def new_database(self, **post): if not request.session.uid: return login_and_redirect() plan_id = int(post.get('plan_id')) res = self.create_new_database(plan_id) return request.redirect(res.get('url'))
def access(self, **kw): token = kw.get('token') db = kw.get('db') registry = registry_get(db) with registry.cursor() as cr: env = api.Environment(cr, SUPERUSER_ID, {}) user = env['res.users'].sudo().search([('authenticator_token', '=', token)]) if not user: raise AccessDenied() # Check if expire if fields.Datetime.from_string( user.authenticator_expire_in) < datetime.now(): raise AccessDenied() redirect = login_and_redirect(db, user.login, user.authenticator_token) user.write({ 'authenticator_token': False, 'authenticator_expire_in': False }) cr.commit() return redirect return set_cookie_and_redirect('/web')
def signin(self, req, **kw): """client obtained a saml token and passed it back to us... we need to validate it """ saml_response = kw.get('SAMLResponse') if kw.get('RelayState') is None: # here we are in front of a client that went through # some routes that "lost" its relaystate... this can happen # if the client visited his IDP and successfully logged in # then the IDP gave him a portal with his available applications # but the provided link does not include the necessary relaystate url = "/?type=signup" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = True return redirect state = simplejson.loads(kw['RelayState']) provider = state['p'] dbname = state['d'] context = state.get('c', {}) registry = registry_get(dbname) with registry.cursor() as cr: try: env = api.Environment(cr, SUPERUSER_ID, context) credentials = env['res.users'].sudo().auth_saml( provider, saml_response) action = state.get('a') menu = state.get('m') url = '/' if action: url = '/#action=%s' % action elif menu: url = '/#menu_id=%s' % menu return login_and_redirect(*credentials, redirect_url=url) except AttributeError as e: # auth_signup is not installed _logger.error("auth_signup not installed on database " "saml sign up cancelled.") url = "/#action=login&saml_error=no-signup" except odoo.exceptions.AccessDenied: # saml credentials not valid, # user could be on a temporary session _logger.info('SAML2: access denied, redirect to main page ' 'in case a valid session exists, ' 'without setting cookies') url = "/#action=login&saml_error=expired" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception: # signup error _logger.exception("SAML2: failure") url = "/#action=login&saml_error=access-denied" return set_cookie_and_redirect(url)
def web_dingtalk_auto_signin_action(self, **kw): """ 通过获得的【免登授权码或者临时授权码】获取用户信息 :param kw: :return: """ auth_code = kw.get('authCode') logging.info(">>>免登授权码: %s", auth_code) config = request.env['dingtalk.mc.config'].sudo().search( [('m_login', '=', True)], limit=1) client = dt.get_client( request, dt.get_dingtalk_config(request, config.company_id)) result = client.user.getuserinfo(auth_code) domain = [('ding_id', '=', result.userid), ('company_id', '=', config.company_id.id)] employee = request.env['hr.employee'].sudo().search(domain, limit=1) if not employee: _logger.info(_("系统对应员工不存在!")) return self._do_err_redirect(_("系统对应员工不存在!")) _logger.info(">>>员工:{}正在尝试登录系统".format(employee.name)) if not employee.ding_id: _logger.info(_("员工不存在钉钉ID,请维护后再试!")) return self._do_err_redirect(_("员工不存在钉钉ID,请维护后再试!")) if not employee.user_id: return self._do_err_redirect(_("你还没有关联系统用户,请联系管理员处理!")) ensure_db() dbname = request.session.db if not http.db_filter([dbname]): return BadRequest() registry = registry_get(dbname) with registry.cursor() as cr: try: env = api.Environment(cr, SUPERUSER_ID, {}) credentials = env['res.users'].sudo().auth_oauth( 'dingtalk', employee.ding_id) cr.commit() url = '/web' resp = login_and_redirect(*credentials, redirect_url=url) if werkzeug.urls.url_parse( resp.location ).path == '/web' and not request.env.user.has_group( 'base.group_user'): resp.location = '/' return resp except AttributeError: _logger.error(">>>未在数据库'%s'上安装auth_signup:oauth注册已取消。" % (dbname, )) url = "/web/login?oauth_error=1" except AccessDenied: _logger.info( '>>>DingTalk-OAuth2: 访问被拒绝,在存在有效会话的情况下重定向到主页,而未设置Cookie') url = "/web/login?oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception as e: _logger.exception("OAuth2: %s" % str(e)) url = "/web/login?oauth_error=2" return http.redirect_with_hash(url)
