Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[17.0][IMP] auth_oidc: add groups' handling #682

Open
wants to merge 10 commits into
base: 17.0
Choose a base branch
from

Conversation

OdyX
Copy link

@OdyX OdyX commented Aug 28, 2024

This allows groups' handling via a token's attributes as passed by a Keycloak instance serving as IdP.

@sbidoul : I'd be happy to make any necessary changes!

@OCA-git-bot
Copy link
Contributor

Hi @sbidoul,
some modules you are maintaining are being modified, check this out!

@OdyX OdyX force-pushed the 17-auth-oidc-groups-sync branch 2 times, most recently from ae41059 to 96788d5 Compare August 28, 2024 15:23
@hbrunn
Copy link
Member

hbrunn commented Sep 2, 2024

the v14 PR is based on my v12 PR which was merged - why didn't you just forward port this?

@OdyX
Copy link
Author

OdyX commented Sep 2, 2024

@hbrunn thanks for asking! As I'm quite fresh in the Odoo ecosystem, I did not see the v12 PR. Care to share a link?

As you can see from the code, my patch works a bit differently; as it appeared that what I needed for group mapping was directly in the access token, there's no usage of the data_endpoint. But I'm also likely not fluent enough in OAuth2 to know if that is really a correct way too.

Well; in any case, I'm happy to work towards merging either this or your v12 PR (or a mix of both) for v17. We need @sbidoul 's input, right?

@hbrunn
Copy link
Member

hbrunn commented Sep 3, 2024

you find the v12 PR here

@OdyX OdyX force-pushed the 17-auth-oidc-groups-sync branch from 96788d5 to b360551 Compare September 6, 2024 15:09
@OdyX
Copy link
Author

OdyX commented Sep 6, 2024

@hbrunn Great. Thanks for the pointer to the v12 PR. I've now understood the code much better, and did a mostly-straightforward port, with just two minor additions as separate commits. Could you perhaps review?

@OdyX
Copy link
Author

OdyX commented Sep 11, 2024

As the codecov warnings seem critical, I've now added some more tests around the safe_eval call of the expressions.

Edit: and now also added some groups' assignment/deassignment checks, pushing the codecov bar above the needed limits.

@OdyX OdyX force-pushed the 17-auth-oidc-groups-sync branch from a242ae4 to 7587cf0 Compare September 13, 2024 15:24
Copy link
Member

@hbrunn hbrunn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, just minor stylistic things

auth_oidc/models/res_users.py Outdated Show resolved Hide resolved
auth_oidc/models/res_users.py Outdated Show resolved Hide resolved
@hbrunn hbrunn closed this Nov 21, 2024
@hbrunn hbrunn reopened this Nov 21, 2024
@hbrunn
Copy link
Member

hbrunn commented Nov 21, 2024

@OdyX please rebase your branch. If you allow edits by maintainers, I could say

/ocabot rebase

and it would do this automatically

@OCA-git-bot
Copy link
Contributor

@hbrunn The rebase process failed, because command git rebase origin/17.0 failed with output:

Rebasing (1/10)
Auto-merging auth_oidc/__manifest__.py
Auto-merging auth_oidc/demo/local_keycloak.xml
CONFLICT (content): Merge conflict in auth_oidc/demo/local_keycloak.xml
Auto-merging auth_oidc/models/auth_oauth_provider.py
CONFLICT (content): Merge conflict in auth_oidc/models/auth_oauth_provider.py
Auto-merging auth_oidc/tests/test_auth_oidc_auth_code.py
Auto-merging auth_oidc/views/auth_oauth_provider.xml
CONFLICT (content): Merge conflict in auth_oidc/views/auth_oauth_provider.xml
error: could not apply 3e0bcb53... [IMP] auth_oidc: allow assign groups from token claims
hint: Resolve all conflicts manually, mark them as resolved with
hint: "git add/rm <conflicted_files>", then run "git rebase --continue".
hint: You can instead skip this commit: run "git rebase --skip".
hint: To abort and get back to the state before "git rebase", run "git rebase --abort".
Could not apply 3e0bcb53... [IMP] auth_oidc: allow assign groups from token claims

@OdyX OdyX force-pushed the 17-auth-oidc-groups-sync branch from 1c047bc to 8f270be Compare November 21, 2024 07:33
@OdyX OdyX force-pushed the 17-auth-oidc-groups-sync branch from 8f270be to b9318fa Compare November 21, 2024 07:38
@OdyX
Copy link
Author

OdyX commented Nov 21, 2024

@hbrunn integrated your suggestions in afd10ea; and I have rebased this on top of 17.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants