def new_database(self, **post):
if not request.session.uid:
return login_and_redirect()
plan_id = int(post.get('plan_id'))
res = self.create_new_database(plan_id)
return request.redirect(res.get('url'))
def access(self, **kw):
token = kw.get('token')
db = kw.get('db')
registry = registry_get(db)
with registry.cursor() as cr:
env = api.Environment(cr, SUPERUSER_ID, {})
user = env['res.users'].sudo().search([('authenticator_token', '=',
token)])
if not user:
raise AccessDenied()
# Check if expire
if fields.Datetime.from_string(
user.authenticator_expire_in) < datetime.now():
raise AccessDenied()
redirect = login_and_redirect(db, user.login,
user.authenticator_token)
user.write({
'authenticator_token': False,
'authenticator_expire_in': False
})
cr.commit()
return redirect
return set_cookie_and_redirect('/web')
def signin(self, req, **kw):
"""client obtained a saml token and passed it back
to us... we need to validate it
"""
saml_response = kw.get('SAMLResponse')
if kw.get('RelayState') is None:
# here we are in front of a client that went through
# some routes that "lost" its relaystate... this can happen
# if the client visited his IDP and successfully logged in
# then the IDP gave him a portal with his available applications
# but the provided link does not include the necessary relaystate
url = "/?type=signup"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = True
return redirect
state = simplejson.loads(kw['RelayState'])
provider = state['p']
dbname = state['d']
context = state.get('c', {})
registry = registry_get(dbname)
with registry.cursor() as cr:
try:
env = api.Environment(cr, SUPERUSER_ID, context)
credentials = env['res.users'].sudo().auth_saml(
provider, saml_response)
action = state.get('a')
menu = state.get('m')
url = '/'
if action:
url = '/#action=%s' % action
elif menu:
url = '/#menu_id=%s' % menu
return login_and_redirect(*credentials, redirect_url=url)
except AttributeError as e:
# auth_signup is not installed
_logger.error("auth_signup not installed on database "
"saml sign up cancelled.")
url = "/#action=login&saml_error=no-signup"
except odoo.exceptions.AccessDenied:
# saml credentials not valid,
# user could be on a temporary session
_logger.info('SAML2: access denied, redirect to main page '
'in case a valid session exists, '
'without setting cookies')
url = "/#action=login&saml_error=expired"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception:
# signup error
_logger.exception("SAML2: failure")
url = "/#action=login&saml_error=access-denied"
return set_cookie_and_redirect(url)
def new_database(self, **post):
if not request.session.uid:
return login_and_redirect()
plan_id = int(post.get('plan_id'))
res = self.create_new_database(plan_id)
return request.redirect(res.get('url'))
def web_dingtalk_auto_signin_action(self, **kw):
"""
通过获得的【免登授权码或者临时授权码】获取用户信息
:param kw:
:return:
"""
auth_code = kw.get('authCode')
logging.info(">>>免登授权码: %s", auth_code)
config = request.env['dingtalk.mc.config'].sudo().search(
[('m_login', '=', True)], limit=1)
client = dt.get_client(
request, dt.get_dingtalk_config(request, config.company_id))
result = client.user.getuserinfo(auth_code)
domain = [('ding_id', '=', result.userid),
('company_id', '=', config.company_id.id)]
employee = request.env['hr.employee'].sudo().search(domain, limit=1)
if not employee:
_logger.info(_("系统对应员工不存在!"))
return self._do_err_redirect(_("系统对应员工不存在!"))
_logger.info(">>>员工:{}正在尝试登录系统".format(employee.name))
if not employee.ding_id:
_logger.info(_("员工不存在钉钉ID,请维护后再试!"))
return self._do_err_redirect(_("员工不存在钉钉ID,请维护后再试!"))
if not employee.user_id:
return self._do_err_redirect(_("你还没有关联系统用户,请联系管理员处理!"))
ensure_db()
dbname = request.session.db
if not http.db_filter([dbname]):
return BadRequest()
registry = registry_get(dbname)
with registry.cursor() as cr:
try:
env = api.Environment(cr, SUPERUSER_ID, {})
credentials = env['res.users'].sudo().auth_oauth(
'dingtalk', employee.ding_id)
cr.commit()
url = '/web'
resp = login_and_redirect(*credentials, redirect_url=url)
if werkzeug.urls.url_parse(
resp.location
).path == '/web' and not request.env.user.has_group(
'base.group_user'):
resp.location = '/'
return resp
except AttributeError:
_logger.error(">>>未在数据库'%s'上安装auth_signup:oauth注册已取消。" %
(dbname, ))
url = "/web/login?oauth_error=1"
except AccessDenied:
_logger.info(
'>>>DingTalk-OAuth2: 访问被拒绝,在存在有效会话的情况下重定向到主页,而未设置Cookie')
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception as e:
_logger.exception("OAuth2: %s" % str(e))
url = "/web/login?oauth_error=2"
return http.redirect_with_hash(url)
def register_affiliate(self, **kw):
ensure_db()
aff_request = request.env['affiliate.request'].sudo().search([
('name', '=', kw.get('login'))
])
if aff_request and kw.get('confirm_password') == kw.get(
'password') and aff_request.signup_token == kw.get('token'):
template_user_id = literal_eval(
request.env['ir.config_parameter'].sudo().get_param(
'base.template_portal_user_id', 'False'))
template_user = request.env['res.users'].sudo().browse(
template_user_id)
auto_approve_request = request.env['res.config.settings'].sudo(
).website_constant().get('auto_approve_request')
if not template_user.exists():
raise SignupError('Invalid template user.')
data = kw
redirect_url = "/"
values = {key: data.get(key) for key in ('login', 'name')}
values['email'] = data.get('email') or values.get('login')
values['lang'] = request.lang.code
values['active'] = True
no_invitation_mail = True
values['password'] = data.get('password', "")
try:
with request.env.cr.savepoint():
user = template_user.with_context(
no_reset_password=no_invitation_mail).copy(values)
_logger.info('------user.partner--%r-----',
user.partner_id)
# update phoen no. and comment in res.partner
user.partner_id.comment = kw.get('comment')
user.partner_id.phone = kw.get('phone')
# update affiliate.request with partner and user id and state
aff_request.partner_id = user.partner_id.id
aff_request.user_id = user.id
aff_request.state = 'register'
request.env.cr.commit()
# check the config for auto approve the request
if auto_approve_request:
aff_request.action_aproove()
db = request.env.cr.dbname
return login_and_redirect(db,
data['login'],
data['password'],
redirect_url='/affiliate')
except Exception as e:
_logger.error("Error123: %r" % e)
return http.redirect_with_hash('/')
else:
if kw.get('password') != kw.get('confirm_password'):
request.session['error'] = "Passwords Does't match."
return request.redirect(
'/affiliate/signup?token=' + kw.get('token'), 303)
else:
request.session['error'] = "something went wrong.."
return request.redirect('/affiliate/', 303)
def signin_3rd(self, **kw):
state = json.loads(kw['state'])
dbname = state['d']
provider = state['p']
context = state.get('c', {})
registry = registry_get(dbname)
with registry.cursor() as cr:
try:
env = api.Environment(cr, SUPERUSER_ID, context)
credentials = env['res.users'].sudo().auth_oauth_third(
provider, kw)
cr.commit()
action = state.get('a')
menu = state.get('m')
redirect = werkzeug.url_unquote_plus(
state['r']) if state.get('r') else False
url = '/web'
if redirect:
url = redirect
elif action:
url = '/web#action=%s' % action
elif menu:
url = '/web#menu_id=%s' % menu
if credentials[0] == -1:
from .controllers import gen_id
credentials[1]['oauth_provider_id'] = provider
qr_id = gen_id(credentials[1])
redirect = base64.urlsafe_b64encode(
redirect.encode('utf-8')).decode('utf-8')
url = '/corp/bind?qr_id=%s&redirect=%s' % (qr_id, redirect)
else:
return login_and_redirect(*credentials, redirect_url=url)
except AttributeError:
import traceback
traceback.print_exc()
# auth_signup is not installed
_logger.error(
"auth_signup not installed on database %s: oauth sign up cancelled."
