From ae4105992075da656e40ccd43aca89806f17183d Mon Sep 17 00:00:00 2001 From: Didier 'OdyX' Raboud Date: Wed, 28 Aug 2024 16:05:19 +0200 Subject: [PATCH] [IMP] auth_oidc: Add _auth_oauth_signing to (un)link from groups Thanks to https://github.com/OCA/server-auth/pull/372/commits/4204bd8df1d8a13f996d3c735c072d4da84450b5 @hbrunn & @26hpredraglazarevic --- auth_oidc/models/res_users.py | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/auth_oidc/models/res_users.py b/auth_oidc/models/res_users.py index 1684480fa..2df5c8b6a 100644 --- a/auth_oidc/models/res_users.py +++ b/auth_oidc/models/res_users.py @@ -8,6 +8,7 @@ from odoo import api, models from odoo.exceptions import AccessDenied +from odoo.fields import Command from odoo.http import request _logger = logging.getLogger(__name__) @@ -44,6 +45,38 @@ def _auth_oauth_get_tokens_auth_code_flow(self, oauth_provider, params): # https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse return response_json.get("access_token"), response_json.get("id_token") + @api.model + def _auth_oauth_signin(self, provider, validation, params): + """retrieve and sign in the user corresponding to provider and validated access token + :param provider: oauth provider id (int) + :param validation: result of validation of access token (dict) + :param params: oauth parameters (dict) + :return: user login (str) + :raise: AccessDenied if signin failed + """ + login = super()._auth_oauth_signin(provider, validation, params) + user = self.search([("login", "=", login)]) + oauth_provider = self.env["auth.oauth.provider"].browse(provider) + # Assume the groups are exclusively managed via OAuth 'groups' + if user and oauth_provider.groups_field in validation: + group_updates = [] + for group_line in oauth_provider.group_line_ids: + if group_line.oauth_group_name in validation.get( + oauth_provider.groups_field + ): + _logger.debug( + f"Add user {user.id} to the group {group_line.group_id.id}" + ) + group_updates.append((Command.LINK, group_line.group_id.id)) + else: + _logger.debug( + f"Remove user {user.id} from the group {group_line.group_id.id}" + ) + group_updates.append((Command.UNLINK, group_line.group_id.id)) + if group_updates: + user.write({"groups_id": group_updates}) + return login + @api.model def auth_oauth(self, provider, params): oauth_provider = self.env["auth.oauth.provider"].browse(provider)