From 62926be708d81935f2f47d92e4c312f2699133c5 Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Thu, 20 Sep 2012 15:46:18 +0200 Subject: [PATCH 01/27] [WIP] oauth provider bzr revid: fme@openerp.com-20120920134618-ema9qyumuorvozig --- addons/auth_oauth_provider/__init__.py | 25 ++++++++++ addons/auth_oauth_provider/__openerp__.py | 42 ++++++++++++++++ .../controllers/__init__.py | 22 ++++++++ .../auth_oauth_provider/controllers/main.py | 38 ++++++++++++++ .../static/src/css/oauth_provider.css | 14 ++++++ .../static/src/css/oauth_provider.sass | 17 +++++++ .../static/src/js/oauth_provider.js | 50 +++++++++++++++++++ .../static/src/xml/oauth_provider.xml | 13 +++++ 8 files changed, 221 insertions(+) create mode 100644 addons/auth_oauth_provider/__init__.py create mode 100644 addons/auth_oauth_provider/__openerp__.py create mode 100644 addons/auth_oauth_provider/controllers/__init__.py create mode 100644 addons/auth_oauth_provider/controllers/main.py create mode 100644 addons/auth_oauth_provider/static/src/css/oauth_provider.css create mode 100644 addons/auth_oauth_provider/static/src/css/oauth_provider.sass create mode 100644 addons/auth_oauth_provider/static/src/js/oauth_provider.js create mode 100644 addons/auth_oauth_provider/static/src/xml/oauth_provider.xml diff --git a/addons/auth_oauth_provider/__init__.py b/addons/auth_oauth_provider/__init__.py new file mode 100644 index 00000000000..c19b731933c --- /dev/null +++ b/addons/auth_oauth_provider/__init__.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# OpenERP, Open Source Management Solution +# Copyright (C) 2010-2011 OpenERP s.a. (). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## + +import controllers + +# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: + diff --git a/addons/auth_oauth_provider/__openerp__.py b/addons/auth_oauth_provider/__openerp__.py new file mode 100644 index 00000000000..71a4971c9b8 --- /dev/null +++ b/addons/auth_oauth_provider/__openerp__.py @@ -0,0 +1,42 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# OpenERP, Open Source Management Solution +# Copyright (C) 2010-2012 OpenERP s.a. (). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## + + +{ + 'name': 'OAuth Provider', + 'version': '1.0', + 'category': 'Tools', + 'description': """ +Allow an openerp server to provide OAuth service. +================================================= +""", + 'author': 'OpenERP s.a.', + 'maintainer': 'OpenERP s.a.', + 'website': 'http://www.openerp.com', + 'depends': ['base', 'web'], + #'data': ['res_users.xml'], + 'js': ['static/src/js/oauth_provider.js'], + 'css': ['static/src/css/oauth_provider.css'], + 'qweb': ['static/src/xml/oauth_provider.xml'], + 'installable': True, + 'auto_install': False, +} +# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth_provider/controllers/__init__.py b/addons/auth_oauth_provider/controllers/__init__.py new file mode 100644 index 00000000000..c5f359681b9 --- /dev/null +++ b/addons/auth_oauth_provider/controllers/__init__.py @@ -0,0 +1,22 @@ +############################################################################## +# +# OpenERP, Open Source Management Solution +# Copyright (C) 2011 OpenERP SA (). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +import main + +# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth_provider/controllers/main.py b/addons/auth_oauth_provider/controllers/main.py new file mode 100644 index 00000000000..50eed95b234 --- /dev/null +++ b/addons/auth_oauth_provider/controllers/main.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# OpenERP, Open Source Management Solution +# Copyright (C) 2010-2012 OpenERP s.a. (). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## + +#import oauth.oauth as oauth +try: + import openerp.addons.web.common.http as openerpweb +except ImportError: + import web.common.http as openerpweb # noqa + + +class AuthOAuthProvider(openerpweb.Controller): + _cp_path = '/oauth2' + + @openerpweb.jsonrequest + def get_access_token(self, req, **kw): + return { + 'access_token': 'hefwjkhfejwk' + } + +# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth_provider/static/src/css/oauth_provider.css b/addons/auth_oauth_provider/static/src/css/oauth_provider.css new file mode 100644 index 00000000000..778179b63b4 --- /dev/null +++ b/addons/auth_oauth_provider/static/src/css/oauth_provider.css @@ -0,0 +1,14 @@ +@charset "utf-8"; +.openerp .oe_oauth_provider { + padding: 0 10px; +} +.openerp .oe_oauth_provider .oe_oauth_provider_error span.oe_i { + font-size: 60px; + color: #990000; + float: left; +} +.openerp .oe_oauth_provider .oe_oauth_provider_error ul { + list-style: none; + float: left; + font-weight: bold; +} diff --git a/addons/auth_oauth_provider/static/src/css/oauth_provider.sass b/addons/auth_oauth_provider/static/src/css/oauth_provider.sass new file mode 100644 index 00000000000..7921f4cc055 --- /dev/null +++ b/addons/auth_oauth_provider/static/src/css/oauth_provider.sass @@ -0,0 +1,17 @@ +@charset "utf-8" + + +.openerp .oe_oauth_provider + padding: 0 10px + .oe_oauth_provider_error + span.oe_i + font-size: 60px + color: #900 + float: left + ul + list-style: none + float: left + font-weight: bold + +// au BufWritePost,FileWritePost *.sass :!sass --style expanded --line-numbers > "%:p:r.css" +// vim:tabstop=4:shiftwidth=4:softtabstop=4:fdm=marker: diff --git a/addons/auth_oauth_provider/static/src/js/oauth_provider.js b/addons/auth_oauth_provider/static/src/js/oauth_provider.js new file mode 100644 index 00000000000..9612559d038 --- /dev/null +++ b/addons/auth_oauth_provider/static/src/js/oauth_provider.js @@ -0,0 +1,50 @@ +openerp.auth_oauth_provider = function(instance) { + +var QWeb = instance.web.qweb; +var _t = instance.web._t; + +instance.web.client_actions.add('oauth2_auth', 'instance.auth_oauth_provider.ProviderAction'); +instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ + template: "auth_oauth_provider", + start: function (parent) { + var self = this; + this._super.apply(this, arguments); + var params = $.deparam($.param.querystring()); + if (params.response_type !== 'token') { + this.error(_t("Unsupported 'response_type' parameter")); + } + if (!params.redirect_uri) { + this.error(_t("No 'redirect_uri' parameter given")); + } + // params.client_id TODO + // params.scope TODO + // params.approval_prompt TODO + if (!this._error) { + instance.session.rpc('/oauth2/get_access_token', {}).then(function(r) { + self.redirect(r.access_token); + }).fail(function() { + self.error(_t("An error occured while contacting the OpenERP server.")); + }); + } + }, + redirect: function(access_token) { + var params = $.deparam($.param.querystring()); + var a = document.createElement('a'); + a.href = params.redirect_uri; + var search = (a.search ? '&' : '?') + 'access_token=' + access_token; + if (params.state) { + search += "&state=" + params.state; + } + var redirect = a.protocol + '//' + a.host + a.pathname + search + a.hash; + //window.location = redirect; + console.log("redirect to", redirect); + }, + error: function(msg) { + this._error = true; + var $msg = $('
