Skip to content

Commit

Permalink
chore: another scope select option
Browse files Browse the repository at this point in the history
  • Loading branch information
@dnplkndll
dnplkndll committed Jan 17, 2025
1 parent 71a29e0 commit 8a68b5e
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 29 deletions.
2 changes: 1 addition & 1 deletion auth_jwt/__manifest__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"name": "Auth JWT",
"summary": """
JWT bearer token authentication.""",
"version": "18.0.1.1.0",
"version": "18.0.1.1.1",
"license": "LGPL-3",
"author": "ACSONE SA/NV,Odoo Community Association (OCA)",
"maintainers": ["sbidoul"],
Expand Down
50 changes: 25 additions & 25 deletions auth_jwt/models/auth_jwt_validator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,16 +64,15 @@ class AuthJwtValidator(models.Model):
],
default="RS256",
)
audience = fields.Char(
required=False, help="Comma separated list of audiences, to validate aud."
)
scopes = fields.Char(
required=False, help="Comma separated list of scopes, to validate scope."
audience_type = fields.Selection(
[("audience", "Audience"), ("group", "Group"), ("scope", "Scope")],
required=True,
default="audience",
)
groups = fields.Char(
required=False,
help="Comma separated list of groups, to validate group membership.",
audience = fields.Char(
required=False, help="Comma separated list of attribute needed."
)

issuer = fields.Char(required=True, help="To validate iss.")
user_id_strategy = fields.Selection(
[("static", "Static")], required=True, default="static"
Expand Down Expand Up @@ -213,23 +212,24 @@ def _decode(self, token, secret=None):
),
issuer=self.issuer,
)
if len(self.audience) > 0:
if (payload.get("client_id") in (self.audience).split(",")) or (
payload.get("aud") in self.audience.split(",")
):
return payload
else:
raise UnauthorizedInvalidToken()
if len(self.scopes) > 0:
if payload.get("scope") in (self.scopes).split(","):
return payload
else:
raise UnauthorizedInvalidToken()
if len(self.groups) > 0:
if payload.get("group") in (self.groups).split(","):
return payload
else:
raise UnauthorizedInvalidToken()
if len((self.audience).split(",") or []) > 0:
if self.audience_type == "audience":
if (payload.get("client_id") in (self.audience).split(",")) or (
payload.get("aud") in self.audience.split(",")
):
return payload
else:
raise UnauthorizedInvalidToken()
if self.audience_type == "scope":
if payload.get("scope") in (self.audience).split(","):
return payload
else:
raise UnauthorizedInvalidToken()
if self.audience_type == "group":
if payload.get("group") in (self.audience).split(","):
return payload
else:
raise UnauthorizedInvalidToken()
except Exception as e:
_logger.info("Invalid token: %s", e)
raise UnauthorizedInvalidToken() from e
Expand Down
4 changes: 1 addition & 3 deletions auth_jwt/views/auth_jwt_validator_views.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,8 @@
<field name="next_validator_id" />
</group>
<group colspan="2" string="Token validation">
<field name="audience_type" />
<field name="audience" />
<field name="scopes" />
<field name="groups" />
<field name="issuer" />
<field name="signature_type" />
<field
name="secret_key"
Expand Down

0 comments on commit 8a68b5e

Please sign in to comment.