From 4d376bd79b3a67f98a2b3e60974984c78cbf89e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Bidoul?= Date: Tue, 20 Apr 2021 11:54:11 +0200 Subject: [PATCH 01/23] [ADD] auth_oauth_autologin --- auth_oauth_autologin/README.rst | 92 ++++ auth_oauth_autologin/__init__.py | 2 + auth_oauth_autologin/__manifest__.py | 16 + auth_oauth_autologin/controllers/__init__.py | 1 + auth_oauth_autologin/controllers/main.py | 35 ++ auth_oauth_autologin/models/__init__.py | 1 + .../models/auth_oauth_provider.py | 16 + auth_oauth_autologin/readme/CONFIGURE.rst | 19 + auth_oauth_autologin/readme/DESCRIPTION.rst | 3 + auth_oauth_autologin/readme/USAGE.rst | 3 + .../static/description/icon.png | Bin 0 -> 9455 bytes .../static/description/index.html | 433 ++++++++++++++++++ auth_oauth_autologin/tests/__init__.py | 1 + .../tests/test_auth_oauth_autologin.py | 41 ++ .../views/auth_oauth_provider.xml | 23 + 15 files changed, 686 insertions(+) create mode 100644 auth_oauth_autologin/README.rst create mode 100644 auth_oauth_autologin/__init__.py create mode 100644 auth_oauth_autologin/__manifest__.py create mode 100644 auth_oauth_autologin/controllers/__init__.py create mode 100644 auth_oauth_autologin/controllers/main.py create mode 100644 auth_oauth_autologin/models/__init__.py create mode 100644 auth_oauth_autologin/models/auth_oauth_provider.py create mode 100644 auth_oauth_autologin/readme/CONFIGURE.rst create mode 100644 auth_oauth_autologin/readme/DESCRIPTION.rst create mode 100644 auth_oauth_autologin/readme/USAGE.rst create mode 100644 auth_oauth_autologin/static/description/icon.png create mode 100644 auth_oauth_autologin/static/description/index.html create mode 100644 auth_oauth_autologin/tests/__init__.py create mode 100644 auth_oauth_autologin/tests/test_auth_oauth_autologin.py create mode 100644 auth_oauth_autologin/views/auth_oauth_provider.xml diff --git a/auth_oauth_autologin/README.rst b/auth_oauth_autologin/README.rst new file mode 100644 index 0000000000..106620d266 --- /dev/null +++ b/auth_oauth_autologin/README.rst @@ -0,0 +1,92 @@ +==================== +Auth Oauth Autologin +==================== + +.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! This file is generated by oca-gen-addon-readme !! + !! changes will be overwritten. !! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png + :target: https://odoo-community.org/page/development-status + :alt: Beta +.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png + :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html + :alt: License: AGPL-3 +.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github + :target: https://github.com/OCA/server-auth/tree/13.0/auth_oauth_autologin + :alt: OCA/server-auth +.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png + :target: https://translation.odoo-community.org/projects/server-auth-13-0/server-auth-13-0-auth_oauth_autologin + :alt: Translate me on Weblate +.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png + :target: https://runbot.odoo-community.org/runbot/251/13.0 + :alt: Try me on Runbot + +|badge1| |badge2| |badge3| |badge4| |badge5| + +This modules implements an automatic redirection to the configured OAuth +provider login page, if there is one and only one enabled. This effectively +makes the regular Odoo login screen invisible in normal circumstances. + +**Table of contents** + +.. contents:: + :local: + +Configuration +============= + +Configure OAuth providers in Settings > Users and Companies, and make sure +there is only one that has the enabled flag set. + +When this is done, users visiting the login page (/web/login), or being +redirected to it because they are not authenticated yet, will be redirected to +the identity provider login page instead of the regular Odoo login page. + +Be aware that this module does not actively prevent users from authenticating +with an login and password stored in the Odoo database. In some unusual +circumstances (such as identity provider errors), the regular Odoo login may +still be displayed. Securely disabling Odoo login and password, if needed, +should be the topic of another module. + +Also be aware that this has a possibly surprising effect on the logout menu +item. When the user logs out of Odoo, a redirect to the login page happens. The +login page in turn redirects to the identity provider, which, if the user is +already authenticated there, automatically logs the user back in Odoo, in a +fresh session. + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues `_. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us smashing it by providing a detailed and welcomed +`feedback `_. + +Do not contact contributors directly about support or help with technical issues. + +Credits +======= + +Authors +~~~~~~~ + +* ACSONE SA/NV + +Maintainers +~~~~~~~~~~~ + +This module is maintained by the OCA. + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +This module is part of the `OCA/server-auth `_ project on GitHub. + +You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/auth_oauth_autologin/__init__.py b/auth_oauth_autologin/__init__.py new file mode 100644 index 0000000000..91c5580fed --- /dev/null +++ b/auth_oauth_autologin/__init__.py @@ -0,0 +1,2 @@ +from . import controllers +from . import models diff --git a/auth_oauth_autologin/__manifest__.py b/auth_oauth_autologin/__manifest__.py new file mode 100644 index 0000000000..3b515923ed --- /dev/null +++ b/auth_oauth_autologin/__manifest__.py @@ -0,0 +1,16 @@ +# Copyright 2021 ACSONE SA/NV +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +{ + "name": "Auth Oauth Autologin", + "summary": """ + Automatically redirect to the OAuth provider for login""", + "version": "13.0.1.0.0", + "license": "AGPL-3", + "author": "ACSONE SA/NV,Odoo Community Association (OCA)", + "maintainers": ["sbidoul"], + "website": "https://github.com/OCA/server-auth", + "depends": ["auth_oauth"], + "data": ["views/auth_oauth_provider.xml"], + "demo": [], +} diff --git a/auth_oauth_autologin/controllers/__init__.py b/auth_oauth_autologin/controllers/__init__.py new file mode 100644 index 0000000000..12a7e529b6 --- /dev/null +++ b/auth_oauth_autologin/controllers/__init__.py @@ -0,0 +1 @@ +from . import main diff --git a/auth_oauth_autologin/controllers/main.py b/auth_oauth_autologin/controllers/main.py new file mode 100644 index 0000000000..42a9bb28be --- /dev/null +++ b/auth_oauth_autologin/controllers/main.py @@ -0,0 +1,35 @@ +# Copyright 2021 ACSONE SA/NV +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +import werkzeug + +from odoo import http + +from odoo.addons.auth_oauth.controllers.main import OAuthLogin + + +class OAuthAutoLogin(OAuthLogin): + def _autologin_disabled(self): + return ( + "no_autologin" in http.request.params + or "oauth_error" in http.request.params + or "error" in http.request.params + ) + + def _autologin_link(self): + providers = [p for p in self.list_providers() if p.get("autologin")] + if len(providers) == 1: + return providers[0].get("auth_link") + + @http.route() + def web_login(self, *args, **kw): + response = super().web_login(*args, **kw) + if not response.is_qweb: + # presumably a redirect already + return response + if self._autologin_disabled(): + return response + auth_link = self._autologin_link() + if not auth_link: + return response + return werkzeug.utils.redirect(auth_link, 303) diff --git a/auth_oauth_autologin/models/__init__.py b/auth_oauth_autologin/models/__init__.py new file mode 100644 index 0000000000..4bc62d3ab5 --- /dev/null +++ b/auth_oauth_autologin/models/__init__.py @@ -0,0 +1 @@ +from . import auth_oauth_provider diff --git a/auth_oauth_autologin/models/auth_oauth_provider.py b/auth_oauth_autologin/models/auth_oauth_provider.py new file mode 100644 index 0000000000..6abefad5e9 --- /dev/null +++ b/auth_oauth_autologin/models/auth_oauth_provider.py @@ -0,0 +1,16 @@ +# Copyright 2021 ACSONE SA/NV +# License: AGPL-3.0 or later (http://www.gnu.org/licenses/agpl) + +from odoo import fields, models + + +class AuthOauthProvider(models.Model): + _inherit = "auth.oauth.provider" + + autologin = fields.Boolean( + string="Automatic Login", + help=( + "If exactly one enabled provider has this checked, " + "the login screen redirects to the OAuth provider." + ), + ) diff --git a/auth_oauth_autologin/readme/CONFIGURE.rst b/auth_oauth_autologin/readme/CONFIGURE.rst new file mode 100644 index 0000000000..99464d82ba --- /dev/null +++ b/auth_oauth_autologin/readme/CONFIGURE.rst @@ -0,0 +1,19 @@ +Configure OAuth providers in Settings > Users and Companies, and make sure +there is one and only one that has both the enabled and automatic login flags +set. + +When this is done, users visiting the login page (/web/login), or being +redirected to it because they are not authenticated yet, will be redirected to +the identity provider login page instead of the regular Odoo login page. + +Be aware that this module does not actively prevent users from authenticating +with an login and password stored in the Odoo database. In some unusual +circumstances (such as identity provider errors), the regular Odoo login may +still be displayed. Securely disabling Odoo login and password, if needed, +should be the topic of another module. + +Also be aware that this has a possibly surprising effect on the logout menu +item. When the user logs out of Odoo, a redirect to the login page happens. The +login page in turn redirects to the identity provider, which, if the user is +already authenticated there, automatically logs the user back in Odoo, in a +fresh session. diff --git a/auth_oauth_autologin/readme/DESCRIPTION.rst b/auth_oauth_autologin/readme/DESCRIPTION.rst new file mode 100644 index 0000000000..24021db9af --- /dev/null +++ b/auth_oauth_autologin/readme/DESCRIPTION.rst @@ -0,0 +1,3 @@ +This modules implements an automatic redirection to the configured OAuth +provider login page, if there is one and only one enabled. This effectively +makes the regular Odoo login screen invisible in normal circumstances. diff --git a/auth_oauth_autologin/readme/USAGE.rst b/auth_oauth_autologin/readme/USAGE.rst new file mode 100644 index 0000000000..d2cf4360b6 --- /dev/null +++ b/auth_oauth_autologin/readme/USAGE.rst @@ -0,0 +1,3 @@ +When configured, the Odoo login page redirects to the OAuth identify provider +for authentication and login in Odoo. To access the regular Odoo login page, +visit ``/web/login?no_autologin``. diff --git a/auth_oauth_autologin/static/description/icon.png b/auth_oauth_autologin/static/description/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..3a0328b516c4980e8e44cdb63fd945757ddd132d GIT binary patch literal 9455 zcmW++2RxMjAAjx~&dlBk9S+%}OXg)AGE&Cb*&}d0jUxM@u(PQx^-s)697TX`ehR4?GS^qbkof1cslKgkU)h65qZ9Oc=ml_0temigYLJfnz{IDzUf>bGs4N!v3=Z3jMq&A#7%rM5eQ#dc?k~! zVpnB`o+K7|Al`Q_U;eD$B zfJtP*jH`siUq~{KE)`jP2|#TUEFGRryE2`i0**z#*^6~AI|YzIWy$Cu#CSLW3q=GA z6`?GZymC;dCPk~rBS%eCb`5OLr;RUZ;D`}um=H)BfVIq%7VhiMr)_#G0N#zrNH|__ zc+blN2UAB0=617@>_u;MPHN;P;N#YoE=)R#i$k_`UAA>WWCcEVMh~L_ zj--gtp&|K1#58Yz*AHCTMziU1Jzt_jG0I@qAOHsk$2}yTmVkBp_eHuY$A9)>P6o~I z%aQ?!(GqeQ-Y+b0I(m9pwgi(IIZZzsbMv+9w{PFtd_<_(LA~0H(xz{=FhLB@(1&qHA5EJw1>>=%q2f&^X>IQ{!GJ4e9U z&KlB)z(84HmNgm2hg2C0>WM{E(DdPr+EeU_N@57;PC2&DmGFW_9kP&%?X4}+xWi)( z;)z%wI5>D4a*5XwD)P--sPkoY(a~WBw;E~AW`Yue4kFa^LM3X`8x|}ZUeMnqr}>kH zG%WWW>3ml$Yez?i%)2pbKPI7?5o?hydokgQyZsNEr{a|mLdt;X2TX(#B1j35xPnPW z*bMSSOauW>o;*=kO8ojw91VX!qoOQb)zHJ!odWB}d+*K?#sY_jqPdg{Sm2HdYzdEx zOGVPhVRTGPtv0o}RfVP;Nd(|CB)I;*t&QO8h zFfekr30S!-LHmV_Su-W+rEwYXJ^;6&3|L$mMC8*bQptyOo9;>Qb9Q9`ySe3%V$A*9 zeKEe+b0{#KWGp$F+tga)0RtI)nhMa-K@JS}2krK~n8vJ=Ngm?R!9G<~RyuU0d?nz# z-5EK$o(!F?hmX*2Yt6+coY`6jGbb7tF#6nHA zuKk=GGJ;ZwON1iAfG$E#Y7MnZVmrY|j0eVI(DN_MNFJmyZ|;w4tf@=CCDZ#5N_0K= z$;R~bbk?}TpfDjfB&aiQ$VA}s?P}xPERJG{kxk5~R`iRS(SK5d+Xs9swCozZISbnS zk!)I0>t=A<-^z(cmSFz3=jZ23u13X><0b)P)^1T_))Kr`e!-pb#q&J*Q`p+B6la%C zuVl&0duN<;uOsB3%T9Fp8t{ED108<+W(nOZd?gDnfNBC3>M8WE61$So|P zVvqH0SNtDTcsUdzaMDpT=Ty0pDHHNL@Z0w$Y`XO z2M-_r1S+GaH%pz#Uy0*w$Vdl=X=rQXEzO}d6J^R6zjM1u&c9vYLvLp?W7w(?np9x1 zE_0JSAJCPB%i7p*Wvg)pn5T`8k3-uR?*NT|J`eS#_#54p>!p(mLDvmc-3o0mX*mp_ zN*AeS<>#^-{S%W<*mz^!X$w_2dHWpcJ6^j64qFBft-o}o_Vx80o0>}Du;>kLts;$8 zC`7q$QI(dKYG`Wa8#wl@V4jVWBRGQ@1dr-hstpQL)Tl+aqVpGpbSfN>5i&QMXfiZ> zaA?T1VGe?rpQ@;+pkrVdd{klI&jVS@I5_iz!=UMpTsa~mBga?1r}aRBm1WS;TT*s0f0lY=JBl66Upy)-k4J}lh=P^8(SXk~0xW=T9v*B|gzIhN z>qsO7dFd~mgxAy4V?&)=5ieYq?zi?ZEoj)&2o)RLy=@hbCRcfT5jigwtQGE{L*8<@Yd{zg;CsL5mvzfDY}P-wos_6PfprFVaeqNE%h zKZhLtcQld;ZD+>=nqN~>GvROfueSzJD&BE*}XfU|H&(FssBqY=hPCt`d zH?@s2>I(|;fcW&YM6#V#!kUIP8$Nkdh0A(bEVj``-AAyYgwY~jB zT|I7Bf@%;7aL7Wf4dZ%VqF$eiaC38OV6oy3Z#TER2G+fOCd9Iaoy6aLYbPTN{XRPz z;U!V|vBf%H!}52L2gH_+j;`bTcQRXB+y9onc^wLm5wi3-Be}U>k_u>2Eg$=k!(l@I zcCg+flakT2Nej3i0yn+g+}%NYb?ta;R?(g5SnwsQ49U8Wng8d|{B+lyRcEDvR3+`O{zfmrmvFrL6acVP%yG98X zo&+VBg@px@i)%o?dG(`T;n*$S5*rnyiR#=wW}}GsAcfyQpE|>a{=$Hjg=-*_K;UtD z#z-)AXwSRY?OPefw^iI+ z)AXz#PfEjlwTes|_{sB?4(O@fg0AJ^g8gP}ex9Ucf*@_^J(s_5jJV}c)s$`Myn|Kd z$6>}#q^n{4vN@+Os$m7KV+`}c%4)4pv@06af4-x5#wj!KKb%caK{A&Y#Rfs z-po?Dcb1({W=6FKIUirH&(yg=*6aLCekcKwyfK^JN5{wcA3nhO(o}SK#!CINhI`-I z1)6&n7O&ZmyFMuNwvEic#IiOAwNkR=u5it{B9n2sAJV5pNhar=j5`*N!Na;c7g!l$ z3aYBqUkqqTJ=Re-;)s!EOeij=7SQZ3Hq}ZRds%IM*PtM$wV z@;rlc*NRK7i3y5BETSKuumEN`Xu_8GP1Ri=OKQ$@I^ko8>H6)4rjiG5{VBM>B|%`&&s^)jS|-_95&yc=GqjNo{zFkw%%HHhS~e=s zD#sfS+-?*t|J!