  • ').addClass('oe_oauth_provider_error_text').text(msg); + $msg.appendTo(this.$('.oe_oauth_provider_error').show().find('ul')); + return false; + }, +}); + +}; diff --git a/addons/auth_oauth_provider/static/src/xml/oauth_provider.xml b/addons/auth_oauth_provider/static/src/xml/oauth_provider.xml new file mode 100644 index 00000000000..ddf6ff08789 --- /dev/null +++ b/addons/auth_oauth_provider/static/src/xml/oauth_provider.xml @@ -0,0 +1,13 @@ + + From 100c0a60a5e35d8377fd5225a1b77b745d9a9bd3 Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Thu, 20 Sep 2012 16:00:41 +0200 Subject: [PATCH 02/27] [ADD] Added res_user oauth token field bzr revid: fme@openerp.com-20120920140041-eied4nfw8pjs6ye8 --- addons/auth_oauth_provider/__init__.py | 1 + .../auth_oauth_provider/controllers/main.py | 5 +-- addons/auth_oauth_provider/res_users.py | 33 +++++++++++++++++++ .../static/src/js/oauth_provider.js | 2 +- 4 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 addons/auth_oauth_provider/res_users.py diff --git a/addons/auth_oauth_provider/__init__.py b/addons/auth_oauth_provider/__init__.py index c19b731933c..a6f4a72100b 100644 --- a/addons/auth_oauth_provider/__init__.py +++ b/addons/auth_oauth_provider/__init__.py @@ -20,6 +20,7 @@ ############################################################################## import controllers +import res_users # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth_provider/controllers/main.py b/addons/auth_oauth_provider/controllers/main.py index 50eed95b234..d0ca059aa93 100644 --- a/addons/auth_oauth_provider/controllers/main.py +++ b/addons/auth_oauth_provider/controllers/main.py @@ -30,9 +30,10 @@ class AuthOAuthProvider(openerpweb.Controller): _cp_path = '/oauth2' @openerpweb.jsonrequest - def get_access_token(self, req, **kw): + def get_token(self, req, **kw): + token = req.session.model('res.users').get_oauth_token() return { - 'access_token': 'hefwjkhfejwk' + 'access_token': token, } # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth_provider/res_users.py b/addons/auth_oauth_provider/res_users.py new file mode 100644 index 00000000000..667ef3f838e --- /dev/null +++ b/addons/auth_oauth_provider/res_users.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python +############################################################################## +# +# OpenERP, Open Source Management Solution +# Copyright (C) 2010-2012 OpenERP s.a. (). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +from openerp.osv import osv, fields + +class res_users(osv.osv): + _inherit = 'res.users' + + _columns = { + 'last_oauth_token': fields.char('Last OAuth Token', size=64, readonly=True, invisible=True), + } + + def get_oauth_token(self, cr, uid, context=None): + return "TOKENJEFILWJLK" + +# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth_provider/static/src/js/oauth_provider.js b/addons/auth_oauth_provider/static/src/js/oauth_provider.js index 9612559d038..f2bd4b21c00 100644 --- a/addons/auth_oauth_provider/static/src/js/oauth_provider.js +++ b/addons/auth_oauth_provider/static/src/js/oauth_provider.js @@ -20,7 +20,7 @@ instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ // params.scope TODO // params.approval_prompt TODO if (!this._error) { - instance.session.rpc('/oauth2/get_access_token', {}).then(function(r) { + instance.session.rpc('/oauth2/get_token', {}).then(function(r) { self.redirect(r.access_token); }).fail(function() { self.error(_t("An error occured while contacting the OpenERP server.")); From a6068f909e5dbdd8cb8207db64bbb9dff1c3d594 Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Thu, 20 Sep 2012 17:15:38 +0200 Subject: [PATCH 03/27] [ADD] Create oauth token in res.users bzr revid: fme@openerp.com-20120920151538-stb6kamfpmwzf9xz --- addons/auth_oauth_provider/controllers/main.py | 4 ++-- addons/auth_oauth_provider/res_users.py | 11 ++++++++--- .../static/src/js/oauth_provider.js | 17 +++++++++++------ 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/addons/auth_oauth_provider/controllers/main.py b/addons/auth_oauth_provider/controllers/main.py index d0ca059aa93..79393a84a43 100644 --- a/addons/auth_oauth_provider/controllers/main.py +++ b/addons/auth_oauth_provider/controllers/main.py @@ -30,8 +30,8 @@ class AuthOAuthProvider(openerpweb.Controller): _cp_path = '/oauth2' @openerpweb.jsonrequest - def get_token(self, req, **kw): - token = req.session.model('res.users').get_oauth_token() + def get_token(self, req, client_id="", scope="", **kw): + token = req.session.model('res.users').get_oauth_token(client_id, scope) return { 'access_token': token, } diff --git a/addons/auth_oauth_provider/res_users.py b/addons/auth_oauth_provider/res_users.py index 667ef3f838e..b1bf8270f0b 100644 --- a/addons/auth_oauth_provider/res_users.py +++ b/addons/auth_oauth_provider/res_users.py @@ -19,15 +19,20 @@ # ############################################################################## from openerp.osv import osv, fields +import random +import string class res_users(osv.osv): _inherit = 'res.users' _columns = { - 'last_oauth_token': fields.char('Last OAuth Token', size=64, readonly=True, invisible=True), + 'last_oauth_token': fields.char('Last OAuth Token', readonly=True, invisible=True), } - def get_oauth_token(self, cr, uid, context=None): - return "TOKENJEFILWJLK" + def get_oauth_token(self, cr, uid, client_id="", scope="", context=None): + chars = string.ascii_uppercase + string.ascii_lowercase + string.digits + token = ''.join(random.choice(chars) for x in range(random.randrange(16, 24))) + self.write(cr, uid, [uid], { "last_oauth_token": token }, context=context) + return token # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth_provider/static/src/js/oauth_provider.js b/addons/auth_oauth_provider/static/src/js/oauth_provider.js index f2bd4b21c00..2551c82cd2a 100644 --- a/addons/auth_oauth_provider/static/src/js/oauth_provider.js +++ b/addons/auth_oauth_provider/static/src/js/oauth_provider.js @@ -16,25 +16,30 @@ instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ if (!params.redirect_uri) { this.error(_t("No 'redirect_uri' parameter given")); } - // params.client_id TODO - // params.scope TODO // params.approval_prompt TODO if (!this._error) { - instance.session.rpc('/oauth2/get_token', {}).then(function(r) { - self.redirect(r.access_token); + instance.session.rpc('/oauth2/get_token', { + client_id: params.client_id || '', + scope: params.scope || '', + }).then(function(result) { + self.redirect(result); }).fail(function() { self.error(_t("An error occured while contacting the OpenERP server.")); }); } }, - redirect: function(access_token) { + redirect: function(result) { var params = $.deparam($.param.querystring()); var a = document.createElement('a'); a.href = params.redirect_uri; - var search = (a.search ? '&' : '?') + 'access_token=' + access_token; + var search = (a.search ? '&' : '?') + 'access_token=' + result.access_token; if (params.state) { search += "&state=" + params.state; } + if (params.expires_in) { + search += "&expires_in=" + expires_in; + } + search += '&token_type=Bearer'; var redirect = a.protocol + '//' + a.host + a.pathname + search + a.hash; //window.location = redirect; console.log("redirect to", redirect); From 14f399df472031630852d02fb6177d49b21cbaa9 Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Thu, 20 Sep 2012 17:45:57 +0200 Subject: [PATCH 04/27] [ADD] Added oauth tokeninfo bzr revid: fme@openerp.com-20120920154557-1ltsxnkoz6vzezan --- addons/auth_oauth_provider/controllers/main.py | 9 ++++++++- addons/auth_oauth_provider/res_users.py | 15 ++++++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/addons/auth_oauth_provider/controllers/main.py b/addons/auth_oauth_provider/controllers/main.py index 79393a84a43..63bf3cad61c 100644 --- a/addons/auth_oauth_provider/controllers/main.py +++ b/addons/auth_oauth_provider/controllers/main.py @@ -25,15 +25,22 @@ try: except ImportError: import web.common.http as openerpweb # noqa +import simplejson + class AuthOAuthProvider(openerpweb.Controller): _cp_path = '/oauth2' @openerpweb.jsonrequest def get_token(self, req, client_id="", scope="", **kw): - token = req.session.model('res.users').get_oauth_token(client_id, scope) + token = req.session.model('res.users').auth_oauth_provider_get_token(client_id, scope) return { 'access_token': token, } + @openerpweb.httprequest + def tokeninfo(self, req, access_token="", **kw): + info = req.session.model('res.users').auth_oauth_provider_tokeninfo(access_token) + return simplejson.dumps(info) + # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth_provider/res_users.py b/addons/auth_oauth_provider/res_users.py index b1bf8270f0b..dd2178a1dff 100644 --- a/addons/auth_oauth_provider/res_users.py +++ b/addons/auth_oauth_provider/res_users.py @@ -29,10 +29,23 @@ class res_users(osv.osv): 'last_oauth_token': fields.char('Last OAuth Token', readonly=True, invisible=True), } - def