Fork Sync Branch 18.0

.pre-commit-config.yaml

@@ -18,6 +18,7 @@ exclude: |
   /build/|/dist/|
   # Ignore test files in addons
   /tests/samples/.*|
+  ^auth_jwt_demo/tests/spa.*|
   # You don't usually want a bot to modify your legal texts
   (LICENSE.*|COPYING.*)
 default_language_version:

README.md

@@ -26,6 +26,7 @@ addon | version | maintainers | summary
 [auth_api_key_group](auth_api_key_group/) | 18.0.1.0.0 | <a href='https://github.com/simahawk'><img src='https://github.com/simahawk.png' width='32' height='32' style='border-radius:50%;' alt='simahawk'/></a> | Allow grouping API keys together. Grouping per se does nothing. This feature is supposed to be used by other modules to limit access to services or records based on groups of keys.
 [auth_api_key_server_env](auth_api_key_server_env/) | 18.0.1.0.0 |  | Configure api keys via server env. This can be very useful to avoid mixing your keys between your various environments when restoring databases. All you have to do is to add a new section to your configuration file according to the following convention:
 [auth_jwt](auth_jwt/) | 18.0.1.0.0 | <a href='https://github.com/sbidoul'><img src='https://github.com/sbidoul.png' width='32' height='32' style='border-radius:50%;' alt='sbidoul'/></a> | JWT bearer token authentication.
+[auth_jwt_demo](auth_jwt_demo/) | 18.0.1.0.0 | <a href='https://github.com/sbidoul'><img src='https://github.com/sbidoul.png' width='32' height='32' style='border-radius:50%;' alt='sbidoul'/></a> | Test/demo module for auth_jwt.
 [auth_oauth_filter_by_domain](auth_oauth_filter_by_domain/) | 18.0.1.0.0 | <a href='https://github.com/natuan9'><img src='https://github.com/natuan9.png' width='32' height='32' style='border-radius:50%;' alt='natuan9'/></a> | Filter OAuth providers by domain
 [auth_oauth_multi_token](auth_oauth_multi_token/) | 18.0.2.0.0 |  | Allow multiple connection with the same OAuth account
 [auth_oidc](auth_oidc/) | 18.0.1.0.0 | <a href='https://github.com/sbidoul'><img src='https://github.com/sbidoul.png' width='32' height='32' style='border-radius:50%;' alt='sbidoul'/></a> | Allow users to login through OpenID Connect Provider

auth_jwt_demo/README.rst

@@ -0,0 +1,123 @@
+.. image:: https://odoo-community.org/readme-banner-image
+   :target: https://odoo-community.org/get-involved?utm_source=readme
+   :alt: Odoo Community Association
+
+=============
+Auth JWT Test
+=============
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:eceb81c0fb5eea794389966cbdf7730462b1e9ed52ba64d67da57d7b1f400e6b
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/license-LGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
+    :alt: License: LGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/18.0/auth_jwt_demo
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-18-0/server-auth-18-0-auth_jwt_demo
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=18.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+A test/demo module for ``auth_jwt``.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Usage
+=====
+
+This modules creates a JWT validator named ``demo``, and adds a
+``/auth_jwt_demo/whoami`` route which returns information about the
+partner identified in the token.
+
+The ``whoami`` endpoint can be invoked as such, assuming
+`python-jose <https://pypi.org/project/python-jose/>`__ is installed.
+
+.. code:: python
+
+   # /usr/bin/env python3
+   import time
+
+   import requests
+   from jose import jwt
+
+   token = jwt.encode(
+       {
+           "aud": "auth_jwt_test_api",
+           "iss": "some issuer",
+           "exp": time.time() + 60,
+           "email": "mark.brown23@example.com",
+       },
+       key="thesecret",
+       algorithm=jwt.ALGORITHMS.HS256,
+   )
+   r = requests.get(
+       "http://localhost:8069/auth_jwt_demo/whoami",
+       headers={"Authorization": "Bearer " + token},
+   )
+   r.raise_for_status()
+   print(r.json())
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_jwt_demo%0Aversion:%2018.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* ACSONE SA/NV
+
+Contributors
+------------
+
+- Stéphane Bidoul <stephane.bidoul@acsone.eu>
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-sbidoul| image:: https://github.com/sbidoul.png?size=40px
+    :target: https://github.com/sbidoul
+    :alt: sbidoul
+
+Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-sbidoul| 
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/18.0/auth_jwt_demo>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_jwt_demo/__init__.py

