diff --git a/auth_jwt/README.rst b/auth_jwt/README.rst index f309f82757..0ae874edb4 100644 --- a/auth_jwt/README.rst +++ b/auth_jwt/README.rst @@ -17,13 +17,13 @@ Auth JWT :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html :alt: License: LGPL-3 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github - :target: https://github.com/OCA/server-auth/tree/16.0/auth_jwt + :target: https://github.com/OCA/server-auth/tree/17.0/auth_jwt :alt: OCA/server-auth .. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png - :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_jwt + :target: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_jwt :alt: Translate me on Weblate .. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png - :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0 + :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=17.0 :alt: Try me on Runboat |badge1| |badge2| |badge3| |badge4| |badge5| @@ -43,70 +43,76 @@ This module requires the ``pyjwt`` library to be installed. Usage ===== -This module lets developpers add a new ``jwt`` authentication method on Odoo -controller routes. +This module lets developpers add a new ``jwt`` authentication method on +Odoo controller routes. To use it, you must: -* Create an ``auth.jwt.validator`` record to configure how the JWT token will - be validated. -* Add an ``auth="jwt_{validator-name}"`` or ``auth="public_or_jwt_{validator-name}"`` - attribute to the routes you want to protect where ``{validator-name}`` corresponds to - the name attribute of the JWT validator record. +- Create an ``auth.jwt.validator`` record to configure how the JWT token + will be validated. +- Add an ``auth="jwt_{validator-name}"`` or + ``auth="public_or_jwt_{validator-name}"`` attribute to the routes you + want to protect where ``{validator-name}`` corresponds to the name + attribute of the JWT validator record. The ``auth_jwt_demo`` module provides examples. The JWT validator can be configured with the following properties: -* ``name``: the validator name, to match the ``auth="jwt_{validator-name}"`` - route property. -* ``audience``: a comma-separated list of allowed audiences, used to validate - the ``aud`` claim. -* ``issuer``: used to validate the ``iss`` claim. -* Signature type (secret or public key), algorithm, secret and JWK URI +- ``name``: the validator name, to match the + ``auth="jwt_{validator-name}"`` route property. +- ``audience``: a comma-separated list of allowed audiences, used to + validate the ``aud`` claim. +- ``issuer``: used to validate the ``iss`` claim. +- Signature type (secret or public key), algorithm, secret and JWK URI are used to validate the token signature. In addition, the ``exp`` claim is validated to reject expired tokens. If the ``Authorization`` HTTP header is missing, malformed, or contains -an invalid token, the request is rejected with a 401 (Unauthorized) code, -unless the cookie mode is enabled (see below). - -If the token is valid, the request executes with the configured user id. By -default the user id selection strategy is ``static`` (i.e. the same for all -requests) and the selected user is configured on the JWT validator. Additional -strategies can be provided by overriding the ``_get_uid()`` method and -extending the ``user_id_strategy`` selection field. - -The selected user is *not* stored in the session. It is only available in -``request.uid`` (and thus it is the one used in ``request.env``). To avoid any -confusion and mismatches between the bearer token and the session, this module -rejects requests made with an authenticated user session. - -Additionally, if a ``partner_id_strategy`` is configured, a partner is searched -and if found, its id is stored in the ``request.jwt_partner_id`` attribute. If -``partner_id_required`` is set, a 401 (Unauthorized) is returned if no partner -was found. Otherwise ``request.jwt_partner_id`` is