[IMP] fastapi_auth_partner: Add mail verification

fastapi_auth_partner/README.rst

@@ -0,0 +1 @@
+todo

fastapi_auth_partner/__init__.py

@@ -0,0 +1,4 @@
+from . import models
+from . import routers
+from . import schemas
+from . import wizards

fastapi_auth_partner/__manifest__.py

@@ -0,0 +1,38 @@
+# Copyright 2020 Akretion
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Partner Auth",
+    "summary": """
+        Implements the base features for a authenticable partner""",
+    "version": "16.0.1.0.0",
+    "license": "AGPL-3",
+    "author": "Akretion,Odoo Community Association (OCA)",
+    "website": "https://github.com/OCA/rest-framework",
+    "depends": [
+        "extendable_fastapi",
+        "mail",
+        "queue_job",
+    ],
+    "data": [
+        "security/res_group.xml",
+        "security/ir.model.access.csv",
+        "security/ir_rule.xml",
+        "data/email_data.xml",
+        "views/fastapi_endpoint_view.xml",
+        "views/fastapi_auth_partner_view.xml",
+        "views/fastapi_auth_directory_view.xml",
+        "views/res_partner_view.xml",
+        "wizards/wizard_partner_auth_reset_password_view.xml",
+        "wizards/wizard_partner_auth_impersonate_view.xml",
+    ],
+    "demo": [
+        "demo/fastapi_auth_directory_demo.xml",
+        "demo/res_partner_demo.xml",
+        "demo/fastapi_auth_partner_demo.xml",
+        "demo/fastapi_endpoint_demo.xml",
+    ],
+    "external_dependencies": {
+        "python": ["itsdangerous"],
+    },
+}

fastapi_auth_partner/data/email_data.xml

@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo noupdate="1">
+    <record id="email_request_reset_password" model="mail.template">
+        <field name="name">FastApi Auth Directory: Reset Password</field>
+        <field name="email_from">[email protected]</field>
+        <field name="subject">Reset Password</field>
+        <field name="partner_to">{{object.partner_id.id}}</field>
+        <field name="model_id" ref="model_fastapi_auth_partner" />
+        <field name="auto_delete" eval="True" />
+        <field name="lang">${object.partner_id.lang}</field>
+        <field name="body_html" type="html">
+            <div>
+            Hi <t t-out="object.partner_id.name or ''" />
+            Click on the following link to reset your password
+            <a
+                    t-attf-href="https://example.org/password/reset?token={{ object.env.context['token']}}"
+                    target="_blank"
+                    style="color:#FFFFFF; text-decoration:none;"
+                >Reset Password</a>
+            </div>
+        </field>
+    </record>
+
+    <record id="email_invite_set_password" model="mail.template">
+        <field name="name">FastApi Auth Directory: Set Password</field>
+        <field name="email_from">[email protected]</field>
+        <field name="subject">Welcome</field>
+        <field name="partner_to">{{object.partner_id.id}}</field>
+        <field name="model_id" ref="model_fastapi_auth_partner" />
+        <field name="auto_delete" eval="True" />
+        <field name="lang">{{object.partner_id.lang}}</field>
+        <field name="body_html" type="html">
+            <div>
+            Hi <t t-out="object.partner_id.name or ''" />
+            Welcome, your account have been created
+            Click on the following link to set your password
+            <a
+                    t-attf-href="https://example.org/password/reset?token={{ object.env.context['token']}}"
+                    target="_blank"
+                    style="color:#FFFFFF; text-decoration:none;"
+                >Set Password</a>
+            </div>
+        </field>
+    </record>
+
+    <record id="email_invite_validate_email" model="mail.template">
+        <field name="name">FastApi Auth Directory: Validate Email</field>
+        <field name="email_from">[email protected]</field>
+        <field name="subject">Welcome</field>
+        <field name="partner_to">{{object.partner_id.id}}</field>
+        <field name="model_id" ref="model_fastapi_auth_partner" />
+        <field name="auto_delete" eval="True" />
+        <field name="lang">{{object.partner_id.lang}}</field>
+        <field name="body_html" type="html">
+            <div>
+            Hi <t t-out="object.partner_id.name or ''" />
+            Welcome to the site, please click on the following link to verify your email
+            <a
+                    t-attf-href="https://example.org/email/validate?token={{ object.env.context['token']}}"
+                    target="_blank"
+                    style="color:#FFFFFF; text-decoration:none;"
+                >Validate Email</a>
+            </div>
+        </field>
+    </record>
+
+</odoo>

fastapi_auth_partner/demo/fastapi_auth_directory_demo.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="demo_directory" model="fastapi.auth.directory">
+        <field name="name">Demo Auth Directory</field>
+        <field
+            name="request_reset_password_template_id"
+            ref="email_request_reset_password"
+        />
+        <field name="invite_set_password_template_id" ref="email_invite_set_password" />
+        <field
+            name="invite_validate_email_template_id"
+            ref="email_invite_validate_email"
+        />
+        <field name="cookie_secret_key">SuperSecret</field>
+    </record>
+</odoo>

fastapi_auth_partner/demo/fastapi_auth_partner_demo.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="partner_auth_demo" model="fastapi.auth.partner">
+        <field name="partner_id" ref="res_partner_auth_demo" />
+        <field name="directory_id" ref="demo_directory" />
+        <field name="password">Super-secret$1</field>
+    </record>
+</odoo>

fastapi_auth_partner/demo/fastapi_endpoint_demo.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo>
+  <record model="fastapi.endpoint" id="fastapi_endpoint_demo">
+    <field name="name">Fastapi Auth Partner Demo Endpoint</field>
+    <field
+            name="description"
+        ><![CDATA[
+# A Dummy FastApi Partner Auth Demo
+
+This demo endpoint has been created by inhering from "fastapi.endpoint", registering
+a new app into the app selection field and implementing the `_get_fastapi_routers`
+methods. See documentation to learn more about how to create a new app.
+]]></field>
+    <field name="app">demo</field>
+    <field name="root_path">/fastapi_auth_partner_demo</field>
+    <field name="demo_auth_method">auth_partner</field>
+    <field name="user_id" ref="fastapi.my_demo_app_user" />
+    <field name="directory_id" ref="demo_directory" />
+  </record>
+</odoo>

fastapi_auth_partner/demo/res_partner_demo.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+
+    <record id="res_partner_auth_demo" model="res.partner">
+        <field name="name">Demo auth partner</field>
+        <field name="email">[email protected]</field>
+    </record>
+
+</odoo>

fastapi_auth_partner/dependencies.py

@@ -0,0 +1,73 @@
+# Copyright 2023 Akretion (https://www.akretion.com).
+# @author Sébastien BEAU <[email protected]>
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+import logging
+import sys
+from typing import Any, Dict, Union
+
+from itsdangerous import URLSafeTimedSerializer
+from starlette.status import HTTP_401_UNAUTHORIZED
+
+from odoo.api import Environment
+
+from odoo.addons.base.models.res_partner import Partner
+from odoo.addons.fastapi.dependencies import fastapi_endpoint, odoo_env
+from odoo.addons.fastapi.models import FastapiEndpoint
+
+from fastapi import Cookie, Depends, HTTPException, Request, Response
+
+if sys.version_info >= (3, 9):
+    from typing import Annotated
+else:
+    from typing_extensions import Annotated
+
+_logger = logging.getLogger(__name__)
+
+
+Payload = Dict[str, Any]
+
+
+class AuthPartner:
+    def __init__(self, allow_unauthenticated: bool = False):
+        self.allow_unauthenticated = allow_unauthenticated
+
+    def __call__(
+        self,
+        request: Request,
+        response: Response,
+        env: Annotated[
+            Environment,
+            Depends(odoo_env),
+        ],
+        endpoint: Annotated[FastapiEndpoint, Depends(fastapi_endpoint)],
+        fastapi_auth_partner: Annotated[Union[str, None], Cookie()] = None,
+    ) -> Partner:
+        if not fastapi_auth_partner and self.allow_unauthenticated:
+            return env["res.partner"].with_user(env.ref("base.public_user")).browse()
+
+        elif fastapi_auth_partner:
+            directory = endpoint.sudo().directory_id
+            try:
+                vals = URLSafeTimedSerializer(directory.cookie_secret_key).loads(
+                    fastapi_auth_partner, max_age=directory.cookie_duration * 60
+                )
+            except Exception as e:
+                _logger.error("Invalid cookies error %s", e)
+                raise HTTPException(status_code=HTTP_401_UNAUTHORIZED) from e
+            if vals["did"] == directory.id and vals["pid"]:
+                partner = env["res.partner"].browse(vals["pid"]).exists()
+                if partner:
+                    auth = partner.sudo().auth_partner_ids.filtered(
+                        lambda s: s.directory_id == directory
+                    )
+                    if auth:
+                        if directory.sliding_session:
+                            auth._set_auth_cookie(response)
+                        return partner
+        _logger.info("Could not determine partner from 'fastapi_auth_partner' cookie.")
+        raise HTTPException(status_code=HTTP_401_UNAUTHORIZED)
+
+
+auth_partner_authenticated_partner = AuthPartner()
+auth_partner_optionally_authenticated_partner = AuthPartner(allow_unauthenticated=True)