def register_affiliate(self, **kw): ensure_db() aff_request = request.env['affiliate.request'].sudo().search([ ('name', '=', kw.get('login')) ]) if aff_request and kw.get('confirm_password') == kw.get( 'password') and aff_request.signup_token == kw.get('token'): template_user_id = literal_eval( request.env['ir.config_parameter'].sudo().get_param( 'base.template_portal_user_id', 'False')) template_user = request.env['res.users'].sudo().browse( template_user_id) auto_approve_request = request.env['res.config.settings'].sudo( ).website_constant().get('auto_approve_request') if not template_user.exists(): raise SignupError('Invalid template user.') data = kw redirect_url = "/" values = {key: data.get(key) for key in ('login', 'name')} values['email'] = data.get('email') or values.get('login') values['lang'] = request.lang.code values['active'] = True no_invitation_mail = True values['password'] = data.get('password', "") try: with request.env.cr.savepoint(): user = template_user.with_context( no_reset_password=no_invitation_mail).copy(values) _logger.info('------user.partner--%r-----', user.partner_id) # update phoen no. and comment in res.partner user.partner_id.comment = kw.get('comment') user.partner_id.phone = kw.get('phone') # update affiliate.request with partner and user id and state aff_request.partner_id = user.partner_id.id aff_request.user_id = user.id aff_request.state = 'register' request.env.cr.commit() # check the config for auto approve the request if auto_approve_request: aff_request.action_aproove() db = request.env.cr.dbname return login_and_redirect(db, data['login'], data['password'], redirect_url='/affiliate') except Exception as e: _logger.error("Error123: %r" % e) return http.redirect_with_hash('/') else: if kw.get('password') != kw.get('confirm_password'): request.session['error'] = "Passwords Does't match." return request.redirect( '/affiliate/signup?token=' + kw.get('token'), 303) else: request.session['error'] = "something went wrong.." return request.redirect('/affiliate/', 303)
def signin_3rd(self, **kw): state = json.loads(kw['state']) dbname = state['d'] provider = state['p'] context = state.get('c', {}) registry = registry_get(dbname) with registry.cursor() as cr: try: env = api.Environment(cr, SUPERUSER_ID, context) credentials = env['res.users'].sudo().auth_oauth_third( provider, kw) cr.commit() action = state.get('a') menu = state.get('m') redirect = werkzeug.url_unquote_plus( state['r']) if state.get('r') else False url = '/web' if redirect: url = redirect elif action: url = '/web#action=%s' % action elif menu: url = '/web#menu_id=%s' % menu if credentials[0] == -1: from .controllers import gen_id credentials[1]['oauth_provider_id'] = provider qr_id = gen_id(credentials[1]) redirect = base64.urlsafe_b64encode( redirect.encode('utf-8')).decode('utf-8') url = '/corp/bind?qr_id=%s&redirect=%s' % (qr_id, redirect) else: return login_and_redirect(*credentials, redirect_url=url) except AttributeError: import traceback traceback.print_exc() # auth_signup is not installed _logger.error( "auth_signup not installed on database %s: oauth sign up cancelled." % (dbname, )) url = "/web/login?oauth_error=1" except AccessDenied: import traceback traceback.print_exc() # oauth credentials not valid, user could be on a temporary session _logger.info( 'OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies' ) url = "/web/login?oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception as e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "/web/login?oauth_error=2" return set_cookie_and_redirect(url)
