OCA · kobros-tech · Jul 26, 2021 · Jun 27, 2021 · Jul 28, 2021 · Jul 28, 2021
diff --git a/auth_jwt_demo/README.rst b/auth_jwt_demo/README.rst
@@ -0,0 +1,119 @@
+=============
+Auth JWT Test
+=============
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:9ce33333821bc91d449de0e10a8ac8633e13a98234e40abd300951b71eb85e6b
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
+    :alt: License: LGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/18.0/auth_jwt_demo
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-18-0/server-auth-18-0-auth_jwt_demo
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=18.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+A test/demo module for ``auth_jwt``.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Usage
+=====
+
+This modules creates a JWT validator named ``demo``, and adds a
+``/auth_jwt_demo/whoami`` route which returns information about the
+partner identified in the token.
+
+The ``whoami`` endpoint can be invoked as such, assuming
+`python-jose <https://pypi.org/project/python-jose/>`__ is installed.
+
+.. code:: python
+
+   # /usr/bin/env python3
+   import time
+
+   import requests
+   from jose import jwt
+
+   token = jwt.encode(
+       {
+           "aud": "auth_jwt_test_api",
+           "iss": "some issuer",
+           "exp": time.time() + 60,
+           "email": "[email protected]",
+       },
+       key="thesecret",
+       algorithm=jwt.ALGORITHMS.HS256,
+   )
+   r = requests.get(
+       "http://localhost:8069/auth_jwt_demo/whoami",
+       headers={"Authorization": "Bearer " + token},
+   )
+   r.raise_for_status()
+   print(r.json())
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_jwt_demo%0Aversion:%2018.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* ACSONE SA/NV
+
+Contributors
+------------
+
+- Stéphane Bidoul <[email protected]>
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-sbidoul| image:: https://github.com/sbidoul.png?size=40px
+    :target: https://github.com/sbidoul
+    :alt: sbidoul
+
+Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-sbidoul| 
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/18.0/auth_jwt_demo>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/auth_jwt_demo/__init__.py b/auth_jwt_demo/__init__.py
@@ -0,0 +1 @@
+from . import controllers
diff --git a/auth_jwt_demo/__manifest__.py b/auth_jwt_demo/__manifest__.py
@@ -0,0 +1,16 @@
+# Copyright 2021 ACSONE SA/NV
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+{
+    "name": "Auth JWT Test",
+    "summary": """
+        Test/demo module for auth_jwt.""",
+    "version": "18.0.1.0.0",
+    "license": "LGPL-3",
+    "author": "ACSONE SA/NV,Odoo Community Association (OCA)",
+    "maintainers": ["sbidoul"],
+    "website": "https://github.com/OCA/server-auth",
+    "depends": ["auth_jwt"],
+    "data": [],
+    "demo": ["demo/auth_jwt_validator.xml"],
+}
diff --git a/auth_jwt_demo/controllers/__init__.py b/auth_jwt_demo/controllers/__init__.py
@@ -0,0 +1 @@
+from . import main
diff --git a/auth_jwt_demo/controllers/main.py b/auth_jwt_demo/controllers/main.py
@@ -0,0 +1,117 @@
+# Copyright 2021 ACSONE SA/NV
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+import json
+
+from odoo.http import Controller, Response, request, route
+
+
+class JWTTestController(Controller):
+    @route(
+        "/auth_jwt_demo/whoami",
+        type="http",
+        auth="jwt_demo",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami(self):
+        data = {}
+        if getattr(request, "jwt_partner_id", None):
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email, uid=request.env.uid)
+        return Response(json.dumps(data), content_type="application/json", status=200)
+
+    @route(
+        "/auth_jwt_demo/whoami-public-or-jwt",
+        type="http",
+        auth="public_or_jwt_demo",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami_public_or_jwt(self):
+        data = {"uid": request.env.uid}
+        if getattr(request, "jwt_partner_id", None):
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email)
+        return Response(json.dumps(data), content_type="application/json", status=200)
+
+    @route(
+        "/auth_jwt_demo_cookie/whoami",
+        type="http",
+        auth="jwt_demo_cookie",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami_cookie(self):
+        data = {"uid": request.env.uid}
+        if getattr(request, "jwt_partner_id", None):
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email)
+        return Response(json.dumps(data), content_type="application/json", status=200)
+
+    @route(
+        "/auth_jwt_demo_cookie/whoami-public-or-jwt",
+        type="http",
+        auth="public_or_jwt_demo_cookie",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami_cookie_public_or_jwt(self):
+        data = {"uid": request.env.uid}
+        if getattr(request, "jwt_partner_id", None):
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email)
+        return Response(json.dumps(data), content_type="application/json", status=200)
+
+    @route(
+        "/auth_jwt_demo/keycloak/whoami",
+        type="http",
+        auth="jwt_demo_keycloak",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami_keycloak(self):
+        """To use with the demo_keycloak validator.
+
+        You can play with this using the browser app in tests/spa and the
+        identity provider in tests/keycloak.
+        """
+        data = {}
+        if getattr(request, "jwt_partner_id", None):
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email)
+        return Response(json.dumps(data), content_type="application/json", status=200)
+
+    @route(
+        "/auth_jwt_demo/keycloak/whoami-public-or-jwt",
+        type="http",
+        auth="public_or_jwt_demo_keycloak",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami_public_or_keycloak(self):
+        """To use with the demo_keycloak validator.
+
+        You can play with this using the browser app in tests/spa and the
+        identity provider in tests/keycloak.
+        """
+        data = {"uid": request.env.uid}
+        if getattr(request, "jwt_partner_id", None):
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email)
+        else:
+            # public
+            data.update(name="Anonymous")
+        return Response(json.dumps(data), content_type="application/json", status=200)
diff --git a/auth_jwt_demo/demo/auth_jwt_validator.xml b/auth_jwt_demo/demo/auth_jwt_validator.xml
@@ -0,0 +1,42 @@
+<odoo>
+    <record id="demo_validator" model="auth.jwt.validator">
+        <field name="name">demo</field>
+        <field name="audience">auth_jwt_test_api</field>
+        <field name="issuer">theissuer</field>
+        <field name="signature_type">secret</field>
+        <field name="secret_algorithm">HS256</field>
+        <field name="secret_key">thesecret</field>
+        <field name="user_id_strategy">static</field>
+        <field name="static_user_id" ref="base.user_demo" />
+        <field name="partner_id_strategy">email</field>
+        <field name="partner_id_required" eval="False" />
+    </record>
+    <record id="demo_cookie_validator" model="auth.jwt.validator">
+        <field name="name">demo_cookie</field>
+        <field name="audience">auth_jwt_test_api</field>
+        <field name="issuer">theissuer</field>
+        <field name="signature_type">secret</field>
+        <field name="secret_algorithm">HS256</field>
+        <field name="secret_key">thesecret</field>
+        <field name="user_id_strategy">static</field>
+        <field name="static_user_id" ref="base.user_demo" />
+        <field name="partner_id_strategy">email</field>
+        <field name="partner_id_required" eval="False" />
+        <field name="cookie_enabled" eval="True" />
+        <field name="cookie_name">demo_auth</field>
+    </record>
+    <record id="demo_keycloak_validator" model="auth.jwt.validator">
+        <field name="name">demo_keycloak</field>
+        <field name="audience">auth_jwt_test_api</field>
+        <field name="issuer">http://localhost:8080/auth/realms/master</field>
+        <field name="signature_type">public_key</field>
+        <field name="public_key_algorithm">RS256</field>
+        <field
+            name="public_key_jwk_uri"
+        >http://localhost:8080/auth/realms/master/protocol/openid-connect/certs</field>
+        <field name="user_id_strategy">static</field>
+        <field name="static_user_id">1</field>
+        <field name="partner_id_strategy">email</field>
+        <field name="partner_id_required" eval="False" />
+    </record>
+</odoo>
diff --git a/auth_jwt_demo/i18n/auth_jwt_demo.pot b/auth_jwt_demo/i18n/auth_jwt_demo.pot
@@ -0,0 +1,13 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
diff --git a/auth_jwt_demo/i18n/it.po b/auth_jwt_demo/i18n/it.po
@@ -0,0 +1,14 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: Automatically generated\n"
+"Language-Team: none\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
diff --git a/auth_jwt_demo/pyproject.toml b/auth_jwt_demo/pyproject.toml
@@ -0,0 +1,3 @@
+[build-system]
+requires = ["whool"]
+build-backend = "whool.buildapi"
diff --git a/auth_jwt_demo/readme/CONTRIBUTORS.md b/auth_jwt_demo/readme/CONTRIBUTORS.md
@@ -0,0 +1 @@
+- Stéphane Bidoul \<<[email protected]>\>
diff --git a/auth_jwt_demo/readme/DESCRIPTION.md b/auth_jwt_demo/readme/DESCRIPTION.md
@@ -0,0 +1 @@
+A test/demo module for `auth_jwt`.
diff --git a/auth_jwt_demo/readme/USAGE.md b/auth_jwt_demo/readme/USAGE.md
@@ -0,0 +1,31 @@
+This modules creates a JWT validator named `demo`, and adds a
+`/auth_jwt_demo/whoami` route which returns information about the
+partner identified in the token.
+
+The `whoami` endpoint can be invoked as such, assuming
+[python-jose](https://pypi.org/project/python-jose/) is installed.
+
+``` python
+# /usr/bin/env python3
+import time
+
+import requests
+from jose import jwt
+
+token = jwt.encode(
+    {
+        "aud": "auth_jwt_test_api",
+        "iss": "some issuer",
+        "exp": time.time() + 60,
+        "email": "[email protected]",
+    },
+    key="thesecret",
+    algorithm=jwt.ALGORITHMS.HS256,
+)
+r = requests.get(
+    "http://localhost:8069/auth_jwt_demo/whoami",
+    headers={"Authorization": "Bearer " + token},
+)
+r.raise_for_status()
+print(r.json())
+```
diff --git a/auth_jwt_demo/static/description/icon.png b/auth_jwt_demo/static/description/icon.png