fastapi_auth_partner/models/__init__.py

@@ -0,0 +1,4 @@
+from . import fastapi_auth_directory
+from . import fastapi_auth_partner
+from . import res_partner
+from . import fastapi_endpoint

fastapi_auth_partner/models/fastapi_auth_directory.py

@@ -0,0 +1,93 @@
+# Copyright 2020 Akretion
+# Copyright 2020 Odoo SA (some code have been inspired from res_users code)
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+
+from odoo import fields, models
+
+
+class FastApiAuthDirectory(models.Model):
+    _name = "fastapi.auth.directory"
+    _description = "FastApi Auth Directory"
+
+    name = fields.Char(required=True)
+    set_password_token_duration = fields.Integer(
+        default=1440, help="In minute, default 1440 minutes => 24h", required=True
+    )
+    impersonating_token_duration = fields.Integer(
+        default=1, help="In minute, default 1 minute", required=True
+    )
+    request_reset_password_template_id = fields.Many2one(
+        "mail.template",
+        "Mail Template Forget Password",
+        required=True,
+        default=lambda self: self.env.ref(
+            "fastapi_auth_partner.email_request_reset_password",
+            raise_if_not_found=False,
+        ),
+    )
+    invite_set_password_template_id = fields.Many2one(
+        "mail.template",
+        "Mail Template New Password",
+        required=True,
+        default=lambda self: self.env.ref(
+            "fastapi_auth_partner.email_invite_set_password",
+            raise_if_not_found=False,
+        ),
+    )
+    invite_validate_email_template_id = fields.Many2one(
+        "mail.template",
+        "Mail Template Validate Email",
+        required=True,
+        default=lambda self: self.env.ref(
+            "fastapi_auth_partner.email_invite_validate_email",
+            raise_if_not_found=False,
+        ),
+    )
+    cookie_secret_key = fields.Char(
+        required=True,
+        groups="base.group_system",
+    )
+    cookie_duration = fields.Integer(
+        default=525600,
+        help="In minute, default 525600 minutes => 1 year",
+        required=True,
+    )
+    count_partner = fields.Integer(compute="_compute_count_partner")
+
+    fastapi_endpoint_ids = fields.One2many(
+        "fastapi.endpoint",
+        "directory_id",
+        string="FastAPI Endpoints",
+    )
+    impersonating_user_ids = fields.Many2many(
+        "res.users",
+        "fastapi_auth_directory_impersonating_user_rel",
+        "directory_id",
+        "user_id",
+        string="Impersonating Users",
+        help="These odoo users can impersonate any partner of this directory",
+        default=lambda self: (
+            self.env.ref("base.user_root") | self.env.ref("base.user_admin")
+        ).ids,
+        groups="fastapi_auth_partner.group_partner_auth_manager",
+    )
+    sliding_session = fields.Boolean()
+
+    def _compute_count_partner(self):
+        data = self.env["fastapi.auth.partner"].read_group(
+            [
+                ("directory_id", "in", self.ids),
+            ],
+            ["directory_id"],
+            groupby=["directory_id"],
+            lazy=False,
+        )
+        res = {item["directory_id"][0]: item["__count"] for item in data}
+
+        for record in self:
+            record.count_partner = res.get(record.id, 0)
+
+    @property
+    def _server_env_fields(self):
+        return {"cookie_secret_key": {}}