OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1627 Commits
13 Branches
0 Tags
45 MiB
Tree: 141953b351
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '141953b351'
${ noResults }
server-tools/oauth_provider/models/oauth_provider_client.py

130 lines
5.1 KiB
Raw Normal View History

[ADD] Add oauth_provider module
8 years ago
  1. # -*- coding: utf-8 -*-
  2. # Copyright 2016 SYLEAM
  3. # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
  5. import hashlib
  6. import uuid
  7. import logging
  8. from openerp import models, api, fields
  9. from ..oauth2.validator import OdooValidator
  11. _logger = logging.getLogger(__name__)
  13. try:
  14. from oauthlib import oauth2
  15. except ImportError:
  16. _logger.debug('Cannot `import oauthlib`.')
  19. class OAuthProviderClient(models.Model):
  20. _name = 'oauth.provider.client'
  21. _description = 'OAuth Provider Client'
  23. name = fields.Char(required=True, help='Name of this client.')
  24. identifier = fields.Char(
  25. string='Client Identifier', required=True, readonly=True,
  26. default=lambda self: str(uuid.uuid4()), copy=False,
  27. help='Unique identifier of the client.')
  28. secret = fields.Char(
  29. help='Optional secret used to authenticate the client.')
  30. skip_authorization = fields.Boolean(
  31. help='Check this box if the user shouldn\'t be prompted to authorize '
  32. 'or not the requested scopes.')
  33. application_type = fields.Selection(
  34. selection=[
  35. ('web application', 'Web Application'),
  36. ('mobile application', 'Mobile Application'),
  37. ('legacy application', 'Legacy Application'),
  38. ('backend application', 'Backend Application (not implemented)'),
  39. ], required=True, default='web application',
  40. help='Application type to be used with this client.')
  41. grant_type = fields.Selection(
  42. selection=[
  43. ('authorization_code', 'Authorization Code'),
  44. ('implicit', 'Implicit'),
  45. ('password', 'Password'),
  46. ('client_credentials', 'Client Credentials'),
  47. ], string='OAuth Grant Type',
  48. compute='_compute_grant_response_type', store=True,
  49. help='Grant type used by the client for OAuth.')
  50. response_type = fields.Selection(
  51. selection=[
  52. ('code', 'Authorization Code'),
  53. ('token', 'Token'),
  54. ('none', 'None'),
  55. ], string='OAuth Response Type',
  56. compute='_compute_grant_response_type', store=True,
  57. help='Response type used by the client for OAuth.')
  58. token_type = fields.Selection(
  59. selection=[('random', 'Randomly generated')],
  60. required=True, default='random',
  61. help='Type of token to return. The base module only provides randomly '
  62. 'generated tokens.')
  63. scope_ids = fields.Many2many(
  64. comodel_name='oauth.provider.scope', string='Allowed Scopes',
  65. help='List of scopes the client is allowed to access.')
  66. redirect_uri_ids = fields.One2many(
  67. comodel_name='oauth.provider.redirect.uri', inverse_name='client_id',
  68. string='OAuth Redirect URIs',
  69. help='Allowed redirect URIs for the client.')
  71. _sql_constraints = [
  72. ('identifier_unique', 'UNIQUE (identifier)',
  73. 'The identifier of the client must be unique !'),
  74. ]
  76. @api.model
  77. def application_type_mapping(self):
  78. return {
  79. 'web application': ('authorization_code', 'code'),
  80. 'mobile application': ('implicit', 'token'),
  81. 'legacy application': ('password', 'none'),
  82. 'backend application': ('client_credentials', 'none'),
  83. }
  85. @api.multi
  86. @api.depends('application_type')
  87. def _compute_grant_response_type(self):
  88. applications = self.application_type_mapping()
  89. for client in self:
  90. client.grant_type, client.response_type = applications[
  91. client.application_type]
  93. @api.multi
  94. def get_oauth2_server(self, validator=None, **kwargs):
  95. """ Returns an OAuth2 server instance, depending on the client application type
  97. Generates an OdooValidator instance if no custom validator is defined
  98. All other arguments are directly passed to the server constructor (for
  99. example, a token generator function)
  100. """
  101. self.ensure_one()
  103. if validator is None:
  104. validator = OdooValidator()
  106. if self.application_type == 'web application':
  107. return oauth2.WebApplicationServer(validator, **kwargs)
  108. elif self.application_type == 'mobile application':
  109. return oauth2.MobileApplicationServer(validator, **kwargs)
  110. elif self.application_type == 'legacy application':
  111. return oauth2.LegacyApplicationServer(validator, **kwargs)
  112. elif self.application_type == 'backend application':
  113. return oauth2.BackendApplicationServer(validator, **kwargs)
  115. @api.multi
  116. def generate_user_id(self, user):
  117. """ Generates a unique user identifier for this client
  119. Include the client and user identifiers in the final identifier to
  120. generate a different identifier for the same user, depending on the
  121. client accessing this user. By doing this, clients cannot find a list
  122. of common users by comparing their identifiers list from tokeninfo.
  123. """
  124. self.ensure_one()
  126. user_identifier = self.identifier \
  127. + user.sudo().oauth_identifier
  129. # Use a sha256 to avoid a too long final string
  130. return hashlib.sha256(user_identifier).hexdigest()