Skip to content

Commit

Permalink
Merge PR #221 into 14.0
Browse files Browse the repository at this point in the history
Signed-off-by gurneyalex
  • Loading branch information
OCA-git-bot committed Dec 3, 2020
2 parents 0581a05 + 14688a7 commit 06d20a7
Show file tree
Hide file tree
Showing 19 changed files with 998 additions and 0 deletions.
110 changes: 110 additions & 0 deletions auth_api_key/README.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
============
Auth Api Key
============

.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
:target: https://odoo-community.org/page/development-status
:alt: Beta
.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
:target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
:alt: License: LGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
:target: https://github.com/OCA/server-auth/tree/14.0/auth_api_key
:alt: OCA/server-auth
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
:target: https://translation.odoo-community.org/projects/server-auth-14-0/server-auth-14-0-auth_api_key
:alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
:target: https://runbot.odoo-community.org/runbot/251/14.0
:alt: Try me on Runbot

|badge1| |badge2| |badge3| |badge4| |badge5|

Authenticate http requests from an API key.

API keys are codes passed in (in the http header API-KEY) by programs calling an API in order to identify -in this case- the calling program's user.

Take care while using this kind of mechanism since information into http headers are visible in clear. Thus, use it only to authenticate requests from known sources. For unknown sources, it is a good practice to filter out this header at proxy level.

**Table of contents**

.. contents::
:local:

Configuration
=============

The api key menu is available into Settings > Technical in debug mode.
By default, when you create an API key, the key is saved into the database.
It is also possible to provide the value of this key via the configuration
file. This can be very useful to avoid mixing your keys between your various
environments when restoring databases. All you have to do is to add a new
section to your configuration file according to the following convention:

.. code-block:: ini
[api_key_<Record Name>]
key=my_api_key
Usage
=====

To apply this authentication system to your http request you must set 'api_key'
as value for the 'auth' parameter of your route definition into your controller.

.. code-block:: python
class MyController(Controller):
@route('/my_service', auth='api_key', ...)
def my_service(self, *args, **kwargs):
pass
Bug Tracker
===========

Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us smashing it by providing a detailed and welcomed
`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_api_key%0Aversion:%2014.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.

Do not contact contributors directly about support or help with technical issues.

Credits
=======

Authors
~~~~~~~

* ACSONE SA/NV

Contributors
~~~~~~~~~~~~

* Denis Robinet <denis.robinet@acsone.eu>
* Laurent Mignon <laurent.mignon@acsone.eu>
* Quentin Groulard <quentin.groulard@acsone.eu>
* Sébastien Beau <sebastien.beau@akretion.com>
* Chafique Delli <chafique.delli@akretion.com>

Maintainers
~~~~~~~~~~~

This module is maintained by the OCA.

.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org

OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.

This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/14.0/auth_api_key>`_ project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
1 change: 1 addition & 0 deletions auth_api_key/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
from . import models
16 changes: 16 additions & 0 deletions auth_api_key/__manifest__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Copyright 2018 ACSONE SA/NV
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).

{
"name": "Auth Api Key",
"summary": """
Authenticate http requests from an API key""",
"version": "14.0.1.0.0",
"license": "LGPL-3",
"author": "ACSONE SA/NV,Odoo Community Association (OCA)",
"website": "https://acsone.eu/",
"development_status": "Beta",
"depends": ["server_environment"],
"data": ["security/ir.model.access.csv", "views/auth_api_key.xml"],
"demo": [],
}
126 changes: 126 additions & 0 deletions auth_api_key/i18n/auth_api_key.pot
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
# Translation of Odoo Server.
# This file contains the translation of the following modules:
# * auth_api_key
#
msgid ""
msgstr ""
"Project-Id-Version: Odoo Server 13.0\n"
"Report-Msgid-Bugs-To: \n"
"Last-Translator: \n"
"Language-Team: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: \n"
"Plural-Forms: \n"

#. module: auth_api_key
#: model:ir.model,name:auth_api_key.model_auth_api_key
msgid "API Key"
msgstr ""

#. module: auth_api_key
#: model:ir.model.constraint,message:auth_api_key.constraint_auth_api_key_name_uniq
msgid "Api Key name must be unique."
msgstr ""

#. module: auth_api_key
#: model:ir.actions.act_window,name:auth_api_key.auth_api_key_act_window
#: model:ir.ui.menu,name:auth_api_key.auth_api_key_menu
msgid "Auth Api Key"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_uid
msgid "Created by"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_date
msgid "Created on"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__display_name
msgid "Display Name"
msgstr ""

#. module: auth_api_key
#: model:ir.model,name:auth_api_key.model_ir_http
msgid "HTTP Routing"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__id
msgid "ID"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__key
msgid "Key"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__key_env_default
msgid "Key Env Default"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__key_env_is_editable
msgid "Key Env Is Editable"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key____last_update
msgid "Last Modified on"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__write_uid
msgid "Last Updated by"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__write_date
msgid "Last Updated on"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__name
msgid "Name"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__server_env_defaults
msgid "Server Env Defaults"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,help:auth_api_key.field_auth_api_key__key
msgid ""
"The API key. Enter a dummy value in this field if it is\n"
" obtained from the server environment configuration."
msgstr ""

#. module: auth_api_key
#: code:addons/auth_api_key/models/auth_api_key.py:0
#, python-format
msgid "The key %s is not allowed"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,help:auth_api_key.field_auth_api_key__user_id
msgid ""
"The user used to process the requests authenticated by\n"
" the api key"
msgstr ""

#. module: auth_api_key
#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__user_id
msgid "User"
msgstr ""

#. module: auth_api_key
#: code:addons/auth_api_key/models/auth_api_key.py:0
#, python-format
msgid "User is not allowed"
msgstr ""
28 changes: 28 additions & 0 deletions auth_api_key/migrations/12.0.2.0.0/post-migrate.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Copyright 2019 ACSONE SA/NV
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).

import logging

import odoo

from odoo.addons.server_environment import serv_config

_logger = logging.Logger(__name__)


def migrate(cr, version):
_logger.info("Create auth_api.key records from odoo config")
with odoo.api.Environment.manage():
env = odoo.api.Environment(cr, odoo.SUPERUSER_ID, {})
for section in serv_config.sections():
if section.startswith("api_key_") and serv_config.has_option(
section, "key"
):
login_name = serv_config.get(section, "user")
name = section.replace("api_key_", "")
key = "<set from server environment>"
user = env["res.users"].search([("login", "=", login_name)])
env["auth.api.key"].create(
{"name": name, "key": key, "user_id": user.id}
)
_logger.info("API Key record created for %s", section)
2 changes: 2 additions & 0 deletions auth_api_key/models/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
from . import ir_http
from . import auth_api_key
84 changes: 84 additions & 0 deletions auth_api_key/models/auth_api_key.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
# Copyright 2018 ACSONE SA/NV
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).

from odoo import _, api, fields, models, tools
from odoo.exceptions import AccessError, ValidationError
from odoo.tools import consteq


class AuthApiKey(models.Model):
_name = "auth.api.key"
_inherit = "server.env.mixin"
_description = "API Key"

name = fields.Char(required=True)
key = fields.Char(
required=True,
help="""The API key. Enter a dummy value in this field if it is
obtained from the server environment configuration.""",
)
user_id = fields.Many2one(
comodel_name="res.users",
string="User",
required=True,
help="""The user used to process the requests authenticated by
the api key""",
)

_sql_constraints = [("name_uniq", "unique(name)", "Api Key name must be unique.")]

def _server_env_section_name(self):
"""Name of the section in the configuration files
We override the default implementation to keep the compatibility
with the previous implementation of auth_api_key. The section name
into the configuration file must be formatted as
'api_key_{name}'
"""
self.ensure_one()
return "api_key_{}".format(self.name)

@property
def _server_env_fields(self):
base_fields = super()._server_env_fields
api_key_fields = {"key": {}}
api_key_fields.update(base_fields)
return api_key_fields

@api.model
def _retrieve_api_key(self, key):
return self.browse(self._retrieve_api_key_id(key))

@api.model
@tools.ormcache("key")
def _retrieve_api_key_id(self, key):
if not self.env.user.has_group("base.group_system"):
raise AccessError(_("User is not allowed"))
for api_key in self.search([]):
if consteq(key, api_key.key):
return api_key.id
raise ValidationError(_("The key %s is not allowed") % key)

@api.model
@tools.ormcache("key")
def _retrieve_uid_from_api_key(self, key):
return self._retrieve_api_key(key).user_id.id

def _clear_key_cache(self):
self._retrieve_api_key_id.clear_cache(self.env[self._name])
self._retrieve_uid_from_api_key.clear_cache(self.env[self._name])

@api.model
def create(self, vals):
record = super(AuthApiKey, self).create(vals)
if "key" in vals or "user_id" in vals:
self._clear_key_cache()
return record

def write(self, vals):
super(AuthApiKey, self).write(vals)
if "key" in vals or "user_id" in vals:
self._clear_key_cache()
return True
Loading

0 comments on commit 06d20a7

Please sign in to comment.