get_oauth_token(self, cr, uid, client_id="", scope="", context=None): + def auth_oauth_provider_get_token(self, cr, uid, client_id="", scope="", context=None): chars = string.ascii_uppercase + string.ascii_lowercase + string.digits token = ''.join(random.choice(chars) for x in range(random.randrange(16, 24))) self.write(cr, uid, [uid], { "last_oauth_token": token }, context=context) return token + def auth_oauth_provider_tokeninfo(self, cr, uid, access_token="", context=None): + if access_token == self.browse(cr, uid, [uid], context=context).access_token: + return { + "user_id": uid, + #"audience": "8819981768.apps.googleusercontent.com", + #"scope": "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email", + #"expires_in": 436 + } + else: + return { + "error": "invalid_token" + } + # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: From d52896727b30848100776b9ca0db06e815f5ca37 Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Mon, 24 Sep 2012 10:17:02 +0200 Subject: [PATCH 05/27] [IMP] Use $.param for url search building bzr revid: fme@openerp.com-20120924081702-c3oxj1uf2i2ehgv8 --- .../static/src/js/oauth_provider.js | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/addons/auth_oauth_provider/static/src/js/oauth_provider.js b/addons/auth_oauth_provider/static/src/js/oauth_provider.js index 2551c82cd2a..593c013d21a 100644 --- a/addons/auth_oauth_provider/static/src/js/oauth_provider.js +++ b/addons/auth_oauth_provider/static/src/js/oauth_provider.js @@ -32,15 +32,17 @@ instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ var params = $.deparam($.param.querystring()); var a = document.createElement('a'); a.href = params.redirect_uri; - var search = (a.search ? '&' : '?') + 'access_token=' + result.access_token; + var new_params = { + access_token: result.access_token, + token_type: 'Bearer', + }; if (params.state) { - search += "&state=" + params.state; + new_params.state = params.state; } - if (params.expires_in) { - search += "&expires_in=" + expires_in; + if (result.expires_in) { + new_params.expires_in = result.expires_in; } - search += '&token_type=Bearer'; - var redirect = a.protocol + '//' + a.host + a.pathname + search + a.hash; + var redirect = a.protocol + '//' + a.host + a.pathname + '?' + $.param(new_params) + a.hash; //window.location = redirect; console.log("redirect to", redirect); }, From 3ed1ce8255a4afb2247c7c282173d7a0f01fc53c Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Mon, 24 Sep 2012 10:31:05 +0200 Subject: [PATCH 06/27] [IMP] Be honest bzr revid: fme@openerp.com-20120924083105-dvxj6gqunr6gewni --- addons/auth_oauth_provider/__openerp__.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/addons/auth_oauth_provider/__openerp__.py b/addons/auth_oauth_provider/__openerp__.py index 71a4971c9b8..d8b3d4e3c41 100644 --- a/addons/auth_oauth_provider/__openerp__.py +++ b/addons/auth_oauth_provider/__openerp__.py @@ -22,11 +22,11 @@ { 'name': 'OAuth Provider', - 'version': '1.0', + 'version': '0.1', 'category': 'Tools', 'description': """ -Allow an openerp server to provide OAuth service. -================================================= +Allow an openerp server to provide partial OAuth service. +========================================================= """, 'author': 'OpenERP s.a.', 'maintainer': 'OpenERP s.a.', From 6875258258a1478dd1356fc7176a025cf8f00a5b Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Mon, 24 Sep 2012 10:44:33 +0200 Subject: [PATCH 07/27] [IMP] Wip oauth bzr revid: fme@openerp.com-20120924084433-95rtadp5omhkc6x3 --- addons/auth_oauth_provider/res_users.py | 11 +++++++++-- .../static/src/js/oauth_provider.js | 4 ++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/addons/auth_oauth_provider/res_users.py b/addons/auth_oauth_provider/res_users.py index dd2178a1dff..3831a6a97d0 100644 --- a/addons/auth_oauth_provider/res_users.py +++ b/addons/auth_oauth_provider/res_users.py @@ -26,19 +26,26 @@ class res_users(osv.osv): _inherit = 'res.users' _columns = { + # TODO: partial implementation supporting only one client_id for the moment. 'last_oauth_token': fields.char('Last OAuth Token', readonly=True, invisible=True), + 'last_oauth_token_scope': fields.char('Last OAuth Token Scope', readonly=True, invisible=True), } def auth_oauth_provider_get_token(self, cr, uid, client_id="", scope="", context=None): chars = string.ascii_uppercase + string.ascii_lowercase + string.digits token = ''.join(random.choice(chars) for x in range(random.randrange(16, 24))) - self.write(cr, uid, [uid], { "last_oauth_token": token }, context=context) + self.write(cr, uid, [uid], { + "last_oauth_token": token, + "last_oauth_token_scope": scope, + }, context=context) return token def auth_oauth_provider_tokeninfo(self, cr, uid, access_token="", context=None): - if access_token == self.browse(cr, uid, [uid], context=context).access_token: + user = self.browse(cr, uid, [uid], context=context) + if access_token == user.last_oauth_token: return { "user_id": uid, + "scope": user.last_oauth_token_scope, #"audience": "8819981768.apps.googleusercontent.com", #"scope": "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email", #"expires_in": 436 diff --git a/addons/auth_oauth_provider/static/src/js/oauth_provider.js b/addons/auth_oauth_provider/static/src/js/oauth_provider.js index 593c013d21a..eb2c1982d31 100644 --- a/addons/auth_oauth_provider/static/src/js/oauth_provider.js +++ b/addons/auth_oauth_provider/static/src/js/oauth_provider.js @@ -16,6 +16,10 @@ instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ if (!params.redirect_uri) { this.error(_t("No 'redirect_uri' parameter given")); } + // params.client_id + // TODO: check if client_id application is authorized to use the service, and get it's name + // that should be displayed in the approval confirmation dialog. + // params.approval_prompt TODO if (!this._error) { instance.session.rpc('/oauth2/get_token', { From a74b35ee3758545dabd811fe8ac9d0c68a3420ca Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Mon, 24 Sep 2012 12:39:31 +0200 Subject: [PATCH 08/27] [ADD] Added oauth approval wip bzr revid: fme@openerp.com-20120924103931-d2zj6p8shpljf0v9 --- .../static/src/js/oauth_provider.js | 40 ++++++++++++------- .../static/src/xml/oauth_provider.xml | 11 +++++ 2 files changed, 36 insertions(+), 15 deletions(-) diff --git a/addons/auth_oauth_provider/static/src/js/oauth_provider.js b/addons/auth_oauth_provider/static/src/js/oauth_provider.js index eb2c1982d31..a5e05c60283 100644 --- a/addons/auth_oauth_provider/static/src/js/oauth_provider.js +++ b/addons/auth_oauth_provider/static/src/js/oauth_provider.js @@ -20,15 +20,22 @@ instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ // TODO: check if client_id application is authorized to use the service, and get it's name // that should be displayed in the approval confirmation dialog. - // params.approval_prompt TODO if (!this._error) { - instance.session.rpc('/oauth2/get_token', { - client_id: params.client_id || '', - scope: params.scope || '', - }).then(function(result) { - self.redirect(result); - }).fail(function() { - self.error(_t("An error occured while contacting the OpenERP server.")); + // params.approval_prompt TODO + // TODO: get client_id and scope + this.$('.oe_oauth_provider_approval').show().on('click', '.oe_oauth_provider_allow', function() { + instance.session.rpc('/oauth2/get_token', { + client_id: params.client_id || '', + scope: params.scope || '', + }).then(function(result) { + self.redirect(result); + }).fail(function() { + self.error(_t("An error occured while contacting the OpenERP server.")); + }); + }).on('click', '.oe_oauth_provider_deny', function() { + self.redirect({ + error: 'access_denied' + }); }); } }, @@ -36,16 +43,19 @@ instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ var params = $.deparam($.param.querystring()); var a = document.createElement('a'); a.href = params.redirect_uri; - var new_params = { - access_token: result.access_token, - token_type: 'Bearer', - }; + var new_params = {}; + if (!result.error) { + new_params.access_token = result.access_token; + new_params.token_type = 'Bearer'; + if (result.expires_in) { + new_params.expires_in = result.expires_in; + } + } else { + new_params.error = result.error; + } if (params.state) { new_params.state = params.state; } - if (result.expires_in) { - new_params.expires_in = result.expires_in; - } var redirect = a.protocol + '//' + a.host + a.pathname + '?' + $.param(new_params) + a.hash; //window.location = redirect; console.log("redirect to", redirect); diff --git a/addons/auth_oauth_provider/static/src/xml/oauth_provider.xml b/addons/auth_oauth_provider/static/src/xml/oauth_provider.xml index ddf6ff08789..85985e4e974 100644 --- a/addons/auth_oauth_provider/static/src/xml/oauth_provider.xml +++ b/addons/auth_oauth_provider/static/src/xml/oauth_provider.xml @@ -8,6 +8,17 @@ D
      + From 292252eb7dd18de14a3d4504e33c7b8df2936fbc Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Mon, 24 Sep 2012 17:37:29 +0200 Subject: [PATCH 09/27] [ADD] Make things work .... or not ? bzr revid: fme@openerp.com-20120924153729-e7lsjvfxfpjzrpm7 --- .../auth_oauth_provider/controllers/main.py | 31 ++++++++++++++++--- addons/auth_oauth_provider/res_users.py | 12 +++++-- 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/addons/auth_oauth_provider/controllers/main.py b/addons/auth_oauth_provider/controllers/main.py index 63bf3cad61c..7ca4ab75d56 100644 --- a/addons/auth_oauth_provider/controllers/main.py +++ b/addons/auth_oauth_provider/controllers/main.py @@ -23,14 +23,27 @@ try: import openerp.addons.web.common.http as openerpweb except ImportError: - import web.common.http as openerpweb # noqa + import web.common.http as openerpweb + +import openerp.modules.registry +from openerp import SUPERUSER_ID import simplejson - +import werkzeug +import urllib class AuthOAuthProvider(openerpweb.Controller): _cp_path = '/oauth2' + @openerpweb.httprequest + def auth(self, req, **kw): + # TODO: if logged and approval_prompt == auto then return get_token and redirect + search = req.params.copy() + if req.debug: + search['debug'] = 1 + redirect_url = '/?' + urllib.urlencode(search) + '#action=oauth2_auth' + return werkzeug.utils.redirect(redirect_url, 303) + @openerpweb.jsonrequest def get_token(self, req, client_id="", scope="", **kw): token = req.session.model('res.users').auth_oauth_provider_get_token(client_id, scope) @@ -39,8 +52,16 @@ class AuthOAuthProvider(openerpweb.Controller): } @openerpweb.httprequest - def tokeninfo(self, req, access_token="", **kw): - info = req.session.model('res.users').auth_oauth_provider_tokeninfo(access_token) - return simplejson.dumps(info) + def tokeninfo(self, req, dbname=None, access_token=None, **kw): + if not dbname or not access_token: + return simplejson.dumps({ "error": "No 'dbname' or 'access_token' url parameters specified." }) + try: + registry = openerp.modules.registry.RegistryManager.get(dbname) + with registry.cursor() as cr: + u = registry.get('res.users') + info = u.auth_oauth_provider_tokeninfo(cr, SUPERUSER_ID, access_token, kw) + return simplejson.dumps(info) + except Exception, e: + return simplejson.dumps({ "error": e.message }) # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth_provider/res_users.py b/addons/auth_oauth_provider/res_users.py index 3831a6a97d0..983672e0261 100644 --- a/addons/auth_oauth_provider/res_users.py +++ b/addons/auth_oauth_provider/res_users.py @@ -40,14 +40,20 @@ class res_users(osv.osv): }, context=context) return token - def auth_oauth_provider_tokeninfo(self, cr, uid, access_token="", context=None): - user = self.browse(cr, uid, [uid], context=context) + def auth_oauth_provider_tokeninfo(self, cr, uid, access_token, context=None): + user_id = self.search(cr, uid, [('last_oauth_token', '=', access_token)], context=context) + if len(user_id) != 1: + return { + "error": "invalid_token" + } + user = self.browse(cr, uid, user_id[0], context=context) if access_token == user.last_oauth_token: return { "user_id": uid, "scope": user.last_oauth_token_scope, + "email": user.partner_id.email or '', # TODO: should deliver only according to scopes + "scope": user.last_oauth_token_scope, #"audience": "8819981768.apps.googleusercontent.com", - #"scope": "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email", #"expires_in": 436 } else: From 1b5939817ff82d4356dd4da00ea7d7a9bd448a3b Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Mon, 24 Sep 2012 18:02:13 +0200 Subject: [PATCH 10/27] [FIX] Return correct userid in tokeninfo bzr revid: fme@openerp.com-20120924160213-kfjdi6s01mcic9jp --- addons/auth_oauth_provider/controllers/main.py | 1 - addons/auth_oauth_provider/res_users.py | 2 +- addons/auth_oauth_provider/static/src/js/oauth_provider.js | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/addons/auth_oauth_provider/controllers/main.py b/addons/auth_oauth_provider/controllers/main.py index 7ca4ab75d56..944e3e44bf9 100644 --- a/addons/auth_oauth_provider/controllers/main.py +++ b/addons/auth_oauth_provider/controllers/main.py @@ -37,7 +37,6 @@ class AuthOAuthProvider(openerpweb.Controller): @openerpweb.httprequest def auth(self, req, **kw): - # TODO: if logged and approval_prompt == auto then return get_token and redirect search = req.params.copy() if req.debug: search['debug'] = 1 diff --git a/addons/auth_oauth_provider/res_users.py b/addons/auth_oauth_provider/res_users.py index 983672e0261..38200597730 100644 --- a/addons/auth_oauth_provider/res_users.py +++ b/addons/auth_oauth_provider/res_users.py @@ -49,7 +49,7 @@ class res_users(osv.osv): user = self.browse(cr, uid, user_id[0], context=context) if access_token == user.last_oauth_token: return { - "user_id": uid, + "user_id": user.id, "scope": user.last_oauth_token_scope, "email": user.partner_id.email or '', # TODO: should deliver only according to scopes "scope": user.last_oauth_token_scope, diff --git a/addons/auth_oauth_provider/static/src/js/oauth_provider.js b/addons/auth_oauth_provider/static/src/js/oauth_provider.js index a5e05c60283..f08b098efed 100644 --- a/addons/auth_oauth_provider/static/src/js/oauth_provider.js +++ b/addons/auth_oauth_provider/static/src/js/oauth_provider.js @@ -21,7 +21,7 @@ instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ // that should be displayed in the approval confirmation dialog. if (!this._error) { - // params.approval_prompt TODO + // params.approval_prompt TODO --> add 'none' (default) // TODO: get client_id and scope this.$('.oe_oauth_provider_approval').show().on('click', '.oe_oauth_provider_allow', function() { instance.session.rpc('/oauth2/get_token', { From a129da845af5880ad3c7bca7bf53f1874bbccda6 Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Mon, 24 Sep 2012 18:15:18 +0200 Subject: [PATCH 11/27] [ACTIVATE] Yes ! Activate ! bzr revid: fme@openerp.com-20120924161518-n0096bt1j2n04cpa --- addons/auth_oauth_provider/static/src/js/oauth_provider.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/addons/auth_oauth_provider/static/src/js/oauth_provider.js b/addons/auth_oauth_provider/static/src/js/oauth_provider.js index f08b098efed..b81b824cd88 100644 --- a/addons/auth_oauth_provider/static/src/js/oauth_provider.js +++ b/addons/auth_oauth_provider/static/src/js/oauth_provider.js @@ -57,8 +57,7 @@ instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ new_params.state = params.state; } var redirect = a.protocol + '//' + a.host + a.pathname + '?' + $.param(new_params) + a.hash; - //window.location = redirect; - console.log("redirect to", redirect); + window.location = redirect; }, error: function(msg) { this._error = true; From 6a99c09facf3c098dadba35c1728e14f1a92e7ef Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Tue, 25 Sep 2012 10:23:57 +0200 Subject: [PATCH 12/27] [IMP] Use uuid for tokens bzr revid: fme@openerp.com-20120925082357-g1yfq8udbwdda296 --- addons/auth_oauth_provider/res_users.