+ozP6KvtOl!R)@@-z24}`9{QaVLD^9VCSR2b`b!KC#o;Ki<+wXB6 zx3&O0LOWcg4&rv4QG0)4yb}7BFSEg~=IR5#ZRj8kg}dS7_V&^%#Do==#`u zpy6{ox?jWuR(;pg+f@mT>#HGWHAJRRDDDv~@(IDw&R>9643kK#HN`!1vBJHnC+RM&yIh8{gG2q zA%e*U3|N0XSRa~oX-3EAneep)@{h2vvd3Xvy$7og(sayr@95+e6~Xvi1tUqnIxoIH zVWo*OwYElb#uyW{Imam6f2rGbjR!Y3`#gPqkv57dB6K^wRGxc9B(t|aYDGS=m$&S!NmCtrMMaUg(c zc2qC=2Z`EEFMW-me5B)24AqF*bV5Dr-M5ig(l-WPS%CgaPzs6p_gnCIvTJ=Y<6!gT zVt@AfYCzjjsMEGi=rDQHo0yc;HqoRNnNFeWZgcm?f;cp(6CNylj36DoL(?TS7eU#+ z7&mfr#y))+CJOXQKUMZ7QIdS9@#-}7y2K1{8)cCt0~-X0O!O?Qx#E4Og+;A2SjalQ zs7r?qn0H044=sDN$SRG$arw~n=+T_DNdSrarmu)V6@|?1-ZB#hRn`uilTGPJ@fqEy zGt(f0B+^JDP&f=r{#Y_wi#AVDf-y!RIXU^0jXsFpf>=Ji*TeqSY!H~AMbJdCGLhC) zn7Rx+sXw6uYj;WRYrLd^5IZq@6JI1C^YkgnedZEYy<&4(z%Q$5yv#Boo{AH8n$a zhb4Y3PWdr269&?V%uI$xMcUrMzl=;w<_nm*qr=c3Rl@i5wWB;e-`t7D&c-mcQl7x! zZWB`UGcw=Y2=}~wzrfLx=uet<;m3~=8I~ZRuzvMQUQdr+yTV|ATf1Uuomr__nDf=X zZ3WYJtHp_ri(}SQAPjv+Y+0=fH4krOP@S&=zZ-t1jW1o@}z;xk8 z(Nz1co&El^HK^NrhVHa-_;&88vTU>_J33=%{if;BEY*J#1n59=07jrGQ#IP>@u#3A z;!q+E1Rj3ZJ+!4bq9F8PXJ@yMgZL;>&gYA0%_Kbi8?S=XGM~dnQZQ!yBSgcZhY96H zrWnU;k)qy`rX&&xlDyA%(a1Hhi5CWkmg(`Gb%m(HKi-7Z!LKGRP_B8@`7&hdDy5n= z`OIxqxiVfX@OX1p(mQu>0Ai*v_cTMiw4qRt3~NBvr9oBy0)r>w3p~V0SCm=An6@3n)>@z!|o-$HvDK z|3D2ZMJkLE5loMKl6R^ez@Zz%S$&mbeoqH5`Bb){Ei21q&VP)hWS2tjShfFtGE+$z zzCR$P#uktu+#!w)cX!lWN1XU%K-r=s{|j?)Akf@q#3b#{6cZCuJ~gCxuMXRmI$nGtnH+-h z+GEi!*X=AP<|fG`1>MBdTb?28JYc=fGvAi2I<$B(rs$;eoJCyR6_bc~p!XR@O-+sD z=eH`-ye})I5ic1eL~TDmtfJ|8`0VJ*Yr=hNCd)G1p2MMz4C3^Mj?7;!w|Ly%JqmuW zlIEW^Ft%z?*|fpXda>Jr^1noFZEwFgVV%|*XhH@acv8rdGxeEX{M$(vG{Zw+x(ei@ zmfXb22}8-?Fi`vo-YVrTH*C?a8%M=Hv9MqVH7H^J$KsD?>!SFZ;ZsvnHr_gn=7acz z#W?0eCdVhVMWN12VV^$>WlQ?f;P^{(&pYTops|btm6aj>_Uz+hqpGwB)vWp0Cf5y< zft8-je~nn?W11plq}N)4A{l8I7$!ks_x$PXW-2XaRFswX_BnF{R#6YIwMhAgd5F9X zGmwdadS6(a^fjHtXg8=l?Rc0Sm%hk6E9!5cLVloEy4eh(=FwgP`)~I^5~pBEWo+F6 zSf2ncyMurJN91#cJTy_u8Y}@%!bq1RkGC~-bV@SXRd4F{R-*V`bS+6;W5vZ(&+I<9$;-V|eNfLa5n-6% z2(}&uGRF;p92eS*sE*oR$@pexaqr*meB)VhmIg@h{uzkk$9~qh#cHhw#>O%)b@+(| z^IQgqzuj~Sk(J;swEM-3TrJAPCq9k^^^`q{IItKBRXYe}e0Tdr=Huf7da3$l4PdpwWDop%^}n;dD#K4s#DYA8SHZ z&1!riV4W4R7R#C))JH1~axJ)RYnM$$lIR%6fIVA@zV{XVyx}C+a-Dt8Y9M)^KU0+H zR4IUb2CJ{Hg>CuaXtD50jB(_Tcx=Z$^WYu2u5kubqmwp%drJ6 z?Fo40g!Qd<-l=TQxqHEOuPX0;^z7iX?Ke^a%XT<13TA^5`4Xcw6D@Ur&VT&CUe0d} z1GjOVF1^L@>O)l@?bD~$wzgf(nxX1OGD8fEV?TdJcZc2KoUe|oP1#=$$7ee|xbY)A zDZq+cuTpc(fFdj^=!;{k03C69lMQ(|>uhRfRu%+!k&YOi-3|1QKB z z?n?eq1XP>p-IM$Z^C;2L3itnbJZAip*Zo0aw2bs8@(s^~*8T9go!%dHcAz2lM;`yp zD=7&xjFV$S&5uDaiScyD?B-i1ze`+CoRtz`Wn+Zl&#s4&}MO{@N!ufrzjG$B79)Y2d3tBk&)TxUTw@QS0TEL_?njX|@vq?Uz(nBFK5Pq7*xj#u*R&i|?7+6# z+|r_n#SW&LXhtheZdah{ZVoqwyT{D>MC3nkFF#N)xLi{p7J1jXlmVeb;cP5?e(=f# zuT7fvjSbjS781v?7{)-X3*?>tq?)Yd)~|1{BDS(pqC zC}~H#WXlkUW*H5CDOo<)#x7%RY)A;ShGhI5s*#cRDA8YgqG(HeKDx+#(ZQ?386dv! zlXCO)w91~Vw4AmOcATuV653fa9R$fyK8ul%rG z-wfS zihugoZyr38Im?Zuh6@RcF~t1anQu7>#lPpb#}4cOA!EM11`%f*07RqOVkmX{p~KJ9 z^zP;K#|)$`^Rb{rnHGH{~>1(fawV0*Z#)}M`m8-?ZJV<+e}s9wE# z)l&az?w^5{)`S(%MRzxdNqrs1n*-=jS^_jqE*5XDrA0+VE`5^*p3CuM<&dZEeCjoz zR;uu_H9ZPZV|fQq`Cyw4nscrVwi!fE6ciMmX$!_hN7uF;jjKG)d2@aC4ropY)8etW=xJvni)8eHi`H$%#zn^WJ5NLc-rqk|u&&4Z6fD_m&JfSI1Bvb?b<*n&sfl0^t z=HnmRl`XrFvMKB%9}>PaA`m-fK6a0(8=qPkWS5bb4=v?XcWi&hRY?O5HdulRi4?fN zlsJ*N-0Qw+Yic@s0(2uy%F@ib;GjXt01Fmx5XbRo6+n|pP(&nodMoap^z{~q ziEeaUT@Mxe3vJSfI6?uLND(CNr=#^W<1b}jzW58bIfyWTDle$mmS(|x-0|2UlX+9k zQ^EX7Nw}?EzVoBfT(-LT|=9N@^hcn-_p&sqG z&*oVs2JSU+N4ZD`FhCAWaS;>|wH2G*Id|?pa#@>tyxX`+4HyIArWDvVrX)2WAOQff z0qyHu&-S@i^MS-+j--!pr4fPBj~_8({~e1bfcl0wI1kaoN>mJL6KUPQm5N7lB(ui1 zE-o%kq)&djzWJ}ob<-GfDlkB;F31j-VHKvQUGQ3sp`CwyGJk_i!y^sD0fqC@$9|jO zOqN!r!8-p==F@ZVP=U$qSpY(gQ0)59P1&t@y?5rvg<}E+GB}26NYPp4f2YFQrQtot5mn3wu_qprZ=>Ig-$ zbW26Ws~IgY>}^5w`vTB(G`PTZaDiGBo5o(tp)qli|NeV( z@H_=R8V39rt5J5YB2Ky?4eJJ#b`_iBe2ot~6%7mLt5t8Vwi^Jy7|jWXqa3amOIoRb zOr}WVFP--DsS`1WpN%~)t3R!arKF^Q$e12KEqU36AWwnCBICpH4XCsfnyrHr>$I$4 z!DpKX$OKLWarN7nv@!uIA+~RNO)l$$w}p(;b>mx8pwYvu;dD_unryX_NhT8*Tj>BTrTTL&!?O+%Rv;b?B??gSzdp?6Uug9{ zd@V08Z$BdI?fpoCS$)t4mg4rT8Q_I}h`0d-vYZ^|dOB*Q^S|xqTV*vIg?@fVFSmMpaw0qtTRbx} z({Pg?#{2`sc9)M5N$*N|4;^t$+QP?#mov zGVC@I*lBVrOU-%2y!7%)fAKjpEFsgQc4{amtiHb95KQEwvf<(3T<9-Zm$xIew#P22 zc2Ix|App^>v6(3L_MCU0d3W##AB0M~3D00EWoKZqsJYT(#@w$Y_H7G22M~ApVFTRHMI_3be)Lkn#0F*V8Pq zc}`Cjy$bE;FJ6H7p=0y#R>`}-m4(0F>%@P|?7fx{=R^uFdISRnZ2W_xQhD{YuR3t< z{6yxu=4~JkeA;|(J6_nv#>Nvs&FuLA&PW^he@t(UwFFE8)|a!R{`E`K`i^ZnyE4$k z;(749Ix|oi$c3QbEJ3b~D_kQsPz~fIUKym($a_7dJ?o+40*OLl^{=&oq$<#Q(yyrp z{J-FAniyAw9tPbe&IhQ|a`DqFTVQGQ&Gq3!C2==4x{6EJwiPZ8zub-iXoUtkJiG{} zPaR&}_fn8_z~(=;5lD-aPWD3z8PZS@AaUiomF!G8I}Mf>e~0g#BelA-5#`cj;O5>N Xviia!U7SGha1wx#SCgwmn*{w2TRX*I literal 0 HcmV?d00001 diff --git a/auth_oauth_autologin/static/description/index.html b/auth_oauth_autologin/static/description/index.html new file mode 100644 index 0000000000..43abf51670 --- /dev/null +++ b/auth_oauth_autologin/static/description/index.html @@ -0,0 +1,433 @@ + + + + + + +Auth Oauth Autologin + + + +
+

Auth Oauth Autologin

+ + +

Beta License: AGPL-3 OCA/server-auth Translate me on Weblate Try me on Runbot

+

This modules implements an automatic redirection to the configured OAuth +provider login page, if there is one and only one enabled. This effectively +makes the regular Odoo login screen invisible in normal circumstances.

+

Table of contents

+ +
+

Configuration

+

Configure OAuth providers in Settings > Users and Companies, and make sure +there is only one that has the enabled flag set.

+

When this is done, users visiting the login page (/web/login), or being +redirected to it because they are not authenticated yet, will be redirected to +the identity provider login page instead of the regular Odoo login page.

+

Be aware that this module does not actively prevent users from authenticating +with an login and password stored in the Odoo database. In some unusual +circumstances (such as identity provider errors), the regular Odoo login may +still be displayed. Securely disabling Odoo login and password, if needed, +should be the topic of another module.

+

Also be aware that this has a possibly surprising effect on the logout menu +item. When the user logs out of Odoo, a redirect to the login page happens. The +login page in turn redirects to the identity provider, which, if the user is +already authenticated there, automatically logs the user back in Odoo, in a +fresh session.

+
+
+

Bug Tracker

+

Bugs are tracked on GitHub Issues. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us smashing it by providing a detailed and welcomed +feedback.

+

Do not contact contributors directly about support or help with technical issues.

+
+
+

Credits

+
+

Authors

+
    +
  • ACSONE SA/NV
    • +
+
+
+

Maintainers

+

This module is maintained by the OCA.

+Odoo Community Association +

OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use.

+

This module is part of the OCA/server-auth project on GitHub.

+

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

+
+
+
+ + diff --git a/auth_oauth_autologin/tests/__init__.py b/auth_oauth_autologin/tests/__init__.py new file mode 100644 index 0000000000..f94c68ab45 --- /dev/null +++ b/auth_oauth_autologin/tests/__init__.py @@ -0,0 +1 @@ +from . import test_auth_oauth_autologin diff --git a/auth_oauth_autologin/tests/test_auth_oauth_autologin.py b/auth_oauth_autologin/tests/test_auth_oauth_autologin.py new file mode 100644 index 0000000000..a091e4dbfe --- /dev/null +++ b/auth_oauth_autologin/tests/test_auth_oauth_autologin.py @@ -0,0 +1,41 @@ +# Copyright 2021 ACSONE SA/NV +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +import requests + +from odoo.tests.common import HOST, PORT, HttpCase + + +class TestAuthMethod(HttpCase): + def _assert_no_autologin(self, query=""): + r = requests.get( + f"http://{HOST}:{PORT}/web/login{query}", allow_redirects=False + ) + self.assertNotEqual(r.status_code, 303) + self.assertTrue(r.ok) + + def _assert_autologin(self, query=""): + r = requests.get( + f"http://{HOST}:{PORT}/web/login{query}", allow_redirects=False + ) + self.assertEqual(r.status_code, 303) + + def test_end_to_end_default_providers(self): + # by default no provider is configured + providers = self.env["auth.oauth.provider"].search( + [("enabled", "=", True), ("autologin", "=", True)] + ) + self.assertFalse(providers) + self._assert_no_autologin() + + def test_end_to_end_one_provider(self): + providers = self.env["auth.oauth.provider"].search( + [("enabled", "=", True), ("autologin", "=", False)] + ) + self.assertEqual(len(providers), 1) + providers.autologin = True + providers.flush() + self._assert_autologin() + self._assert_no_autologin(query="?no_autologin=1") + self._assert_no_autologin(query="?error=...") + self._assert_no_autologin(query="?oauth_error=...") diff --git a/auth_oauth_autologin/views/auth_oauth_provider.xml b/auth_oauth_autologin/views/auth_oauth_provider.xml new file mode 100644 index 0000000000..ca3e06beaf --- /dev/null +++ b/auth_oauth_autologin/views/auth_oauth_provider.xml @@ -0,0 +1,23 @@ + + + + auth.oauth.autologin.provider.form + auth.oauth.provider + + + + + + + + + auth.oauth.autologin.provider.form + auth.oauth.provider + + + + + + + + From e33c2d00354070f6a6e75b82678d8ca69ffd879e Mon Sep 17 00:00:00 2001 From: oca-travis Date: Fri, 15 Oct 2021 10:42:37 +0000 Subject: [PATCH 02/23] [UPD] Update auth_oauth_autologin.pot --- .../i18n/auth_oauth_autologin.pot | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 auth_oauth_autologin/i18n/auth_oauth_autologin.pot diff --git a/auth_oauth_autologin/i18n/auth_oauth_autologin.pot b/auth_oauth_autologin/i18n/auth_oauth_autologin.pot new file mode 100644 index 0000000000..a591a6a485 --- /dev/null +++ b/auth_oauth_autologin/i18n/auth_oauth_autologin.pot @@ -0,0 +1,31 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * auth_oauth_autologin +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 13.0\n" +"Report-Msgid-Bugs-To: \n" +"Last-Translator: \n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: \n" + +#. module: auth_oauth_autologin +#: model:ir.model.fields,field_description:auth_oauth_autologin.field_auth_oauth_provider__autologin +msgid "Automatic Login" +msgstr "" + +#. module: auth_oauth_autologin +#: model:ir.model.fields,help:auth_oauth_autologin.field_auth_oauth_provider__autologin +msgid "" +"If exactly one enabled provider has this checked, the login screen redirects" +" to the OAuth provider." +msgstr "" + +#. module: auth_oauth_autologin +#: model:ir.model,name:auth_oauth_autologin.model_auth_oauth_provider +msgid "OAuth2 provider" +msgstr "" From 3ab6bae806e7f79e699c57865de9f3749ee40b46 Mon Sep 17 00:00:00 2001 From: OCA-git-bot Date: Fri, 15 Oct 2021 11:01:13 +0000 Subject: [PATCH 03/23] [UPD] README.rst --- auth_oauth_autologin/README.rst | 18 ++++++++++- .../static/description/index.html | 30 ++++++++++++------- 2 files changed, 37 insertions(+), 11 deletions(-) diff --git a/auth_oauth_autologin/README.rst b/auth_oauth_autologin/README.rst index 106620d266..d253e87fb3 100644 --- a/auth_oauth_autologin/README.rst +++ b/auth_oauth_autologin/README.rst @@ -38,7 +38,8 @@ Configuration ============= Configure OAuth providers in Settings > Users and Companies, and make sure -there is only one that has the enabled flag set. +there is one and only one that has both the enabled and automatic login flags +set. When this is done, users visiting the login page (/web/login), or being redirected to it because they are not authenticated yet, will be redirected to @@ -56,6 +57,13 @@ login page in turn redirects to the identity provider, which, if the user is already authenticated there, automatically logs the user back in Odoo, in a fresh session. +Usage +===== + +When configured, the Odoo login page redirects to the OAuth identify provider +for authentication and login in Odoo. To access the regular Odoo login page, +visit ``/web/login?no_autologin``. + Bug Tracker =========== @@ -87,6 +95,14 @@ OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use. +.. |maintainer-sbidoul| image:: https://github.com/sbidoul.png?size=40px + :target: https://github.com/sbidoul + :alt: sbidoul + +Current `maintainer `__: + +|maintainer-sbidoul| + This module is part of the `OCA/server-auth `_ project on GitHub. You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/auth_oauth_autologin/static/description/index.html b/auth_oauth_autologin/static/description/index.html index 43abf51670..48bad58ec6 100644 --- a/auth_oauth_autologin/static/description/index.html +++ b/auth_oauth_autologin/static/description/index.html @@ -3,7 +3,7 @@ - + Auth Oauth Autologin -
-

