Merge PR #473 into 15.0

Signed-off-by pedrobaeza

Author: OCA-git-bot

auth_oauth_multi_token/README.rst

@@ -0,0 +1,90 @@
+=================
+OAuth Multi Token
+=================
+
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/15.0/auth_oauth_multi_token
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-15-0/server-auth-15-0-auth_oauth_multi_token
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/webui/builds.html?repo=OCA/server-auth&target_branch=15.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5| 
+
+This module adds the possibility to connect with the same account
+on more than one device at the same time.
+
+All providers are supported (Google, Facebook, Odoo, etc).
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Usage
+=====
+
+Nothing changes on login action: just select your provider and try to log in.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_oauth_multi_token%0Aversion:%2015.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Florent de Labarre
+* Camptocamp
+
+Contributors
+~~~~~~~~~~~~
+
+* Florent de Labarre <[email protected]>
+* Simone Orsi <[email protected]>
+* `Tecnativa <https://www.tecnativa.com/>`__:
+
+  * Jairo Llopis
+  * Sergio Teruel
+
+* Stéphane Bidoul <[email protected]>
+* Dan Tillinghast
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/15.0/auth_oauth_multi_token>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_oauth_multi_token/__init__.py

@@ -0,0 +1 @@
+from . import models

auth_oauth_multi_token/__manifest__.py

@@ -0,0 +1,20 @@
+# Copyright 2016 Florent de Labarre
+# Copyright 2017 Camptocamp
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+
+{
+    "name": "OAuth Multi Token",
+    "version": "15.0.1.0.0",
+    "license": "AGPL-3",
+    "author": "Florent de Labarre, Camptocamp, Odoo Community Association (OCA)",
+    "summary": """Allow multiple connection with the same OAuth account""",
+    "category": "Tool",
+    "website": "https://github.com/OCA/server-auth",
+    "depends": ["auth_oauth"],
+    "data": [
+        "security/ir.model.access.csv",
+        "views/auth_oauth_multi_token.xml",
+        "views/res_users.xml",
+    ],
+    "installable": True,
+}

auth_oauth_multi_token/i18n/auth_oauth_multi_token.pot

@@ -0,0 +1,97 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_oauth_multi_token
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 14.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_oauth_multi_token
+#: model_terms:ir.ui.view,arch_db:auth_oauth_multi_token.view_users_form
+msgid "Clear Tokens"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__create_uid
+msgid "Created by"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__create_date
+msgid "Created on"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__display_name
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__display_name
+msgid "Display Name"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__id
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__id
+msgid "ID"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token____last_update
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users____last_update
+msgid "Last Modified on"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__write_uid
+msgid "Last Updated by"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__write_date
+msgid "Last Updated on"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model_terms:ir.ui.view,arch_db:auth_oauth_multi_token.view_users_form
+msgid "Latest tokens"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_master_uuid
+msgid "Master UUID"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_access_max_token
+msgid "Max number of simultaneous connections"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__oauth_access_token
+msgid "OAuth Access Token"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_access_token_ids
+msgid "OAuth tokens"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model,name:auth_oauth_multi_token.model_auth_oauth_multi_token
+msgid "OAuth2 token"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__user_id
+msgid "User"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model,name:auth_oauth_multi_token.model_res_users
+msgid "Users"
+msgstr ""

auth_oauth_multi_token/models/__init__.py

@@ -0,0 +1,2 @@
+from . import auth_oauth_multi_token
+from . import res_users

auth_oauth_multi_token/models/auth_oauth_multi_token.py

@@ -0,0 +1,53 @@
+# Copyright 2016 Florent de Labarre
+# Copyright 2017 Camptocamp
+# Copyright 2021 ACSONE SA/NV
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+
+from odoo import api, fields, models
+
+
+class AuthOauthMultiToken(models.Model):
+    """Define a set of tokens."""
+
+    _name = "auth.oauth.multi.token"
+    _description = "OAuth2 token"
+    _order = "id desc"
+
+    oauth_access_token = fields.Char(
+        string="OAuth Access Token", readonly=True, copy=False
+    )
+    user_id = fields.Many2one(
+        comodel_name="res.users",
+        string="User",
+        required=True,
+        readonly=True,
+        index=True,
+        ondelete="cascade",
+    )
+
+    @api.model
+    def create(self, vals):
+        """Override to validate tokens."""
+        token = super().create(vals)
+        token._oauth_validate_multi_token()
+        return token
+
+    @api.model
+    def _oauth_user_tokens(self, user_id):
+        """Retrieve tokens for given user.
+
+        :param user_id: Odoo ID of the user
+        """
+        return self.search([("user_id", "=", user_id)])
+
+    def _oauth_validate_multi_token(self):
+        """Check current user's token and clear them if max number reached."""
+        user_tokens = self._oauth_user_tokens(self.user_id.id)
+        max_token = self.user_id.oauth_access_max_token
+        if user_tokens and len(user_tokens) > max_token:
+            # clear last token
+            user_tokens[max_token - 1]._oauth_clear_token()
+
+    def _oauth_clear_token(self):
+        """Disable current token records."""
+        self.unlink()