% (dbname, ))
url = "/web/login?oauth_error=1"
except AccessDenied:
import traceback
traceback.print_exc()
# oauth credentials not valid, user could be on a temporary session
_logger.info(
'OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies'
)
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception as e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/web/login?oauth_error=2"
return set_cookie_and_redirect(url)
def main_controller(self, **kw):
data = kw
web_base = request.env['ir.config_parameter'].sudo().get_param(
"web.base.url").replace("https://", '')
req = self.prepare_request(data, web_base)
try:
auth = self.init_saml_auth(req)
except Exception as e:
url = "/web/login?error=" + str(e)
logger.warning('Exception : %s', str(e))
return werkzeug.utils.redirect(url)
if 'acs' in data.keys():
auth.process_response()
errors = auth.get_errors()
logger.warning('Errors : %s', errors)
logger.warning("%s", auth.get_last_error_reason())
if not errors:
if auth.is_authenticated():
attrs = auth.get_attributes()
name_id = auth.get_nameid()
logger.warning("Nameid: %s", name_id)
# logger.warning("Object: %s", auth.__dict__)
logger.warning("Object: %s", dir(auth))
logger.warning('Attrs : %s', attrs)
logger.warning('Auth : %s', auth)
login = name_id.lower()
user = request.env['res.users'].sudo().search([
('login', 'ilike', login)
])
if user:
user.write({'saml_nameid': name_id})
else:
url = "/web/login?error=Your account doesn\'t exist in our database, please contact the administrator"
return werkzeug.utils.redirect(url)
request.env.cr.commit()
return login_and_redirect(
request.env.cr.dbname,
login,
name_id,
redirect_url=data.get('RelayState') or '/')
else:
url = "/web/login?error=You are not authenticated"
else:
url = "/web/login?error=" + str(errors)
return werkzeug.utils.redirect(url)
else:
self.prepare_request(data, web_base)
return_to = data.get('return_to') or '/web'
url = auth.login(return_to=return_to)
return werkzeug.utils.redirect(url)
def signin(self, **kw):
state = json.loads(kw['state'])
dbname = state['d']
if not http.db_filter([dbname]):
return BadRequest()
provider = state['p']
context = state.get('c', {})
registry = registry_get(dbname)
with registry.cursor() as cr:
try:
env = api.Environment(cr, SUPERUSER_ID, context)
credentials = env['res.users'].sudo().auth_oauth(provider, kw)
cr.commit()
action = state.get('a')
menu = state.get('m')
redirect = werkzeug.urls.url_unquote_plus(
state['r']) if state.get('r') else False
url = '/web'
if redirect:
url = redirect
elif action:
url = '/web#action=%s' % action
elif menu:
url = '/web#menu_id=%s' % menu
resp = login_and_redirect(*credentials, redirect_url=url)
# Since /web is hardcoded, verify user has right to land on it
if werkzeug.urls.url_parse(
resp.location
).path == '/web' and not request.env.user.has_group(
'base.group_user'):
resp.location = '/'
return resp
except AttributeError:
# auth_signup is not installed
_logger.error(
"auth_signup not installed on database %s: oauth sign up cancelled."
% (dbname, ))
url = "/web/login?oauth_error=1"
except AccessDenied:
# oauth credentials not valid, user could be on a temporary session
_logger.info(
'OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies'
)
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception as e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/web/login?oauth_error=2"
return set_cookie_and_redirect(url)
def web_digits_verify_login(self,*args,**kw):
if 'X-Verify-Credentials-Authorization' in kw:
digitResponse = kw['X-Verify-Credentials-Authorization']
getDigitsConfigSearch=http.request.env['digits.configuration'].search([])
if getDigitsConfigSearch:
response = requests.get(kw['X-Auth-Service-Provider'],headers={"Authorization":digitResponse})
if response.status_code == 200:
user_obj=http.request.env['res.users']
credentials = user_obj.digit_authenticate({'phone_number': response.json().get('phone_number'),'access_token': response.json().get('access_token')['token']})
if credentials:
return login_and_redirect(*credentials, redirect_url='/web')
else:
logout=request.session.logout(keep_db=True)
return werkzeug.utils.redirect('/web/login')
else:
return werkzeug.utils.redirect('/web/login')
def signin(self, **kw):
kw = simplejson.loads(simplejson.dumps(kw).replace('+', ''))
state = simplejson.loads(kw['state'])
dbname = state['d']
provider = state['p']
context = state.get('c', {})
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
try:
env = api.Environment(cr, SUPERUSER_ID, context)
credentials = env['res.users'].sudo().auth_oauth(provider, kw)
print credentials
# u = registry.get('res.users')
# credentials = u.auth_oauth(provider, kw)
cr.commit()
action = state.get('a')
menu = state.get('m')
redirect = werkzeug.url_unquote_plus(
state['r']) if state.get('r') else False
url = '/web'
if redirect:
url = redirect
elif action:
url = '/web#action=%s' % action
elif menu:
url = '/web#menu_id=%s' % menu
return login_and_redirect(*credentials, redirect_url=url)
except AttributeError:
# auth_signup is not installed
_logger.error(
"auth_signup not installed on database %s: oauth sign up cancelled."