Auth Oauth Autologin

+
+ + +Odoo Community Association + +
+

Auth Oauth Autologin

-

Beta License: AGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

+

Beta License: AGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

This modules implements an automatic redirection to the configured OAuth provider login page, if there is one and only one enabled. This effectively makes the regular Odoo login screen invisible in normal @@ -388,7 +393,7 @@

Auth Oauth Autologin

-

Configuration

+

Configuration

Configure OAuth providers in Settings > Users and Companies, and make sure there is one and only one that has both the enabled and automatic login flags set.

@@ -408,13 +413,13 @@

Configuration

the user back in Odoo, in a fresh session.

-

Usage

+

Usage

When configured, the Odoo login page redirects to the OAuth identify provider for authentication and login in Odoo. To access the regular Odoo login page, visit /web/login?no_autologin.

-

Bug Tracker

+

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed @@ -422,15 +427,15 @@

Bug Tracker

Do not contact contributors directly about support or help with technical issues.

-

Credits

+

Credits

-

Authors

+

Authors

  • ACSONE SA/NV
-

Maintainers

+

Maintainers

This module is maintained by the OCA.

Odoo Community Association @@ -445,5 +450,6 @@

Maintainers

+
diff --git a/setup/_metapackage/pyproject.toml b/setup/_metapackage/pyproject.toml index 39d0280c35..1df6acf0b2 100644 --- a/setup/_metapackage/pyproject.toml +++ b/setup/_metapackage/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "odoo-addons-oca-server-auth" -version = "17.0.20250401.0" +version = "17.0.20250614.0" dependencies = [ "odoo-addon-auth_admin_passkey>=17.0dev,<17.1dev", "odoo-addon-auth_admin_passkey_totp_mail_enforce>=17.0dev,<17.1dev", @@ -9,6 +9,7 @@ dependencies = [ "odoo-addon-auth_api_key_server_env>=17.0dev,<17.1dev", "odoo-addon-auth_jwt>=17.0dev,<17.1dev", "odoo-addon-auth_ldaps>=17.0dev,<17.1dev", + "odoo-addon-auth_oauth_autologin>=17.0dev,<17.1dev", "odoo-addon-auth_oauth_multi_token>=17.0dev,<17.1dev", "odoo-addon-auth_oidc>=17.0dev,<17.1dev", "odoo-addon-auth_saml>=17.0dev,<17.1dev", From dd6e6f3d0768b4844a50f330de0c6818ec91a0c1 Mon Sep 17 00:00:00 2001 From: oca-ci Date: Sat, 14 Jun 2025 15:00:40 +0000 Subject: [PATCH 17/23] [UPD] Update auth_oauth_multi_token.pot --- auth_oauth_multi_token/i18n/auth_oauth_multi_token.pot | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/auth_oauth_multi_token/i18n/auth_oauth_multi_token.pot b/auth_oauth_multi_token/i18n/auth_oauth_multi_token.pot index 1981b68c33..a590d2f6c4 100644 --- a/auth_oauth_multi_token/i18n/auth_oauth_multi_token.pot +++ b/auth_oauth_multi_token/i18n/auth_oauth_multi_token.pot @@ -53,11 +53,6 @@ msgstr "" msgid "Latest Tokens" msgstr "" -#. module: auth_oauth_multi_token -#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_master_uuid -msgid "Master UUID" -msgstr "" - #. module: auth_oauth_multi_token #: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_access_max_token msgid "Max Number of Simultaneous Connections" @@ -65,6 +60,7 @@ msgstr "" #. module: auth_oauth_multi_token #: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__oauth_access_token +#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_access_token msgid "OAuth Access Token" msgstr "" From 2ce1d60bda1ec2c5c4d270a6694ada362c846f6b Mon Sep 17 00:00:00 2001 From: OCA-git-bot Date: Sat, 14 Jun 2025 15:04:33 +0000 Subject: [PATCH 18/23] [BOT] post-merge updates --- README.md | 2 +- auth_oauth_multi_token/README.rst | 8 ++++-- auth_oauth_multi_token/__manifest__.py | 2 +- .../static/description/index.html | 28 +++++++++++-------- 4 files changed, 25 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index de1a077568..858f488da4 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ addon | version | maintainers | summary [auth_jwt](auth_jwt/) | 17.0.1.0.0 | sbidoul | JWT bearer token authentication. [auth_ldaps](auth_ldaps/) | 17.0.1.0.0 | | Allows to use LDAP over SSL authentication [auth_oauth_autologin](auth_oauth_autologin/) | 17.0.1.0.0 | sbidoul | Automatically redirect to the OAuth provider for login -[auth_oauth_multi_token](auth_oauth_multi_token/) | 17.0.1.0.0 | | Allow multiple connection with the same OAuth account +[auth_oauth_multi_token](auth_oauth_multi_token/) | 17.0.1.1.1 | | Allow multiple connection with the same OAuth account [auth_oidc](auth_oidc/) | 17.0.1.1.0 | sbidoul | Allow users to login through OpenID Connect Provider [auth_saml](auth_saml/) | 17.0.1.0.3 | vincent-hatakeyama | SAML2 Authentication [auth_session_timeout](auth_session_timeout/) | 17.0.1.0.1 | | This module disable all inactive sessions since a given delay diff --git a/auth_oauth_multi_token/README.rst b/auth_oauth_multi_token/README.rst index 4672d6fad3..59f8ba8943 100644 --- a/auth_oauth_multi_token/README.rst +++ b/auth_oauth_multi_token/README.rst @@ -1,3 +1,7 @@ +.. image:: https://odoo-community.org/readme-banner-image + :target: https://odoo-community.org/get-involved?utm_source=readme + :alt: Odoo Community Association + ================= OAuth Multi Token ================= @@ -7,13 +11,13 @@ OAuth Multi Token !! This file is generated by oca-gen-addon-readme !! !! changes will be overwritten. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - !! source digest: sha256:b00ecda1055b4e61c1978707ad4f5545ab39ddc15b2833f3ef5a65dd9be56e27 + !! source digest: sha256:6f1edaffb5f271f8295a2e5d63fdccf8ba327c8666351476e302d3f172b90b3c !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png :target: https://odoo-community.org/page/development-status :alt: Beta -.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png +.. |badge2| image:: https://img.shields.io/badge/license-AGPL--3-blue.png :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html :alt: License: AGPL-3 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github diff --git a/auth_oauth_multi_token/__manifest__.py b/auth_oauth_multi_token/__manifest__.py index fb84c0fa1f..19edace8d9 100644 --- a/auth_oauth_multi_token/__manifest__.py +++ b/auth_oauth_multi_token/__manifest__.py @@ -4,7 +4,7 @@ { "name": "OAuth Multi Token", - "version": "17.0.1.1.0", + "version": "17.0.1.1.1", "license": "AGPL-3", "author": "Florent de Labarre, Camptocamp, Odoo Community Association (OCA)", "summary": """Allow multiple connection with the same OAuth account""", diff --git a/auth_oauth_multi_token/static/description/index.html b/auth_oauth_multi_token/static/description/index.html index 53f36e6e07..4615fef6c6 100644 --- a/auth_oauth_multi_token/static/description/index.html +++ b/auth_oauth_multi_token/static/description/index.html @@ -3,7 +3,7 @@ -OAuth Multi Token +README.rst -
-

