Fork Sync Branch 17.0

README.md

@@ -23,12 +23,13 @@ addon | version | maintainers | summary
 --- | --- | --- | ---
 [auth_admin_passkey](auth_admin_passkey/) | 17.0.1.0.0 |  | Allows system administrator to authenticate with any account
 [auth_admin_passkey_totp_mail_enforce](auth_admin_passkey_totp_mail_enforce/) | 17.0.1.0.0 |  | Disable 2FA if Passkey is being used
-[auth_api_key](auth_api_key/) | 17.0.1.1.1 |  | Authenticate http requests from an API key
+[auth_api_key](auth_api_key/) | 17.0.1.1.2 |  | Authenticate http requests from an API key
 [auth_api_key_group](auth_api_key_group/) | 17.0.1.0.1 | <a href='https://github.com/simahawk'><img src='https://github.com/simahawk.png' width='32' height='32' style='border-radius:50%;' alt='simahawk'/></a> | Allow grouping API keys together. Grouping per se does nothing. This feature is supposed to be used by other modules to limit access to services or records based on groups of keys.
 [auth_api_key_server_env](auth_api_key_server_env/) | 17.0.1.0.0 |  | Configure api keys via server env. This can be very useful to avoid mixing your keys between your various environments when restoring databases. All you have to do is to add a new section to your configuration file according to the following convention:
 [auth_jwt](auth_jwt/) | 17.0.1.0.0 | <a href='https://github.com/sbidoul'><img src='https://github.com/sbidoul.png' width='32' height='32' style='border-radius:50%;' alt='sbidoul'/></a> | JWT bearer token authentication.
 [auth_ldaps](auth_ldaps/) | 17.0.1.0.0 |  | Allows to use LDAP over SSL authentication
-[auth_oauth_multi_token](auth_oauth_multi_token/) | 17.0.1.0.0 |  | Allow multiple connection with the same OAuth account
+[auth_oauth_autologin](auth_oauth_autologin/) | 17.0.1.0.0 | <a href='https://github.com/sbidoul'><img src='https://github.com/sbidoul.png' width='32' height='32' style='border-radius:50%;' alt='sbidoul'/></a> | Automatically redirect to the OAuth provider for login
+[auth_oauth_multi_token](auth_oauth_multi_token/) | 17.0.1.1.1 |  | Allow multiple connection with the same OAuth account
 [auth_oidc](auth_oidc/) | 17.0.1.1.0 | <a href='https://github.com/sbidoul'><img src='https://github.com/sbidoul.png' width='32' height='32' style='border-radius:50%;' alt='sbidoul'/></a> | Allow users to login through OpenID Connect Provider
 [auth_saml](auth_saml/) | 17.0.1.0.3 | <a href='https://github.com/vincent-hatakeyama'><img src='https://github.com/vincent-hatakeyama.png' width='32' height='32' style='border-radius:50%;' alt='vincent-hatakeyama'/></a> | SAML2 Authentication
 [auth_session_timeout](auth_session_timeout/) | 17.0.1.0.1 |  | This module disable all inactive sessions since a given delay

auth_api_key/README.rst

@@ -1,3 +1,7 @@
+.. image:: https://odoo-community.org/readme-banner-image
+   :target: https://odoo-community.org/get-involved?utm_source=readme
+   :alt: Odoo Community Association
+
 ============
 Auth Api Key
 ============
@@ -7,13 +11,13 @@ Auth Api Key
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:ae78e8c4442001a4d138783fb1c46e4ad153932b5b8ca56333b08e21cdfbeaef
+   !! source digest: sha256:d0607031c656dbf2cfe791045d9458ad6601fbf39ccbeff50c72f9e5772db083
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Production%2FStable-green.png
     :target: https://odoo-community.org/page/development-status
     :alt: Production/Stable
-.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
+.. |badge2| image:: https://img.shields.io/badge/license-LGPL--3-blue.png
     :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
     :alt: License: LGPL-3
 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
@@ -45,11 +49,11 @@ Odoo allows users to authenticate ``XMLRPC/JSONRPC`` calls using their
 API key instead of a password by native API keys (``res.users.apikey``).
 However, ``auth_api_key`` has some special features of its own such as:
 
--  API keys remain usable even when the user is inactive, if enabled via
-   settings (e.g., for system users in a shopinvader case).
--  Supports dual authentication via Basic Auth and API_KEY in separate
-   HTTP headers.
--  Admins can manage API keys for all users
+- API keys remain usable even when the user is inactive, if enabled via
+  settings (e.g., for system users in a shopinvader case).
+- Supports dual authentication via Basic Auth and API_KEY in separate
+  HTTP headers.
+- Admins can manage API keys for all users
 
 Given these advantages, particularly in use case like system user
 authentication, we have decided to keep the ``auth_api_key`` module
@@ -105,11 +109,11 @@ Authors
 Contributors
 ------------
 
--  Denis Robinet <denis.robinet@acsone.eu>
--  Laurent Mignon <laurent.mignon@acsone.eu>
--  Quentin Groulard <quentin.groulard@acsone.eu>
--  Sébastien Beau <sebastien.beau@akretion.com>
--  Chafique Delli <chafique.delli@akretion.com>
+- Denis Robinet <denis.robinet@acsone.eu>
+- Laurent Mignon <laurent.mignon@acsone.eu>
+- Quentin Groulard <quentin.groulard@acsone.eu>
+- Sébastien Beau <sebastien.beau@akretion.com>
+- Chafique Delli <chafique.delli@akretion.com>
 
 Maintainers
 -----------

auth_api_key/__manifest__.py

@@ -5,7 +5,7 @@
     "name": "Auth Api Key",
     "summary": """
         Authenticate http requests from an API key""",
-    "version": "17.0.1.1.1",
+    "version": "17.0.1.1.2",
     "license": "LGPL-3",
     "author": "ACSONE SA/NV,Odoo Community Association (OCA)",
     "website": "https://github.com/OCA/server-auth",

auth_api_key/models/ir_http.py

@@ -5,8 +5,9 @@
 
 import logging
 
+from werkzeug.exceptions import Unauthorized
+
 from odoo import models
-from odoo.exceptions import AccessDenied
 from odoo.http import request
 
 _logger = logging.getLogger(__name__)
@@ -33,4 +34,4 @@ def _auth_method_api_key(cls):
                 request.auth_api_key_id = auth_api_key.id
                 return True
         _logger.error("Wrong HTTP_API_KEY, access denied")
-        raise AccessDenied()
+        raise Unauthorized()

auth_api_key/static/description/index.html

@@ -3,7 +3,7 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
-<title>Auth Api Key</title>
+<title>README.rst</title>
 <style type="text/css">
 
 /*
@@ -360,16 +360,21 @@
 </style>
 </head>
 <body>
-<div class="document" id="auth-api-key">
-<h1 class="title">Auth Api Key</h1>
+<div class="document">
 
+
+<a class="reference external image-reference" href="https://odoo-community.org/get-involved?utm_source=readme">
+<img alt="Odoo Community Association" src="https://odoo-community.org/readme-banner-image" />
+</a>
+<div class="section" id="auth-api-key">
+<h1>Auth Api Key</h1>
 <!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:ae78e8c4442001a4d138783fb1c46e4ad153932b5b8ca56333b08e21cdfbeaef
+!! source digest: sha256:d0607031c656dbf2cfe791045d9458ad6601fbf39ccbeff50c72f9e5772db083
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
-<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Production/Stable" src="https://img.shields.io/badge/maturity-Production%2FStable-green.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/17.0/auth_api_key"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_api_key"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=17.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Production/Stable" src="https://img.shields.io/badge/maturity-Production%2FStable-green.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/license-LGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/17.0/auth_api_key"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_api_key"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=17.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>Authenticate http requests from an API key.</p>
 <p>API keys are codes passed in (in the http header API-KEY) by programs
 calling an API in order to identify -in this case- the calling program’s
@@ -406,44 +411,44 @@ <h1 class="title">Auth Api Key</h1>
 </ul>
 </div>
 <div class="section" id="configuration">
-<h1><a class="toc-backref" href="#toc-entry-1">Configuration</a></h1>
+<h2><a class="toc-backref" href="#toc-entry-1">Configuration</a></h2>
 <p>The api key menu is available into Settings &gt; Technical in debug mode.
 By default, when you create an API key, the key is saved into the
 database.</p>
 <p>If you want to manage them via serve environment settings use
 auth_api_key_server_env.</p>
 </div>
 <div class="section" id="usage">
-<h1><a class="toc-backref" href="#toc-entry-2">Usage</a></h1>
+<h2><a class="toc-backref" href="#toc-entry-2">Usage</a></h2>
 <p>To apply this authentication system to your http request you must set
 ‘api_key’ as value for the ‘auth’ parameter of your route definition
 into your controller.</p>
 <pre class="code python literal-block">
-<span class="k">class</span> <span class="nc">MyController</span><span class="p">(</span><span class="n">Controller</span><span class="p">):</span><span class="w">
+<span class="k">class</span><span class="w"> </span><span class="nc">MyController</span><span class="p">(</span><span class="n">Controller</span><span class="p">):</span><span class="w">
 
 </span>    <span class="nd">&#64;route</span><span class="p">(</span><span class="s1">'/my_service'</span><span class="p">,</span> <span class="n">auth</span><span class="o">=</span><span class="s1">'api_key'</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span><span class="w">
-</span>    <span class="k">def</span> <span class="nf">my_service</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span><span class="w">
+</span>    <span class="k">def</span><span class="w"> </span><span class="nf">my_service</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span><span class="w">
 </span>        <span class="k">pass</span>
 </pre>
 </div>
 <div class="section" id="bug-tracker">
-<h1><a class="toc-backref" href="#toc-entry-3">Bug Tracker</a></h1>
+<h2><a class="toc-backref" href="#toc-entry-3">Bug Tracker</a></h2>
 <p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-auth/issues">GitHub Issues</a>.
 In case of trouble, please check there if your issue has already been reported.
 If you spotted it first, help us to smash it by providing a detailed and welcomed
 <a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20auth_api_key%0Aversion:%2017.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
 <p>Do not contact contributors directly about support or help with technical issues.</p>
 </div>
 <div class="section" id="credits">
-<h1><a class="toc-backref" href="#toc-entry-4">Credits</a></h1>
+<h2><a class="toc-backref" href="#toc-entry-4">Credits</a></h2>
 <div class="section" id="authors">
-<h2><a class="toc-backref" href="#toc-entry-5">Authors</a></h2>
+<h3><a class="toc-backref" href="#toc-entry-5">Authors</a></h3>
 <ul class="simple">
 <li>ACSONE SA/NV</li>
 </ul>
 </div>
 <div class="section" id="contributors">
-<h2><a class="toc-backref" href="#toc-entry-6">Contributors</a></h2>
+<h3><a class="toc-backref" href="#toc-entry-6">Contributors</a></h3>
 <ul class="simple">
 <li>Denis Robinet &lt;<a class="reference external" href="mailto:denis.robinet&#64;acsone.eu">denis.robinet&#64;acsone.eu</a>&gt;</li>
 <li>Laurent Mignon &lt;<a class="reference external" href="mailto:laurent.mignon&#64;acsone.eu">laurent.mignon&#64;acsone.eu</a>&gt;</li>
@@ -453,7 +458,7 @@ <h2><a class="toc-backref" href="#toc-entry-6">Contributors</a></h2>
 </ul>
 </div>
 <div class="section" id="maintainers">
-<h2><a class="toc-backref" href="#toc-entry-7">Maintainers</a></h2>
+<h3><a class="toc-backref" href="#toc-entry-7">Maintainers</a></h3>
 <p>This module is maintained by the OCA.</p>
 <a class="reference external image-reference" href="https://odoo-community.org">
 <img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
@@ -466,5 +471,6 @@ <h2><a class="toc-backref" href="#toc-entry-7">Maintainers</a></h2>
 </div>
 </div>
 </div>
+</div>
 </body>
 </html>

auth_oauth_autologin/README.rst

@@ -0,0 +1,117 @@
+.. image:: https://odoo-community.org/readme-banner-image
+   :target: https://odoo-community.org/get-involved?utm_source=readme
+   :alt: Odoo Community Association
+
+====================
+Auth Oauth Autologin
+====================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:435818516444b963cf87e2c9fdb478ece9d33f578cde5960255b34cb5ffd84cd
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/license-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/17.0/auth_oauth_autologin
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_oauth_autologin
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=17.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This modules implements an automatic redirection to the configured OAuth
+provider login page, if there is one and only one enabled. This
+effectively makes the regular Odoo login screen invisible in normal
+circumstances.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+Configure OAuth providers in Settings > Users and Companies, and make
+sure there is one and only one that has both the enabled and automatic
+login flags set.
+
+When this is done, users visiting the login page (/web/login), or being
+redirected to it because they are not authenticated yet, will be
+redirected to the identity provider login page instead of the regular
+Odoo login page.
+
+Be aware that this module does not actively prevent users from
+authenticating with an login and password stored in the Odoo database.
+In some unusual circumstances (such as identity provider errors), the
+regular Odoo login may still be displayed. Securely disabling Odoo login
+and password, if needed, should be the topic of another module.
+
+Also be aware that this has a possibly surprising effect on the logout
+menu item. When the user logs out of Odoo, a redirect to the login page
+happens. The login page in turn redirects to the identity provider,
+which, if the user is already authenticated there, automatically logs
+the user back in Odoo, in a fresh session.
+
+Usage
+=====
+
+When configured, the Odoo login page redirects to the OAuth identify
+provider for authentication and login in Odoo. To access the regular
+Odoo login page, visit ``/web/login?no_autologin``.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_oauth_autologin%0Aversion:%2017.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* ACSONE SA/NV
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-sbidoul| image:: https://github.com/sbidoul.png?size=40px
+    :target: https://github.com/sbidoul
+    :alt: sbidoul
+
+Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-sbidoul| 
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/17.0/auth_oauth_autologin>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_oauth_autologin/__init__.py

@@ -0,0 +1,2 @@
+from . import controllers
+from . import models

auth_oauth_autologin/__manifest__.py

@@ -0,0 +1,17 @@
+# Copyright 2021 ACSONE SA/NV
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Auth Oauth Autologin",
+    "summary": """
+        Automatically redirect to the OAuth provider for login""",
+    "version": "17.0.1.0.0",
+    "license": "AGPL-3",
+    "author": "ACSONE SA/NV,Odoo Community Association (OCA)",
+    "maintainers": ["sbidoul"],
+    "website": "https://github.com/OCA/server-auth",
+    "depends": ["auth_oauth"],
+    "data": ["views/auth_oauth_provider.xml"],
+    "demo": [],
+    "assets": {"web.assets_frontend": ["auth_oauth_autologin/static/src/js/*.js"]},
+}

auth_oauth_autologin/controllers/__init__.py

@@ -0,0 +1 @@
+from . import main