def oea(self, **kw): """login user via OpenERP Account provider""" dbname = kw.pop('db', None) if not dbname: dbname = db_monodb() if not dbname: return BadRequest() registry = RegistryManager.get(dbname) with registry.cursor() as cr: IMD = registry['ir.model.data'] try: model, provider_id = IMD.get_object_reference(cr, SUPERUSER_ID, 'auth_oauth', 'provider_openerp') except ValueError: return set_cookie_and_redirect('/web?db=%s' % dbname) assert model == 'auth.oauth.provider' state = { 'd': dbname, 'p': provider_id, 'c': {'no_user_creation': True}, } kw['state'] = simplejson.dumps(state) return self.signin(**kw)
def weixin_name_email(self, **kw): qcontext = request.params.copy() if kw.get('email') and kw.get('name'): import re def validateEmail(email): if email: if len(email) > 7: if re.match("^.+\\@(\\[?)[a-zA-Z0-9\\-\\.]+\\.([a-zA-Z]{2,3}|[0-9]{1,3})(\\]?)$", email) != None: return 1 return 0 if not validateEmail(kw['email']) or kw['name'] == '': qcontext['error'] = _('name or email error') if 'error' not in qcontext and kw.get('state') and kw.get('access_token') and kw.get('name') and kw.get('email'): dbname = kw['state'] registry = RegistryManager.get(dbname) u = registry.get('res.users') with registry.cursor() as cr: try: credentials = u.weixin_auth_signup(cr, SUPERUSER_ID, kw) url='/web' cr.commit() return login_and_redirect(*credentials, redirect_url=url) except Exception, e: _logger.exception("OAuth2: %s" % str(e)) url = "/weixin/login?oauth_error=2" return set_cookie_and_redirect(url)
class OAuthController(http.Controller): @http.route('/auth_oauth/signin', type='http', auth='none') @fragment_to_query_string def signin(self, **kw): state = json.loads(kw['state']) dbname = state['d'] if not http.db_filter([dbname]): return BadRequest() provider = state['p'] context = state.get('c', {}) registry = RegistryManager.get(dbname) with registry.cursor() as cr: try: u = registry.get('res.users') credentials = u.auth_oauth(cr, SUPERUSER_ID, provider, kw, context=context) cr.commit() action = state.get('a') menu = state.get('m') redirect = werkzeug.url_unquote_plus( state['r']) if state.get('r') else False url = '/web' if redirect: url = redirect elif action: url = '/web#action=%s' % action elif menu: url = '/web#menu_id=%s' % menu resp = login_and_redirect(*credentials, redirect_url=url) #Since /web is hardcoded, verify user has right to land on it if urlparse.urlparse( resp.location).path == '/web' and not request.registry[ 'res.users'].has_group(request.cr, request.uid, 'base.group_user'): resp.location = '/' return resp except AttributeError: # auth_signup is not installed _logger.error( "auth_signup not installed on database %s: oauth sign up cancelled." % (dbname, )) url = "/web/login?oauth_error=1" except openerp.exceptions.AccessDenied: # oauth credentials not valid, user could be on a temporary session _logger.info( 'OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies' ) url = "/web/login?oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception, e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "/web/login?oauth_error=2" return set_cookie_and_redirect(url)
def oea(self, **kw): """login user via Odoo Account provider""" dbname = kw.pop('db', None) if not dbname: dbname = db_monodb() if not dbname: return BadRequest() registry = RegistryManager.get(dbname) with registry.cursor() as cr: IMD = registry['ir.model.data'] try: model, provider_id = IMD.get_object_reference( cr, SUPERUSER_ID, 'auth_oauth', 'provider_openerp') except ValueError: return set_cookie_and_redirect('/web?db=%s' % dbname) assert model == 'auth.oauth.provider' state = { 'd': dbname, 'p': provider_id, 'c': { 'no_user_creation': True }, } kw['state'] = simplejson.dumps(state) return self.signin(**kw)
