Skip to content

[17.0][IMP] auth_oauth_autologin: Move all auto login logic to the backend #821

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wluyima wants to merge 1 commit into
base: 17.0
Choose a base branch
from
Open

[17.0][IMP] auth_oauth_autologin: Move all auto login logic to the backend #821

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion auth_oauth_autologin/__manifest__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,4 @@
"depends": ["auth_oauth"],
"data": ["views/auth_oauth_provider.xml"],
"demo": [],
"assets": {"web.assets_frontend": ["auth_oauth_autologin/static/src/js/*.js"]},
}
26 changes: 12 additions & 14 deletions auth_oauth_autologin/controllers/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@


class OAuthAutoLogin(OAuthLogin):
def _autologin_disabled(self, redirect):
url = urlparse(redirect)
def _autologin_disabled(self, request_url):
url = urlparse(request_url)
params = dict(parse_qsl(url.query, keep_blank_values=True))
return "no_autologin" in params or "oauth_error" in params or "error" in params

Expand All @@ -20,15 +20,13 @@ def _autologin_link(self):
if len(providers) == 1:
return providers[0].get("auth_link")

@http.route(
"/auth/auto_login_redirect_link",
type="json",
auth="none",
)
def auto_login_redirect_link(self, *args, **kwargs):
redirect = kwargs.get("redirect")
if self._autologin_disabled(redirect):
return False
request.params["redirect"] = redirect
auth_link = self._autologin_link()
return auth_link
@http.route("/web/login", type="http", auth="none")
def web_login(self, *args, **kw):
if not request.session.uid:
request_url = request.httprequest.url
if not self._autologin_disabled(request_url):
auth_link = self._autologin_link()
if auth_link:
return request.redirect(auth_link, local=False)

return super().web_login(*args, **kw)
26 changes: 0 additions & 26 deletions auth_oauth_autologin/static/src/js/web_login.esm.js
View file
Open in desktop

This file was deleted.

1 change: 1 addition & 0 deletions auth_oauth_autologin/tests/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
from . import test_oauth_auto_login
129 changes: 129 additions & 0 deletions auth_oauth_autologin/tests/test_oauth_auto_login.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
# Copyright 2021 ACSONE SA/NV <https://acsone.eu>
# License: AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)

from unittest.mock import Mock, patch

from odoo.http import Response
from odoo.tests import common

from odoo.addons.website.tools import MockRequest

from ..controllers.main import OAuthAutoLogin

LOGIN_URL = "http://localhost/web/login"


class TestOauthAutoLogin(common.HttpCase):
def mock_redirect(self, logout_url, local):
self.redirect_url = logout_url
self.is_local_direct = local

@patch("odoo.addons.auth_oauth.controllers.main.OAuthLogin.web_login")
def test_skip_auto_login_if_already_logged_in(self, mock_web_login):
"""Test that auto login is skipped if user is logged in"""
mock_session = Mock()
response = Response()
mock_web_login.return_value = response
with MockRequest(self.env) as request:
request.session = mock_session
self.assertEqual(response, OAuthAutoLogin().web_login())

@patch("odoo.addons.auth_oauth.controllers.main.OAuthLogin.web_login")
def test_skip_auto_login_if_no_autologin_parameter_exists(self, mock_web_login):
"""Test that auto login is skipped if no_autologin parameter exists"""
mock_session = Mock()
response = Response()
mock_web_login.return_value = response
with MockRequest(self.env) as request:
request.session = mock_session
mock_session.uid = False
request.httprequest.url = LOGIN_URL + "?no_autologin"
self.assertEqual(response, OAuthAutoLogin().web_login())

@patch("odoo.addons.auth_oauth.controllers.main.OAuthLogin.web_login")
def test_skip_auto_login_if_oauth_error_parameter_exists(self, mock_web_login):
"""Test that auto login is skipped if oauth_error parameter exists"""
mock_session = Mock()
response = Response()
mock_web_login.return_value = response
with MockRequest(self.env) as request:
request.session = mock_session
mock_session.uid = False
request.httprequest.url = LOGIN_URL + "?oauth_error=1"
self.assertEqual(response, OAuthAutoLogin().web_login())

@patch("odoo.addons.auth_oauth.controllers.main.OAuthLogin.web_login")
def test_skip_auto_login_if_error_parameter_exists(self, mock_web_login):
"""Test that auto login is skipped if error parameter exists"""
mock_session = Mock()
response = Response()
mock_web_login.return_value = response
with MockRequest(self.env) as request:
request.session = mock_session
mock_session.uid = False
request.httprequest.url = LOGIN_URL + "?error=test"
self.assertEqual(response, OAuthAutoLogin().web_login())

@patch("odoo.addons.auth_oauth.controllers.main.OAuthLogin.web_login")
def test_skip_auto_login_if_no_provider_has_autologin_set(self, mock_web_login):
"""Test that auto login is skipped if error parameter exists"""
instance = OAuthAutoLogin()
mock_session = Mock()
response = Response()
mock_web_login.return_value = response
provider = {}
provider["autologin"] = False
provider["auth_link"] = "https://keycloak.test"
providers = [provider]
with MockRequest(self.env) as request, patch.object(
instance, "list_providers", return_value=providers
):
request.session = mock_session
mock_session.uid = False
request.httprequest.url = LOGIN_URL
self.assertEqual(response, instance.web_login())

@patch("odoo.addons.auth_oauth.controllers.main.OAuthLogin.web_login")
def test_skip_auto_login_if_the_provider_has_no_auth_link(self, mock_web_login):
"""Test that auto login is skipped if error parameter exists"""
instance = OAuthAutoLogin()
mock_session = Mock()
response = Response()
mock_web_login.return_value = response
provider = {}
provider["autologin"] = True
providers = [provider]
with MockRequest(self.env) as request, patch.object(
instance, "list_providers", return_value=providers
):
request.session = mock_session
mock_session.uid = False
request.httprequest.url = LOGIN_URL
self.assertEqual(response, instance.web_login())

@patch("odoo.addons.auth_oauth.controllers.main.OAuthLogin.web_login")
def test_oauth_auto_login_with_enabled_provider(self, mock_web_login):
"""Test that auto login works if enabled"""
instance = OAuthAutoLogin()
mock_session = Mock()
response = Response()
mock_web_login.return_value = response
provider_1 = {}
provider_1["autologin"] = False
provider_1["auth_link"] = "https://keycloak1.test"
auth_link_2 = "https://keycloak2.test"
provider_2 = {}
provider_2["autologin"] = True
provider_2["auth_link"] = auth_link_2
providers = [provider_1, provider_2]
with MockRequest(self.env) as request, patch.object(
instance, "list_providers", return_value=providers
):
request.session = mock_session
mock_session.uid = False
request.httprequest.url = LOGIN_URL
request.redirect = self.mock_redirect
instance.web_login()
self.assertEqual(auth_link_2, self.redirect_url)
self.assertFalse(self.is_local_direct)
self.assertFalse(mock_web_login.called)
15 changes: 0 additions & 15 deletions auth_oauth_autologin/views/assets.xml
View file
Open in desktop

This file was deleted.