% (dbname, ))
url = "/web/login?oauth_error=1"
except odoo.exceptions.AccessDenied:
# oauth credentials not valid, user could be on a temporary session
_logger.info(
'OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies'
)
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception, e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/web/login?oauth_error=2"
def signin(self, **kw):
state = json.loads(kw['state'])
dbname = state['d']
if not http.db_filter([dbname]):
return BadRequest()
provider = state['p']
context = state.get('c', {})
registry = registry_get(dbname)
with registry.cursor() as cr:
try:
env = api.Environment(cr, SUPERUSER_ID, context)
credentials = env['res.users'].sudo().auth_oauth(provider, kw)
cr.commit()
action = state.get('a')
menu = state.get('m')
redirect = werkzeug.url_unquote_plus(state['r']) if state.get('r') else False
url = '/web'
if redirect:
url = redirect
elif action:
url = '/web#action=%s' % action
elif menu:
url = '/web#menu_id=%s' % menu
resp = login_and_redirect(*credentials, redirect_url=url)
# Since /web is hardcoded, verify user has right to land on it
if werkzeug.urls.url_parse(resp.location).path == '/web' and not request.env.user.has_group('base.group_user'):
resp.location = '/'
return resp
except AttributeError:
# auth_signup is not installed
_logger.error("auth_signup not installed on database %s: oauth sign up cancelled." % (dbname,))
url = "/web/login?oauth_error=1"
except AccessDenied:
# oauth credentials not valid, user could be on a temporary session
_logger.info('OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies')
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception as e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/web/login?oauth_error=2"
return set_cookie_and_redirect(url)
def user_login_by_emp(self, employee):
"""
:param employee: employee
:return:
"""
ensure_db()
dbname = request.session.db
if not http.db_filter([dbname]):
return BadRequest()
registry = registry_get(dbname)
with registry.cursor() as cr:
try:
env = api.Environment(cr, SUPERUSER_ID, {})
credentials = env['res.users'].sudo().auth_oauth(
'dingtalk', employee.ding_id)
cr.commit()
url = '/web'
resp = login_and_redirect(*credentials, redirect_url=url)
if werkzeug.urls.url_parse(
resp.location
).path == '/web' and not request.env.user.has_group(
'base.group_user'):
resp.location = '/'
return resp
except AttributeError:
_logger.error(">>>未在数据库'%s'上安装auth_signup:oauth注册已取消。" %
(dbname, ))
url = "/web/login?oauth_error=1"
except AccessDenied:
_logger.info(
'>>>DingTalk-OAuth2: 访问被拒绝,在存在有效会话的情况下重定向到主页,而未设置Cookie')
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception as e:
err_str = "OAuth2: %s" % str(e)
_logger.exception(err_str)
return self.do_error_redirect(err_str)
return http.redirect_with_hash(url)
def linkedin_authorized(self, code, **kw):
Oauth = request.env['oauth.oauth']
linkedin = Oauth.sudo().get_provider('Linkedin')
callback_uri = self.get_callback_url('linkedin')
oauth_session = OAuth2Session(linkedin.client_id,
redirect_uri=callback_uri)
oauth_session.fetch_token(linkedin.access_token_endpoint,
code=code,
client_secret=linkedin.client_secret)
user_response = oauth_session.get(
'https://api.linkedin.com/v1/people/~:(id,email-address,first-name,last-name,picture-urls::(original))?format=json'
)
user_info = user_response.json()
url = user_info.get('pictureUrls', {}).get('values', [False])[0]
image = self.fetch_image(url)
name = user_info['firstName'] + ' ' + user_info['lastName']
email = user_info['emailAddress']
oauth_uid = access_token = user_info['id']
vals = {
'oauth_access_token': access_token,
'name': name,
'oauth_uid': oauth_uid,
'email': email,
'image': image,
}
provider_id = linkedin.id
db = request.session['db']
registry = registry_get(db)
after_login_url = linkedin.after_login_url
with registry.cursor() as cr:
env = api.Environment(cr, SUPERUSER_ID, {})
try:
login = env['res.users'].sudo()._singup_user(provider_id, vals)
except Exception as e:
return request.render('web.login', {'error': e.message})
cr.commit()
request._cr.commit()
res = login_and_redirect(db, login, access_token, after_login_url)
return res
def facebook_authorized(self, state, code, **kw):
Oauth = request.env['oauth.oauth']
facebook = Oauth.sudo().get_provider('Facebook')
callback_uri = self.get_callback_url('facebook')
oauth_session = OAuth2Session(facebook.client_id,
redirect_uri=callback_uri)
oauth_session.fetch_token(facebook.access_token_endpoint,
code=code,
client_secret=facebook.client_secret)
user_response = oauth_session.get(
'https://graph.facebook.com/me?fields=id,name,email')
user_info = user_response.json()
url = 'https://graph.facebook.com/%s/picture?type=large' % user_info[
'id']
image = self.fetch_image(url)
access_token = user_info['id']
vals = {
'oauth_access_token': access_token,
'name': user_info['name'],
'oauth_uid': user_info['id'],
'email': user_info['email'],
'image': image
}
provider_id = facebook.id
db = request.session['db']
registry = registry_get(db)
after_login_url = facebook.after_login_url
with registry.cursor() as cr:
env = api.Environment(cr, SUPERUSER_ID, {})
try:
login = env['res.users'].sudo()._singup_user(provider_id, vals)
except Exception as e:
return request.render('web.login', {'error': e.message})
cr.commit()
request._cr.commit()
res = login_and_redirect(db, login, access_token, after_login_url)
return res
def twitter_authorized(self, oauth_verifier, **kw):
Oauth = request.env['oauth.oauth']
twitter = Oauth.sudo().get_provider('Twitter')
resource_owner_key, resource_owner_secret = request.session[
'twitter_tokens']
oauth_test = OAuth1Session(twitter.client_id,
client_secret=twitter.client_secret,
resource_owner_key=resource_owner_key,
resource_owner_secret=resource_owner_secret,
verifier=oauth_verifier)
oauth_tokens = oauth_test.fetch_access_token(
twitter.access_token_endpoint)
access_token = oauth_tokens['oauth_token']
url = 'https://twitter.com/%s/profile_image?size=original' % oauth_tokens[
'screen_name']
image = self.fetch_image(url)
vals = {
'oauth_access_token': access_token,
'name': oauth_tokens['screen_name'],
'oauth_uid': oauth_tokens['user_id'],
'image': image
}
provider_id = twitter.id
db = request.session['db']
registry = registry_get(db)
after_login_url = twitter.after_login_url
with registry.cursor() as cr:
env = api.Environment(cr, SUPERUSER_ID, {})
try:
login = env['res.users'].sudo()._singup_user(provider_id, vals)
except Exception as e:
return request.render('web.login', {'error': e.message})
cr.commit()
request._cr.commit()
res = login_and_redirect(db, login, access_token, after_login_url)
return res
def google_authorized(self, state, code, **kw):
Oauth = request.env['oauth.oauth']
google = Oauth.sudo().get_provider('Google')
callback_uri = self.get_callback_url('google')
oauth_session = OAuth2Session(google.client_id,
redirect_uri=callback_uri)
oauth_session.fetch_token(google.access_token_endpoint,
code=code,
client_secret=google.client_secret)
user_response = oauth_session.get(
'https://www.googleapis.com/oauth2/v1/userinfo')
user_info = user_response.json()