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/addons/auth_oauth_provider/res_users.py b/addons/auth_oauth_provider/res_users.py index 38200597730..20d9e9c7ade 100644 --- a/addons/auth_oauth_provider/res_users.py +++ b/addons/auth_oauth_provider/res_users.py @@ -19,21 +19,19 @@ # ############################################################################## from openerp.osv import osv, fields -import random -import string +import uuid class res_users(osv.osv): _inherit = 'res.users' _columns = { # TODO: partial implementation supporting only one client_id for the moment. - 'last_oauth_token': fields.char('Last OAuth Token', readonly=True, invisible=True), + 'last_oauth_token': fields.char('Last OAuth Token', size=32, readonly=True, invisible=True), 'last_oauth_token_scope': fields.char('Last OAuth Token Scope', readonly=True, invisible=True), } def auth_oauth_provider_get_token(self, cr, uid, client_id="", scope="", context=None): - chars = string.ascii_uppercase + string.ascii_lowercase + string.digits - token = ''.join(random.choice(chars) for x in range(random.randrange(16, 24))) + token = str(uuid.uuid4()).replace('-', '') self.write(cr, uid, [uid], { "last_oauth_token": token, "last_oauth_token_scope": scope, From a19717019449a86973269ef7cefa492dd44ca97d Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Tue, 25 Sep 2012 11:51:19 +0200 Subject: [PATCH 13/27] [ADD] Added OpenERP Online oauth provider + openerp zocial css bzr revid: fme@openerp.com-20120925095119-erlvy2vjqxrkjvy6 --- addons/auth_oauth/__openerp__.py | 5 +++- addons/auth_oauth/auth_oauth_data.xml | 9 +++++++ .../auth_oauth/static/src/css/auth_oauth.css | 26 +++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 addons/auth_oauth/static/src/css/auth_oauth.css diff --git a/addons/auth_oauth/__openerp__.py b/addons/auth_oauth/__openerp__.py index d43815e8018..c8da9c65d4a 100644 --- a/addons/auth_oauth/__openerp__.py +++ b/addons/auth_oauth/__openerp__.py @@ -38,7 +38,10 @@ Allow users to login through Google OAuth2. 'security/ir.model.access.csv' ], 'js': ['static/src/js/auth_oauth.js'], - 'css': ['static/lib/zocial/css/zocial.css'], + 'css': [ + 'static/lib/zocial/css/zocial.css', + 'static/src/css/auth_oauth.css', + ], 'qweb': ['static/src/xml/auth_oauth.xml'], 'installable': True, 'auto_install': False, diff --git a/addons/auth_oauth/auth_oauth_data.xml b/addons/auth_oauth/auth_oauth_data.xml index 7bb95192e5d..86b0f6c593e 100644 --- a/addons/auth_oauth/auth_oauth_data.xml +++ b/addons/auth_oauth/auth_oauth_data.xml @@ -2,6 +2,15 @@ + + OpenERP + https://openerp.my.openerp.com/oauth2/auth + userinfo + https://openerp.my.openerp.com/oauth2/tokeninfo + + zocial openerp + Sign in with OpenERP Online + Facebook Graph https://www.facebook.com/dialog/oauth diff --git a/addons/auth_oauth/static/src/css/auth_oauth.css b/addons/auth_oauth/static/src/css/auth_oauth.css new file mode 100644 index 00000000000..ffec2a0a1e8 --- /dev/null +++ b/addons/auth_oauth/static/src/css/auth_oauth.css @@ -0,0 +1,26 @@ +.zocial.openerp:before { + content: "\E02E"; + font-style: italic; +} + +a.zocial.openerp { + float: right; + border: 1px solid #222222; + color: white; + margin: 0; + background-color: #b92020; + background-image: -webkit-gradient(linear, left top, left bottom, from(#b92020), to(#600606)); + background-image: -webkit-linear-gradient(top, #b92020, #600606); + background-image: -moz-linear-gradient(top, #b92020, #600606); + background-image: -ms-linear-gradient(top, #b92020, #600606); + background-image: -o-linear-gradient(top, #b92020, #600606); + background-image: linear-gradient(to bottom, #b92020, #600606); + -moz-border-radius: 4px; + -webkit-border-radius: 4px; + border-radius: 4px; + -moz-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px 1px rgba(155, 155, 155, 0.4) inset; + -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px 1px rgba(155, 155, 155, 0.4) inset; + box-shadow: 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px 1px rgba(155, 155, 155, 0.4) inset; + text-shadow: none; + font-weight: normal; +} From 404c2c2dbaa21d1520ac89430a7f565e1008d471 Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Tue, 25 Sep 2012 12:32:11 +0200 Subject: [PATCH 14/27] [IMP] Minor css change bzr revid: fme@openerp.com-20120925103211-l1yfgp9s7ro3twuo --- addons/auth_oauth/static/src/css/auth_oauth.css | 1 + 1 file changed, 1 insertion(+) diff --git a/addons/auth_oauth/static/src/css/auth_oauth.css b/addons/auth_oauth/static/src/css/auth_oauth.css index ffec2a0a1e8..ef0d648e950 100644 --- a/addons/auth_oauth/static/src/css/auth_oauth.css +++ b/addons/auth_oauth/static/src/css/auth_oauth.css @@ -1,6 +1,7 @@ .zocial.openerp:before { content: "\E02E"; font-style: italic; + text-shadow: 0 1px 1px black; } a.zocial.openerp { From 5a6c5044191486310f52e69bb39ec28f2f65b4e7 Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Tue, 25 Sep 2012 14:01:29 +0200 Subject: [PATCH 15/27] [IMP] Pimp my gimp bzr revid: fme@openerp.com-20120925120129-0wx4451e1bi81dn6 --- addons/auth_oauth/auth_oauth_data.xml | 2 +- addons/auth_oauth/static/src/css/auth_oauth.css | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/addons/auth_oauth/auth_oauth_data.xml b/addons/auth_oauth/auth_oauth_data.xml index 86b0f6c593e..feb4e5339ad 100644 --- a/addons/auth_oauth/auth_oauth_data.xml +++ b/addons/auth_oauth/auth_oauth_data.xml @@ -3,7 +3,7 @@ - OpenERP + OpenERP Online https://openerp.my.openerp.com/oauth2/auth userinfo https://openerp.my.openerp.com/oauth2/tokeninfo diff --git a/addons/auth_oauth/static/src/css/auth_oauth.css b/addons/auth_oauth/static/src/css/auth_oauth.css index ef0d648e950..8e267e17845 100644 --- a/addons/auth_oauth/static/src/css/auth_oauth.css +++ b/addons/auth_oauth/static/src/css/auth_oauth.css @@ -1,3 +1,7 @@ +.openerp .oe_application .zocial { + font: white; +} + .zocial.openerp:before { content: "\E02E"; font-style: italic; From 3120f9e0485a180ba08ed9e364d3698c00580f0b Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Tue, 25 Sep 2012 14:51:25 +0200 Subject: [PATCH 16/27] [FIX] redirect should use hash instead of url params bzr revid: fme@openerp.com-20120925125125-58j0z3g3evbvi7bc --- addons/auth_oauth_provider/static/src/js/oauth_provider.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/auth_oauth_provider/static/src/js/oauth_provider.js b/addons/auth_oauth_provider/static/src/js/oauth_provider.js index b81b824cd88..84a89415ed3 100644 --- a/addons/auth_oauth_provider/static/src/js/oauth_provider.js +++ b/addons/auth_oauth_provider/static/src/js/oauth_provider.js @@ -56,7 +56,7 @@ instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ if (params.state) { new_params.state = params.state; } - var redirect = a.protocol + '//' + a.host + a.pathname + '?' + $.param(new_params) + a.hash; + var redirect = params.redirect_uri + (a.hash ? '&' : '#') + $.param(new_params); window.location = redirect; }, error: function(msg) { From 35f5ea03f8cf558e07dce6f9ca507a1271978220 Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Wed, 26 Sep 2012 11:43:00 +0200 Subject: [PATCH 17/27] [FIX] oauth provider: do not return email key if user has no email bzr revid: fme@openerp.com-20120926094300-09qcpak6qg5eokeh --- addons/auth_oauth_provider/res_users.