OCA
diff --git a/‎oauth_provider/README.rst‎
Lines changed: 5 additions & 1 deletion b/‎oauth_provider/README.rst‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎oauth_provider/__manifest__.py‎
Lines changed: 1 addition & 1 deletion b/‎oauth_provider/__manifest__.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎oauth_provider/controllers/__init__.py‎
Lines changed: 4 additions & 1 deletion b/‎oauth_provider/controllers/__init__.py‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎oauth_provider/controllers/oauth_api_controller.py‎
Lines changed: 94 additions & 0 deletions b/‎oauth_provider/controllers/oauth_api_controller.py‎
Lines changed: 94 additions & 0 deletions
diff --git a/‎oauth_provider/controllers/oauth_mixin.py‎
Lines changed: 88 additions & 0 deletions b/‎oauth_provider/controllers/oauth_mixin.py‎
Lines changed: 88 additions & 0 deletions
diff --git a/‎oauth_provider/controllers/main.py‎ ‎…controllers/oauth_provider_controller.py‎oauth_provider/controllers/main.py renamed to oauth_provider/controllers/oauth_provider_controller.py
Lines changed: 43 additions & 55 deletions b/‎oauth_provider/controllers/main.py‎ ‎…controllers/oauth_provider_controller.py‎oauth_provider/controllers/main.py renamed to oauth_provider/controllers/oauth_provider_controller.py
Lines changed: 43 additions & 55 deletions
@@ -68,6 +68,9 @@ For example, to configure an Odoo's *auth_oauth* module compatible client, you w
 Usage
 =====
 
+Server
+------
+
 This module will allow OAuth clients to use your Odoo instance as an OAuth provider.
 
 Once configured, you must give these information to your client application :
@@ -82,7 +85,7 @@ Once configured, you must give these information to your client application :
      Parameters : access_token
   - User information request : http://odoo.example.com/oauth2/userinfo
      Parameters : access_token
-  - Any other model information request (depending on the scopes) : http://odoo.example.com/oauth2/otherinfo
+  - Any other model information request (depending on the scopes) : http://odoo.example.com/oauth2/data
      Parameters : access_token and model
 
 For example, to configure the *auth_oauth* Odoo module as a client, you will enter these values :
@@ -95,6 +98,7 @@ For example, to configure the *auth_oauth* Odoo module as a client, you will ent
 - Validation URL : http://odoo.example.com/oauth2/tokeninfo
 - Data URL : http://odoo.example.com/oauth2/userinfo
 
+
 .. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas
    :alt: Try me on Runbot
    :target: https://runbot.odoo-community.org/runbot/149/10.0
 
@@ -8,7 +8,7 @@
     'version': '10.0.1.0.0',
     'category': 'Authentication',
     'website': 'http://www.syleam.fr/',
-    'author': 'SYLEAM, Odoo Community Association (OCA)',
+    'author': 'SYLEAM, LasLabs, Odoo Community Association (OCA)',
     'license': 'AGPL-3',
     'installable': True,
     'external_dependancies': {
 
@@ -2,4 +2,7 @@
 # Copyright 2016 SYLEAM
 # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
 
-from . import main
+from . import oauth_mixin
+
+from . import oauth_api_controller
+from . import oauth_provider_controller
@@ -0,0 +1,94 @@
+# -*- coding: utf-8 -*-
+# Copyright 2016 SYLEAM
+# Copyright 2017 LasLabs Inc.
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import http, fields
+from odoo.addons.web.controllers.main import ensure_db
+
+from ..http import route
+from ..exceptions import OauthApiException, OauthInvalidTokenException
+from .oauth2_mixin import OauthMixin
+
+_logger = logging.getLogger(__name__)
+
+
+class OauthApiController(OauthMixin):
+
+    def _get_model(self, model_name):
+        """ Validate the access token & return a usable model.
+
+        Args:
+            model_name (str): Name of model to find.
+
+        Returns:
+            IrModel: Usable model object that matched model_name.
+
+        Raises:
+            OauthApiException: If the model is not found.
+        """
+        ensure_db()
+        model_obj = http.request.env['ir.model'].search([
+            ('model', '=', model_name),
+        ])
+        if not model_obj:
+            raise OauthApiException('Model Not Found')
+        return model_obj
+
+    def _get_token(self, access_token):
+        """ Find the access token & return it if valid.
+
+        Args:
+            access_token (str): Access token that should be validated.
+
+        Returns:
+            OAuthProviderToken: Token record, if valid.
+
+        Raises:
+            OauthInvalidTokenException: When the token is invalid or expired.
+        """
+        ensure_db()
+        token = self._get_access_token(access_token)
+        if not token:
+            raise OauthInvalidTokenException()
+        return token
+
+    @route('/oauth2/data',
+           type='oauth',
+           auth='none',
+           methods=['GET'],
+           )
+    def data_get(self, access_token=None, model=None, *args, **kwargs):
+        """ Return allowed information about the requested model.
+
+        Args:
+            access_token (str): OAuth2 access token to utilize for the
+                operation.
+            model (str): Name of model to operate on.
+            domain (list, optional): Domain to apply to the search, in the
+                standard Odoo format. This only applies if there is not
+                already a filter on the token scope. Otherwise, the scope
+                will take precedence.
+        """
+        token = self._get_token(access_token)
+        model = self._get_model(model)
+        data = token.get_data_for_model(
+            model,
+            domain=kwargs.get('domain', []),
+        )
+        return self._json_response(data=data)
+
+    @route('/oauth2/data',
+           type='oauth',
+           auth='none',
+           csrf=False,
+           methods=['POST'],
+           )
+    def data_post(self, access_token=None, model=None, record_ids=None,
+                  *args, **kwargs):
+        """ Update the records  """
+        token = self._get_token(access_token)
+        model = self._get_model(model)
+        raise OauthInvalidTokenException()
@@ -0,0 +1,88 @@
+# -*- coding: utf-8 -*-
+# Copyright 2016 SYLEAM
+# Copyright 2017 LasLabs Inc.
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import json
+import logging
+import werkzeug.wrappers
+
+from odoo import http
+from odoo.addons.web.controllers.main import ensure_db
+
+from ..http import OauthRequest
+
+_logger = logging.getLogger(__name__)
+
+try:
+    import oauthlib
+    from oauthlib import oauth2
+except ImportError:
+    _logger.debug('Cannot `import oauthlib`.')
+
+
+class OauthMixin(http.Controller):
+
+    @classmethod
+    def _get_access_token(cls, access_token):
+        """ Verify access token and return record if valid.
+
+        Args:
+             access_token (str): OAuth2 access token to be validated.
+
+        Returns:
+            OauthProviderToken: Valid token record for use.
+            NoneType: None if no matching token was found in the database.
+            bool: False if the token was invalid.
+        """
+        token = http.request.env['oauth.provider.token'].search([
+            ('token', '=', access_token),
+        ])
+        if not token:
+            return None
+
+        oauth2_server = token.client_id.get_oauth2_server()
+        # Retrieve needed arguments for oauthlib methods
+        uri, http_method, body, headers = cls._get_request_information()
+
+        # Validate request information
+        valid, oauthlib_request = oauth2_server.verify_request(
+            uri, http_method=http_method, body=body, headers=headers,
+        )
+
+        if valid:
+            return token
+
+        return False
+
+    @staticmethod
+    def _get_request_information():
+        """ Retrieve needed arguments for oauthlib methods.
+
+        Returns:
+            tuple: uri, http_method, body, headers
+        """
+        uri = http.request.httprequest.base_url
+        http_method = http.request.httprequest.method
+        body = oauthlib.common.urlencode(
+            http.request.httprequest.values.items(),
+        )
+        headers = http.request.httprequest.headers
+
+        return uri, http_method, body, headers
+
+    @staticmethod
+    def _json_response(data=None, status=200, headers=None):
+        """ Returns a json response to the client.
+
+        Args:
+            data (mixed, optional): Response data to JSON encode.
+            status (int, optional): HTTP status code to respond with.
+            headers (dict, optional): Mapping of headers to apply to the request. If
+                the `Content-Type` header is not defined, `application/json`
+                will automatically be added.
+
+        Returns:
+            BaseResponse: Werkzeug response object based on the input.
+        """
+        return OauthRequest._json_response(data, headers=headers)
@@ -10,6 +10,9 @@
 from odoo import http, fields
 from odoo.addons.web.controllers.main import ensure_db
 
+from ..http import route
+from .oauth2_mixin import OauthMixin
+
 _logger = logging.getLogger(__name__)
 
 try:
@@ -19,50 +22,13 @@
     _logger.debug('Cannot `import oauthlib`.')
 
 
-class OAuth2ProviderController(http.Controller):
-    def __init__(self):
-        super(OAuth2ProviderController, self).__init__()
-
-    def _get_request_information(self):
-        """ Retrieve needed arguments for oauthlib methods """
-        uri = http.request.httprequest.base_url
-        http_method = http.request.httprequest.method
-        body = oauthlib.common.urlencode(
-            http.request.httprequest.values.items())
-        headers = http.request.httprequest.headers
-
-        return uri, http_method, body, headers
-
-    def _check_access_token(self, access_token):
-        """ Check if the provided access token is valid """
-        token = http.request.env['oauth.provider.token'].search([
-            ('token', '=', access_token),
-        ])
-        if not token:
-            return False
-
-        oauth2_server = token.client_id.get_oauth2_server()
-        # Retrieve needed arguments for oauthlib methods
-        uri, http_method, body, headers = self._get_request_information()
-
-        # Validate request information
-        valid, oauthlib_request = oauth2_server.verify_request(
-            uri, http_method=http_method, body=body, headers=headers)
-
-        if valid:
-            return token
-
-        return False
-
-    def _json_response(self, data=None, status=200, headers=None):
-        """ Returns a json response to the client """
-        if headers is None:
-            headers = {'Content-Type': 'application/json'}
-
-        return werkzeug.wrappers.BaseResponse(
-            json.dumps(data), status=status, headers=headers)
+class OAuth2ProviderController(OauthMixin):
 
-    @http.route('/oauth2/authorize', type='http', auth='user', methods=['GET'])
+    @route('/oauth2/authorize',
+           type='http',
+           auth='user',
+           methods=['GET'],
+           )
     def authorize(self, client_id=None, response_type=None, redirect_uri=None,
                   scope=None, state=None, *args, **kwargs):
         """ Check client's request, and display an authorization page to the user,
@@ -122,8 +88,11 @@ def authorize(self, client_id=None, response_type=None, redirect_uri=None,
                 'oauth_scopes': oauth_scopes,
             })
 
-    @http.route(
-        '/oauth2/authorize', type='http', auth='user', methods=['POST'])
+    @http.route('/oauth2/authorize',
+                type='http',
+                auth='user',
+                methods=['POST'],
+                )
     def authorize_post(self, *args, **kwargs):
         """ Redirect to the requested URI during the authorization """
         client = http.request.env['oauth.provider.client'].search([
@@ -147,8 +116,12 @@ def authorize_post(self, *args, **kwargs):
 
         return werkzeug.utils.redirect(headers['Location'], code=status)
 
-    @http.route('/oauth2/token', type='http', auth='none', methods=['POST'],
-                csrf=False)
+    @http.route('/oauth2/token',
+                type='http',
+                auth='none',
+                methods=['POST'],
+                csrf=False,
+                )
     def token(self, client_id=None, client_secret=None, redirect_uri=None,
               scope=None, code=None, grant_type=None, username=None,
               password=None, refresh_token=None, *args, **kwargs):
@@ -199,14 +172,18 @@ def token(self, client_id=None, client_secret=None, redirect_uri=None,
         return werkzeug.wrappers.BaseResponse(
             body, status=status, headers=headers)
 
-    @http.route('/oauth2/tokeninfo', type='http', auth='none', methods=['GET'])
+    @http.route('/oauth2/tokeninfo',
+                type='http',
+                auth='none',
+                methods=['GET'],
+                )
     def tokeninfo(self, access_token=None, *args, **kwargs):
         """ Return some information about the supplied token
 
         Similar to Google's "tokeninfo" request
         """
         ensure_db()
-        token = self._check_access_token(access_token)
+        token = self._get_access_token(access_token)
         if not token:
             return self._json_response(
                 data={'error': 'invalid_or_expired_token'}, status=401)
@@ -228,26 +205,34 @@ def tokeninfo(self, access_token=None, *args, **kwargs):
             data.update(user_id=token.generate_user_id())
         return self._json_response(data=data)
 
-    @http.route('/oauth2/userinfo', type='http', auth='none', methods=['GET'])
+    @http.route('/oauth2/userinfo',
+                type='http',
+                auth='none',
+                methods=['GET'],
+                )
     def userinfo(self, access_token=None, *args, **kwargs):
         """ Return some information about the user linked to the supplied token
 
         Similar to Google's "userinfo" request
         """
         ensure_db()
-        token = self._check_access_token(access_token)
+        token = self._get_access_token(access_token)
         if not token:
             return self._json_response(
                 data={'error': 'invalid_or_expired_token'}, status=401)
 
         data = token.get_data_for_model('res.users', res_id=token.user_id.id)
         return self._json_response(data=data)
 
-    @http.route('/oauth2/otherinfo', type='http', auth='none', methods=['GET'])
+    @http.route('/oauth2/otherinfo',
+                type='http',
+                auth='none',
+                methods=['GET'],
+                )
     def otherinfo(self, access_token=None, model=None, *args, **kwargs):
         """ Return allowed information about the requested model """
         ensure_db()
-        token = self._check_access_token(access_token)
+        token = self._get_access_token(access_token)
         if not token:
             return self._json_response(
                 data={'error': 'invalid_or_expired_token'}, status=401)
@@ -262,8 +247,11 @@ def otherinfo(self, access_token=None, model=None, *args, **kwargs):
         data = token.get_data_for_model(model)
         return self._json_response(data=data)
 
-    @http.route(
-        '/oauth2/revoke_token', type='http', auth='none', methods=['POST'])
+    @http.route('/oauth2/revoke_token',
+                type='http',
+                auth='none',
+                methods=['POST'],
+                )
     def revoke_token(self, token=None, *args, **kwargs):
         """ Revoke the supplied token """
         ensure_db()