class OAuthController(oeweb.Controller): _cp_path = '/auth_oauth' @oeweb.jsonrequest def list_providers(self, req, dbname): try: registry = RegistryManager.get(dbname) with registry.cursor() as cr: providers = registry.get('auth.oauth.provider') l = providers.read( cr, SUPERUSER_ID, providers.search(cr, SUPERUSER_ID, [('enabled', '=', True)])) except Exception: l = [] return l @oeweb.httprequest @fragment_to_query_string def signin(self, req, **kw): state = simplejson.loads(kw['state']) dbname = state['d'] provider = state['p'] context = state.get('c', {}) registry = RegistryManager.get(dbname) with registry.cursor() as cr: try: u = registry.get('res.users') credentials = u.auth_oauth(cr, SUPERUSER_ID, provider, kw, context=context) cr.commit() action = state.get('a', None) url = '/#action=' + action if action else '/' return login_and_redirect(req, *credentials, redirect_url=url) except AttributeError: # auth_signup is not installed _logger.error( "auth_signup not installed on database %s: oauth sign up cancelled." % (dbname, )) url = "/#action=login&oauth_error=1" except openerp.exceptions.AccessDenied: # oauth credentials not valid, user could be on a temporary session _logger.info( 'OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies' ) url = "/#action=login&oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception, e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "/#action=login&oauth_error=2" return set_cookie_and_redirect(req, url)
def login(self, request, code=None, error=None, **kward): state = self.retrieve_state(kward.get("state", False)) dbname = self.get_dbname(request, state) result = self._validate_token(request, dbname, code, error) if not result or 'error' in result: return set_cookie_and_redirect( request, '/#action=login&loginerror=1&' + urllib.urlencode(result)) return login_and_redirect(request, dbname, result.get('login', False), result.get('token', False))
def login(self, request, code=None, error=None, **kward): state = self.retrieve_state(kward.get("state", False)) dbname = self.get_dbname(request, state) result = self._validate_token(request, dbname, code, error) if not result or 'error' in result: return set_cookie_and_redirect(request, '/#action=login&loginerror=1&' + urllib.urlencode(result)) return login_and_redirect(request, dbname, result.get('login', False), result.get('token', False))
class OAuthController_extend(OAuthController): @http.route('/auth_oauth/signin', type='http', auth='none') @fragment_to_query_string def signin(self, **kw): kw = simplejson.loads(simplejson.dumps(kw).replace('+', '')) state = simplejson.loads(kw['state']) dbname = state['d'] provider = state['p'] context = state.get('c', {}) registry = RegistryManager.get(dbname) with registry.cursor() as cr: try: u = registry.get('res.users') credentials = u.auth_oauth(cr, SUPERUSER_ID, provider, kw, context=context) cr.commit() action = state.get('a') menu = state.get('m') redirect = werkzeug.url_unquote_plus( state['r']) if state.get('r') else False url = '/web' if redirect: url = redirect elif action: url = '/web#action=%s' % action elif menu: url = '/web#menu_id=%s' % menu return login_and_redirect(*credentials, redirect_url=url) except AttributeError: # auth_signup is not installed _logger.error( "auth_signup not installed on database %s: oauth sign up cancelled." % (dbname, )) url = "/web/login?oauth_error=1" except openerp.exceptions.AccessDenied: # oauth credentials not valid, user could be on a temporary session _logger.info( 'OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies' ) url = "/web/login?oauth_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception, e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "/web/login?oauth_error=2" return set_cookie_and_redirect(url)
