9 from openerp.addons.auth_signup.res_users import SignupError
10 from openerp.osv import osv, fields
11 from openerp import SUPERUSER_ID
13 _logger = logging.getLogger(__name__)
15 class res_users(osv.Model):
16 _inherit = 'res.users'
19 'oauth_provider_id': fields.many2one('auth.oauth.provider', 'OAuth Provider'),
20 'oauth_uid': fields.char('OAuth User ID', help="Oauth Provider user_id"),
21 'oauth_access_token': fields.char('OAuth Access Token', readonly=True),
25 ('uniq_users_oauth_provider_oauth_uid', 'unique(oauth_provider_id, oauth_uid)', 'OAuth UID must be unique per provider'),
28 def _auth_oauth_rpc(self, cr, uid, endpoint, access_token, context=None):
29 params = werkzeug.url_encode({'access_token': access_token})
30 if urlparse.urlparse(endpoint)[4]:
31 url = endpoint + '&' + params
33 url = endpoint + '?' + params
34 f = urllib2.urlopen(url)
36 return simplejson.loads(response)
38 def _auth_oauth_validate(self, cr, uid, provider, access_token, context=None):
39 """ return the validation data corresponding to the access token """
40 p = self.pool.get('auth.oauth.provider').browse(cr, uid, provider, context=context)
41 validation = self._auth_oauth_rpc(cr, uid, p.validation_endpoint, access_token)
42 if validation.get("error"):
43 raise Exception(validation['error'])
45 data = self._auth_oauth_rpc(cr, uid, p.data_endpoint, access_token)
46 validation.update(data)
49 def _auth_oauth_signin(self, cr, uid, provider, validation, params, context=None):
50 """ retrieve and sign in the user corresponding to provider and validated access token
51 :param provider: oauth provider id (int)
52 :param validation: result of validation of access token (dict)
53 :param params: oauth parameters (dict)
54 :return: user login (str)
55 :raise: openerp.exceptions.AccessDenied if signin failed
57 This method can be overridden to add alternative signin methods.
60 oauth_uid = validation['user_id']
61 user_ids = self.search(cr, uid, [("oauth_uid", "=", oauth_uid), ('oauth_provider_id', '=', provider)])
63 raise openerp.exceptions.AccessDenied()
64 assert len(user_ids) == 1
65 user = self.browse(cr, uid, user_ids[0], context=context)
66 user.write({'oauth_access_token': params['access_token']})
68 except openerp.exceptions.AccessDenied, access_denied_exception:
69 if context and context.get('no_user_creation'):
71 state = simplejson.loads(params['state'])
72 token = state.get('t')
73 oauth_uid = validation['user_id']
74 email = validation.get('email', 'provider_%s_user_%s' % (provider, oauth_uid))
75 name = validation.get('name', email)
80 'oauth_provider_id': provider,
81 'oauth_uid': oauth_uid,
82 'oauth_access_token': params['access_token'],
86 _, login, _ = self.signup(cr, uid, values, token, context=context)
89 raise access_denied_exception
91 def auth_oauth(self, cr, uid, provider, params, context=None):
92 # Advice by Google (to avoid Confused Deputy Problem)
93 # if validation.audience != OUR_CLIENT_ID:
96 # continue with the process
97 access_token = params.get('access_token')
98 validation = self._auth_oauth_validate(cr, uid, provider, access_token)
100 if not validation.get('user_id'):
101 raise openerp.exceptions.AccessDenied()
102 # retrieve and sign in user
103 login = self._auth_oauth_signin(cr, uid, provider, validation, params, context=context)
105 raise openerp.exceptions.AccessDenied()
106 # return user credentials
107 return (cr.dbname, login, access_token)
109 def check_credentials(self, cr, uid, password):
111 return super(res_users, self).check_credentials(cr, uid, password)
112 except openerp.exceptions.AccessDenied:
113 res = self.search(cr, SUPERUSER_ID, [('id', '=', uid), ('oauth_access_token', '=', password)])