diff --git a/galicea_openid_connect/controllers/main.py b/galicea_openid_connect/controllers/main.py index 423cac6..4e3934e 100644 --- a/galicea_openid_connect/controllers/main.py +++ b/galicea_openid_connect/controllers/main.py @@ -6,6 +6,7 @@ import os import base64 from odoo import http +from odoo.http import request import werkzeug from .. api import resource @@ -104,7 +105,7 @@ class Main(http.Controller): ) @http.route('/.well-known/openid-configuration', auth='public', type='http') - def metadata(self, req, **query): + def metadata(self, **query): base_url = http.request.httprequest.host_url data = { 'issuer': base_url, @@ -122,14 +123,14 @@ class Main(http.Controller): return json.dumps(data) @http.route('/oauth/jwks', auth='public', type='http') - def jwks(self, req, **query): + def jwks(self, **query): keyset = jwk.JWKSet() - keyset.add(self.__get_id_token_jwk(req)) + keyset.add(self.__get_id_token_jwk(request)) return keyset.export(private_keys=False) @resource('/oauth/userinfo', method='GET') - def userinfo(self, req, **query): - user = req.env.user + def userinfo(self, **query): + user = request.env.user values = { 'sub': str(user.id), # Needed in case the client is another Odoo instance @@ -141,22 +142,22 @@ class Main(http.Controller): return values @resource('/oauth/clientinfo', method='GET', auth='client') - def clientinfo(self, req, **query): - client = req.env['galicea_openid_connect.client'].browse(req.context['client_id']) + def clientinfo(self, **query): + client = request.env['galicea_openid_connect.client'].browse(request.context['client_id']) return { 'name': client.name } @http.route('/oauth/authorize', auth='public', type='http', csrf=False) - def authorize(self, req, **query): + def authorize(self, **query): # First, validate client_id and redirect_uri params. try: - client = self.__validate_client(req, **query) - redirect_uri = self.__validate_redirect_uri(client, req, **query) + client = self.__validate_client(request, **query) + redirect_uri = self.__validate_redirect_uri(client, request, **query) except OAuthException as e: # If those are not valid, we must not redirect back to the client # - instead, we display a message to the user - return req.render('galicea_openid_connect.error', {'exception': e}) + return request.render('galicea_openid_connect.error', {'exception': e}) scopes = query['scope'].split(' ') if query.get('scope') else [] is_openid_request = 'openid' in scopes @@ -194,7 +195,7 @@ class Main(http.Controller): if not response_mode: response_mode = 'query' if response_type == 'code' else 'fragment' - user = req.env.user + user = request.env.user # In case user is not logged in, we redirect to the login page and come back needs_login = user.login == 'public' # Also if they didn't authenticate recently enough @@ -227,10 +228,10 @@ class Main(http.Controller): 'exp': int(time.time()) + 60 } payload.update(extra_claims) - key = self.__get_authorization_code_jwk(req) + key = self.__get_authorization_code_jwk(request) response_params['code'] = jwt_encode(payload, key) if 'token' in response_types: - access_token = req.env['galicea_openid_connect.access_token'].sudo().retrieve_or_create( + access_token = request.env['galicea_openid_connect.access_token'].sudo().retrieve_or_create( user.id, client.id ).token @@ -243,7 +244,7 @@ class Main(http.Controller): #extra_claims['at_hash'] = base64.urlsafe_b64encode(at_hash[:16]).strip('=') extra_claims['at_hash'] = base64.urlsafe_b64encode(at_hash[:16]) if 'id_token' in response_types: - response_params['id_token'] = self.__create_id_token(req, user.id, client, extra_claims) + response_params['id_token'] = self.__create_id_token(request, user.id, client, extra_claims) return self.__redirect(redirect_uri, response_params, response_mode)