class OAuthController(oeweb.Controller): _cp_path = '/auth_oauth' @oeweb.jsonrequest def list_providers(self, req, dbname): try: registry = RegistryManager.get(dbname) with registry.cursor() as cr: providers = registry.get('auth.oauth.provider') l = providers.read( cr, SUPERUSER_ID, providers.search(cr, SUPERUSER_ID, [('enabled', '=', True)])) except Exception: l = [] return l @oeweb.httprequest @fragment_to_query_string def signin(self, req, **kw): state = simplejson.loads(kw['state']) dbname = state['d'] provider = state['p'] context = state.get('c', {}) registry = RegistryManager.get(dbname) with registry.cursor() as cr: try: u = registry.get('res.users') credentials = u.auth_oauth(cr, SUPERUSER_ID, provider, kw, context=context) cr.commit() action = state.get('a', None) url = '/#action=' + action if action else '/' return login_and_redirect(req, *credentials, redirect_url=url) except AttributeError: # auth_signup is not installed _logger.error( "auth_signup not installed on database %s: oauth sign up cancelled." % (dbname, )) url = "/#action=login&oauth_error=1" except Exception, e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "/#action=login&oauth_error=2" return set_cookie_and_redirect(req, url)
def signin(self, **kw): # TODO faltaria implementar el redirect y no hardcodear el my/home ensure_db() partner_uuid = kw['partner_uuid'] dbname = kw.pop('db', None) if not dbname: dbname = db_monodb() if not dbname: return werkzeug.exceptions.BadRequest() registry = RegistryManager.get(dbname) with registry.cursor() as cr: url = '/my/home' try: u = registry.get('res.users') credentials = u.partner_uuid_login( cr, SUPERUSER_ID, partner_uuid) cr.commit() return login_and_redirect(*credentials, redirect_url=url) except: pass return set_cookie_and_redirect(url)
def oea(self, **kw): """login user via OpenERP Account provider""" dbname = kw.pop("db", None) if not dbname: dbname = db_monodb() if not dbname: return BadRequest() registry = RegistryManager.get(dbname) with registry.cursor() as cr: IMD = registry["ir.model.data"] try: model, provider_id = IMD.get_object_reference(cr, SUPERUSER_ID, "auth_oauth", "provider_openerp") except ValueError: return set_cookie_and_redirect("/web?db=%s" % dbname) assert model == "auth.oauth.provider" state = {"d": dbname, "p": provider_id, "c": {"no_user_creation": True}} kw["state"] = simplejson.dumps(state) return self.signin(**kw)
def weixin_signin(self, **kw): #https://baoshunkeji.com/weixin/signin?code=0015b3203e9151b79c93fa46ea0d9aeo&state=test dbname = kw['state'] registry = RegistryManager.get(dbname) with registry.cursor() as cr: try: u = registry.get('res.users') user_ids, token_data = u.weixin_auth_oauth(cr, SUPERUSER_ID, kw) if user_ids: assert len(user_ids) == 1 credentials = u.weixin_auth_signin(cr, SUPERUSER_ID, token_data, user_ids, kw) else: json_token_data = {'openid': token_data['openid'], 'refresh_token': token_data['refresh_token'], 'access_token': token_data['access_token']} url = "/weixin/name_email?" + werkzeug.url_encode(json_token_data) + '&state=' + kw['state'] return set_cookie_and_redirect(url) cr.commit() url='/web' return login_and_redirect(*credentials, redirect_url=url) except Exception, e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "/weixin/login?oauth_error=2"
url = '/#menu_id=%s' % menu return login_and_redirect(req, *credentials, redirect_url=url) except AttributeError, e: print e # auth_signup is not installed _logger.error("auth_signup not installed on database " "%s: saml sign up cancelled." % (dbname,)) url = "/#action=login&saml_error=1" except openerp.exceptions.AccessDenied: # saml credentials not valid, # user could be on a temporary session _logger.info('SAML2: access denied, redirect to main page ' 'in case a valid session exists, ' 'without setting cookies') url = "/#action=login&saml_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception, e: # signup error _logger.exception("SAML2: %s" % str(e)) url = "/#action=login&saml_error=2" return set_cookie_and_redirect(req, url) # vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
