-
-
Notifications
You must be signed in to change notification settings - Fork 425
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by gurneyalex
- Loading branch information
Showing
19 changed files
with
998 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
============ | ||
Auth Api Key | ||
============ | ||
|
||
.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
!! This file is generated by oca-gen-addon-readme !! | ||
!! changes will be overwritten. !! | ||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png | ||
:target: https://odoo-community.org/page/development-status | ||
:alt: Beta | ||
.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png | ||
:target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html | ||
:alt: License: LGPL-3 | ||
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github | ||
:target: https://github.com/OCA/server-auth/tree/14.0/auth_api_key | ||
:alt: OCA/server-auth | ||
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png | ||
:target: https://translation.odoo-community.org/projects/server-auth-14-0/server-auth-14-0-auth_api_key | ||
:alt: Translate me on Weblate | ||
.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png | ||
:target: https://runbot.odoo-community.org/runbot/251/14.0 | ||
:alt: Try me on Runbot | ||
|
||
|badge1| |badge2| |badge3| |badge4| |badge5| | ||
|
||
Authenticate http requests from an API key. | ||
|
||
API keys are codes passed in (in the http header API-KEY) by programs calling an API in order to identify -in this case- the calling program's user. | ||
|
||
Take care while using this kind of mechanism since information into http headers are visible in clear. Thus, use it only to authenticate requests from known sources. For unknown sources, it is a good practice to filter out this header at proxy level. | ||
|
||
**Table of contents** | ||
|
||
.. contents:: | ||
:local: | ||
|
||
Configuration | ||
============= | ||
|
||
The api key menu is available into Settings > Technical in debug mode. | ||
By default, when you create an API key, the key is saved into the database. | ||
It is also possible to provide the value of this key via the configuration | ||
file. This can be very useful to avoid mixing your keys between your various | ||
environments when restoring databases. All you have to do is to add a new | ||
section to your configuration file according to the following convention: | ||
|
||
.. code-block:: ini | ||
[api_key_<Record Name>] | ||
key=my_api_key | ||
Usage | ||
===== | ||
|
||
To apply this authentication system to your http request you must set 'api_key' | ||
as value for the 'auth' parameter of your route definition into your controller. | ||
|
||
.. code-block:: python | ||
class MyController(Controller): | ||
@route('/my_service', auth='api_key', ...) | ||
def my_service(self, *args, **kwargs): | ||
pass | ||
Bug Tracker | ||
=========== | ||
|
||
Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_. | ||
In case of trouble, please check there if your issue has already been reported. | ||
If you spotted it first, help us smashing it by providing a detailed and welcomed | ||
`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_api_key%0Aversion:%2014.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_. | ||
|
||
Do not contact contributors directly about support or help with technical issues. | ||
|
||
Credits | ||
======= | ||
|
||
Authors | ||
~~~~~~~ | ||
|
||
* ACSONE SA/NV | ||
|
||
Contributors | ||
~~~~~~~~~~~~ | ||
|
||
* Denis Robinet <denis.robinet@acsone.eu> | ||
* Laurent Mignon <laurent.mignon@acsone.eu> | ||
* Quentin Groulard <quentin.groulard@acsone.eu> | ||
* Sébastien Beau <sebastien.beau@akretion.com> | ||
* Chafique Delli <chafique.delli@akretion.com> | ||
|
||
Maintainers | ||
~~~~~~~~~~~ | ||
|
||
This module is maintained by the OCA. | ||
|
||
.. image:: https://odoo-community.org/logo.png | ||
:alt: Odoo Community Association | ||
:target: https://odoo-community.org | ||
|
||
OCA, or the Odoo Community Association, is a nonprofit organization whose | ||
mission is to support the collaborative development of Odoo features and | ||
promote its widespread use. | ||
|
||
This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/14.0/auth_api_key>`_ project on GitHub. | ||
|
||
You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
from . import models |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# Copyright 2018 ACSONE SA/NV | ||
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl). | ||
|
||
{ | ||
"name": "Auth Api Key", | ||
"summary": """ | ||
Authenticate http requests from an API key""", | ||
"version": "14.0.1.0.0", | ||
"license": "LGPL-3", | ||
"author": "ACSONE SA/NV,Odoo Community Association (OCA)", | ||
"website": "https://acsone.eu/", | ||
"development_status": "Beta", | ||
"depends": ["server_environment"], | ||
"data": ["security/ir.model.access.csv", "views/auth_api_key.xml"], | ||
"demo": [], | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,126 @@ | ||
# Translation of Odoo Server. | ||
# This file contains the translation of the following modules: | ||
# * auth_api_key | ||
# | ||
msgid "" | ||
msgstr "" | ||
"Project-Id-Version: Odoo Server 13.0\n" | ||
"Report-Msgid-Bugs-To: \n" | ||
"Last-Translator: \n" | ||
"Language-Team: \n" | ||
"MIME-Version: 1.0\n" | ||
"Content-Type: text/plain; charset=UTF-8\n" | ||
"Content-Transfer-Encoding: \n" | ||
"Plural-Forms: \n" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model,name:auth_api_key.model_auth_api_key | ||
msgid "API Key" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.constraint,message:auth_api_key.constraint_auth_api_key_name_uniq | ||
msgid "Api Key name must be unique." | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.actions.act_window,name:auth_api_key.auth_api_key_act_window | ||
#: model:ir.ui.menu,name:auth_api_key.auth_api_key_menu | ||
msgid "Auth Api Key" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_uid | ||
msgid "Created by" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_date | ||
msgid "Created on" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__display_name | ||
msgid "Display Name" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model,name:auth_api_key.model_ir_http | ||
msgid "HTTP Routing" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__id | ||
msgid "ID" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__key | ||
msgid "Key" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__key_env_default | ||
msgid "Key Env Default" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__key_env_is_editable | ||
msgid "Key Env Is Editable" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key____last_update | ||
msgid "Last Modified on" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__write_uid | ||
msgid "Last Updated by" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__write_date | ||
msgid "Last Updated on" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__name | ||
msgid "Name" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__server_env_defaults | ||
msgid "Server Env Defaults" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,help:auth_api_key.field_auth_api_key__key | ||
msgid "" | ||
"The API key. Enter a dummy value in this field if it is\n" | ||
" obtained from the server environment configuration." | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: code:addons/auth_api_key/models/auth_api_key.py:0 | ||
#, python-format | ||
msgid "The key %s is not allowed" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,help:auth_api_key.field_auth_api_key__user_id | ||
msgid "" | ||
"The user used to process the requests authenticated by\n" | ||
" the api key" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__user_id | ||
msgid "User" | ||
msgstr "" | ||
|
||
#. module: auth_api_key | ||
#: code:addons/auth_api_key/models/auth_api_key.py:0 | ||
#, python-format | ||
msgid "User is not allowed" | ||
msgstr "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Copyright 2019 ACSONE SA/NV | ||
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). | ||
|
||
import logging | ||
|
||
import odoo | ||
|
||
from odoo.addons.server_environment import serv_config | ||
|
||
_logger = logging.Logger(__name__) | ||
|
||
|
||
def migrate(cr, version): | ||
_logger.info("Create auth_api.key records from odoo config") | ||
with odoo.api.Environment.manage(): | ||
env = odoo.api.Environment(cr, odoo.SUPERUSER_ID, {}) | ||
for section in serv_config.sections(): | ||
if section.startswith("api_key_") and serv_config.has_option( | ||
section, "key" | ||
): | ||
login_name = serv_config.get(section, "user") | ||
name = section.replace("api_key_", "") | ||
key = "<set from server environment>" | ||
user = env["res.users"].search([("login", "=", login_name)]) | ||
env["auth.api.key"].create( | ||
{"name": name, "key": key, "user_id": user.id} | ||
) | ||
_logger.info("API Key record created for %s", section) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
from . import ir_http | ||
from . import auth_api_key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
# Copyright 2018 ACSONE SA/NV | ||
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl). | ||
|
||
from odoo import _, api, fields, models, tools | ||
from odoo.exceptions import AccessError, ValidationError | ||
from odoo.tools import consteq | ||
|
||
|
||
class AuthApiKey(models.Model): | ||
_name = "auth.api.key" | ||
_inherit = "server.env.mixin" | ||
_description = "API Key" | ||
|
||
name = fields.Char(required=True) | ||
key = fields.Char( | ||
required=True, | ||
help="""The API key. Enter a dummy value in this field if it is | ||
obtained from the server environment configuration.""", | ||
) | ||
user_id = fields.Many2one( | ||
comodel_name="res.users", | ||
string="User", | ||
required=True, | ||
help="""The user used to process the requests authenticated by | ||
the api key""", | ||
) | ||
|
||
_sql_constraints = [("name_uniq", "unique(name)", "Api Key name must be unique.")] | ||
|
||
def _server_env_section_name(self): | ||
"""Name of the section in the configuration files | ||
We override the default implementation to keep the compatibility | ||
with the previous implementation of auth_api_key. The section name | ||
into the configuration file must be formatted as | ||
'api_key_{name}' | ||
""" | ||
self.ensure_one() | ||
return "api_key_{}".format(self.name) | ||
|
||
@property | ||
def _server_env_fields(self): | ||
base_fields = super()._server_env_fields | ||
api_key_fields = {"key": {}} | ||
api_key_fields.update(base_fields) | ||
return api_key_fields | ||
|
||
@api.model | ||
def _retrieve_api_key(self, key): | ||
return self.browse(self._retrieve_api_key_id(key)) | ||
|
||
@api.model | ||
@tools.ormcache("key") | ||
def _retrieve_api_key_id(self, key): | ||
if not self.env.user.has_group("base.group_system"): | ||
raise AccessError(_("User is not allowed")) | ||
for api_key in self.search([]): | ||
if consteq(key, api_key.key): | ||
return api_key.id | ||
raise ValidationError(_("The key %s is not allowed") % key) | ||
|
||
@api.model | ||
@tools.ormcache("key") | ||
def _retrieve_uid_from_api_key(self, key): | ||
return self._retrieve_api_key(key).user_id.id | ||
|
||
def _clear_key_cache(self): | ||
self._retrieve_api_key_id.clear_cache(self.env[self._name]) | ||
self._retrieve_uid_from_api_key.clear_cache(self.env[self._name]) | ||
|
||
@api.model | ||
def create(self, vals): | ||
record = super(AuthApiKey, self).create(vals) | ||
if "key" in vals or "user_id" in vals: | ||
self._clear_key_cache() | ||
return record | ||
|
||
def write(self, vals): | ||
super(AuthApiKey, self).write(vals) | ||
if "key" in vals or "user_id" in vals: | ||
self._clear_key_cache() | ||
return True |
Oops, something went wrong.