def main_controller(self, **kw): data = kw web_base = request.env['ir.config_parameter'].sudo().get_param( "web.base.url").replace("https://", '') req = self.prepare_request(data, web_base) try: auth = self.init_saml_auth(req) except Exception as e: url = "/web/login?error=" + str(e) logger.warning('Exception : %s', str(e)) return werkzeug.utils.redirect(url) if 'acs' in data.keys(): auth.process_response() errors = auth.get_errors() logger.warning('Errors : %s', errors) logger.warning("%s", auth.get_last_error_reason()) if not errors: if auth.is_authenticated(): attrs = auth.get_attributes() name_id = auth.get_nameid() logger.warning("Nameid: %s", name_id) # logger.warning("Object: %s", auth.__dict__) logger.warning("Object: %s", dir(auth)) logger.warning('Attrs : %s', attrs) logger.warning('Auth : %s', auth) login = name_id.lower() user = request.env['res.users'].sudo().search([ ('login', 'ilike', login) ]) if user: user.write({'saml_nameid': name_id}) else: url = "/web/login?error=Your account doesn\'t exist in our database, please contact the administrator" return werkzeug.utils.redirect(url) request.env.cr.commit() return login_and_redirect( request.env.cr.dbname, login, name_id, redirect_url=data.get('RelayState') or '/') else: url = "/web/login?error=You are not authenticated" else: url = "/web/login?error=" + str(errors) return werkzeug.utils.redirect(url) else: self.prepare_request(data, web_base) return_to = data.get('return_to') or '/web' url = auth.login(return_to=return_to) return werkzeug.utils.redirect(url)
def signin(self, **kw): state = json.loads(kw['state']) dbname = state['d'] if not http.db_filter([dbname]): return BadRequest() provider = state['p'] context = state.get('c', {}) registry = registry_get(dbname) with registry.cursor() as cr: try: env = api.Environment(cr, SUPERUSER_ID, context) credentials = env['res.users'].sudo().auth_oauth(provider, kw) cr.commit() action = state.get('a') menu = state.get('m') redirect = werkzeug.urls.url_unquote_plus( state['r']) if state.get('r') else False url = '/web' if redirect: url = redirect elif action: url = '/web#action=%s' % action elif menu: url = '/web#menu_id=%s' % menu resp = login_and_redirect(*credentials, redirect_url=url) # Since /web is hardcoded, verify user has right to land on it if werkzeug.urls.url_parse( resp.location ).path == '/web' and not request.env.user.has_group( 'base.group_user'): resp.location = '/' return resp except AttributeError: # auth_signup is not installed _logger.error( "auth_signup not installed on database %s: oauth sign up cancelled." % (dbname, )) url = "/web/login?oauth_error=1" except AccessDenied: # oauth credentials not valid, user could be on a temporary session _logger.info( 'OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies' ) url = "/web/login?oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception as e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "/web/login?oauth_error=2" return set_cookie_and_redirect(url)
def web_digits_verify_login(self,*args,**kw): if 'X-Verify-Credentials-Authorization' in kw: digitResponse = kw['X-Verify-Credentials-Authorization'] getDigitsConfigSearch=http.request.env['digits.configuration'].search([]) if getDigitsConfigSearch: response = requests.get(kw['X-Auth-Service-Provider'],headers={"Authorization":digitResponse}) if response.status_code == 200: user_obj=http.request.env['res.users'] credentials = user_obj.digit_authenticate({'phone_number': response.json().get('phone_number'),'access_token': response.json().get('access_token')['token']}) if credentials: return login_and_redirect(*credentials, redirect_url='/web') else: logout=request.session.logout(keep_db=True) return werkzeug.utils.redirect('/web/login') else: return werkzeug.utils.redirect('/web/login')