url = "/weixin/login?oauth_error=2" return set_cookie_and_redirect(url) return request.render('oauth_weixin.name_email', qcontext) @http.route('/weixin/signin', auth='public', website=True) def weixin_signin(self, **kw): #https://baoshunkeji.com/weixin/signin?code=0015b3203e9151b79c93fa46ea0d9aeo&state=test dbname = kw['state'] registry = RegistryManager.get(dbname) with registry.cursor() as cr: try: u = registry.get('res.users') user_ids, token_data = u.weixin_auth_oauth(cr, SUPERUSER_ID, kw) if user_ids: assert len(user_ids) == 1 credentials = u.weixin_auth_signin(cr, SUPERUSER_ID, token_data, user_ids, kw) else: json_token_data = {'openid': token_data['openid'], 'refresh_token': token_data['refresh_token'], 'access_token': token_data['access_token']} url = "/weixin/name_email?" + werkzeug.url_encode(json_token_data) + '&state=' + kw['state'] return set_cookie_and_redirect(url) cr.commit() url='/web' return login_and_redirect(*credentials, redirect_url=url) except Exception, e: # signup error _logger.exception("OAuth2: %s" % str(e)) url = "/weixin/login?oauth_error=2" return set_cookie_and_redirect(url)
url = "/saas_server/new_database" kw['admin_data'] = simplejson.dumps({ 'user_id': partner_id, 'client_id': provider.client_id, 'email': login, 'name': state['name'] }) full_url = '%s?%s' % (url, werkzeug.url_encode(kw)) _logger.info("\n\nFullURL: %s\n", full_url) return login_and_redirect(*credentials, redirect_url=full_url) else: _logger.exception('OAuth2: No state provided.') url = "/web/login?oauth_error=2" return set_cookie_and_redirect(url) def get_provider(self): imd = request.registry['ir.model.data'] return imd.xmlid_to_object(request.cr, SUPERUSER_ID, 'cenit_saas_server.saas_oauth_provider') def get_demo_plan(self): icp = request.registry.get('ir.config_parameter') name = icp.get_param(request.cr, SUPERUSER_ID, "cenit.plan.demo", default=None) ssp = request.registry.get('saas_server.plan') conditions = [('state', '=', 'confirmed'), ('template', '=', name)]
def doorkeeper_cb(self, **kw): if kw.get('state', False): state = simplejson.loads(kw['state']) master_db = db_monodb() proto, root_url = request.httprequest.url_root.split("://") if not master_db: return BadRequest() if state.get('login', False): login = state['login'] db_prefix = state['login'].split('@')[0] if state.get('demo', False): db_prefix = "%s-%s" % (db_prefix, 'demo') dbname = "%s_%s" % (db_prefix, master_db) redirect = "%s://%s.%s" % (proto, db_prefix, root_url) if not redirect.endswith("/"): redirect += "/" state.update({'d': dbname}) kw['state'] = simplejson.dumps(state) if openerp.service.db.exp_db_exist(dbname): registry = RegistryManager.get(dbname) with registry.cursor() as cr: IMD = registry['ir.model.data'] try: model, provider_id = IMD.get_object_reference( cr, SUPERUSER_ID, 'cenit_saas_server', 'saas_oauth_provider') except ValueError: return set_cookie_and_redirect('/web?db=%s' % dbname) assert model == 'auth.oauth.provider' params = { 'access_token': kw['access_token'], 'state': simplejson.dumps({ 'd': dbname, 'p': provider_id, }), } return werkzeug.utils.redirect( '{host}{controller}?{params}'.format( host=redirect, controller='auth_oauth/signin', params=werkzeug.url_encode(params))) else: _logger.info("\n\nNo existing tenant\n") registry = RegistryManager.get(master_db) if not state.get('name', False): state.update({'name': db_prefix.capitalize()}) if not state.get('organization', False): state.update({'organization': db_prefix.capitalize()}) if state.get('demo', False): plan = self.get_demo_plan() else: if state.get('plan', False): plan = self.get_plan(state.get('plan')) else: plan = self.get_default_plan() state.update({ 'db_template': plan['template'], 'plan': plan['id'] }) kw['state'] = simplejson.dumps(state) try: provider = self.__create_app_for_db(state['d']) partner_id, credentials = self.__signup_user(provider, kw) request.cr.commit() except Exception, e: _logger.exception(e) url = "/web/login?oauth_error=2" return set_cookie_and_redirect(url) url = "/saas_server/new_database" kw['admin_data'] = simplejson.dumps({ 'user_id': partner_id, 'client_id': provider.client_id, 'email': login, 'name': state['name'] }) full_url = '%s?%s' % (url, werkzeug.url_encode(kw)) _logger.info("\n\nFullURL: %s\n", full_url) return login_and_redirect(*credentials, redirect_url=full_url)