@@ -0,0 +1 @@
+from . import controllers

auth_jwt_demo/__manifest__.py

@@ -0,0 +1,16 @@
+# Copyright 2021 ACSONE SA/NV
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+{
+    "name": "Auth JWT Test",
+    "summary": """
+        Test/demo module for auth_jwt.""",
+    "version": "18.0.1.0.0",
+    "license": "LGPL-3",
+    "author": "ACSONE SA/NV,Odoo Community Association (OCA)",
+    "maintainers": ["sbidoul"],
+    "website": "https://github.com/OCA/server-auth",
+    "depends": ["auth_jwt"],
+    "data": [],
+    "demo": ["demo/auth_jwt_validator.xml"],
+}

auth_jwt_demo/controllers/__init__.py

@@ -0,0 +1 @@
+from . import main

auth_jwt_demo/controllers/main.py

@@ -0,0 +1,117 @@
+# Copyright 2021 ACSONE SA/NV
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+import json
+
+from odoo.http import Controller, Response, request, route
+
+
+class JWTTestController(Controller):
+    @route(
+        "/auth_jwt_demo/whoami",
+        type="http",
+        auth="jwt_demo",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami(self):
+        data = {}
+        if getattr(request, "jwt_partner_id", None):
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email, uid=request.env.uid)
+        return Response(json.dumps(data), content_type="application/json", status=200)
+
+    @route(
+        "/auth_jwt_demo/whoami-public-or-jwt",
+        type="http",
+        auth="public_or_jwt_demo",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami_public_or_jwt(self):
+        data = {"uid": request.env.uid}
+        if getattr(request, "jwt_partner_id", None):
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email)
+        return Response(json.dumps(data), content_type="application/json", status=200)
+
+    @route(
+        "/auth_jwt_demo_cookie/whoami",
+        type="http",
+        auth="jwt_demo_cookie",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami_cookie(self):
+        data = {"uid": request.env.uid}
+        if getattr(request, "jwt_partner_id", None):
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email)
+        return Response(json.dumps(data), content_type="application/json", status=200)
+
+    @route(
+        "/auth_jwt_demo_cookie/whoami-public-or-jwt",
+        type="http",
+        auth="public_or_jwt_demo_cookie",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami_cookie_public_or_jwt(self):
+        data = {"uid": request.env.uid}
+        if getattr(request, "jwt_partner_id", None):
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email)
+        return Response(json.dumps(data), content_type="application/json", status=200)
+
+    @route(
+        "/auth_jwt_demo/keycloak/whoami",
+        type="http",
+        auth="jwt_demo_keycloak",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami_keycloak(self):
+        """To use with the demo_keycloak validator.
+
+        You can play with this using the browser app in tests/spa and the
+        identity provider in tests/keycloak.
+        """
+        data = {}
+        if getattr(request, "jwt_partner_id", None):
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email)
+        return Response(json.dumps(data), content_type="application/json", status=200)
+
+    @route(
+        "/auth_jwt_demo/keycloak/whoami-public-or-jwt",
+        type="http",
+        auth="public_or_jwt_demo_keycloak",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami_public_or_keycloak(self):
+        """To use with the demo_keycloak validator.
+
+        You can play with this using the browser app in tests/spa and the
+        identity provider in tests/keycloak.
+        """
+        data = {"uid": request.env.uid}
+        if getattr(request, "jwt_partner_id", None):
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email)
+        else:
+            # public
+            data.update(name="Anonymous")
+        return Response(json.dumps(data), content_type="application/json", status=200)

