diff --git a/auth_oauth_autoredirect/README.rst b/auth_oauth_autoredirect/README.rst new file mode 100644 index 000000000..ea7a041b7 --- /dev/null +++ b/auth_oauth_autoredirect/README.rst @@ -0,0 +1,88 @@ +================================== +OAuth2 Authentication Autoredirect +================================== + +.. + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! This file is generated by oca-gen-addon-readme !! + !! changes will be overwritten. !! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! source digest: sha256:a407434cc13674942d02c5b874f84dd4e78594e03e4b8b3af7ce846fbb0b44cc + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png + :target: https://odoo-community.org/page/development-status + :alt: Beta +.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png + :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html + :alt: License: AGPL-3 +.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github + :target: https://github.com/OCA/server-auth/tree/16.0/auth_oauth_autoredirect + :alt: OCA/server-auth +.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png + :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_oauth_autoredirect + :alt: Translate me on Weblate +.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png + :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0 + :alt: Try me on Runboat + +|badge1| |badge2| |badge3| |badge4| |badge5| + +This module adds autoredirection to an oauth provider. + +**Table of contents** + +.. contents:: + :local: + +Configuration +============= + +If all the users have a oauth id in a single provider, you can set automatic redirection +in the provider settings. The autoredirection will only be done on the active provider +with the highest priority. It is still possible to access the login without redirection +by using the query parameter ``disable_autoredirect``, as in +``https://example.com/web/login?disable_autoredirect=`` The login is also displayed if +there is an error with login, in order to display any error message. + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues `_. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +`feedback `_. + +Do not contact contributors directly about support or help with technical issues. + +Credits +======= + +Authors +~~~~~~~ + +* XCG Consulting + +Contributors +~~~~~~~~~~~~ + +* `XCG Consulting `__: + + * Vincent Hatakeyama + +Maintainers +~~~~~~~~~~~ + +This module is maintained by the OCA. + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +This module is part of the `OCA/server-auth `_ project on GitHub. + +You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/auth_oauth_autoredirect/__init__.py b/auth_oauth_autoredirect/__init__.py new file mode 100644 index 000000000..72d3ea60a --- /dev/null +++ b/auth_oauth_autoredirect/__init__.py @@ -0,0 +1 @@ +from . import controllers, models diff --git a/auth_oauth_autoredirect/__manifest__.py b/auth_oauth_autoredirect/__manifest__.py new file mode 100644 index 000000000..e4e91d2cb --- /dev/null +++ b/auth_oauth_autoredirect/__manifest__.py @@ -0,0 +1,17 @@ +# Copyright (C) 2024 XCG Consulting +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +{ + "name": "OAuth2 Authentication Autoredirect", + "version": "16.0.1.0.0", + "category": "Hidden/Tools", + "author": "XCG Consulting, Odoo Community Association (OCA)", + "website": "https://github.com/OCA/server-auth", + "license": "AGPL-3", + "depends": ["auth_oauth"], + "data": [ + "views/auth_oauth_provider.xml", + ], + "installable": True, + "auto_install": False, +} diff --git a/auth_oauth_autoredirect/controllers/__init__.py b/auth_oauth_autoredirect/controllers/__init__.py new file mode 100644 index 000000000..2a3e5d565 --- /dev/null +++ b/auth_oauth_autoredirect/controllers/__init__.py @@ -0,0 +1,3 @@ +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +from . import main diff --git a/auth_oauth_autoredirect/controllers/main.py b/auth_oauth_autoredirect/controllers/main.py new file mode 100644 index 000000000..dc75fa87c --- /dev/null +++ b/auth_oauth_autoredirect/controllers/main.py @@ -0,0 +1,69 @@ +# Copyright (C) 2020 GlodoUK +# Copyright (C) 2010-2016, 2022-2024 XCG Consulting +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +import werkzeug.utils + +from odoo import http +from odoo.http import request + +from odoo.addons.auth_oauth.controllers.main import OAuthLogin +from odoo.addons.web.controllers.utils import ensure_db + + +# ---------------------------------------------------------- +# Controller +# ---------------------------------------------------------- +class OAuthAutoredirectLogin(OAuthLogin): + """OAuth controller with autoredirect added""" + + def list_providers_with_autoredirect(self): + providers = self.list_providers() + saml_providers = { + search_read["id"] + for search_read in request.env["auth.oauth.provider"] + .sudo() + .search_read([("autoredirect", "=", True)], ["id"]) + } + return [provider for provider in providers if provider["id"] in saml_providers] + + def _oauth_autoredirect(self): + # automatically redirect if any provider is set up to do that + autoredirect_providers = self.list_providers_with_autoredirect() + # do not redirect if asked too or if an error has been found + disable_autoredirect = ( + "disable_autoredirect" in request.params or "error" in request.params + ) + if autoredirect_providers and not disable_autoredirect: + return werkzeug.utils.redirect( + autoredirect_providers[0]["auth_link"], + 303, + ) + return None + + @http.route() + def web_client(self, s_action=None, **kw): + if not request.session.uid: + result = self._oauth_autoredirect() + if result: + return result + return super().web_client(s_action, **kw) + + @http.route() + def web_login(self, *args, **kw): + ensure_db() + # copied from super + if ( + request.httprequest.method == "GET" + and request.session.uid + and request.params.get("redirect") + ): + # Redirect if already logged in and redirect param is present + return request.redirect(request.params.get("redirect")) + + if request.httprequest.method == "GET": + result = self._oauth_autoredirect() + if result: + return result + + return super().web_login(*args, **kw) diff --git a/auth_oauth_autoredirect/models/__init__.py b/auth_oauth_autoredirect/models/__init__.py new file mode 100644 index 000000000..4bc62d3ab --- /dev/null +++ b/auth_oauth_autoredirect/models/__init__.py @@ -0,0 +1 @@ +from . import auth_oauth_provider diff --git a/auth_oauth_autoredirect/models/auth_oauth_provider.py b/auth_oauth_autoredirect/models/auth_oauth_provider.py new file mode 100644 index 000000000..5cc455850 --- /dev/null +++ b/auth_oauth_autoredirect/models/auth_oauth_provider.py @@ -0,0 +1,15 @@ +# Copyright 2024 XCG Consulting +# License: AGPL-3.0 or later (http://www.gnu.org/licenses/agpl) + +from odoo import fields, models + + +class AuthOauthProvider(models.Model): + _inherit = "auth.oauth.provider" + + autoredirect = fields.Boolean( + "Automatic Redirection", + default=False, + help="Only the provider with the higher priority will be automatically " + "redirected", + ) diff --git a/auth_oauth_autoredirect/readme/CONFIGURE.rst b/auth_oauth_autoredirect/readme/CONFIGURE.rst new file mode 100644 index 000000000..47d624f34 --- /dev/null +++ b/auth_oauth_autoredirect/readme/CONFIGURE.rst @@ -0,0 +1,6 @@ +If all the users have a oauth id in a single provider, you can set automatic redirection +in the provider settings. The autoredirection will only be done on the active provider +with the highest priority. It is still possible to access the login without redirection +by using the query parameter ``disable_autoredirect``, as in +``https://example.com/web/login?disable_autoredirect=`` The login is also displayed if +there is an error with login, in order to display any error message. diff --git a/auth_oauth_autoredirect/readme/CONTRIBUTORS.rst b/auth_oauth_autoredirect/readme/CONTRIBUTORS.rst new file mode 100644 index 000000000..37addc641 --- /dev/null +++ b/auth_oauth_autoredirect/readme/CONTRIBUTORS.rst @@ -0,0 +1,3 @@ +* `XCG Consulting `__: + + * Vincent Hatakeyama diff --git a/auth_oauth_autoredirect/readme/DESCRIPTION.rst b/auth_oauth_autoredirect/readme/DESCRIPTION.rst new file mode 100644 index 000000000..134d9fbb0 --- /dev/null +++ b/auth_oauth_autoredirect/readme/DESCRIPTION.rst @@ -0,0 +1 @@ +This module adds autoredirection to an oauth provider. diff --git a/auth_oauth_autoredirect/views/auth_oauth_provider.xml b/auth_oauth_autoredirect/views/auth_oauth_provider.xml new file mode 100644 index 000000000..ba6df843d --- /dev/null +++ b/auth_oauth_autoredirect/views/auth_oauth_provider.xml @@ -0,0 +1,13 @@ + + + + auth.oidc.provider.form + auth.oauth.provider + + + + + + + + diff --git a/setup/auth_oauth_autoredirect/odoo/addons/auth_oauth_autoredirect b/setup/auth_oauth_autoredirect/odoo/addons/auth_oauth_autoredirect new file mode 120000 index 000000000..b95497b6a --- /dev/null +++ b/setup/auth_oauth_autoredirect/odoo/addons/auth_oauth_autoredirect @@ -0,0 +1 @@ +../../../../auth_oauth_autoredirect \ No newline at end of file diff --git a/setup/auth_oauth_autoredirect/setup.py b/setup/auth_oauth_autoredirect/setup.py new file mode 100644 index 000000000..28c57bb64 --- /dev/null +++ b/setup/auth_oauth_autoredirect/setup.py @@ -0,0 +1,6 @@ +import setuptools + +setuptools.setup( + setup_requires=['setuptools-odoo'], + odoo_addon=True, +)