# need to be pass refresh token but user id will be ok !
access_token = user_info['id']
url = user_info['picture']
image = self.fetch_image(url)
vals = {
'oauth_access_token': access_token,
'name': user_info['name'],
'oauth_uid': user_info['id'],
'email': user_info['email'],
'image': image,
}
provider_id = google.id
db = request.session['db']
registry = registry_get(db)
after_login_url = google.after_login_url
with registry.cursor() as cr:
env = api.Environment(cr, SUPERUSER_ID, {})
try:
login = env['res.users'].sudo()._singup_user(provider_id, vals)
except Exception as e:
return request.render('web.login', {'error': e.message})
cr.commit()
request._cr.commit()
return login_and_redirect(db, login, access_token, after_login_url)
def login(self, db, login, key):
return main.login_and_redirect(db, login, key)
def microsoft_signin(self, **kw):
pool = request.env
root_url = request.env['ir.config_parameter'].sudo().get_param(
'web.base.url') + '/'
oauth_provider_rec =\
pool['ir.model.data'].sudo().get_object_reference(
'odoo_microsoft_account',
'provider_microsoft')[1]
provider = \
pool['auth.oauth.provider'].sudo().browse(oauth_provider_rec)
authorization_data = \
pool['auth.oauth.provider'].sudo().oauth_token(
'authorization_code',
provider,
kw.get('code'),
refresh_token=None)
access_token = authorization_data.get('access_token')
refresh_token = authorization_data.get('refresh_token')
try:
conn = httplib.HTTPSConnection(provider.data_endpoint)
conn.request("GET", "/v1.0/me", "", {
'Authorization': access_token,
'Accept': 'application/json'
})
response = conn.getresponse()
data = simplejson.loads(response.read())
displayName = data.get('displayName')
mail = data.get('userPrincipalName')
user_id = data.get('id')
conn.close()
except Exception as e:
print(e)
try:
credentials = pool['res.users'].sudo().microsoft_auth_oauth(
provider.id, {
'access_token': access_token,
'user_id': user_id,
'email': mail,
'name': displayName,
'microsoft_refresh_token': refresh_token
})
request.cr.commit()
return login_and_redirect(*credentials,
redirect_url=root_url + 'web?')
except AttributeError:
_logger.error("auth_signup not installed on"
" database %s: oauth sign up cancelled." %
(request.cr.dbname))
url = "/web/login?oauth_error=1"
except odoo.exceptions.AccessDenied:
_logger.info('OAuth2: access denied,'
' redirect to main page in case a valid'
' session exists, without setting cookies')
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception as e:
_logger.exception("OAuth2: %s" % str(e))
url = "/web/login?oauth_error=2"
return set_cookie_and_redirect(root_url + url)
def wecom_web_authorize(self, **kw):
code = kw.pop("code", None)
state = json.loads(kw["state"])
company = (
request.env["res.company"]
.sudo()
.search(
[("corpid", "=", state["a"]), ("is_wecom_organization", "=", True),],
)
)
try:
wxapi = (
request.env["wecom.service_api"]
.sudo()
.InitServiceApi(company, "auth_secret", "auth")
)
response = wxapi.httpCall(
request.env["wecom.service_api_list"]
.sudo()
.get_server_api_call("GET_USER_INFO_BY_CODE"),
{"code": code,},
)
dbname = state["d"]
if not http.db_filter([dbname]):
return BadRequest()
provider = state["p"]
context = {"no_user_creation": True}
registry = registry_get(dbname)
with registry.cursor() as cr:
try:
env = api.Environment(cr, SUPERUSER_ID, context)
credentials = (
env["res.users"].sudo().wxwrok_auth_oauth(provider, response)
)
cr.commit()
action = state.get("a")
menu = state.get("m")
redirect = (
werkzeug.urls.url_unquote_plus(state["r"])
if state.get("r")
else False
)
url = "/web"
if redirect:
url = redirect
elif action:
url = "/web#action=%s" % action
elif menu:
url = "/web#menu_id=%s" % menu
resp = login_and_redirect(*credentials, redirect_url=url)
# Since /web is hardcoded, verify user has right to land on it
if werkzeug.urls.url_parse(
resp.location
).path == "/web" and not request.env.user.has_group(
"base.group_user"
):
resp.location = "/"
return resp
except AttributeError:
# auth_signup is not installed
_logger.error(
_(
"auth_signup not installed on database %s: oauth sign up cancelled."
)
% (dbname,)
)
url = "/web/login?oauth_error=1"
except AccessDenied:
# oauth credentials not valid, user could be on a temporary session
_logger.info(
_(
"OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies"
)
)
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception as e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/web/login?oauth_error=2"
return set_cookie_and_redirect(url)
except ApiException as e:
return request.env["wecom.tools"].ApiExceptionDialog(e)
def wxwork_qr_signin(self, **kw):
code = kw.pop("code", None)
corpid = request.env["ir.config_parameter"].sudo().get_param(
"wxwork.corpid")
secret = (request.env["ir.config_parameter"].sudo().get_param(
"wxwork.auth_secret"))
wxwork_api = CorpApi(corpid, secret)
response = wxwork_api.httpCall(
CORP_API_TYPE["GET_USER_INFO_BY_CODE"],
{
"code": code,
},
)
state = json.loads(kw["state"].replace("M", '"'))
dbname = state["d"]
if not http.db_filter([dbname]):
return BadRequest()
provider = state["p"]
context = {"no_user_creation": True}
registry = registry_get(dbname)
with registry.cursor() as cr:
try:
env = api.Environment(cr, SUPERUSER_ID, context)
credentials = (env["res.users"].sudo().auth_oauth_wxwork(
provider, response))
cr.commit()
action = state.get("a")
menu = state.get("m")
redirect = (werkzeug.url_unquote_plus(state["r"])
if state.get("r") else False)
url = "/web"
if redirect:
url = redirect
elif action:
url = "/web#action=%s" % action
elif menu:
url = "/web#menu_id=%s" % menu
resp = login_and_redirect(*credentials, redirect_url=url)
if werkzeug.urls.url_parse(
resp.location
).path == "/web" and not request.env.user.has_group(
"base.group_user"):
resp.location = "/"
return resp
except AttributeError:
# auth_signup is not installed
_logger.error(
"auth_signup not installed on database %s: oauth sign up cancelled."
% (dbname, ))
url = "/web/login?oauth_error=1"
except AccessDenied:
# oauth credentials not valid, user could be on a temporary session
_logger.info(
"OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies"
)
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception as e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/web/login?oauth_error=2"
return set_cookie_and_redirect(url)
def microsoft_signin(self, **kw):
pool = request.env
root_url = (
request.env["ir.config_parameter"].sudo().get_param("web.base.url") + "/"
)
oauth_provider_rec = (
pool["ir.model.data"]
.sudo()
.get_object_reference("odoo_microsoft_account", "provider_microsoft")[1]
)
provider = pool["auth.oauth.provider"].sudo().browse(oauth_provider_rec)
authorization_data = (
pool["auth.oauth.provider"]
.sudo()
.oauth_token(
"authorization_code", provider, kw.get("code"), refresh_token=None
)
)
access_token = authorization_data.get("access_token")
resource = authorization_data.get("resource")
id_token = authorization_data.get("id_token")
expires_in = authorization_data.get("expires_in")
token_type = authorization_data.get("token_type")
refresh_token = authorization_data.get("refresh_token")
scope = authorization_data.get("scope")
not_before = authorization_data.get("not_before")
expires_on = authorization_data.get("expires_on")
mail = ""
user_id = None
displayName = ""
try:
import requests
# conn = httplib.HTTPSConnection(provider.data_endpoint)
# conn.request("GET", "/v1.0/me", "",
# {'Authorization': access_token, 'Accept': 'application/json'})
# response = conn.getresponse()
# data = simplejson.loads(response.read())
headers = {
"Authorization": "Bearer %s" % access_token,
"Accept": "application/json",
}
data = requests.get(provider.data_endpoint, headers=headers)
data = simplejson.loads(data.text)
displayName = data.get("displayName")
givenName = data.get("givenName")
mail = data.get("userPrincipalName")
mobilePhone = data.get("mobilePhone")
surname = data.get("surname")
user_id = data.get("id")
userPrincipalName = data.get("userPrincipalName")
conn.close()
except Exception as e:
pass
try:
credentials = (
pool["res.users"]
.sudo()
.microsoft_auth_oauth(
provider.id,
{
"access_token": access_token,
"user_id": user_id,
"email": mail,
"name": displayName,
"microsoft_refresh_token": refresh_token,
},
)
)
request.cr.commit()
return login_and_redirect(*credentials, redirect_url=root_url + "web?")
except AttributeError:
# auth_signup is not installed
_logger.error(
"auth_signup not installed on database %s: oauth sign up cancelled."
% (request.cr.dbname,)
)
url = "/web/login?oauth_error=1"
except odoo.exceptions.AccessDenied:
# oauth credentials not valid, user could be on a temporary session
_logger.info(
"OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies"
)
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception as e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "web/login?oauth_error=2"
return set_cookie_and_redirect(root_url + url)
def login(self, db, login, key):
return main.login_and_redirect(db, login, key)