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/addons/auth_oauth_provider/res_users.py b/addons/auth_oauth_provider/res_users.py index 20d9e9c7ade..833286b5642 100644 --- a/addons/auth_oauth_provider/res_users.py +++ b/addons/auth_oauth_provider/res_users.py @@ -46,14 +46,15 @@ class res_users(osv.osv): } user = self.browse(cr, uid, user_id[0], context=context) if access_token == user.last_oauth_token: - return { + r = { "user_id": user.id, "scope": user.last_oauth_token_scope, - "email": user.partner_id.email or '', # TODO: should deliver only according to scopes - "scope": user.last_oauth_token_scope, #"audience": "8819981768.apps.googleusercontent.com", #"expires_in": 436 } + if user.partner_id.email: # TODO: should deliver only according to scopes + r['email'] = user.partner_id.email + return r else: return { "error": "invalid_token" From 4536fe76cad54bffcd5d5532f462475b4cdae43f Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Wed, 26 Sep 2012 11:43:36 +0200 Subject: [PATCH 18/27] [FIX] oauth: make oauth works with providers not necessarily returning name and email (eg: facebook, OpenERP online) bzr revid: fme@openerp.com-20120926094336-xir22x45wpn98lqd --- addons/auth_oauth/res_users.py | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/addons/auth_oauth/res_users.py b/addons/auth_oauth/res_users.py index b4f62612746..fd26e89c2e3 100644 --- a/addons/auth_oauth/res_users.py +++ b/addons/auth_oauth/res_users.py @@ -1,6 +1,7 @@ import logging import urllib +import urlparse import urllib2 import simplejson @@ -20,8 +21,11 @@ class res_users(osv.Model): } def auth_oauth_rpc(self, cr, uid, endpoint, access_token, context=None): - params = urllib.urlencode({'access_token':access_token}) - url = endpoint + '?' + params + params = urllib.urlencode({ 'access_token': access_token }) + if urlparse.urlparse(endpoint)[4]: + url = endpoint + '&' + params + else: + url = endpoint + '?' + params f = urllib2.urlopen(url) response = f.read() return simplejson.loads(response) @@ -38,26 +42,32 @@ class res_users(osv.Model): validation = self.auth_oauth_rpc(cr, uid, p.validation_endpoint, access_token) if validation.get("error"): raise openerp.exceptions.AccessDenied - login = validation['email'] + if p.data_endpoint: + data = self.auth_oauth_rpc(cr, uid, p.data_endpoint, access_token) + validation.update(data) + # required oauth_uid = validation['user_id'] - name = self.auth_oauth_rpc(cr, uid, p.data_endpoint, access_token)['name'] - - credentials = (cr.dbname, login, access_token) + if not oauth_uid: + raise openerp.exceptions.AccessDenied + email = validation.get('email', 'provider_%d_user_%d' % (p.id, oauth_uid)) + # optional + name = validation.get('name', email) res = self.search(cr, uid, [("oauth_uid", "=", oauth_uid)]) if res: - self.write(cr, uid, res[0], {'oauth_access_token':access_token}) + self.write(cr, uid, res[0], { 'oauth_access_token': access_token }) else: # New user new_user = { 'name': name, - 'login': login, - 'user_email': login, - 'oauth_provider_id': 1, + 'login': email, + 'user_email': email, + 'oauth_provider_id': p.id, 'oauth_uid': oauth_uid, 'oauth_access_token': access_token, 'active': True, } self.auth_signup_create(cr, uid, new_user) + credentials = (cr.dbname, email, access_token) return credentials def check_credentials(self, cr, uid, password): From 5e3a747290f6e322e19de984e9d8328871e05d7d Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Wed, 26 Sep 2012 13:31:02 +0200 Subject: [PATCH 19/27] [REN] Renamed the module to auth_oauth2_provider bzr revid: fme@openerp.com-20120926113102-pdhpz9zh6zirrapw --- .../__init__.py | 2 +- .../__openerp__.py | 13 ++-- .../auth_oauth2_provider.py | 64 +++++++++++++++++ .../controllers/__init__.py | 0 .../controllers/main.py | 0 .../res_users.py | 0 .../static/src/css/auth_oauth2_provider.css} | 0 .../static/src/css/auth_oauth2_provider.sass} | 0 .../static/src/css/oauth_provider.css | 14 ++++ .../static/src/css/oauth_provider.sass | 17 +++++ .../static/src/js/auth_oauth2_provider.js} | 0 .../static/src/js/oauth_provider.js | 70 +++++++++++++++++++ .../static/src/xml/oauth_provider.xml | 0 13 files changed, 172 insertions(+), 8 deletions(-) rename addons/{auth_oauth_provider => auth_oauth2_provider}/__init__.py (97%) rename addons/{auth_oauth_provider => auth_oauth2_provider}/__openerp__.py (80%) create mode 100644 addons/auth_oauth2_provider/auth_oauth2_provider.py rename addons/{auth_oauth_provider => auth_oauth2_provider}/controllers/__init__.py (100%) rename addons/{auth_oauth_provider => auth_oauth2_provider}/controllers/main.py (100%) rename addons/{auth_oauth_provider => auth_oauth2_provider}/res_users.py (100%) rename addons/{auth_oauth_provider/static/src/css/oauth_provider.css => auth_oauth2_provider/static/src/css/auth_oauth2_provider.css} (100%) rename addons/{auth_oauth_provider/static/src/css/oauth_provider.sass => auth_oauth2_provider/static/src/css/auth_oauth2_provider.sass} (100%) create mode 100644 addons/auth_oauth2_provider/static/src/css/oauth_provider.css create mode 100644 addons/auth_oauth2_provider/static/src/css/oauth_provider.sass rename addons/{auth_oauth_provider/static/src/js/oauth_provider.js => auth_oauth2_provider/static/src/js/auth_oauth2_provider.js} (100%) create mode 100644 addons/auth_oauth2_provider/static/src/js/oauth_provider.js rename addons/{auth_oauth_provider => auth_oauth2_provider}/static/src/xml/oauth_provider.xml (100%) diff --git a/addons/auth_oauth_provider/__init__.py b/addons/auth_oauth2_provider/__init__.py similarity index 97% rename from addons/auth_oauth_provider/__init__.py rename to addons/auth_oauth2_provider/__init__.py index a6f4a72100b..4c5cc7b36e1 100644 --- a/addons/auth_oauth_provider/__init__.py +++ b/addons/auth_oauth2_provider/__init__.py @@ -20,7 +20,7 @@ ############################################################################## import controllers -import res_users +import auth_oauth2_provider # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth_provider/__openerp__.py b/addons/auth_oauth2_provider/__openerp__.py similarity index 80% rename from addons/auth_oauth_provider/__openerp__.py rename to addons/auth_oauth2_provider/__openerp__.py index d8b3d4e3c41..b792f3b6f10 100644 --- a/addons/auth_oauth_provider/__openerp__.py +++ b/addons/auth_oauth2_provider/__openerp__.py @@ -21,21 +21,20 @@ { - 'name': 'OAuth Provider', + 'name': 'OAuth2 Provider', 'version': '0.1', 'category': 'Tools', 'description': """ -Allow an openerp server to provide partial OAuth service. -========================================================= +Allow an openerp server to provide OAuth2 authentication service. +================================================================= """, 'author': 'OpenERP s.a.', 'maintainer': 'OpenERP s.a.', 'website': 'http://www.openerp.com', 'depends': ['base', 'web'], - #'data': ['res_users.xml'], - 'js': ['static/src/js/oauth_provider.js'], - 'css': ['static/src/css/oauth_provider.css'], - 'qweb': ['static/src/xml/oauth_provider.xml'], + 'js': ['static/src/js/auth_oauth2_provider.js'], + 'css': ['static/src/css/auth_oauth2_provider.css'], + 'qweb': ['static/src/xml/auth_oauth2_provider.xml'], 'installable': True, 'auto_install': False, } diff --git a/addons/auth_oauth2_provider/auth_oauth2_provider.py b/addons/auth_oauth2_provider/auth_oauth2_provider.py new file mode 100644 index 00000000000..1792d038b27 --- /dev/null +++ b/addons/auth_oauth2_provider/auth_oauth2_provider.py @@ -0,0 +1,64 @@ +#!/usr/bin/env python +############################################################################## +# +# OpenERP, Open Source Management Solution +# Copyright (C) 2010-2012 OpenERP s.a. (). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +from openerp.osv import osv, fields +import uuid + +class res_users(osv.osv): + """Oauth2 Provider Class""" + _inherit = 'res.users' + + _columns = { + # TODO: partial implementation supporting only one client_id for the moment. + 'last_oauth_token': fields.char('Last OAuth Token', size=32, readonly=True, invisible=True), + 'last_oauth_token_scope': fields.char('Last OAuth Token Scope', readonly=True, invisible=True), + } + + def auth_oauth_provider_get_token(self, cr, uid, client_id="", scope="", context=None): + token = str(uuid.uuid4()).replace('-', '') + self.write(cr, uid, [uid], { + "last_oauth_token": token, + "last_oauth_token_scope": scope, + }, context=context) + return token + + def auth_oauth_provider_tokeninfo(self, cr, uid, access_token, context=None): + user_id = self.search(cr, uid, [('last_oauth_token', '=', access_token)], context=context) + if len(user_id) != 1: + return { + "error": "invalid_token" + } + user = self.browse(cr, uid, user_id[0], context=context) + if access_token == user.last_oauth_token: + r = { + "user_id": user.id, + "scope": user.last_oauth_token_scope, + #"audience": "8819981768.apps.googleusercontent.com", + #"expires_in": 436 + } + if user.partner_id.email: # TODO: should deliver only according to scopes + r['email'] = user.partner_id.email + return r + else: + return { + "error": "invalid_token" + } + +# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth_provider/controllers/__init__.py b/addons/auth_oauth2_provider/controllers/__init__.py similarity index 100% rename from addons/auth_oauth_provider/controllers/__init__.py rename to addons/auth_oauth2_provider/controllers/__init__.py diff --git a/addons/auth_oauth_provider/controllers/main.py b/addons/auth_oauth2_provider/controllers/main.py similarity index 100% rename from addons/auth_oauth_provider/controllers/main.py rename to addons/auth_oauth2_provider/controllers/main.py diff --git a/addons/auth_oauth_provider/res_users.py b/addons/auth_oauth2_provider/res_users.py similarity index 100% rename from addons/auth_oauth_provider/res_users.py rename to addons/auth_oauth2_provider/res_users.py diff --git a/addons/auth_oauth_provider/static/src/css/oauth_provider.css b/addons/auth_oauth2_provider/static/src/css/auth_oauth2_provider.css similarity index 100% rename from addons/auth_oauth_provider/static/src/css/oauth_provider.css rename to addons/auth_oauth2_provider/static/src/css/auth_oauth2_provider.css diff --git a/addons/auth_oauth_provider/static/src/css/oauth_provider.sass b/addons/auth_oauth2_provider/static/src/css/auth_oauth2_provider.sass similarity index 100% rename from addons/auth_oauth_provider/static/src/css/oauth_provider.sass rename to addons/auth_oauth2_provider/static/src/css/auth_oauth2_provider.sass diff --git a/addons/auth_oauth2_provider/static/src/css/oauth_provider.css b/addons/auth_oauth2_provider/static/src/css/oauth_provider.css new file mode 100644 index 00000000000..778179b63b4 --- /dev/null +++ b/addons/auth_oauth2_provider/static/src/css/oauth_provider.css @@ -0,0 +1,14 @@ +@charset "utf-8"; +.openerp .oe_oauth_provider { + padding: 0 10px; +} +.openerp .oe_oauth_provider .oe_oauth_provider_error span.oe_i { + font-size: 60px; + color: #990000; + float: left; +} +.openerp .oe_oauth_provider .oe_oauth_provider_error ul { + list-style: none; + float: left; + font-weight: bold; +} diff --git a/addons/auth_oauth2_provider/static/src/css/oauth_provider.sass b/addons/auth_oauth2_provider/static/src/css/oauth_provider.sass new file mode 100644 index 00000000000..7921f4cc055 --- /dev/null +++ b/addons/auth_oauth2_provider/static/src/css/oauth_provider.sass @@ -0,0 +1,17 @@ +@charset "utf-8" + + +.openerp .oe_oauth_provider + padding: 0 10px + .oe_oauth_provider_error + span.oe_i + font-size: 60px + color: #900 + float: left + ul + list-style: none + float: left + font-weight: bold + +// au BufWritePost,FileWritePost *.sass :!sass --style expanded --line-numbers > "%:p:r.css" +// vim:tabstop=4:shiftwidth=4:softtabstop=4:fdm=marker: diff --git a/addons/auth_oauth_provider/static/src/js/oauth_provider.js b/addons/auth_oauth2_provider/static/src/js/auth_oauth2_provider.js similarity index 100% rename from addons/auth_oauth_provider/static/src/js/oauth_provider.js rename to addons/auth_oauth2_provider/static/src/js/auth_oauth2_provider.js diff --git a/addons/auth_oauth2_provider/static/src/js/oauth_provider.js b/addons/auth_oauth2_provider/static/src/js/oauth_provider.js new file mode 100644 index 00000000000..84a89415ed3 --- /dev/null +++ b/addons/auth_oauth2_provider/static/src/js/oauth_provider.js @@ -0,0 +1,70 @@ +openerp.auth_oauth_provider = function(instance) { + +var QWeb = instance.web.qweb; +var _t = instance.web._t; + +instance.web.client_actions.add('oauth2_auth', 'instance.auth_oauth_provider.ProviderAction'); +instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ + template: "auth_oauth_provider", + start: function (parent) { + var self = this; + this._super.apply(this, arguments); + var params = $.deparam($.param.querystring()); + if (params.response_type !== 'token') { + this.error(_t("Unsupported 'response_type' parameter")); + } + if (!params.redirect_uri) { + this.error(_t("No 'redirect_uri' parameter given")); + } + // params.client_id + // TODO: check if client_id application is authorized to use the service, and get it's name + // that should be displayed in the approval confirmation dialog. + + if (!this._error) { + // params.approval_prompt TODO --> add 'none' (default) + // TODO: get client_id and scope + this.$('.oe_oauth_provider_approval').show().on('click', '.oe_oauth_provider_allow', function() { + instance.session.rpc('/oauth2/get_token', { + client_id: params.client_id || '', + scope: params.scope || '', + }).then(function(result) { + self.redirect(result); + }).fail(function() { + self.error(_t("An error occured while contacting the OpenERP server.")); + }); + }).on('click', '.oe_oauth_provider_deny', function() { + self.redirect({ + error: 'access_denied' + }); + }); + } + }, + redirect: function(result) { + var params = $.deparam($.param.querystring()); + var a = document.createElement('a'); + a.href = params.redirect_uri; + var new_params = {}; + if (!result.error) { + new_params.access_token = result.access_token; + new_params.token_type = 'Bearer'; + if (result.expires_in) { + new_params.expires_in = result.expires_in; + } + } else { + new_params.error = result.error; + } + if (params.state) { + new_params.state = params.state; + } + var redirect = params.redirect_uri + (a.hash ? '&' : '#') + $.param(new_params); + window.location = redirect; + }, + error: function(msg) { + this._error = true; + var $msg = $('
    • ').addClass('oe_oauth_provider_error_text').text(msg); + $msg.appendTo(this.$('.oe_oauth_provider_error').show().find('ul')); + return false; + }, +}); + +}; diff --git a/addons/auth_oauth_provider/static/src/xml/oauth_provider.xml b/addons/auth_oauth2_provider/static/src/xml/oauth_provider.xml similarity index 100% rename from addons/auth_oauth_provider/static/src/xml/oauth_provider.xml rename to addons/auth_oauth2_provider/static/src/xml/oauth_provider.xml From 08cea541f8725fa52878860acd18cd44320875a6 Mon Sep 17 00:00:00 2001 From: Fabien Meghazi Date: Wed, 26 Sep 2012 18:18:31 +0200 Subject: [PATCH 20/27] [ADD] Add auth.oauth2.token bzr revid: fme@openerp.com-20120926161831-q4uxxr3slqth9mzy --- .../auth_oauth2_provider.py | 87 +++++++++++-------- .../auth_oauth2_provider/controllers/main.py | 12 ++- .../static/src/css/auth_oauth2_provider.css | 6 +- .../static/src/css/auth_oauth2_provider.sass | 4 +- .../static/src/js/auth_oauth2_provider.js | 16 ++-- ..._provider.xml => auth_oauth2_provider.xml} | 12 +-- 6 files changed, 77 insertions(+), 60 deletions(-) rename addons/auth_oauth2_provider/static/src/xml/{oauth_provider.xml => auth_oauth2_provider.xml} (54%) diff --git a/addons/auth_oauth2_provider/auth_oauth2_provider.py b/addons/auth_oauth2_provider/auth_oauth2_provider.py index 1792d038b27..32977c4fabe 100644 --- a/addons/auth_oauth2_provider/auth_oauth2_provider.py +++ b/addons/auth_oauth2_provider/auth_oauth2_provider.py @@ -19,46 +19,65 @@ # ############################################################################## from openerp.osv import osv, fields +import datetime import uuid -class res_users(osv.osv): - """Oauth2 Provider Class""" - _inherit = 'res.users' +class auth_oauth2_token(osv.osv): + """Oauth2 Token Class""" + + _name = 'auth.oauth2.token' + _description = 'OAuth2 Token' _columns = { - # TODO: partial implementation supporting only one client_id for the moment. - 'last_oauth_token': fields.char('Last OAuth Token', size=32, readonly=True, invisible=True), - 'last_oauth_token_scope': fields.char('Last OAuth Token Scope', readonly=True, invisible=True), + 'token': fields.char('Token', size=32, readonly=True), + 'user_id': fields.many2one('res.users', 'User', required=True, select=True, readonly=True), + 'client': fields.char('Client', help="Client Application for which the token has been generated", readonly=True, select=True), # TODO: auth.oauth2.client object + 'scope': fields.char('Scope', help="Scope for which the token has ben delivered", readonly=True, select=True), + 'expires_at': fields.datetime('Token expiration date'), } - def auth_oauth_provider_get_token(self, cr, uid, client_id="", scope="", context=None): - token = str(uuid.uuid4()).replace('-', '') - self.write(cr, uid, [uid], { - "last_oauth_token": token, - "last_oauth_token_scope": scope, - }, context=context) - return token + TOKEN_EXPIRATION_TIMESPAN = 3600 # in seconds - def auth_oauth_provider_tokeninfo(self, cr, uid, access_token, context=None): - user_id = self.search(cr, uid, [('last_oauth_token', '=', access_token)], context=context) - if len(user_id) != 1: - return { - "error": "invalid_token" - } - user = self.browse(cr, uid, user_id[0], context=context) - if access_token == user.last_oauth_token: - r = { - "user_id": user.id, - "scope": user.last_oauth_token_scope, - #"audience": "8819981768.apps.googleusercontent.com", - #"expires_in": 436 - } - if user.partner_id.email: # TODO: should deliver only according to scopes - r['email'] = user.partner_id.email - return r - else: - return { - "error": "invalid_token" - } + _defaults = { + 'expires_at': lambda self, *a: datetime.datetime.utcnow() + datetime.timedelta(seconds=self.TOKEN_EXPIRATION_TIMESPAN), + } + + def get_token(self, cr, uid, client_id="", scope="", context=None): + token = str(uuid.uuid4()).replace('-', '') + self.create(cr, uid, { + 'token': token, + 'user_id': uid, + 'client': client_id, + 'scope': scope, + }, context=context) + return { + 'access_token': token, + 'expires_in': self.TOKEN_EXPIRATION_TIMESPAN, + } + + def tokeninfo(self, cr, uid, access_token, context=None): + token = self.search(cr, uid, [('token', '=', access_token)], context=context) + if not len(token): + return { "error": "invalid_token" } + token = self.browse(cr, uid, token[0], context=context) + expires_at = datetime.datetime.strptime(token.expires_at[:19], '%Y-%m-%d %H:%M:%S') + + # python 2.7's datetime.timedelta supports total_seconds() + # expires_in = int(round((expires_at - datetime.datetime.utcnow()).total_seconds())) + delta = expires_at - datetime.datetime.utcnow() + expires_in = (delta.microseconds + (delta.seconds + delta.days * 24 * 3600) * 10**6) / 10**6 + + if expires_in <= 0: + return { "error": "invalid_token" } + + r = { + "user_id": token.user_id.id, + "scope": token.scope, + "expires_in": expires_in, + "audience": token.client, + } + if token.user_id.email: # TODO: should deliver only according to scopes + r['email'] = token.user_id.email + return r # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth2_provider/controllers/main.py b/addons/auth_oauth2_provider/controllers/main.py index 944e3e44bf9..47e5d99df14 100644 --- a/addons/auth_oauth2_provider/controllers/main.py +++ b/addons/auth_oauth2_provider/controllers/main.py @@ -45,10 +45,8 @@ class AuthOAuthProvider(openerpweb.Controller): @openerpweb.jsonrequest def get_token(self, req, client_id="", scope="", **kw): - token = req.session.model('res.users').auth_oauth_provider_get_token(client_id, scope) - return { - 'access_token': token, - } + r = req.session.model('auth.oauth2.token').get_token(client_id, scope) + return r @openerpweb.httprequest def tokeninfo(self, req, dbname=None, access_token=None, **kw): @@ -57,10 +55,10 @@ class AuthOAuthProvider(openerpweb.Controller): try: registry = openerp.modules.registry.RegistryManager.get(dbname) with registry.cursor() as cr: - u = registry.get('res.users') - info = u.auth_oauth_provider_tokeninfo(cr, SUPERUSER_ID, access_token, kw) + u = registry.get('auth.oauth2.token') + info = u.tokeninfo(cr, SUPERUSER_ID, access_token, kw) return simplejson.dumps(info) except Exception, e: - return simplejson.dumps({ "error": e.message }) + return simplejson.dumps({ "error": str(e) }) # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/auth_oauth2_provider/static/src/css/auth_oauth2_provider.css b/addons/auth_oauth2_provider/static/src/css/auth_oauth2_provider.css index 778179b63b4..71e3fbe14ce 100644 --- a/addons/auth_oauth2_provider/static/src/css/auth_oauth2_provider.css +++ b/addons/auth_oauth2_provider/static/src/css/auth_oauth2_provider.css @@ -1,13 +1,13 @@ @charset "utf-8"; -.openerp .oe_oauth_provider { +.openerp .oe_oauth2_provider { padding: 0 10px; } -.openerp .oe_oauth_provider .oe_oauth_provider_error span.oe_i { +.openerp .oe_oauth2_provider .oe_oauth2_provider_error span.oe_i { font-size: 60px; color: #990000; float: left; } -.openerp .oe_oauth_provider .oe_oauth_provider_error ul { +.openerp .oe_oauth2_provider .oe_oauth2_provider_error ul { list-style: none; float: left; font-weight: bold; diff --git a/addons/auth_oauth2_provider/static/src/css/auth_oauth2_provider.sass b/addons/auth_oauth2_provider/static/src/css/auth_oauth2_provider.sass index 7921f4cc055..91dceb077db 100644 --- a/addons/auth_oauth2_provider/static/src/css/auth_oauth2_provider.sass +++ b/addons/auth_oauth2_provider/static/src/css/auth_oauth2_provider.sass @@ -1,9 +1,9 @@ @charset "utf-8" -.openerp .oe_oauth_provider +.openerp .oe_oauth2_provider padding: 0 10px - .oe_oauth_provider_error + .oe_oauth2_provider_error span.oe_i font-size: 60px color: #900 diff --git a/addons/auth_oauth2_provider/static/src/js/auth_oauth2_provider.js b/addons/auth_oauth2_provider/static/src/js/auth_oauth2_provider.js index 84a89415ed3..0d807e0f4bc 100644 --- a/addons/auth_oauth2_provider/static/src/js/auth_oauth2_provider.js +++ b/addons/auth_oauth2_provider/static/src/js/auth_oauth2_provider.js @@ -1,11 +1,11 @@ -openerp.auth_oauth_provider = function(instance) { +openerp.auth_oauth2_provider = function(instance) { var QWeb = instance.web.qweb; var _t = instance.web._t; -instance.web.client_actions.add('oauth2_auth', 'instance.auth_oauth_provider.ProviderAction'); -instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ - template: "auth_oauth_provider", +instance.web.client_actions.add('oauth2_auth', 'instance.auth_oauth2_provider.ProviderAction'); +instance.auth_oauth2_provider.ProviderAction = instance.web.Widget.extend({ + template: "auth_oauth2_provider", start: function (parent) { var self = this; this._super.apply(this, arguments); @@ -23,7 +23,7 @@ instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ if (!this._error) { // params.approval_prompt TODO --> add 'none' (default) // TODO: get client_id and scope - this.$('.oe_oauth_provider_approval').show().on('click', '.oe_oauth_provider_allow', function() { + this.$('.oe_oauth2_provider_approval').show().on('click', '.oe_oauth2_provider_allow', function() { instance.session.rpc('/oauth2/get_token', { client_id: params.client_id || '', scope: params.scope || '', @@ -32,7 +32,7 @@ instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ }).fail(function() { self.error(_t("An error occured while contacting the OpenERP server.")); }); - }).on('click', '.oe_oauth_provider_deny', function() { + }).on('click', '.oe_oauth2_provider_deny', function() { self.redirect({ error: 'access_denied' }); @@ -61,8 +61,8 @@ instance.auth_oauth_provider.ProviderAction = instance.web.Widget.extend({ }, error: function(msg) { this._error = true; - var $msg = $('
    • ').addClass('oe_oauth_provider_error_text').text(msg); - $msg.appendTo(this.$('.oe_oauth_provider_error').show().find('ul')); + var $msg = $('
    • ').addClass('oe_oauth2_provider_error_text').text(msg); + $msg.appendTo(this.$('.oe_oauth2_provider_error').show().find('ul')); return false; }, }); diff --git a/addons/auth_oauth2_provider/static/src/xml/oauth_provider.xml b/addons/auth_oauth2_provider/static/src/xml/auth_oauth2_provider.xml similarity index 54% rename from addons/auth_oauth2_provider/static/src/xml/oauth_provider.xml rename to addons/auth_oauth2_provider/static/src/xml/auth_oauth2_provider.xml index 85985e4e974..d0723c70c33 100644 --- a/addons/auth_oauth2_provider/static/src/xml/oauth_provider.xml +++ b/addons/auth_oauth2_provider/static/src/xml/auth_oauth2_provider.xml @@ -1,14 +1,14 @@