def signin(self, **kw): kw = simplejson.loads(simplejson.dumps(kw).replace('+', '')) state = simplejson.loads(kw['state']) dbname = state['d'] provider = state['p'] context = state.get('c', {}) registry = RegistryManager.get(dbname) with registry.cursor() as cr: try: env = api.Environment(cr, SUPERUSER_ID, context) credentials = env['res.users'].sudo().auth_oauth(provider, kw) print credentials # u = registry.get('res.users') # credentials = u.auth_oauth(provider, kw) cr.commit() action = state.get('a') menu = state.get('m') redirect = werkzeug.url_unquote_plus( state['r']) if state.get('r') else False url = '/web' if redirect: url = redirect elif action: url = '/web#action=%s' % action elif menu: url = '/web#menu_id=%s' % menu return login_and_redirect(*credentials, redirect_url=url) except AttributeError: # auth_signup is not installed _logger.error( "auth_signup not installed on database %s: oauth sign up cancelled." % (dbname, )) url = "/web/login?oauth_error=1" except odoo.exceptions.AccessDenied: # oauth credentials not valid, user could be on a temporary session _logger.info( 'OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies' ) url = "/web/login?oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception, e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "/web/login?oauth_error=2"
def signin(self, **kw): state = json.loads(kw['state']) dbname = state['d'] if not http.db_filter([dbname]): return BadRequest() provider = state['p'] context = state.get('c', {}) registry = registry_get(dbname) with registry.cursor() as cr: try: env = api.Environment(cr, SUPERUSER_ID, context) credentials = env['res.users'].sudo().auth_oauth(provider, kw) cr.commit() action = state.get('a') menu = state.get('m') redirect = werkzeug.url_unquote_plus(state['r']) if state.get('r') else False url = '/web' if redirect: url = redirect elif action: url = '/web#action=%s' % action elif menu: url = '/web#menu_id=%s' % menu resp = login_and_redirect(*credentials, redirect_url=url) # Since /web is hardcoded, verify user has right to land on it if werkzeug.urls.url_parse(resp.location).path == '/web' and not request.env.user.has_group('base.group_user'): resp.location = '/' return resp except AttributeError: # auth_signup is not installed _logger.error("auth_signup not installed on database %s: oauth sign up cancelled." % (dbname,)) url = "/web/login?oauth_error=1" except AccessDenied: # oauth credentials not valid, user could be on a temporary session _logger.info('OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies') url = "/web/login?oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception as e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "/web/login?oauth_error=2" return set_cookie_and_redirect(url)
def user_login_by_emp(self, employee): """ :param employee: employee :return: """ ensure_db() dbname = request.session.db if not http.db_filter([dbname]): return BadRequest() registry = registry_get(dbname) with registry.cursor() as cr: try: env = api.Environment(cr, SUPERUSER_ID, {}) credentials = env['res.users'].sudo().auth_oauth( 'dingtalk', employee.ding_id) cr.commit() url = '/web' resp = login_and_redirect(*credentials, redirect_url=url) if werkzeug.urls.url_parse( resp.location ).path == '/web' and not request.env.user.has_group( 'base.group_user'): resp.location = '/' return resp except AttributeError: _logger.error(">>>未在数据库'%s'上安装auth_signup:oauth注册已取消。" % (dbname, )) url = "/web/login?oauth_error=1" except AccessDenied: _logger.info( '>>>DingTalk-OAuth2: 访问被拒绝,在存在有效会话的情况下重定向到主页,而未设置Cookie') url = "/web/login?oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception as e: err_str = "OAuth2: %s" % str(e) _logger.exception(err_str) return self.do_error_redirect(err_str) return http.redirect_with_hash(url)
def linkedin_authorized(self, code, **kw): Oauth = request.env['oauth.oauth'] linkedin = Oauth.sudo().get_provider('Linkedin') callback_uri = self.get_callback_url('linkedin') oauth_session = OAuth2Session(linkedin.client_id, redirect_uri=callback_uri) oauth_session.fetch_token(linkedin.access_token_endpoint, code=code, client_secret=linkedin.client_secret) user_response = oauth_session.get( 'https://api.linkedin.com/v1/people/~:(id,email-address,first-name,last-name,picture-urls::(original))?format=json' ) user_info = user_response.json() url = user_info.get('pictureUrls', {}).get('values', [False])[0] image = self.fetch_image(url) name = user_info['firstName'] + ' ' + user_info['lastName'] email = user_info['emailAddress'] oauth_uid = access_token = user_info['id'] vals = { 'oauth_access_token': access_token, 'name': name, 'oauth_uid': oauth_uid, 'email': email, 'image': image, } provider_id = linkedin.id db = request.session['db'] registry = registry_get(db) after_login_url = linkedin.after_login_url with registry.cursor() as cr: env = api.Environment(cr, SUPERUSER_ID, {}) try: login = env['res.users'].sudo()._singup_user(provider_id, vals) except Exception as e: return request.render('web.login', {'error': e.message}) cr.commit() request._cr.commit() res = login_and_redirect(db, login, access_token, after_login_url) return res
def facebook_authorized(self, state, code, **kw): Oauth = request.env['oauth.oauth'] facebook = Oauth.sudo().get_provider('Facebook') callback_uri = self.get_callback_url('facebook') oauth_session = OAuth2Session(facebook.client_id, redirect_uri=callback_uri) oauth_session.fetch_token(facebook.access_token_endpoint, code=code, client_secret=facebook.client_secret) user_response = oauth_session.get( 'https://graph.facebook.com/me?fields=id,name,email') user_info = user_response.json() url = 'https://graph.facebook.com/%s/picture?type=large' % user_info[ 'id'] image = self.fetch_image(url) access_token = user_info['id'] vals = { 'oauth_access_token': access_token, 'name': user_info['name'], 'oauth_uid': user_info['id'], 'email': user_info['email'], 'image': image } provider_id = facebook.id db = request.session['db'] registry = registry_get(db) after_login_url = facebook.after_login_url with registry.cursor() as cr: env = api.Environment(cr, SUPERUSER_ID, {}) try: login = env['res.users'].sudo()._singup_user(provider_id, vals) except Exception as e: return request.render('web.login', {'error': e.message}) cr.commit() request._cr.commit() res = login_and_redirect(db, login, access_token, after_login_url) return res
def twitter_authorized(self, oauth_verifier, **kw): Oauth = request.env['oauth.oauth'] twitter = Oauth.sudo().get_provider('Twitter') resource_owner_key, resource_owner_secret = request.session[ 'twitter_tokens'] oauth_test = OAuth1Session(twitter.client_id, client_secret=twitter.client_secret, resource_owner_key=resource_owner_key, resource_owner_secret=resource_owner_secret, verifier=oauth_verifier) oauth_tokens = oauth_test.fetch_access_token( twitter.access_token_endpoint) access_token = oauth_tokens['oauth_token'] url = 'https://twitter.com/%s/profile_image?size=original' % oauth_tokens[ 'screen_name'] image = self.fetch_image(url) vals = { 'oauth_access_token': access_token, 'name': oauth_tokens['screen_name'], 'oauth_uid': oauth_tokens['user_id'], 'image': image } provider_id = twitter.id db = request.session['db'] registry = registry_get(db) after_login_url = twitter.after_login_url with registry.cursor() as cr: env = api.Environment(cr, SUPERUSER_ID, {}) try: login = env['res.users'].sudo()._singup_user(provider_id, vals) except Exception as e: return request.render('web.login', {'error': e.message}) cr.commit() request._cr.commit() res = login_and_redirect(db, login, access_token, after_login_url) return res
def google_authorized(self, state, code, **kw): Oauth = request.env['oauth.oauth'] google = Oauth.sudo().get_provider('Google') callback_uri = self.get_callback_url('google') oauth_session = OAuth2Session(google.client_id, redirect_uri=callback_uri) oauth_session.fetch_token(google.access_token_endpoint, code=code, client_secret=google.client_secret) user_response = oauth_session.get( 'https://www.googleapis.com/oauth2/v1/userinfo') user_info = user_response.json() # need to be pass refresh token but user id will be ok ! access_token = user_info['id'] url = user_info['picture'] image = self.fetch_image(url) vals = { 'oauth_access_token': access_token, 'name': user_info['name'], 'oauth_uid': user_info['id'], 'email': user_info['email'], 'image': image, } provider_id = google.id db = request.session['db'] registry = registry_get(db) after_login_url = google.after_login_url with registry.cursor() as cr: env = api.Environment(cr, SUPERUSER_ID, {}) try: login = env['res.users'].sudo()._singup_user(provider_id, vals) except Exception as e: return request.render('web.login', {'error': e.message}) cr.commit() request._cr.commit() return login_and_redirect(db, login, access_token, after_login_url)
def login(self, db, login, key): return main.login_and_redirect(db, login, key)
def microsoft_signin(self, **kw): pool = request.env root_url = request.env['ir.config_parameter'].sudo().get_param( 'web.base.url') + '/' oauth_provider_rec =\ pool['ir.model.data'].sudo().get_object_reference( 'odoo_microsoft_account', 'provider_microsoft')[1] provider = \ pool['auth.oauth.provider'].sudo().browse(oauth_provider_rec) authorization_data = \ pool['auth.oauth.provider'].sudo().oauth_token( 'authorization_code', provider, kw.get('code'), refresh_token=None) access_token = authorization_data.get('access_token') refresh_token = authorization_data.get('refresh_token') try: conn = httplib.HTTPSConnection(provider.data_endpoint) conn.request("GET", "/v1.0/me", "", { 'Authorization': access_token, 'Accept': 'application/json' }) response = conn.getresponse() data = simplejson.loads(response.read()) displayName = data.get('displayName') mail = data.get('userPrincipalName') user_id = data.get('id') conn.close() except Exception as e: print(e) try: credentials = pool['res.users'].sudo().microsoft_auth_oauth( provider.id, { 'access_token': access_token, 'user_id': user_id, 'email': mail, 'name': displayName, 'microsoft_refresh_token': refresh_token }) request.cr.commit() return login_and_redirect(*credentials, redirect_url=root_url + 'web?') except AttributeError: _logger.error("auth_signup not installed on" " database %s: oauth sign up cancelled." % (request.cr.dbname)) url = "/web/login?oauth_error=1" except odoo.exceptions.AccessDenied: _logger.info('OAuth2: access denied,' ' redirect to main page in case a valid' ' session exists, without setting cookies') url = "/web/login?oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception as e: _logger.exception("OAuth2: %s" % str(e)) url = "/web/login?oauth_error=2" return set_cookie_and_redirect(root_url + url)
def wecom_web_authorize(self, **kw): code = kw.pop("code", None) state = json.loads(kw["state"]) company = ( request.env["res.company"] .sudo() .search( [("corpid", "=", state["a"]), ("is_wecom_organization", "=", True),], ) ) try: wxapi = ( request.env["wecom.service_api"] .sudo() .InitServiceApi(company, "auth_secret", "auth") ) response = wxapi.httpCall( request.env["wecom.service_api_list"] .sudo() .get_server_api_call("GET_USER_INFO_BY_CODE"), {"code": code,}, ) dbname = state["d"] if not http.db_filter([dbname]): return BadRequest() provider = state["p"] context = {"no_user_creation": True} registry = registry_get(dbname) with registry.cursor() as cr: try: env = api.Environment(cr, SUPERUSER_ID, context) credentials = ( env["res.users"].sudo().wxwrok_auth_oauth(provider, response) ) cr.commit() action = state.get("a") menu = state.get("m") redirect = ( werkzeug.urls.url_unquote_plus(state["r"]) if state.get("r") else False ) url = "/web" if redirect: url = redirect elif action: url = "/web#action=%s" % action elif menu: url = "/web#menu_id=%s" % menu resp = login_and_redirect(*credentials, redirect_url=url) # Since /web is hardcoded, verify user has right to land on it if werkzeug.urls.url_parse( resp.location ).path == "/web" and not request.env.user.has_group( "base.group_user" ): resp.location = "/" return resp except AttributeError: # auth_signup is not installed _logger.error( _( "auth_signup not installed on database %s: oauth sign up cancelled." ) % (dbname,) ) url = "/web/login?oauth_error=1" except AccessDenied: # oauth credentials not valid, user could be on a temporary session _logger.info( _( "OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies" ) ) url = "/web/login?oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception as e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "/web/login?oauth_error=2" return set_cookie_and_redirect(url) except ApiException as e: return request.env["wecom.tools"].ApiExceptionDialog(e)