OAuth Multi Token

+
+ + +Odoo Community Association + +
+

OAuth Multi Token

-

Beta License: AGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

+

Beta License: AGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

This module adds the possibility to connect with the same account on more than one device at the same time.

All providers are supported (Google, Facebook, Odoo, etc).

@@ -387,12 +392,12 @@

OAuth Multi Token

-

Usage

+

Usage

Nothing changes on login action: just select your provider and try to log in.

-

Bug Tracker

+

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed @@ -400,16 +405,16 @@

Bug Tracker

Do not contact contributors directly about support or help with technical issues.

-

Credits

+

Credits

-

Authors

+

Authors

  • Florent de Labarre
  • Camptocamp
-

Contributors

+

Contributors

-

Maintainers

+

Maintainers

This module is maintained by the OCA.

Odoo Community Association @@ -442,5 +447,6 @@

Maintainers

+
From e73ef696b710ea8ecc779b5e20bb7bc942916849 Mon Sep 17 00:00:00 2001 From: Weblate Date: Sat, 14 Jun 2025 15:04:41 +0000 Subject: [PATCH 19/23] Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Translation: server-auth-17.0/server-auth-17.0-auth_oauth_multi_token Translate-URL: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_oauth_multi_token/ --- auth_oauth_multi_token/i18n/it.po | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/auth_oauth_multi_token/i18n/it.po b/auth_oauth_multi_token/i18n/it.po index dbc0b68849..ff7569c1f2 100644 --- a/auth_oauth_multi_token/i18n/it.po +++ b/auth_oauth_multi_token/i18n/it.po @@ -56,11 +56,6 @@ msgstr "Ultimo aggiornamento il" msgid "Latest Tokens" msgstr "Ulrimi token" -#. module: auth_oauth_multi_token -#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_master_uuid -msgid "Master UUID" -msgstr "UUID master" - #. module: auth_oauth_multi_token #: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_access_max_token msgid "Max Number of Simultaneous Connections" @@ -68,6 +63,7 @@ msgstr "Numero massimo di connessioni simultanee" #. module: auth_oauth_multi_token #: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__oauth_access_token +#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_access_token msgid "OAuth Access Token" msgstr "Token accesso OAuth" @@ -87,5 +83,8 @@ msgstr "Token OAuth" msgid "User" msgstr "Utente" +#~ msgid "Master UUID" +#~ msgstr "UUID master" + #~ msgid "Last Modified on" #~ msgstr "Ultima modifica il" From c59e8510890770203ec0e183551943ab6f4148e4 Mon Sep 17 00:00:00 2001 From: mymage Date: Sun, 15 Jun 2025 08:52:28 +0000 Subject: [PATCH 20/23] Added translation using Weblate (Italian) --- auth_oauth_autologin/i18n/it.po | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 auth_oauth_autologin/i18n/it.po diff --git a/auth_oauth_autologin/i18n/it.po b/auth_oauth_autologin/i18n/it.po new file mode 100644 index 0000000000..3edd9b8c23 --- /dev/null +++ b/auth_oauth_autologin/i18n/it.po @@ -0,0 +1,32 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * auth_oauth_autologin +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 17.0\n" +"Report-Msgid-Bugs-To: \n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" + +#. module: auth_oauth_autologin +#: model:ir.model.fields,field_description:auth_oauth_autologin.field_auth_oauth_provider__autologin +msgid "Automatic Login" +msgstr "" + +#. module: auth_oauth_autologin +#: model:ir.model.fields,help:auth_oauth_autologin.field_auth_oauth_provider__autologin +msgid "" +"If exactly one enabled provider has this checked, the login screen redirects" +" to the OAuth provider." +msgstr "" + +#. module: auth_oauth_autologin +#: model:ir.model,name:auth_oauth_autologin.model_auth_oauth_provider +msgid "OAuth2 provider" +msgstr "" From bbc848b32c5ed5d4d7ef55cb53671da7da4c09c0 Mon Sep 17 00:00:00 2001 From: anusrinps96 Date: Mon, 16 Jun 2025 10:14:26 +0200 Subject: [PATCH 21/23] [17.0][FIX]auth_api_key: Use 401 for unauthorized user --- auth_api_key/models/ir_http.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/auth_api_key/models/ir_http.py b/auth_api_key/models/ir_http.py index 7b02f0c39c..c4959103d0 100644 --- a/auth_api_key/models/ir_http.py +++ b/auth_api_key/models/ir_http.py @@ -5,8 +5,9 @@ import logging +from werkzeug.exceptions import Unauthorized + from odoo import models -from odoo.exceptions import AccessDenied from odoo.http import request _logger = logging.getLogger(__name__) @@ -33,4 +34,4 @@ def _auth_method_api_key(cls): request.auth_api_key_id = auth_api_key.id return True _logger.error("Wrong HTTP_API_KEY, access denied") - raise AccessDenied() + raise Unauthorized() From 552293a5466d9ecff2008dff6817c63ccd6b0bb7 Mon Sep 17 00:00:00 2001 From: OCA-git-bot Date: Mon, 16 Jun 2025 08:37:39 +0000 Subject: [PATCH 22/23] [BOT] post-merge updates --- README.md | 2 +- auth_api_key/README.rst | 28 ++++++++++-------- auth_api_key/__manifest__.py | 2 +- auth_api_key/static/description/index.html | 34 +++++++++++++--------- 4 files changed, 38 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 858f488da4..0a2f4cc066 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ addon | version | maintainers | summary --- | --- | --- | --- [auth_admin_passkey](auth_admin_passkey/) | 17.0.1.0.0 | | Allows system administrator to authenticate with any account [auth_admin_passkey_totp_mail_enforce](auth_admin_passkey_totp_mail_enforce/) | 17.0.1.0.0 | | Disable 2FA if Passkey is being used -[auth_api_key](auth_api_key/) | 17.0.1.1.1 | | Authenticate http requests from an API key +[auth_api_key](auth_api_key/) | 17.0.1.1.2 | | Authenticate http requests from an API key [auth_api_key_group](auth_api_key_group/) | 17.0.1.0.1 | simahawk | Allow grouping API keys together. Grouping per se does nothing. This feature is supposed to be used by other modules to limit access to services or records based on groups of keys. [auth_api_key_server_env](auth_api_key_server_env/) | 17.0.1.0.0 | | Configure api keys via server env. This can be very useful to avoid mixing your keys between your various environments when restoring databases. All you have to do is to add a new section to your configuration file according to the following convention: [auth_jwt](auth_jwt/) | 17.0.1.0.0 | sbidoul | JWT bearer token authentication. diff --git a/auth_api_key/README.rst b/auth_api_key/README.rst index 5914929d36..bb6b6a414c 100644 --- a/auth_api_key/README.rst +++ b/auth_api_key/README.rst @@ -1,3 +1,7 @@ +.. image:: https://odoo-community.org/readme-banner-image + :target: https://odoo-community.org/get-involved?utm_source=readme + :alt: Odoo Community Association + ============ Auth Api Key ============ @@ -7,13 +11,13 @@ Auth Api Key !! This file is generated by oca-gen-addon-readme !! !! changes will be overwritten. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - !! source digest: sha256:ae78e8c4442001a4d138783fb1c46e4ad153932b5b8ca56333b08e21cdfbeaef + !! source digest: sha256:d0607031c656dbf2cfe791045d9458ad6601fbf39ccbeff50c72f9e5772db083 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! .. |badge1| image:: https://img.shields.io/badge/maturity-Production%2FStable-green.png :target: https://odoo-community.org/page/development-status :alt: Production/Stable -.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png +.. |badge2| image:: https://img.shields.io/badge/license-LGPL--3-blue.png :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html :alt: License: LGPL-3 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github @@ -45,11 +49,11 @@ Odoo allows users to authenticate ``XMLRPC/JSONRPC`` calls using their API key instead of a password by native API keys (``res.users.apikey``). However, ``auth_api_key`` has some special features of its own such as: -- API keys remain usable even when the user is inactive, if enabled via - settings (e.g., for system users in a shopinvader case). -- Supports dual authentication via Basic Auth and API_KEY in separate - HTTP headers. -- Admins can manage API keys for all users +- API keys remain usable even when the user is inactive, if enabled via + settings (e.g., for system users in a shopinvader case). +- Supports dual authentication via Basic Auth and API_KEY in separate + HTTP headers. +- Admins can manage API keys for all users Given these advantages, particularly in use case like system user authentication, we have decided to keep the ``auth_api_key`` module @@ -105,11 +109,11 @@ Authors Contributors ------------ -- Denis Robinet -- Laurent Mignon -- Quentin Groulard -- Sébastien Beau -- Chafique Delli +- Denis Robinet +- Laurent Mignon +- Quentin Groulard +- Sébastien Beau +- Chafique Delli Maintainers ----------- diff --git a/auth_api_key/__manifest__.py b/auth_api_key/__manifest__.py index 2aca21667d..48a7139fa3 100644 --- a/auth_api_key/__manifest__.py +++ b/auth_api_key/__manifest__.py @@ -5,7 +5,7 @@ "name": "Auth Api Key", "summary": """ Authenticate http requests from an API key""", - "version": "17.0.1.1.1", + "version": "17.0.1.1.2", "license": "LGPL-3", "author": "ACSONE SA/NV,Odoo Community Association (OCA)", "website": "https://github.com/OCA/server-auth", diff --git a/auth_api_key/static/description/index.html b/auth_api_key/static/description/index.html index 278ee21300..927f8f7425 100644 --- a/auth_api_key/static/description/index.html +++ b/auth_api_key/static/description/index.html @@ -3,7 +3,7 @@ -Auth Api Key +README.rst -
-

