def xml(self, **kwargs): database = kwargs.get('database', None) if not database: database = db_monodb() req = odoo.http.request language = kwargs.get('language', None) if req.httprequest.method == 'GET': # Login database = kwargs.get('database', None) req.session.db = database try: uid = self.authenticate(req, database, language) except Exception as e: logger.warning("Failed login attempt: %s" % e) return Response('Login with Odoo user name and password', 401, headers=[('WWW-Authenticate', 'Basic realm="odoo"')]) # As an optional extra security check we can validate a web token attached # to the request. It allows use to verify that the request is generated # from frePPLe and not from somebody else. # Generate data try: xp = exporter(req, uid=uid, database=database, company=kwargs.get('company', None), mode=int(kwargs.get('mode', 1))) # TODO Returning an iterator to stream the response back to the client and # to save memory on the server side return req.make_response( ''.join([i for i in xp.run()]), headers=[('Content-Type', 'application/xml;charset=utf8'), ('Cache-Control', 'no-cache, no-store, must-revalidate'), ('Pragma', 'no-cache'), ('Expires', '0')]) except Exception as e: logger.exception('Error generating frePPLe XML data') raise InternalServerError( description= 'Error generating frePPLe XML data: check the Odoo log file for more details' ) elif req.httprequest.method == 'POST': # Authenticate the user database = req.httprequest.form.get('database', None) req.session.db = database try: self.authenticate(req, database, language) except Exception as e: logger.warning("Failed login attempt %s" % e) return Response('Login with Odoo user name and password', 401, headers=[('WWW-Authenticate', 'Basic realm="odoo"')]) # Validate the company argument company_name = req.httprequest.form.get('company', None) company = None m = req.env['res.company'] recs = m.search([('name', '=', company_name)], limit=1) for i in recs: company = i if not company: return Response('Invalid company name argument', 401) # Verify that the data was posted from frePPLe and nobody else try: webtoken = req.httprequest.form.get('webtoken', None) decoded = jwt.decode(webtoken, company.webtoken_key, algorithms=['HS256']) if self.user != decoded.get('user', None): return Response('Incorrect or missing webtoken', 401) except: return Response('Incorrect or missing webtoken', 401) # Import the data try: ip = importer(req, database=database, company=company, mode=req.httprequest.form.get('mode', 1)) return req.make_response( ip.run(), [('Content-Type', 'text/plain'), ('Cache-Control', 'no-cache, no-store, must-revalidate'), ('Pragma', 'no-cache'), ('Expires', '0')]) except Exception as e: logger.exception('Error processing data posted by frePPLe') raise InternalServerError( description= 'Error processing data posted by frePPLe: check the Odoo log file for more details' ) else: raise MethodNotAllowed('Only GET and POST requests are accepted')
def xml(self, **kwargs): req = odoo.http.request language = kwargs.get("language", None) if req.httprequest.method == "GET": # Login database = kwargs.get("database", None) if not database: database = db_monodb() req.session.db = database try: uid = self.authenticate(req, database, language) except Exception as e: logger.warning("Failed login attempt: %s" % e) return Response( "Login with Odoo user name and password", 401, headers=[("WWW-Authenticate", 'Basic realm="odoo"')], ) # As an optional extra security check we can validate a web token attached # to the request. It allows use to verify that the request is generated # from frePPLe and not from somebody else. # Generate data try: xp = exporter( req, uid=uid, database=database, company=kwargs.get("company", None), mode=int(kwargs.get("mode", 1)), ) # TODO Returning an iterator to stream the response back to the client and # to save memory on the server side return req.make_response( "".join([i for i in xp.run()]), headers=[ ("Content-Type", "application/xml;charset=utf8"), ("Cache-Control", "no-cache, no-store, must-revalidate"), ("Pragma", "no-cache"), ("Expires", "0"), ], ) except Exception as e: logger.exception("Error generating frePPLe XML data") raise InternalServerError( description= "Error generating frePPLe XML data: check the Odoo log file for more details" ) elif req.httprequest.method == "POST": # Authenticate the user database = req.httprequest.form.get("database", None) if not database: database = db_monodb() req.session.db = database try: self.authenticate(req, database, language) except Exception as e: logger.warning("Failed login attempt %s" % e) return Response( "Login with Odoo user name and password", 401, headers=[("WWW-Authenticate", 'Basic realm="odoo"')], ) # Validate the company argument company_name = req.httprequest.form.get("company", None) company = None m = req.env["res.company"] recs = m.search([("name", "=", company_name)], limit=1) for i in recs: company = i if not company: return Response("Invalid company name argument", 401) # Verify that the data was posted from frePPLe and nobody else try: webtoken = req.httprequest.form.get("webtoken", None) decoded = jwt.decode(webtoken, company.webtoken_key, algorithms=["HS256"]) logger.warning(str(decoded)) if self.user != decoded.get("user", None): return Response("Incorrect or missing webtoken", 401) except Exception as e: logger.warning("Incorrect or missing webtoken %s " % e) return Response("Incorrect or missing webtoken", 401) # Import the data try: ip = importer( req, database=database, company=company, mode=req.httprequest.form.get("mode", 1), ) return req.make_response( ip.run(), [ ("Content-Type", "text/plain"), ("Cache-Control", "no-cache, no-store, must-revalidate"), ("Pragma", "no-cache"), ("Expires", "0"), ], ) except Exception as e: logger.exception("Error processing data posted by frePPLe") raise InternalServerError( description= "Error processing data posted by frePPLe: check the Odoo log file for more details" ) else: raise MethodNotAllowed("Only GET and POST requests are accepted")
def xml(self, **kwargs): database = kwargs.get('database', None) if not database: database = db_monodb() req = odoo.http.request language = kwargs.get('language', None) if req.httprequest.method == 'GET': # Login database = kwargs.get('database', None) req.session.db = database try: uid = self.authenticate(req, database, language) except Exception as e: logger.warning("Failed login attempt: %s" % e) return Response( 'Login with Odoo user name and password', 401, headers=[('WWW-Authenticate', 'Basic realm="odoo"')] ) # As an optional extra security check we can validate a web token attached # to the request. It allows use to verify that the request is generated # from frePPLe and not from somebody else. # Generate data try: xp = exporter( req, uid=uid, database=database, company=kwargs.get('company', None), mode=int(kwargs.get('mode', 1)) ) # TODO Returning an iterator to stream the response back to the client and # to save memory on the server side return req.make_response( ''.join([i for i in xp.run()]), headers=[ ('Content-Type', 'application/xml;charset=utf8'), ('Cache-Control', 'no-cache, no-store, must-revalidate'), ('Pragma', 'no-cache'), ('Expires', '0') ]) except Exception as e: logger.exception('Error generating frePPLe XML data') raise InternalServerError(description='Error generating frePPLe XML data: check the Odoo log file for more details') elif req.httprequest.method == 'POST': # Authenticate the user database = req.httprequest.form.get('database', None) req.session.db = database try: self.authenticate(req, database, language) except Exception as e: logger.warning("Failed login attempt %s" % e) return Response( 'Login with Odoo user name and password', 401, headers=[('WWW-Authenticate', 'Basic realm="odoo"')] ) # Validate the company argument company_name = req.httprequest.form.get('company', None) company = None m = req.env['res.company'] recs = m.search([('name', '=', company_name)], limit=1) for i in recs: company = i if not company: return Response('Invalid company name argument', 401) # Verify that the data was posted from frePPLe and nobody else try: webtoken = req.httprequest.form.get('webtoken', None) decoded = jwt.decode( webtoken, company.webtoken_key, algorithms=['HS256'] ) if self.user != decoded.get('user', None): return Response('Incorrect or missing webtoken', 401) except: return Response('Incorrect or missing webtoken', 401) # Import the data try: ip = importer( req, database=database, company=company, mode=req.httprequest.form.get('mode', 1) ) return req.make_response( ip.run(), [ ('Content-Type', 'text/plain'), ('Cache-Control', 'no-cache, no-store, must-revalidate'), ('Pragma', 'no-cache'), ('Expires', '0') ]) except Exception as e: logger.exception('Error processing data posted by frePPLe') raise InternalServerError(description='Error processing data posted by frePPLe: check the Odoo log file for more details') else: raise MethodNotAllowed('Only GET and POST requests are accepted')