def doorkeeper_cb (self, **kw): if kw.get('state', False): state = simplejson.loads(kw['state']) master_db = db_monodb () proto, root_url = request.httprequest.url_root.split ("://") if not master_db: return BadRequest() if state.get ('login', False): login = state['login'] db_prefix = state['login'].split ('@')[0] if state.get ('demo', False): db_prefix = "%s-%s" % (db_prefix, 'demo') dbname = "%s_%s" %(db_prefix, master_db) redirect = "%s://%s.%s" %(proto, db_prefix, root_url) if not redirect.endswith ("/"): redirect += "/" state.update ({'d': dbname}) kw['state'] = simplejson.dumps (state) if openerp.service.db.exp_db_exist (dbname): registry = RegistryManager.get (dbname) with registry.cursor() as cr: IMD = registry['ir.model.data'] try: model, provider_id = IMD.get_object_reference( cr, SUPERUSER_ID, 'cenit_saas_server', 'saas_oauth_provider' ) except ValueError: return set_cookie_and_redirect('/web?db=%s' % dbname) assert model == 'auth.oauth.provider' params = { 'access_token': kw['access_token'], 'state': simplejson.dumps({ 'd': dbname, 'p': provider_id, }), } return werkzeug.utils.redirect('{host}{controller}?{params}'.format( host = redirect, controller = 'auth_oauth/signin', params = werkzeug.url_encode(params) ) ) else: _logger.info ("\n\nNo existing tenant\n") registry = RegistryManager.get (master_db) if not state.get ('name', False): state.update ({ 'name': db_prefix.capitalize () }) if not state.get ('organization', False): state.update ({ 'organization': db_prefix.capitalize () }) if state.get ('demo', False): plan = self.get_demo_plan () else: if state.get ('plan', False): plan = self.get_plan (state.get ('plan')) else: plan = self.get_default_plan () state.update ({ 'db_template': plan['template'], 'plan': plan['id'] }) kw['state'] = simplejson.dumps (state) try: provider = self.__create_app_for_db (state['d']) partner_id, credentials = self.__signup_user (provider, kw) request.cr.commit () except Exception, e: _logger.exception (e) url = "/web/login?oauth_error=2" return set_cookie_and_redirect (url) url = "/saas_server/new_database" kw['admin_data'] = simplejson.dumps ({ 'user_id': partner_id, 'client_id': provider.client_id, 'email': login, 'name': state['name'] }) full_url = '%s?%s' % (url, werkzeug.url_encode(kw)) _logger.info ("\n\nFullURL: %s\n", full_url) return login_and_redirect (*credentials, redirect_url=full_url)
def process(self, **kw): session = getattr(request.session, 'openid_session', None) if not session: return set_cookie_and_redirect('/') oidconsumer = consumer.Consumer(session, self._store, consumer_class=GoogleAppsAwareConsumer) query = request.httprequest.args info = oidconsumer.complete(query, request.httprequest.base_url) display_identifier = info.getDisplayIdentifier() session['status'] = info.status if info.status == consumer.SUCCESS: dbname = session['dbname'] registry = RegistryManager.get(dbname) with registry.cursor() as cr: Modules = registry.get('ir.module.module') installed = Modules.search_count(cr, SUPERUSER_ID, ['&', ('name', '=', 'auth_openid'), ('state', '=', 'installed')]) == 1 if installed: Users = registry.get('res.users') #openid_url = info.endpoint.canonicalID or display_identifier openid_url = session['openid_url'] attrs = self._get_attributes_from_success_response(info) attrs['openid_url'] = openid_url session['attributes'] = attrs openid_email = attrs.get('email', False) domain = [] if openid_email: domain += ['|', ('openid_email', '=', False)] domain += [('openid_email', '=', openid_email)] domain += [('openid_url', '=', openid_url), ('active', '=', True)] ids = Users.search(cr, SUPERUSER_ID, domain) assert len(ids) < 2 if ids: user_id = ids[0] login = Users.browse(cr, SUPERUSER_ID, user_id).login