left falsy. Additional -strategies can be provided by overriding the ``_get_partner_id()`` method -and extending the ``partner_id_strategy`` selection field. +an invalid token, the request is rejected with a 401 (Unauthorized) +code, unless the cookie mode is enabled (see below). + +If the token is valid, the request executes with the configured user id. +By default the user id selection strategy is ``static`` (i.e. the same +for all requests) and the selected user is configured on the JWT +validator. Additional strategies can be provided by overriding the +``_get_uid()`` method and extending the ``user_id_strategy`` selection +field. + +The selected user is *not* stored in the session. It is only available +in ``request.uid`` (and thus it is the one used in ``request.env``). To +avoid any confusion and mismatches between the bearer token and the +session, this module rejects requests made with an authenticated user +session. + +Additionally, if a ``partner_id_strategy`` is configured, a partner is +searched and if found, its id is stored in the +``request.jwt_partner_id`` attribute. If ``partner_id_required`` is set, +a 401 (Unauthorized) is returned if no partner was found. Otherwise +``request.jwt_partner_id`` is left falsy. Additional strategies can be +provided by overriding the ``_get_partner_id()`` method and extending +the ``partner_id_strategy`` selection field. The decoded JWT payload is stored in ``request.jwt_payload``. -The ``public_auth_jwt`` method delegates authentication to the standard Odoo ``public`` -method when the Authorization header is not set. If it is set, the regular JWT -authentication is performed as described above. This method is useful for public -endpoints that need to work for anonymous users, but can be enhanced when an -authenticated user is know. A typical use case is a "add to cart" endpoint that can work -for anonymous users, but can be enhanced by binding the cart to a known customer when -the authenticated user is known. - -You can enable a cookie mode on JWT validators. In this case, the JWT payload obtained -from the ``Authorization`` header is returned as a Http-Only cookie. This mode is -sometimes simpler for front-end applications which do not then need to store and protect -the JWT token across requests and can simply rely on the cookie management mechanisms of -browsers. When both the ``Authorization`` header and a cookie are provided, the cookie -is ignored in order to let clients authenticate with a different user by providing a new -JWT token. +The ``public_auth_jwt`` method delegates authentication to the standard +Odoo ``public`` method when the Authorization header is not set. If it +is set, the regular JWT authentication is performed as described above. +This method is useful for public endpoints that need to work for +anonymous users, but can be enhanced when an authenticated user is know. +A typical use case is a "add to cart" endpoint that can work for +anonymous users, but can be enhanced by binding the cart to a known +customer when the authenticated user is known. + +You can enable a cookie mode on JWT validators. In this case, the JWT +payload obtained from the ``Authorization`` header is returned as a +Http-Only cookie. This mode is sometimes simpler for front-end +applications which do not then need to store and protect the JWT token +across requests and can simply rely on the cookie management mechanisms +of browsers. When both the ``Authorization`` header and a cookie are +provided, the cookie is ignored in order to let clients authenticate +with a different user by providing a new JWT token. Bug Tracker =========== @@ -114,7 +120,7 @@ Bug Tracker Bugs are tracked on `GitHub Issues `_. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed -`feedback `_. +`feedback `_. Do not contact contributors directly about support or help with technical issues. @@ -122,17 +128,18 @@ Credits ======= Authors -~~~~~~~ +------- * ACSONE SA/NV Contributors -~~~~~~~~~~~~ +------------ -* Stéphane Bidoul +- Stéphane Bidoul +- Mohamed Alkobrosli Maintainers -~~~~~~~~~~~ +----------- This module is maintained by the OCA. @@ -152,6 +159,6 @@ Current `maintainer `__: |maintainer-sbidoul| -This module is part of the `OCA/server-auth `_ project on GitHub. +This module is part of the `OCA/server-auth `_ project on GitHub. You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/auth_jwt/__manifest__.py b/auth_jwt/__manifest__.py index 059b9bc7ec..aa1fc3838a 100644 --- a/auth_jwt/__manifest__.py +++ b/auth_jwt/__manifest__.py @@ -5,7 +5,7 @@ "name": "Auth JWT", "summary": """ JWT bearer token authentication.""", - "version": "16.0.1.1.0", + "version": "17.0.1.0.0", "license": "LGPL-3", "author": "ACSONE SA/NV,Odoo Community Association (OCA)", "maintainers": ["sbidoul"], @@ -14,4 +14,7 @@ "external_dependencies": {"python": ["pyjwt", "cryptography"]}, "data": ["security/ir.model.access.csv", "views/auth_jwt_validator_views.xml"], "demo": [], + "installable": True, + "application": False, + "auto_install": False, } diff --git a/auth_jwt/exceptions.py b/auth_jwt/exceptions.py index e8af54d114..1864954100 100644 --- a/auth_jwt/exceptions.py +++ b/auth_jwt/exceptions.py @@ -44,7 +44,7 @@ def __init__(self, errors): super().__init__( "Multiple errors occurred during JWT chain validation:\n" + "\n".join( - "{}: {}".format(validator_name, error) + f"{validator_name}: {error}" for validator_name, error in self.errors.items() ) ) diff --git a/auth_jwt/models/ir_http.py b/auth_jwt/models/ir_http.py index b65118fd88..7168e50894 100644 --- a/auth_jwt/models/ir_http.py +++ b/auth_jwt/models/ir_http.py @@ -19,7 +19,6 @@ class IrHttpJwt(models.AbstractModel): - _inherit = "ir.http" @classmethod diff --git a/auth_jwt/pyproject.toml b/auth_jwt/pyproject.toml new file mode 100644 index 0000000000..4231d0cccb --- /dev/null +++ b/auth_jwt/pyproject.toml @@ -0,0 +1,3 @@ +[build-system] +requires = ["whool"] +build-backend = "whool.buildapi" diff --git a/auth_jwt/readme/CONTRIBUTORS.md b/auth_jwt/readme/CONTRIBUTORS.md new file mode 100644 index 0000000000..d6260f557c --- /dev/null +++ b/auth_jwt/readme/CONTRIBUTORS.md @@ -0,0 +1,2 @@ +- Stéphane Bidoul \<\> +- Mohamed Alkobrosli \<\> diff --git a/auth_jwt/readme/CONTRIBUTORS.rst b/auth_jwt/readme/CONTRIBUTORS.rst deleted file mode 100644 index f323b44ab0..0000000000 --- a/auth_jwt/readme/CONTRIBUTORS.rst +++ /dev/null @@ -1 +0,0 @@ -* Stéphane Bidoul diff --git a/auth_jwt/readme/DESCRIPTION.rst b/auth_jwt/readme/DESCRIPTION.md similarity index 100% rename from auth_jwt/readme/DESCRIPTION.rst rename to auth_jwt/readme/DESCRIPTION.md diff --git a/auth_jwt/readme/INSTALL.md b/auth_jwt/readme/INSTALL.md new file mode 100644 index 0000000000..529cf45e83 --- /dev/null +++ b/auth_jwt/readme/INSTALL.md @@ -0,0 +1 @@ +This module requires the `pyjwt` library to be installed. diff --git a/auth_jwt/readme/INSTALL.rst b/auth_jwt/readme/INSTALL.rst deleted file mode 100644 index 9d8ccacf56..0000000000 --- a/auth_jwt/readme/INSTALL.rst +++ /dev/null @@ -1 +0,0 @@ -This module requires the ``pyjwt`` library to be installed. diff --git a/auth_jwt/readme/USAGE.md b/auth_jwt/readme/USAGE.md new file mode 100644 index 0000000000..b67c4fc331 --- /dev/null +++ b/auth_jwt/readme/USAGE.md @@ -0,0 +1,69 @@ +This module lets developpers add a new `jwt` authentication method on +Odoo controller routes. + +To use it, you must: + +- Create an `auth.jwt.validator` record to configure how the JWT token + will be validated. +- Add an `auth="jwt_{validator-name}"` or + `auth="public_or_jwt_{validator-name}"` attribute to the routes you + want to protect where `{validator-name}` corresponds to the name + attribute of the JWT validator record. + +The `auth_jwt_demo` module provides examples. + +The JWT validator can be configured with the following properties: + +- `name`: the validator name, to match the `auth="jwt_{validator-name}"` + route property. +- `audience`: a comma-separated list of allowed audiences, used to + validate the `aud` claim. +- `issuer`: used to validate the `iss` claim. +- Signature type (secret or public key), algorithm, secret and JWK URI + are used to validate the token signature. + +In addition, the `exp` claim is validated to reject expired tokens. + +If the `Authorization` HTTP header is missing, malformed, or contains an +invalid token, the request is rejected with a 401 (Unauthorized) code, +unless the cookie mode is enabled (see below). + +If the token is valid, the request executes with the configured user id. +By default the user id selection strategy is `static` (i.e. the same for +all requests) and the selected user is configured on the JWT validator. +Additional strategies can be provided by overriding the `_get_uid()` +method and extending the `user_id_strategy` selection field. + +The selected user is *not* stored in the session. It is only available +in `request.uid` (and thus it is the one used in `request.env`). To +avoid any confusion and mismatches between the bearer token and the +session, this module rejects requests made with an authenticated user +session. + +Additionally, if a `partner_id_strategy` is configured, a partner is +searched and if found, its id is stored in the `request.jwt_partner_id` +attribute. If `partner_id_required` is set, a 401 (Unauthorized) is +returned if no partner was found. Otherwise `request.jwt_partner_id` is +left falsy. Additional strategies can be provided by overriding the +`_get_partner_id()` method and extending the `partner_id_strategy` +selection field. + +The decoded JWT payload is stored in `request.jwt_payload`. + +The `public_auth_jwt` method delegates authentication to the standard +Odoo `public` method when the Authorization header is not set. If it is +set, the regular JWT authentication is performed as described above. +This method is useful for public endpoints that need to work for +anonymous users, but can be enhanced when an authenticated user is know. +A typical use case is a "add to cart" endpoint that can work for +anonymous users, but can be enhanced by binding the cart to a known +customer when the authenticated user is known. + +You can enable a cookie mode on JWT validators. In this case, the JWT +payload obtained from the `Authorization` header is returned as a +Http-Only cookie. This mode is sometimes simpler for front-end +applications which do not then need to store and protect the JWT token +across requests and can simply rely on the cookie management mechanisms +of browsers. When both the `Authorization` header and a cookie are +provided, the cookie is ignored in order to let clients authenticate +with a different user by providing a new JWT token. diff --git a/auth_jwt/readme/USAGE.rst b/auth_jwt/readme/USAGE.rst deleted file mode 100644 index 7d42e750a9..0000000000 --- a/auth_jwt/readme/USAGE.rst +++ /dev/null @@ -1,64 +0,0 @@ -This module lets developpers add a new ``jwt`` authentication method on Odoo -controller routes. - -To use it, you must: - -* Create an ``auth.jwt.validator`` record to configure how the JWT token will - be validated. -* Add an ``auth="jwt_{validator-name}"`` or ``auth="public_or_jwt_{validator-name}"`` - attribute to the routes you want to protect where ``{validator-name}`` corresponds to - the name attribute of the JWT validator record. - -The ``auth_jwt_demo`` module provides examples. - -The JWT validator can be configured with the following properties: - -* ``name``: the validator name, to match the ``auth="jwt_{validator-name}"`` - route property. -* ``audience``: a comma-separated list of allowed audiences, used to validate - the ``aud`` claim. -* ``issuer``: used to validate the ``iss`` claim. -* Signature type (secret or public key), algorithm, secret and JWK URI - are used to validate the token signature. - -In addition, the ``exp`` claim is validated to reject expired tokens. - -If the ``Authorization`` HTTP header is missing, malformed, or contains -an invalid token, the request is rejected with a 401 (Unauthorized) code, -unless the cookie mode is enabled (see below). - -If the token is valid, the request executes with the configured user id. By -default the user id selection strategy is ``static`` (i.e. the same for all -requests) and the selected user is configured on the JWT validator. Additional -strategies can be provided by overriding the ``_get_uid()`` method and -extending the ``user_id_strategy`` selection field. - -The selected user is *not* stored in the session. It is only available in -``request.uid`` (and thus it is the one used in ``request.env``). To avoid any -confusion and mismatches between the bearer token and the session, this module -rejects requests made with an authenticated user session. - -Additionally, if a ``partner_id_strategy`` is configured, a partner is searched -and if found, its id is stored in the ``request.jwt_partner_id`` attribute. If -``partner_id_required`` is set, a 401 (Unauthorized) is returned if no partner -was found. Otherwise ``request.jwt_partner_id`` is left falsy. Additional -strategies can be provided by overriding the ``_get_partner_id()`` method -and extending the ``partner_id_strategy`` selection field. - -The decoded JWT payload is stored in ``request.jwt_payload``. - -The ``public_auth_jwt`` method delegates authentication to the standard Odoo ``public`` -method when the Authorization header is not set. If it is set, the regular JWT -authentication is performed as described above. This method is useful for public -endpoints that need to work for anonymous users, but can be enhanced when an -authenticated user is know. A typical use case is a "add to cart" endpoint that can work -for anonymous users, but can be enhanced by binding the cart to a known customer when -the authenticated user is known. - -You can enable a cookie mode on JWT validators. In this case, the JWT payload obtained -from the ``Authorization`` header is returned as a Http-Only cookie. This mode is -sometimes simpler for front-end applications which do not then need to store and protect -the JWT token across requests and can simply rely on the cookie management mechanisms of -browsers. When both the ``Authorization`` header and a cookie are provided, the cookie -is ignored in order to let clients authenticate with a different user by providing a new -JWT token. diff --git a/auth_jwt/static/description/index.html b/auth_jwt/static/description/index.html index 109b2c3500..341f0c558d 100644 --- a/auth_jwt/static/description/index.html +++ b/auth_jwt/static/description/index.html @@ -1,4 +1,3 @@ - @@ -9,10 +8,11 @@ /* :Author: David Goodger (goodger@python.org) -:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $ +:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $ :Copyright: This stylesheet has been placed in the public domain. Default cascading style sheet for the HTML output of Docutils. +Despite the name, some widely supported CSS2 features are used. See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to customize this style sheet. @@ -275,7 +275,7 @@ margin-left: 2em ; margin-right: 2em } -pre.code .ln { color: grey; } /* line numbers */ +pre.code .ln { color: gray; } /* line numbers */ pre.code, code { background-color: #eeeeee } pre.code .comment, code .comment { color: #5C6576 } pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold } @@ -301,7 +301,7 @@ span.pre { white-space: pre } -span.problematic { +span.problematic, pre.problematic { color: red } span.section-subtitle { @@ -369,7 +369,7 @@

Auth JWT

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! source digest: sha256:d22309ac82ef1eb8879974683b10d4be288eb330fd7e250927f1a8d602dc3988 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! --> -

Beta License: LGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

+

Beta License: LGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

JWT bearer token authentication.

Table of contents

@@ -391,68 +391,74 @@

Installation

Usage

-

This module lets developpers add a new jwt authentication method on Odoo -controller routes.

+

This module lets developpers add a new jwt authentication method on +Odoo controller routes.

To use it, you must:

    -
  • Create an auth.jwt.validator record to configure how the JWT token will -be validated.
    • -
  • Add an auth="jwt_{validator-name}" or auth="public_or_jwt_{validator-name}" -attribute to the routes you want to protect where {validator-name} corresponds to -the name attribute of the JWT validator record.
    • +
  • Create an auth.jwt.validator record to configure how the JWT token +will be validated.
    • +
  • Add an auth="jwt_{validator-name}" or +auth="public_or_jwt_{validator-name}" attribute to the routes you +want to protect where {validator-name} corresponds to the name +attribute of the JWT validator record.

The auth_jwt_demo module provides examples.

The JWT validator can be configured with the following properties:

    -
  • name: the validator name, to match the auth="jwt_{validator-name}" -route property.
    • -
  • audience: a comma-separated list of allowed audiences, used to validate -the aud claim.
    • +
  • name: the validator name, to match the +auth="jwt_{validator-name}" route property.
    • +
  • audience: a comma-separated list of allowed audiences, used to +validate the aud claim.
  • issuer: used to validate the iss claim.
  • Signature type (secret or public key), algorithm, secret and JWK URI are used to validate the token signature.

In addition, the exp claim is validated to reject expired tokens.

If the Authorization HTTP header is missing, malformed, or contains -an invalid token, the request is rejected with a 401 (Unauthorized) code, -unless the cookie mode is enabled (see below).

-

If the token is valid, the request executes with the configured user id. By -default the user id selection strategy is static (i.e. the same for all -requests) and the selected user is configured on the JWT validator. Additional -strategies can be provided by overriding the _get_uid() method and -extending the user_id_strategy selection field.

-

The selected user is not stored in the session. It is only available in -request.uid (and thus it is the one used in request.env). To avoid any -confusion and mismatches between the bearer token and the session, this module -rejects requests made with an authenticated user session.

-

Additionally, if a partner_id_strategy is configured, a partner is searched -and if found, its id is stored in the request.jwt_partner_id attribute. If -partner_id_required is set, a 401 (Unauthorized) is returned if no partner -was found. Otherwise request.jwt_partner_id is left falsy. Additional -strategies can be provided by overriding the _get_partner_id() method -and extending the partner_id_strategy selection field.

+an invalid token, the request is rejected with a 401 (Unauthorized) +code, unless the cookie mode is enabled (see below).

+

If the token is valid, the request executes with the configured user id. +By default the user id selection strategy is static (i.e. the same +for all requests) and the selected user is configured on the JWT +validator. Additional strategies can be provided by overriding the +_get_uid() method and extending the user_id_strategy selection +field.

+

The selected user is not stored in the session. It is only available +in request.uid (and thus it is the one used in request.env). To +avoid any confusion and mismatches between the bearer token and the +session, this module rejects requests made with an authenticated user +session.

+

Additionally, if a partner_id_strategy is configured, a partner is +searched and if found, its id is stored in the +request.jwt_partner_id attribute. If partner_id_required is set, +a 401 (Unauthorized) is returned if no partner was found. Otherwise +request.jwt_partner_id is left falsy. Additional strategies can be +provided by overriding the _get_partner_id() method and extending +the partner_id_strategy selection field.

The decoded JWT payload is stored in request.jwt_payload.

-

The public_auth_jwt method delegates authentication to the standard Odoo public -method when the Authorization header is not set. If it is set, the regular JWT -authentication is performed as described above. This method is useful for public -endpoints that need to work for anonymous users, but can be enhanced when an -authenticated user is know. A typical use case is a “add to cart” endpoint that can work -for anonymous users, but can be enhanced by binding the cart to a known customer when -the authenticated user is known.

-

You can enable a cookie mode on JWT validators. In this case, the JWT payload obtained -from the Authorization header is returned as a Http-Only cookie. This mode is -sometimes simpler for front-end applications which do not then need to store and protect -the JWT token across requests and can simply rely on the cookie management mechanisms of -browsers. When both the Authorization header and a cookie are provided, the cookie -is ignored in order to let clients authenticate with a different user by providing a new -JWT token.

+

The public_auth_jwt method delegates authentication to the standard +Odoo public method when the Authorization header is not set. If it +is set, the regular JWT authentication is performed as described above. +This method is useful for public endpoints that need to work for +anonymous users, but can be enhanced when an authenticated user is know. +A typical use case is a “add to cart” endpoint that can work for +anonymous users, but can be enhanced by binding the cart to a known +customer when the authenticated user is known.

+

You can enable a cookie mode on JWT validators. In this case, the JWT +payload obtained from the Authorization header is returned as a +Http-Only cookie. This mode is sometimes simpler for front-end +applications which do not then need to store and protect the JWT token +across requests and can simply rely on the cookie management mechanisms +of browsers. When both the Authorization header and a cookie are +provided, the cookie is ignored in order to let clients authenticate +with a different user by providing a new JWT token.

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed -feedback.

+feedback.

Do not contact contributors directly about support or help with technical issues.

@@ -467,18 +473,21 @@

Authors

Contributors

Maintainers

This module is maintained by the OCA.

-Odoo Community Association + +Odoo Community Association +

OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.

Current maintainer:

sbidoul

-

This module is part of the OCA/server-auth project on GitHub.

+

This module is part of the OCA/server-auth project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

diff --git a/auth_jwt/tests/test_auth_jwt.py b/auth_jwt/tests/test_auth_jwt.py index 20fb59b7cb..6a87e87cbc 100644 --- a/auth_jwt/tests/test_auth_jwt.py +++ b/auth_jwt/tests/test_auth_jwt.py @@ -200,7 +200,8 @@ def test_auth_method_invalid_token_on_chain(self): self.env["ir.http"]._auth_method_jwt_validator() self.assertEqual( str(composite_error.exception), - "401 Unauthorized: Multiple errors occurred during JWT chain validation:\n" + "401 Unauthorized: " + "Multiple errors occurred during JWT chain validation:\n" "validator: 401 Unauthorized: " "The server could not verify that you are authorized to " "access the URL requested. You either supplied the wrong " @@ -287,17 +288,20 @@ def test_partner_id_strategy_email_not_found_partner_required(self): def test_get_validator(self): AuthJwtValidator = self.env["auth.jwt.validator"] AuthJwtValidator.search([]).unlink() - with self.assertRaises(JwtValidatorNotFound), mute_logger( - "odoo.addons.auth_jwt.models.auth_jwt_validator" + with ( + self.assertRaises(JwtValidatorNotFound), + mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"), ): AuthJwtValidator._get_validator_by_name(None) - with self.assertRaises(JwtValidatorNotFound), mute_logger( - "odoo.addons.auth_jwt.models.auth_jwt_validator" + with ( + self.assertRaises(JwtValidatorNotFound), + mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"), ): AuthJwtValidator._get_validator_by_name("notavalidator") validator1 = self._create_validator(name="validator1") - with self.assertRaises(JwtValidatorNotFound), mute_logger( - "odoo.addons.auth_jwt.models.auth_jwt_validator" + with ( + self.assertRaises(JwtValidatorNotFound), + mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"), ): AuthJwtValidator._get_validator_by_name("notavalidator") self.assertEqual(AuthJwtValidator._get_validator_by_name(None), validator1) @@ -306,8 +310,9 @@ def test_get_validator(self): ) # create a second validator validator2 = self._create_validator(name="validator2") - with self.assertRaises(AmbiguousJwtValidator), mute_logger( - "odoo.addons.auth_jwt.models.auth_jwt_validator" + with ( + self.assertRaises(AmbiguousJwtValidator), + mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"), ): AuthJwtValidator._get_validator_by_name(None) self.assertEqual( diff --git a/auth_jwt/views/auth_jwt_validator_views.xml b/auth_jwt/views/auth_jwt_validator_views.xml index bc907038a9..318e2ce72b 100644 --- a/auth_jwt/views/auth_jwt_validator_views.xml +++ b/auth_jwt/views/auth_jwt_validator_views.xml @@ -18,35 +18,35 @@ @@ -57,16 +57,13 @@ - + diff --git a/requirements.txt b/requirements.txt index 72eb0562e8..30a3b63d62 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,8 @@ # generated from manifests external_dependencies +cryptography email_validator lxml +pyjwt pysaml2 python-jose python-ldap