auth_oauth_multi_token/models/res_users.py

@@ -0,0 +1,83 @@
+# Copyright 2016 Florent de Labarre
+# Copyright 2017 Camptocamp
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+import uuid
+
+from odoo import api, exceptions, fields, models
+
+from odoo.addons import base
+
+base.models.res_users.USER_PRIVATE_FIELDS.append("oauth_master_uuid")
+
+
+class ResUsers(models.Model):
+    _inherit = "res.users"
+
+    def _generate_oauth_master_uuid(self):
+        return uuid.uuid4().hex
+
+    oauth_access_token_ids = fields.One2many(
+        comodel_name="auth.oauth.multi.token",
+        inverse_name="user_id",
+        string="OAuth tokens",
+        copy=False,
+        readonly=True,
+        groups="base.group_system",
+    )
+    oauth_access_max_token = fields.Integer(
+        string="Max number of simultaneous connections", default=10, required=True
+    )
+    oauth_master_uuid = fields.Char(
+        string="Master UUID",
+        copy=False,
+        readonly=True,
+        required=True,
+        default=lambda self: self._generate_oauth_master_uuid(),
+    )
+
+    @property
+    def multi_token_model(self):
+        return self.env["auth.oauth.multi.token"]
+
+    @api.model
+    def _auth_oauth_signin(self, provider, validation, params):
+        """Override to handle sign-in with multi token."""
+        res = super()._auth_oauth_signin(provider, validation, params)
+
+        oauth_uid = validation["user_id"]
+        # Lookup for user by oauth uid and provider
+        user = self.search(
+            [("oauth_uid", "=", oauth_uid), ("oauth_provider_id", "=", provider)]
+        )
+        if not user:
+            raise exceptions.AccessDenied()
+        user.ensure_one()
+        # user found and unique: create a token
+        self.multi_token_model.create(
+            {"user_id": user.id, "oauth_access_token": params["access_token"]}
+        )
+        return res
+
+    def action_oauth_clear_token(self):
+        """Inactivate current user tokens."""
+        self.mapped("oauth_access_token_ids")._oauth_clear_token()
+        for res in self:
+            res.oauth_access_token = False
+            res.oauth_master_uuid = self._generate_oauth_master_uuid()
+
+    @api.model
+    def _check_credentials(self, password, env):
+        """Override to check credentials against multi tokens."""
+        try:
+            return super()._check_credentials(password, env)
+        except exceptions.AccessDenied:
+            res = self.multi_token_model.sudo().search(
+                [("user_id", "=", self.env.uid), ("oauth_access_token", "=", password)]
+            )
+            if not res:
+                raise
+
+    def _get_session_token_fields(self):
+        res = super()._get_session_token_fields()
+        res.remove("oauth_access_token")
+        return res | {"oauth_master_uuid"}

auth_oauth_multi_token/readme/CONFIGURATION.rst

@@ -0,0 +1,5 @@
+On users' form you can set the number of maximum simultaneous connections.
+
+By default 10 connections are allowed.
+
+From there you can also clear / inactivate existing tokens.

auth_oauth_multi_token/readme/CONTRIBUTORS.rst

@@ -0,0 +1,9 @@
+* Florent de Labarre <[email protected]>
+* Simone Orsi <[email protected]>
+* `Tecnativa <https://www.tecnativa.com/>`__:
+
+  * Jairo Llopis
+  * Sergio Teruel
+
+* Stéphane Bidoul <[email protected]>
+* Dan Tillinghast

auth_oauth_multi_token/readme/DESCRIPTION.rst

@@ -0,0 +1,4 @@
+This module adds the possibility to connect with the same account
+on more than one device at the same time.
+
+All providers are supported (Google, Facebook, Odoo, etc).