[IMP] auth_jwt: add public_or_jwt auth method

This method is useful for public endpoints that need to work for anonymous user, but can be enhanced when an authenticated user is know. A typical use case is a "add to cart" enpoint that can work for anonymous users, but can be enhanced by binding the cart to a known customer when the authenticated user is known.
OCA · Dec 16, 2021 · 057c8ac · 057c8ac
1 parent ba3d14b
commit 057c8ac
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 4 deletions.
diff --git a/auth_jwt_demo/controllers/main.py b/auth_jwt_demo/controllers/main.py
@@ -43,3 +43,27 @@ def whoami_keycloak(self):
             partner = request.env["res.partner"].browse(request.jwt_partner_id)
             data.update(name=partner.name, email=partner.email)
         return Response(json.dumps(data), content_type="application/json", status=200)
+
+    @route(
+        "/auth_jwt_demo/keycloak/whoami-public-or-jwt",
+        type="http",
+        auth="public_or_jwt_demo_keycloak",
+        csrf=False,
+        cors="*",
+        save_session=False,
+        methods=["GET", "OPTIONS"],
+    )
+    def whoami_public_or_keycloak(self):
+        """To use with the demo_keycloak validator.
+
+        You can play with this using the browser app in tests/spa and the
+        identity provider in tests/keycloak.
+        """
+        data = {}
+        if hasattr(request, "jwt_partner_id") and request.jwt_partner_id:
+            partner = request.env["res.partner"].browse(request.jwt_partner_id)
+            data.update(name=partner.name, email=partner.email)
+        else:
+            # public
+            data.update(name="Anonymous")
+        return Response(json.dumps(data), content_type="application/json", status=200)
diff --git a/auth_jwt_demo/tests/spa/index.html b/auth_jwt_demo/tests/spa/index.html
@@ -11,13 +11,17 @@ <h2>SPA OIDC Authentication Sample</h2>
     <button id="btn-login" disabled>Log in</button>
     <button id="btn-logout" disabled>Log out</button>
     <button id="btn-whoami">Who am I? (api call)</button>
+    <button id="btn-whoami-public-or-jwt">Who am I (public or auth)? (api call)</button>
     <script type="module">
-      import {onload, login, logout, whoami} from "./js/app.js";
+      import {onload, login, logout, whoami, whoami_public_or_jwt} from "./js/app.js";
 
       window.onload = onload;
       document.getElementById("btn-login").onclick = login;
       document.getElementById("btn-logout").onclick = logout;
       document.getElementById("btn-whoami").onclick = whoami;
+      document.getElementById(
+        "btn-whoami-public-or-jwt"
+      ).onclick = whoami_public_or_jwt;
     </script>
   </body>
 </html>
diff --git a/auth_jwt_demo/tests/spa/js/app.js b/auth_jwt_demo/tests/spa/js/app.js
@@ -76,11 +76,11 @@ async function refresh() {
     client.startSilentRenew();
 }
 
-async function whoami() {
+async function _whoami(endpoint) {
     let user = await client.getUser();
     try {
         let response = await fetch(
-            "http://localhost:8069/auth_jwt_demo/keycloak/whoami",
+            "http://localhost:8069/auth_jwt_demo/keycloak" + endpoint,
             {
                 headers: {
                     ...(user && {Authorization: `Bearer ${user.access_token}`}),
@@ -94,4 +94,12 @@ async function whoami() {
     }
 }
 
-export {onload, login, logout, whoami};
+async function whoami() {
+    await _whoami("/whoami");
+}
+
+async function whoami_public_or_jwt() {
+    await _whoami("/whoami-public-or-jwt");
+}
+
+export {onload, login, logout, whoami, whoami_public_or_jwt};