Allow Git access with OAuth token

galicea_git/__manifest__.py

@@ -9,7 +9,7 @@
     'website': "http://galicea.pl",
 
     'category': 'Technical Settings',
-    'version': '12.0.0.1',
+    'version': '12.0.0.2',
 
     'depends': ['web', 'galicea_environment_checkup','galicea_base'],
 

galicea_git/controllers/main.py

@@ -9,6 +9,11 @@ import werkzeug
 from ..http_chunked_fix import http_input_stream
 
 class Main(http.Controller):
+    def authorize(self, request):
+        auth = request.httprequest.authorization
+        if auth:
+            request.session.authenticate(request.session.db, auth.username, auth.password)
+
     @http.route(
         [
             '/git/<repo>',
@@ -18,9 +23,7 @@ class Main(http.Controller):
         csrf=False
     )
     def git(self, request, repo, **kw):
-        auth = request.httprequest.authorization
-        if auth:
-            request.session.authenticate(request.session.db, auth.username, auth.password)
+        self.authorize(request)
         if not request.env.uid or request.env.user.login == 'public':
             return werkzeug.Response(
                 headers=[('WWW-Authenticate', 'Basic')],
@@ -74,7 +77,7 @@ class Main(http.Controller):
             if name == 'Status':
                 http_code = int(value.split(b' ')[0])
             else:
-                headers.append((name, value))
+                headers.append((name.decode('ascii'), value.decode('ascii')))
 
         return werkzeug.Response(
             body,

galicea_git_oauth/README.md

@@ -0,0 +1 @@
+[See add-on page on odoo.com](https://apps.odoo.com/apps/modules/12.0/galicea_git_oauth/)

galicea_git_oauth/__init__.py

@@ -0,0 +1,4 @@
+# -*- coding: utf-8 -*-
+
+from . import models
+from . import controllers

galicea_git_oauth/__manifest__.py

@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+{
+    'name': "Galicea Git OAuth",
+
+    'summary': """
+        Enables Git auth via OAuth token""",
+
+    'author': "Maciej Wawro",
+    'maintainer': "Galicea",
+    'website': "http://galicea.pl",
+
+    'category': 'Technical Settings',
+    'version': '12.0.1.0',
+
+    'depends': ['galicea_git', 'galicea_openid_connect'],
+
+    'data': [
+    ],
+
+    'installable': True
+}

galicea_git_oauth/controllers/__init__.py

@@ -0,0 +1 @@
+from . import ext_git_main

galicea_git_oauth/controllers/ext_git_main.py

@@ -0,0 +1,14 @@
+from odoo.addons.galicea_git.controllers.main import Main
+
+class ExtMain(Main):
+    def authorize(self, req):
+        auth = req.httprequest.authorization
+        if auth and auth.password == 'bearer':
+            access_token = req.httprequest.authorization.username
+            token = req.env['galicea_openid_connect.access_token'].sudo().search(
+                [('token', '=', access_token)]
+            )
+            if token:
+                req.uid = token.user_id.id
+                return
+        super(ExtMain, self).authorize(req)

galicea_git_oauth/models/__init__.py

@@ -0,0 +1 @@
+from . import ext_repository

galicea_git_oauth/models/ext_repository.py

@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+
+from urllib.parse import urlparse
+from odoo import models
+
+class Repository(models.Model):
+    _inherit = 'galicea_git.repository'
+
+    def authenticated_url(self, client):
+        """
+        @param application galicea_openid.application"""
+
+        token = self.env['galicea_openid_connect.access_token'].sudo().retrieve_or_create(
+            self.env.user.id,
+            client.id
+        )
+        unauthenticated_url = self.url
+        url_parts = urlparse(unauthenticated_url)
+        return '{}://{}:bearer@{}{}'.format(
+            url_parts.scheme,
+            token.token,
+            url_parts.netloc,
+            url_parts.path,
+        )