key = randomString(utils.KEY_LENGTH, '0123456789abcdef') Users.write(cr, SUPERUSER_ID, [user_id], {'openid_key': key}) # TODO fill empty fields with the ones from sreg/ax cr.commit() return login_and_redirect(dbname, login, key) session['message'] = 'This OpenID identifier is not associated to any active users' elif info.status == consumer.SETUP_NEEDED: session['message'] = info.setup_url elif info.status == consumer.FAILURE and display_identifier: fmt = "Verification of %s failed: %s" session['message'] = fmt % (display_identifier, info.message) else: # FAILURE # Either we don't understand the code or there is no # openid_url included with the error. Give a generic # failure message. The library should supply debug # information in a log. session['message'] = 'Verification failed.' return set_cookie_and_redirect('/#action=login&loginerror=1')
def process(self, req, **kw): session = getattr(req.session, "openid_session", None) if not session: return set_cookie_and_redirect(req, "/") oidconsumer = consumer.Consumer(session, self._store, consumer_class=GoogleAppsAwareConsumer) query = req.httprequest.args info = oidconsumer.complete(query, req.httprequest.base_url) display_identifier = info.getDisplayIdentifier() session["status"] = info.status if info.status == consumer.SUCCESS: dbname = session["dbname"] registry = RegistryManager.get(dbname) with registry.cursor() as cr: Modules = registry.get("ir.module.module") installed = ( Modules.search_count( cr, SUPERUSER_ID, ["&", ("name", "=", "auth_openid"), ("state", "=", "installed")] ) == 1 ) if installed: Users = registry.get("res.users") # openid_url = info.endpoint.canonicalID or display_identifier openid_url = session["openid_url"] attrs = self._get_attributes_from_success_response(info) attrs["openid_url"] = openid_url session["attributes"] = attrs openid_email = attrs.get("email", False) domain = [] if openid_email: domain += ["|", ("openid_email", "=", False)] domain += [("openid_email", "=", openid_email)] domain += [("openid_url", "=", openid_url), ("active", "=", True)] ids = Users.search(cr, SUPERUSER_ID, domain) assert len(ids) < 2 if ids: user_id = ids[0] login = Users.browse(cr, SUPERUSER_ID, user_id).login key = randomString(utils.KEY_LENGTH, "0123456789abcdef") Users.write(cr, SUPERUSER_ID, [user_id], {"openid_key": key}) # TODO fill empty fields with the ones from sreg/ax cr.commit() return login_and_redirect(req, dbname, login, key) session["message"] = "This OpenID identifier is not associated to any active users" elif info.status == consumer.SETUP_NEEDED: session["message"] = info.setup_url elif info.status == consumer.FAILURE and display_identifier: fmt = "Verification of %s failed: %s" session["message"] = fmt % (display_identifier, info.message) else: # FAILURE # Either we don't understand the code or there is no # openid_url included with the error. Give a generic # failure message. The library should supply debug # information in a log. session["message"] = "Verification failed." return set_cookie_and_redirect(req, "/#action=login&loginerror=1")
return login_and_redirect(req, *credentials, redirect_url=url) except AttributeError, e: print e # auth_signup is not installed _logger.error("auth_signup not installed on database " "%s: saml sign up cancelled." % (dbname, )) url = "/#action=login&saml_error=1" except openerp.exceptions.AccessDenied: # saml credentials not valid, # user could be on a temporary session _logger.info('SAML2: access denied, redirect to main page ' 'in case a valid session exists, ' 'without setting cookies') url = "/#action=login&saml_error=3" redirect = werkzeug.utils.redirect(url, 303) redirect.autocorrect_location_header = False return redirect except Exception, e: # signup error _logger.exception("SAML2: %s" % str(e)) url = "/#action=login&saml_error=2" return set_cookie_and_redirect(req, url) # vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4: