fix sso

2025-02-23 04:11:36 +02:00 · 2024-12-05 08:31:04 +08:00
parent eeea2ea78c
commit d15cd7f352
1 changed files with 37 additions and 15 deletions
--- a/app_saas/models/res_users.py
+++ b/app_saas/models/res_users.py
@@ -36,29 +36,51 @@ class ResUsers(models.Model):
    @api.model
    def auth_oauth(self, provider, params):
        # 这里原生是已取 token，实际用 code 时要另取token
        code = params.get('code', False)
        access_token = params.get('access_token')
-        oauth_provider = self.env['auth.oauth.provider'].browse(provider)
+        oauth_provider = self.env['auth.oauth.provider'].sudo().browse(provider)
        kw = {}
-        if oauth_provider.code_endpoint and oauth_provider.scope.find('odoo') >= 0:
+        if oauth_provider.code_endpoint and code and not access_token:
            # odoo 特殊处理，用code取token
-            if not access_token and params.get('code'):
+            params.update({
                'scope': oauth_provider.scope or '',
                'client_id': oauth_provider.client_id or '',
            })
            if hasattr(oauth_provider, 'client_secret') and oauth_provider.client_secret:
                params.update({
-                    'scope': oauth_provider.scope or '',
+                    'client_secret': oauth_provider.client_secret or '',
                    'client_id': oauth_provider.client_id or '',
                })
-                if hasattr(oauth_provider, 'client_secret') and oauth_provider.client_secret:
+            response = requests.get(oauth_provider.code_endpoint, params=params, timeout=20)
-                    params.update({
+            if response.ok:
-                        'client_secret': oauth_provider.client_secret or '',
+                ret = response.json()
-                    })
+            kw = {**ret, **params}
-                response = requests.get(oauth_provider.code_endpoint, params=params, timeout=20)
+            kw.pop('code', False)
                if response.ok:
                    ret = response.json()
                kw = {**ret, **params}
                kw.pop('code')
        self = self.with_context(auth_extra=kw)
        res = super(ResUsers, self).auth_oauth(provider, kw)
        return res
-        
+
    def _auth_oauth_signin(self, provider, validation, params):
        # 用户绑定的额外处理，如果有同 login 用户则直接绑定
        # todo: 当前不管多公司，在 social_login 里有更细节判断，后续优化
        oauth_provider = self.env['auth.oauth.provider'].sudo().browse(provider)
        if oauth_provider and oauth_provider.scope.find('odoo') >= 0:
            oauth_uid =validation.get('user_id')
            if oauth_uid:
                odoo_user = self.sudo().search([('login', '=', oauth_uid)], limit=1)
                if odoo_user and not (odoo_user.oauth_access_token and odoo_user.oauth_provider_id and odoo_user.oauth_uid):
                    vals = {
                        'oauth_provider_id': provider,
                        'oauth_access_token': params.get('access_token'),
                        'oauth_uid': oauth_uid,
                    }
                    odoo_user.write(vals)
                    _logger.info('========= _auth_oauth_signin res.users write：%s' % vals)
                    self._cr.commit()
                    return odoo_user.user_id.login
        res = super(ResUsers, self)._auth_oauth_signin(provider, validation, params)
        return res
    def _create_user_from_template(self, values):
        # 处理odooapp.cn 为 server 时 默认为内部用户
        oauth_provider_id = values.get('oauth_provider_id')