('+', ''))
state = simplejson.loads(kw['state'])
dbname = state['d']
provider = state['p']
context = state.get('c', {})
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
try:
u = registry.get('res.users')
credentials = u.auth_oauth(cr,
SUPERUSER_ID,
provider,
kw,
context=context)
cr.commit()
action = state.get('a')
menu = state.get('m')
redirect = werkzeug.url_unquote_plus(
state['r']) if state.get('r') else False
url = '/web'
if redirect:
url = redirect
elif action:
url = '/web#action=%s' % action
elif menu:
url = '/web#menu_id=%s' % menu
return login_and_redirect(*credentials, redirect_url=url)
except AttributeError:
# auth_signup is not installed
_logger.error(
"auth_signup not installed on database %s: oauth sign up cancelled."
% (dbname, ))
url = "/web/login?oauth_error=1"
except openerp.exceptions.AccessDenied:
# oauth credentials not valid, user could be on a temporary session
_logger.info(
'OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies'
)
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception, e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/web/login?oauth_error=2"
return set_cookie_and_redirect(url)
class OAuthController(oeweb.Controller):
_cp_path = '/auth_oauth'
@oeweb.jsonrequest
def list_providers(self, req, dbname):
try:
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
providers = registry.get('auth.oauth.provider')
l = providers.read(
cr, SUPERUSER_ID,
providers.search(cr, SUPERUSER_ID,
[('enabled', '=', True)]))
except Exception:
l = []
return l
@oeweb.httprequest
@fragment_to_query_string
def signin(self, req, **kw):
state = simplejson.loads(kw['state'])
dbname = state['d']
provider = state['p']
context = state.get('c', {})
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
try:
u = registry.get('res.users')
credentials = u.auth_oauth(cr,
SUPERUSER_ID,
provider,
kw,
context=context)
cr.commit()
action = state.get('a', None)
url = '/#action=' + action if action else '/'
return login_and_redirect(req, *credentials, redirect_url=url)
except AttributeError:
# auth_signup is not installed
_logger.error(
"auth_signup not installed on database %s: oauth sign up cancelled."
% (dbname, ))
url = "/#action=login&oauth_error=1"
except Exception, e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/#action=login&oauth_error=2"
return set_cookie_and_redirect(req, url)
def signin(self, **kw):
# TODO faltaria implementar el redirect y no hardcodear el my/home
ensure_db()
partner_uuid = kw['partner_uuid']
dbname = kw.pop('db', None)
if not dbname:
dbname = db_monodb()
if not dbname:
return werkzeug.exceptions.BadRequest()
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
url = '/my/home'
try:
u = registry.get('res.users')
credentials = u.partner_uuid_login(
cr, SUPERUSER_ID, partner_uuid)
cr.commit()
return login_and_redirect(*credentials, redirect_url=url)
except:
pass
return set_cookie_and_redirect(url)
def oea(self, **kw):
"""login user via OpenERP Account provider"""
dbname = kw.pop("db", None)
if not dbname:
dbname = db_monodb()
if not dbname:
return BadRequest()
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
IMD = registry["ir.model.data"]
try:
model, provider_id = IMD.get_object_reference(cr, SUPERUSER_ID, "auth_oauth", "provider_openerp")
except ValueError:
return set_cookie_and_redirect("/web?db=%s" % dbname)
assert model == "auth.oauth.provider"
state = {"d": dbname, "p": provider_id, "c": {"no_user_creation": True}}
kw["state"] = simplejson.dumps(state)
return self.signin(**kw)
def weixin_signin(self, **kw):
#https://baoshunkeji.com/weixin/signin?code=0015b3203e9151b79c93fa46ea0d9aeo&state=test
dbname = kw['state']
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
try:
u = registry.get('res.users')
user_ids, token_data = u.weixin_auth_oauth(cr, SUPERUSER_ID, kw)
if user_ids:
assert len(user_ids) == 1
credentials = u.weixin_auth_signin(cr, SUPERUSER_ID, token_data, user_ids, kw)
else:
json_token_data = {'openid': token_data['openid'],
'refresh_token': token_data['refresh_token'],
'access_token': token_data['access_token']}
url = "/weixin/name_email?" + werkzeug.url_encode(json_token_data) + '&state=' + kw['state']
return set_cookie_and_redirect(url)
cr.commit()
url='/web'
return login_and_redirect(*credentials, redirect_url=url)
except Exception, e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/weixin/login?oauth_error=2"
url = '/#menu_id=%s' % menu
return login_and_redirect(req, *credentials, redirect_url=url)
except AttributeError, e:
print e
# auth_signup is not installed
_logger.error("auth_signup not installed on database "
"%s: saml sign up cancelled." % (dbname,))
url = "/#action=login&saml_error=1"
except openerp.exceptions.AccessDenied:
# saml credentials not valid,
# user could be on a temporary session
_logger.info('SAML2: access denied, redirect to main page '
'in case a valid session exists, '
'without setting cookies')
url = "/#action=login&saml_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception, e:
# signup error
_logger.exception("SAML2: %s" % str(e))
url = "/#action=login&saml_error=2"
return set_cookie_and_redirect(req, url)
# vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
url = "/weixin/login?oauth_error=2"
return set_cookie_and_redirect(url)
return request.render('oauth_weixin.name_email', qcontext)
@http.route('/weixin/signin', auth='public', website=True)
def weixin_signin(self, **kw):
#https://baoshunkeji.com/weixin/signin?code=0015b3203e9151b79c93fa46ea0d9aeo&state=test
dbname = kw['state']
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
try:
u = registry.get('res.users')
user_ids, token_data = u.weixin_auth_oauth(cr, SUPERUSER_ID, kw)
if user_ids:
assert len(user_ids) == 1
credentials = u.weixin_auth_signin(cr, SUPERUSER_ID, token_data, user_ids, kw)
else:
json_token_data = {'openid': token_data['openid'],
'refresh_token': token_data['refresh_token'],
'access_token': token_data['access_token']}
url = "/weixin/name_email?" + werkzeug.url_encode(json_token_data) + '&state=' + kw['state']
return set_cookie_and_redirect(url)
cr.commit()
url='/web'
return login_and_redirect(*credentials, redirect_url=url)
except Exception, e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/weixin/login?oauth_error=2"
return set_cookie_and_redirect(url)
url = "/saas_server/new_database"
kw['admin_data'] = simplejson.dumps({
'user_id': partner_id,
'client_id': provider.client_id,
'email': login,
'name': state['name']
})
full_url = '%s?%s' % (url, werkzeug.url_encode(kw))
_logger.info("\n\nFullURL: %s\n", full_url)
return login_and_redirect(*credentials, redirect_url=full_url)
else:
_logger.exception('OAuth2: No state provided.')
url = "/web/login?oauth_error=2"
return set_cookie_and_redirect(url)
def get_provider(self):
imd = request.registry['ir.model.data']
return imd.xmlid_to_object(request.cr, SUPERUSER_ID,
'cenit_saas_server.saas_oauth_provider')
def get_demo_plan(self):
icp = request.registry.get('ir.config_parameter')
name = icp.get_param(request.cr,
SUPERUSER_ID,
"cenit.plan.demo",
default=None)
ssp = request.registry.get('saas_server.plan')
conditions = [('state', '=', 'confirmed'), ('template', '=', name)]
def doorkeeper_cb(self, **kw):
if kw.get('state', False):
state = simplejson.loads(kw['state'])
master_db = db_monodb()
proto, root_url = request.httprequest.url_root.split("://")
if not master_db:
return BadRequest()
if state.get('login', False):
login = state['login']
db_prefix = state['login'].split('@')[0]
if state.get('demo', False):
db_prefix = "%s-%s" % (db_prefix, 'demo')
dbname = "%s_%s" % (db_prefix, master_db)
redirect = "%s://%s.%s" % (proto, db_prefix, root_url)
if not redirect.endswith("/"):
redirect += "/"
state.update({'d': dbname})
kw['state'] = simplejson.dumps(state)
if openerp.service.db.exp_db_exist(dbname):
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
IMD = registry['ir.model.data']
try:
model, provider_id = IMD.get_object_reference(
cr, SUPERUSER_ID, 'cenit_saas_server',
'saas_oauth_provider')
except ValueError:
return set_cookie_and_redirect('/web?db=%s' % dbname)
assert model == 'auth.oauth.provider'
params = {
'access_token': kw['access_token'],
'state': simplejson.dumps({
'd': dbname,
'p': provider_id,
}),
}
return werkzeug.utils.redirect(
'{host}{controller}?{params}'.format(
host=redirect,
controller='auth_oauth/signin',
params=werkzeug.url_encode(params)))
else:
_logger.info("\n\nNo existing tenant\n")
registry = RegistryManager.get(master_db)
if not state.get('name', False):
state.update({'name': db_prefix.capitalize()})
if not state.get('organization', False):
state.update({'organization': db_prefix.capitalize()})
if state.get('demo', False):
plan = self.get_demo_plan()
else:
if state.get('plan', False):
plan = self.get_plan(state.get('plan'))
else:
plan = self.get_default_plan()
state.update({
'db_template': plan['template'],
'plan': plan['id']
})
kw['state'] = simplejson.dumps(state)
try:
provider = self.__create_app_for_db(state['d'])
partner_id, credentials = self.__signup_user(provider, kw)
request.cr.commit()
except Exception, e:
_logger.exception(e)
url = "/web/login?oauth_error=2"
return set_cookie_and_redirect(url)
url = "/saas_server/new_database"
kw['admin_data'] = simplejson.dumps({
'user_id': partner_id,
'client_id': provider.client_id,
'email': login,
'name': state['name']
})
full_url = '%s?%s' % (url, werkzeug.url_encode(kw))
_logger.info("\n\nFullURL: %s\n", full_url)
return login_and_redirect(*credentials, redirect_url=full_url)
def doorkeeper_cb (self, **kw):
if kw.get('state', False):
state = simplejson.loads(kw['state'])
master_db = db_monodb ()
proto, root_url = request.httprequest.url_root.split ("://")
if not master_db:
return BadRequest()
if state.get ('login', False):
login = state['login']
db_prefix = state['login'].split ('@')[0]
if state.get ('demo', False):
db_prefix = "%s-%s" % (db_prefix, 'demo')
dbname = "%s_%s" %(db_prefix, master_db)
redirect = "%s://%s.%s" %(proto, db_prefix, root_url)
if not redirect.endswith ("/"):
redirect += "/"
state.update ({'d': dbname})
kw['state'] = simplejson.dumps (state)
if openerp.service.db.exp_db_exist (dbname):
registry = RegistryManager.get (dbname)
with registry.cursor() as cr:
IMD = registry['ir.model.data']
try:
model, provider_id = IMD.get_object_reference(
cr, SUPERUSER_ID,
'cenit_saas_server', 'saas_oauth_provider'
)
except ValueError:
return set_cookie_and_redirect('/web?db=%s' % dbname)
assert model == 'auth.oauth.provider'
params = {
'access_token': kw['access_token'],
'state': simplejson.dumps({
'd': dbname,
'p': provider_id,
}),
}
return werkzeug.utils.redirect('{host}{controller}?{params}'.format(
host = redirect,
controller = 'auth_oauth/signin',
params = werkzeug.url_encode(params)
)
)
else:
_logger.info ("\n\nNo existing tenant\n")
registry = RegistryManager.get (master_db)
if not state.get ('name', False):
state.update ({
'name': db_prefix.capitalize ()
})
if not state.get ('organization', False):
state.update ({
'organization': db_prefix.capitalize ()
})
if state.get ('demo', False):
plan = self.get_demo_plan ()
else:
if state.get ('plan', False):
plan = self.get_plan (state.get ('plan'))
else:
plan = self.get_default_plan ()
state.update ({
'db_template': plan['template'],
'plan': plan['id']
})
kw['state'] = simplejson.dumps (state)
try:
provider = self.__create_app_for_db (state['d'])
partner_id, credentials = self.__signup_user (provider, kw)
request.cr.commit ()
except Exception, e:
_logger.exception (e)
url = "/web/login?oauth_error=2"
return set_cookie_and_redirect (url)
url = "/saas_server/new_database"
kw['admin_data'] = simplejson.dumps ({
'user_id': partner_id,
'client_id': provider.client_id,
'email': login,
'name': state['name']
})
full_url = '%s?%s' % (url, werkzeug.url_encode(kw))
_logger.info ("\n\nFullURL: %s\n", full_url)
return login_and_redirect (*credentials, redirect_url=full_url)
def process(self, **kw):
session = getattr(request.session, 'openid_session', None)
if not session:
return set_cookie_and_redirect('/')
oidconsumer = consumer.Consumer(session, self._store, consumer_class=GoogleAppsAwareConsumer)
query = request.httprequest.args
info = oidconsumer.complete(query, request.httprequest.base_url)
display_identifier = info.getDisplayIdentifier()
session['status'] = info.status
if info.status == consumer.SUCCESS:
dbname = session['dbname']
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
Modules = registry.get('ir.module.module')
installed = Modules.search_count(cr, SUPERUSER_ID, ['&', ('name', '=', 'auth_openid'), ('state', '=', 'installed')]) == 1
if installed:
Users = registry.get('res.users')
#openid_url = info.endpoint.canonicalID or display_identifier
openid_url = session['openid_url']
attrs = self._get_attributes_from_success_response(info)
attrs['openid_url'] = openid_url
session['attributes'] = attrs
openid_email = attrs.get('email', False)
domain = []
if openid_email:
domain += ['|', ('openid_email', '=', False)]
domain += [('openid_email', '=', openid_email)]
domain += [('openid_url', '=', openid_url), ('active', '=', True)]
ids = Users.search(cr, SUPERUSER_ID, domain)
assert len(ids) < 2
if ids:
user_id = ids[0]
login = Users.browse(cr, SUPERUSER_ID, user_id).login
key = randomString(utils.KEY_LENGTH, '0123456789abcdef')
Users.write(cr, SUPERUSER_ID, [user_id], {'openid_key': key})
# TODO fill empty fields with the ones from sreg/ax
cr.commit()
return login_and_redirect(dbname, login, key)
session['message'] = 'This OpenID identifier is not associated to any active users'
elif info.status == consumer.SETUP_NEEDED:
session['message'] = info.setup_url
elif info.status == consumer.FAILURE and display_identifier:
fmt = "Verification of %s failed: %s"
session['message'] = fmt % (display_identifier, info.message)
else: # FAILURE
# Either we don't understand the code or there is no
# openid_url included with the error. Give a generic
# failure message. The library should supply debug
# information in a log.
session['message'] = 'Verification failed.'
return set_cookie_and_redirect('/#action=login&loginerror=1')
def process(self, req, **kw):
session = getattr(req.session, "openid_session", None)
if not session:
return set_cookie_and_redirect(req, "/")
oidconsumer = consumer.Consumer(session, self._store, consumer_class=GoogleAppsAwareConsumer)
query = req.httprequest.args
info = oidconsumer.complete(query, req.httprequest.base_url)
display_identifier = info.getDisplayIdentifier()
session["status"] = info.status
if info.status == consumer.SUCCESS:
dbname = session["dbname"]
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
Modules = registry.get("ir.module.module")
installed = (
Modules.search_count(
cr, SUPERUSER_ID, ["&", ("name", "=", "auth_openid"), ("state", "=", "installed")]
)
== 1
)
if installed:
Users = registry.get("res.users")
# openid_url = info.endpoint.canonicalID or display_identifier
openid_url = session["openid_url"]
attrs = self._get_attributes_from_success_response(info)
attrs["openid_url"] = openid_url
session["attributes"] = attrs
openid_email = attrs.get("email", False)
domain = []
if openid_email:
domain += ["|", ("openid_email", "=", False)]
domain += [("openid_email", "=", openid_email)]
domain += [("openid_url", "=", openid_url), ("active", "=", True)]
ids = Users.search(cr, SUPERUSER_ID, domain)
assert len(ids) < 2
if ids:
user_id = ids[0]
login = Users.browse(cr, SUPERUSER_ID, user_id).login
key = randomString(utils.KEY_LENGTH, "0123456789abcdef")
Users.write(cr, SUPERUSER_ID, [user_id], {"openid_key": key})
# TODO fill empty fields with the ones from sreg/ax
cr.commit()
return login_and_redirect(req, dbname, login, key)
session["message"] = "This OpenID identifier is not associated to any active users"
elif info.status == consumer.SETUP_NEEDED:
session["message"] = info.setup_url
elif info.status == consumer.FAILURE and display_identifier:
fmt = "Verification of %s failed: %s"
session["message"] = fmt % (display_identifier, info.message)
else: # FAILURE
# Either we don't understand the code or there is no
# openid_url included with the error. Give a generic
# failure message. The library should supply debug
# information in a log.
session["message"] = "Verification failed."
return set_cookie_and_redirect(req, "/#action=login&loginerror=1")
return login_and_redirect(req, *credentials, redirect_url=url)
except AttributeError, e:
print e
# auth_signup is not installed
_logger.error("auth_signup not installed on database "
"%s: saml sign up cancelled." % (dbname, ))
url = "/#action=login&saml_error=1"
except openerp.exceptions.AccessDenied:
# saml credentials not valid,
# user could be on a temporary session
_logger.info('SAML2: access denied, redirect to main page '
'in case a valid session exists, '
'without setting cookies')
url = "/#action=login&saml_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception, e:
# signup error
_logger.exception("SAML2: %s" % str(e))
url = "/#action=login&saml_error=2"
return set_cookie_and_redirect(req, url)
# vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
def process(self, **kw):
session = getattr(request.session, 'openid_session', None)
if not session:
return set_cookie_and_redirect('/')
oidconsumer = consumer.Consumer(session, self._store, consumer_class=GoogleAppsAwareConsumer)
query = request.httprequest.args
info = oidconsumer.complete(query, request.httprequest.base_url)
display_identifier = info.getDisplayIdentifier()
session['status'] = info.status
if info.status == consumer.SUCCESS:
dbname = session['dbname']
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
Modules = registry.get('ir.module.module')
installed = Modules.search_count(cr, SUPERUSER_ID, ['&', ('name', '=', 'auth_openid'), ('state', '=', 'installed')]) == 1
if installed:
Users = registry.get('res.users')
#openid_url = info.endpoint.canonicalID or display_identifier
openid_url = session['openid_url']
attrs = self._get_attributes_from_success_response(info)
attrs['openid_url'] = openid_url
session['attributes'] = attrs
openid_email = attrs.get('email', False)
domain = []
if openid_email:
domain += ['|', ('openid_email', '=', False)]
domain += [('openid_email', '=', openid_email)]
domain += [('openid_url', '=', openid_url), ('active', '=', True)]
ids = Users.search(cr, SUPERUSER_ID, domain)
assert len(ids) < 2
if ids:
user_id = ids[0]
login = Users.browse(cr, SUPERUSER_ID, user_id).login
key = randomString(utils.KEY_LENGTH, '0123456789abcdef')
Users.write(cr, SUPERUSER_ID, [user_id], {'openid_key': key})
# TODO fill empty fields with the ones from sreg/ax
cr.commit()
return login_and_redirect(dbname, login, key)
session['message'] = 'This OpenID identifier is not associated to any active users'
elif info.status == consumer.SETUP_NEEDED:
session['message'] = info.setup_url
elif info.status == consumer.FAILURE and display_identifier:
fmt = "Verification of %s failed: %s"
session['message'] = fmt % (display_identifier, info.message)
else: # FAILURE
# Either we don't understand the code or there is no
# openid_url included with the error. Give a generic
# failure message. The library should supply debug
# information in a log.
session['message'] = 'Verification failed.'
return set_cookie_and_redirect('/#action=login&loginerror=1')