Auth Api Key

+
+ + +Odoo Community Association + +
+

Auth Api Key

-

Production/Stable License: LGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

+

Production/Stable License: LGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

Authenticate http requests from an API key.

API keys are codes passed in (in the http header API-KEY) by programs calling an API in order to identify -in this case- the calling program’s @@ -406,7 +411,7 @@

Auth Api Key

-

Configuration

+

Configuration

The api key menu is available into Settings > Technical in debug mode. By default, when you create an API key, the key is saved into the database.

@@ -414,20 +419,20 @@

Configuration

auth_api_key_server_env.

-

Usage

+

Usage

To apply this authentication system to your http request you must set ‘api_key’ as value for the ‘auth’ parameter of your route definition into your controller.

-class MyController(Controller):
+class MyController(Controller):
 
     @route('/my_service', auth='api_key', ...)
-    def my_service(self, *args, **kwargs):
+    def my_service(self, *args, **kwargs):
         pass
-

Bug Tracker

+

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed @@ -435,15 +440,15 @@

Bug Tracker

Do not contact contributors directly about support or help with technical issues.

-

Credits

+

Credits

-

Authors

+

Authors

  • ACSONE SA/NV
-

Contributors

+

Contributors

-

Maintainers

+

Maintainers

This module is maintained by the OCA.

Odoo Community Association @@ -466,5 +471,6 @@

Maintainers

+
From 927c2a4f15a986822d2f8e955cad193958edacfe Mon Sep 17 00:00:00 2001 From: mymage Date: Tue, 17 Jun 2025 06:07:36 +0000 Subject: [PATCH 23/23] Translated using Weblate (Italian) Currently translated at 100.0% (3 of 3 strings) Translation: server-auth-17.0/server-auth-17.0-auth_oauth_autologin Translate-URL: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_oauth_autologin/it/ --- auth_oauth_autologin/i18n/it.po | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/auth_oauth_autologin/i18n/it.po b/auth_oauth_autologin/i18n/it.po index 3edd9b8c23..139e57c479 100644 --- a/auth_oauth_autologin/i18n/it.po +++ b/auth_oauth_autologin/i18n/it.po @@ -6,18 +6,20 @@ msgid "" msgstr "" "Project-Id-Version: Odoo Server 17.0\n" "Report-Msgid-Bugs-To: \n" -"Last-Translator: Automatically generated\n" +"PO-Revision-Date: 2025-06-17 08:26+0000\n" +"Last-Translator: mymage \n" "Language-Team: none\n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: \n" "Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 5.10.4\n" #. module: auth_oauth_autologin #: model:ir.model.fields,field_description:auth_oauth_autologin.field_auth_oauth_provider__autologin msgid "Automatic Login" -msgstr "" +msgstr "Accesso automatico" #. module: auth_oauth_autologin #: model:ir.model.fields,help:auth_oauth_autologin.field_auth_oauth_provider__autologin @@ -25,8 +27,10 @@ msgid "" "If exactly one enabled provider has this checked, the login screen redirects" " to the OAuth provider." msgstr "" +"Se un solo provider abilitato ha selezionato questa opzione, la schermata di " +"accesso reindirizza al provider OAuth." #. module: auth_oauth_autologin #: model:ir.model,name:auth_oauth_autologin.model_auth_oauth_provider msgid "OAuth2 provider" -msgstr "" +msgstr "Provider OAuth2"