Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[18.0][MIG] auth_api_key: Migration to 18.0 #701

Merged
merged 76 commits into from
Oct 11, 2024

Conversation

thienvh332
Copy link

@thienvh332 thienvh332 commented Oct 9, 2024

OCA - Port:

Summary:

This PR migrates the auth_api_key module to Odoo 18.0.

Background:

Since Odoo 14.0, native API keys (res.users.apikey) have been supported, allowing users to authenticate XMLRPC/JSONRPC calls using their API key instead of a password. In Odoo 18.0, the native API key feature has been enhanced.

Some special features of the module:

  • Support for Bearer tokens in the Authorization header (auth="bearer")
  • Mandatory expiration dates for non-admin users' API keys
  • Deactivation of API keys for inactive users
  • Only the user itself can manage his api keys

Why keep auth_api_key:

The auth_api_key module, introduced in Odoo 10.0, offers unique advantages over native API keys.

Some special features of the module:

  • API keys remain usable even when the user is inactive (e.g., for system users in a shopinvader case).
  • Supports dual authentication via Basic Auth and API_KEY in separate HTTP headers.
  • Admins can manage API keys for users.

Given these advantages, particularly in use case like system user authentication, we have decided to retain and migrate the auth_api_key module to Odoo 18.0.

lmignon and others added 30 commits October 9, 2024 17:00
Get rid of keychain dependency
Api key is now based on the new version of server env
Key belong to a specifiv database that can be requested based on the
domain name.

Just setup the db_filter with "%d^" to filter based on domain name
Add a migration script to create the auth.api.key records from keys defined into the cfg file
Provides a specific serction name builder to continue reading the key info from the same section as the one expected by the previous version
OCA-git-bot and others added 9 commits October 9, 2024 17:00
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: server-auth-17.0/server-auth-17.0-auth_api_key
Translate-URL: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_api_key/
Currently translated at 100.0% (17 of 17 strings)

Translation: server-auth-17.0/server-auth-17.0-auth_api_key
Translate-URL: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_api_key/it/
Currently translated at 100.0% (17 of 17 strings)

Translation: server-auth-17.0/server-auth-17.0-auth_api_key
Translate-URL: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_api_key/it/
An archived user should not have an active api key anymore.
But to stay backward compatible the migration script will
keep all key active.
@thienvh332 thienvh332 marked this pull request as ready for review October 9, 2024 10:07
Copy link
Contributor

@simahawk simahawk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thienvh332 LG but please report the rationale to keep this module as is in the description of the module, thanks :)
(in separate commmit that we can backport)

@simahawk
Copy link
Contributor

/ocabot migration auth_api_key

auth_api_key/readme/DESCRIPTION.md Outdated Show resolved Hide resolved
@simahawk
Copy link
Contributor

@thienvh332 would you mind backporting the readme update to v17?

/ocabot merge nobump

@OCA-git-bot
Copy link
Contributor

What a great day to merge this nice PR. Let's do it!
Prepared branch 18.0-ocabot-merge-pr-701-by-simahawk-bump-nobump, awaiting test results.

@OCA-git-bot OCA-git-bot merged commit e1d6094 into OCA:18.0 Oct 11, 2024
7 checks passed
@OCA-git-bot
Copy link
Contributor

Congratulations, your PR was merged at 26ac77c. Thanks a lot for contributing to OCA. ❤️

@thienvh332
Copy link
Author

@thienvh332 would you mind backporting the readme update to v17?

Hi @simahawk
I created #709 for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.