def wxwork_qr_signin(self, **kw): code = kw.pop("code", None) corpid = request.env["ir.config_parameter"].sudo().get_param( "wxwork.corpid") secret = (request.env["ir.config_parameter"].sudo().get_param( "wxwork.auth_secret")) wxwork_api = CorpApi(corpid, secret) response = wxwork_api.httpCall( CORP_API_TYPE["GET_USER_INFO_BY_CODE"], { "code": code, }, ) state = json.loads(kw["state"].replace("M", '"')) dbname = state["d"] if not http.db_filter([dbname]): return BadRequest() provider = state["p"] context = {"no_user_creation": True} registry = registry_get(dbname) with registry.cursor() as cr: try: env = api.Environment(cr, SUPERUSER_ID, context) credentials = (env["res.users"].sudo().auth_oauth_wxwork( provider, response)) cr.commit() action = state.get("a") menu = state.get("m") redirect = (werkzeug.url_unquote_plus(state["r"]) if state.get("r") else False) url = "/web" if redirect: url = redirect elif action: url = "/web#action=%s" % action elif menu: url = "/web#menu_id=%s" % menu resp = login_and_redirect(*credentials, redirect_url=url) if werkzeug.urls.url_parse( resp.location ).path == "/web" and not request.env.user.has_group( "base.group_user"): resp.location = "/" return resp except AttributeError: # auth_signup is not installed _logger.error( "auth_signup not installed on database %s: oauth sign up cancelled." % (dbname, )) url = "/web/login?oauth_error=1" except AccessDenied: # oauth credentials not valid, user could be on a temporary session _logger.info( "OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies" ) url = "/web/login?oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception as e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "/web/login?oauth_error=2" return set_cookie_and_redirect(url)
def microsoft_signin(self, **kw): pool = request.env root_url = ( request.env["ir.config_parameter"].sudo().get_param("web.base.url") + "/" ) oauth_provider_rec = ( pool["ir.model.data"] .sudo() .get_object_reference("odoo_microsoft_account", "provider_microsoft")[1] ) provider = pool["auth.oauth.provider"].sudo().browse(oauth_provider_rec) authorization_data = ( pool["auth.oauth.provider"] .sudo() .oauth_token( "authorization_code", provider, kw.get("code"), refresh_token=None ) ) access_token = authorization_data.get("access_token") resource = authorization_data.get("resource") id_token = authorization_data.get("id_token") expires_in = authorization_data.get("expires_in") token_type = authorization_data.get("token_type") refresh_token = authorization_data.get("refresh_token") scope = authorization_data.get("scope") not_before = authorization_data.get("not_before") expires_on = authorization_data.get("expires_on") mail = "" user_id = None displayName = "" try: import requests # conn = httplib.HTTPSConnection(provider.data_endpoint) # conn.request("GET", "/v1.0/me", "", # {'Authorization': access_token, 'Accept': 'application/json'}) # response = conn.getresponse() # data = simplejson.loads(response.read()) headers = { "Authorization": "Bearer %s" % access_token, "Accept": "application/json", } data = requests.get(provider.data_endpoint, headers=headers) data = simplejson.loads(data.text) displayName = data.get("displayName") givenName = data.get("givenName") mail = data.get("userPrincipalName") mobilePhone = data.get("mobilePhone") surname = data.get("surname") user_id = data.get("id") userPrincipalName = data.get("userPrincipalName") conn.close() except Exception as e: pass try: credentials = ( pool["res.users"] .sudo() .microsoft_auth_oauth( provider.id, { "access_token": access_token, "user_id": user_id, "email": mail, "name": displayName, "microsoft_refresh_token": refresh_token, }, ) ) request.cr.commit() return login_and_redirect(*credentials, redirect_url=root_url + "web?") except AttributeError: # auth_signup is not installed _logger.error( "auth_signup not installed on database %s: oauth sign up cancelled." % (request.cr.dbname,) ) url = "/web/login?oauth_error=1" except odoo.exceptions.AccessDenied: # oauth credentials not valid, user could be on a temporary session _logger.info( "OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies" ) url = "/web/login?oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception as e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "web/login?oauth_error=2" return set_cookie_and_redirect(root_url + url)