opt sso oauth

2025-02-23 04:11:36 +02:00 · 2024-12-06 04:18:42 +08:00
parent b107e1748a
commit a16d063d09
2 changed files with 11 additions and 6 deletions
--- a/app_saas/data/auth_oauth_data.xml
+++ b/app_saas/data/auth_oauth_data.xml
@@ -9,6 +9,7 @@
            <field name="scope">odoo,profile</field>
            <field name="validation_endpoint">https://www.odooapp.cn/oauth/profile</field>
            <field name="data_endpoint"></field>
+            <field name="user_template_id" ref=""/>
            <field name="css_class">fa fa-2x fa-fw fa-sign-in text-primary</field>
            <field name="enabled" eval="True"/>
        </record>
--- a/app_saas/models/res_users.py
+++ b/app_saas/models/res_users.py
@@ -35,7 +35,7 @@ class ResUsers(models.Model):
    
    @api.model
    def auth_oauth(self, provider, params):
-        # 这里原生是已取 token，实际用 code 时要另取token
+        # 这里原生是没处理code模式，此处将增加使用code取token，不在 controller 中处理
        code = params.get('code', False)
        access_token = params.get('access_token')
        oauth_provider = self.env['auth.oauth.provider'].sudo().browse(provider)
@@ -51,9 +51,13 @@ class ResUsers(models.Model):
                params.update({
                    'client_secret': oauth_provider.client_secret or '',
                })
-            response = requests.get(oauth_provider.code_endpoint, params=params, timeout=20)
+            response = requests.get(oauth_provider.code_endpoint, params=params, timeout=30)
            if response.ok:
                ret = response.json()
+                # todo: 客户机首次连接时，取到的 server 端 key 写入 provider 的 client_secret
+                if ret.get('push_client_secret') and hasattr(oauth_provider, 'client_secret'):
+                    oauth_provider.write({'client_secret': ret.get('push_client_secret')})
+                    self._cr.commit()
            kw = {**ret, **params}
            kw.pop('code', False)
        self = self.with_context(auth_extra=kw)
@@ -87,10 +91,10 @@ class ResUsers(models.Model):
        oauth_provider_id = values.get('oauth_provider_id')
        if oauth_provider_id:
            provider = request.env['auth.oauth.provider'].sudo().browse(int(oauth_provider_id))
-            if provider and provider.scope.find('odoo') >= 0:
-                template_user = self.sudo().env.ref('base.default_user', False)
-                if provider and hasattr(provider, 'user_template_id'):
-                    template_user = provider.user_template_id
+            if provider:
+                template_user = provider.user_template_id
+                if not template_user and provider.scope.find('odoo') >= 0:
+                    template_user = self.sudo().env.ref('base.default_user', False)
                if not template_user:
                    template_user_id = literal_eval(self.env['ir.config_parameter'].sudo().get_param('base.template_portal_user_id', 'False'))
                    template_user = self.sudo().browse(template_user_id)