auth_jwt_demo/demo/auth_jwt_validator.xml

@@ -0,0 +1,42 @@
+<odoo>
+    <record id="demo_validator" model="auth.jwt.validator">
+        <field name="name">demo</field>
+        <field name="audience">auth_jwt_test_api</field>
+        <field name="issuer">theissuer</field>
+        <field name="signature_type">secret</field>
+        <field name="secret_algorithm">HS256</field>
+        <field name="secret_key">thesecret</field>
+        <field name="user_id_strategy">static</field>
+        <field name="static_user_id" ref="base.user_demo" />
+        <field name="partner_id_strategy">email</field>
+        <field name="partner_id_required" eval="False" />
+    </record>
+    <record id="demo_cookie_validator" model="auth.jwt.validator">
+        <field name="name">demo_cookie</field>
+        <field name="audience">auth_jwt_test_api</field>
+        <field name="issuer">theissuer</field>
+        <field name="signature_type">secret</field>
+        <field name="secret_algorithm">HS256</field>
+        <field name="secret_key">thesecret</field>
+        <field name="user_id_strategy">static</field>
+        <field name="static_user_id" ref="base.user_demo" />
+        <field name="partner_id_strategy">email</field>
+        <field name="partner_id_required" eval="False" />
+        <field name="cookie_enabled" eval="True" />
+        <field name="cookie_name">demo_auth</field>
+    </record>
+    <record id="demo_keycloak_validator" model="auth.jwt.validator">
+        <field name="name">demo_keycloak</field>
+        <field name="audience">auth_jwt_test_api</field>
+        <field name="issuer">http://localhost:8080/auth/realms/master</field>
+        <field name="signature_type">public_key</field>
+        <field name="public_key_algorithm">RS256</field>
+        <field
+            name="public_key_jwk_uri"
+        >http://localhost:8080/auth/realms/master/protocol/openid-connect/certs</field>
+        <field name="user_id_strategy">static</field>
+        <field name="static_user_id">1</field>
+        <field name="partner_id_strategy">email</field>
+        <field name="partner_id_required" eval="False" />
+    </record>
+</odoo>

auth_jwt_demo/i18n/auth_jwt_demo.pot

@@ -0,0 +1,13 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 18.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"

auth_jwt_demo/i18n/it.po

@@ -0,0 +1,14 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: Automatically generated\n"
+"Language-Team: none\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"

auth_jwt_demo/pyproject.toml

@@ -0,0 +1,3 @@
+[build-system]
+requires = ["whool"]
+build-backend = "whool.buildapi"

auth_jwt_demo/readme/CONTRIBUTORS.md

@@ -0,0 +1 @@
+- Stéphane Bidoul \<<stephane.bidoul@acsone.eu>\>

auth_jwt_demo/readme/DESCRIPTION.md

@@ -0,0 +1 @@
+A test/demo module for `auth_jwt`.

auth_jwt_demo/readme/USAGE.md

@@ -0,0 +1,31 @@
+This modules creates a JWT validator named `demo`, and adds a
+`/auth_jwt_demo/whoami` route which returns information about the
+partner identified in the token.
+
+The `whoami` endpoint can be invoked as such, assuming
+[python-jose](https://pypi.org/project/python-jose/) is installed.
+
+``` python
+# /usr/bin/env python3
+import time
+
+import requests
+from jose import jwt
+
+token = jwt.encode(
+    {
+        "aud": "auth_jwt_test_api",
+        "iss": "some issuer",
+        "exp": time.time() + 60,
+        "email": "mark.brown23@example.com",
+    },
+    key="thesecret",
+    algorithm=jwt.ALGORITHMS.HS256,
+)
+r = requests.get(
+    "http://localhost:8069/auth_jwt_demo/whoami",
+    headers={"Authorization": "Bearer " + token},
+)
+r.raise_for_status()
+print(r.json())
+```