Merge PR #627 into 16.0

Signed-off-by sbidoul

auth_oauth_autologin/README.rst

@@ -0,0 +1,111 @@
+====================
+Auth Oauth Autologin
+====================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:b39eab35ecf9f611b79515461079fc6ba8a002fc432515c31009b6c70eff01c3
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/16.0/auth_oauth_autologin
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_oauth_autologin
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This modules implements an automatic redirection to the configured OAuth
+provider login page, if there is one and only one enabled. This effectively
+makes the regular Odoo login screen invisible in normal circumstances.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+Configure OAuth providers in Settings > Users and Companies, and make sure
+there is one and only one that has both the enabled and automatic login flags
+set.
+
+When this is done, users visiting the login page (/web/login), or being
+redirected to it because they are not authenticated yet, will be redirected to
+the identity provider login page instead of the regular Odoo login page.
+
+Be aware that this module does not actively prevent users from authenticating
+with an login and password stored in the Odoo database. In some unusual
+circumstances (such as identity provider errors), the regular Odoo login may
+still be displayed. Securely disabling Odoo login and password, if needed,
+should be the topic of another module.
+
+Also be aware that this has a possibly surprising effect on the logout menu
+item. When the user logs out of Odoo, a redirect to the login page happens. The
+login page in turn redirects to the identity provider, which, if the user is
+already authenticated there, automatically logs the user back in Odoo, in a
+fresh session.
+
+Usage
+=====
+
+When configured, the Odoo login page redirects to the OAuth identify provider
+for authentication and login in Odoo. To access the regular Odoo login page,
+visit ``/web/login?no_autologin``.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_oauth_autologin%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* ACSONE SA/NV
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-sbidoul| image:: https://github.com/sbidoul.png?size=40px
+    :target: https://github.com/sbidoul
+    :alt: sbidoul
+
+Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-sbidoul| 
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/auth_oauth_autologin>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_oauth_autologin/__init__.py

@@ -0,0 +1,2 @@
+from . import controllers
+from . import models

auth_oauth_autologin/__manifest__.py

@@ -0,0 +1,19 @@
+# Copyright 2021 ACSONE SA/NV
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Auth Oauth Autologin",
+    "summary": """
+        Automatically redirect to the OAuth provider for login""",
+    "version": "16.0.1.0.0",
+    "license": "AGPL-3",
+    "author": "ACSONE SA/NV,Odoo Community Association (OCA)",
+    "maintainers": ["sbidoul"],
+    "website": "https://github.com/OCA/server-auth",
+    "depends": ["auth_oauth"],
+    "data": ["views/auth_oauth_provider.xml"],
+    "demo": [],
+    "assets": {
+        "web.assets_frontend": ["auth_oauth_autologin/static/src/js/web_login.js"]
+    },
+}

auth_oauth_autologin/controllers/__init__.py

@@ -0,0 +1 @@
+from . import main

auth_oauth_autologin/controllers/main.py

@@ -0,0 +1,34 @@
+# Copyright 2021 ACSONE SA/NV
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from urllib.parse import parse_qsl, urlparse
+
+from odoo import http
+from odoo.http import request
+
+from odoo.addons.auth_oauth.controllers.main import OAuthLogin
+
+
+class OAuthAutoLogin(OAuthLogin):
+    def _autologin_disabled(self, redirect):
+        url = urlparse(redirect)
+        params = dict(parse_qsl(url.query, keep_blank_values=True))
+        return "no_autologin" in params or "oauth_error" in params or "error" in params
+
+    def _autologin_link(self):
+        providers = [p for p in self.list_providers() if p.get("autologin")]
+        if len(providers) == 1:
+            return providers[0].get("auth_link")
+
+    @http.route(
+        "/auth/auto_login_redirect_link",
+        type="json",
+        auth="none",
+    )
+    def auto_login_redirect_link(self, *args, **kwargs):
+        redirect = kwargs.get("redirect")
+        if self._autologin_disabled(redirect):
+            return False
+        request.params["redirect"] = redirect
+        auth_link = self._autologin_link()
+        return auth_link

auth_oauth_autologin/i18n/auth_oauth_autologin.pot

@@ -0,0 +1,31 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_oauth_autologin
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 13.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_oauth_autologin
+#: model:ir.model.fields,field_description:auth_oauth_autologin.field_auth_oauth_provider__autologin
+msgid "Automatic Login"
+msgstr ""
+
+#. module: auth_oauth_autologin
+#: model:ir.model.fields,help:auth_oauth_autologin.field_auth_oauth_provider__autologin
+msgid ""
+"If exactly one enabled provider has this checked, the login screen redirects"
+" to the OAuth provider."
+msgstr ""
+
+#. module: auth_oauth_autologin
+#: model:ir.model,name:auth_oauth_autologin.model_auth_oauth_provider
+msgid "OAuth2 provider"
+msgstr ""

auth_oauth_autologin/models/__init__.py

@@ -0,0 +1 @@
+from . import auth_oauth_provider

auth_oauth_autologin/models/auth_oauth_provider.py

@@ -0,0 +1,16 @@
+# Copyright 2021 ACSONE SA/NV <https://acsone.eu>
+# License: AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+
+from odoo import fields, models
+
+
+class AuthOauthProvider(models.Model):
+    _inherit = "auth.oauth.provider"
+
+    autologin = fields.Boolean(
+        string="Automatic Login",
+        help=(
+            "If exactly one enabled provider has this checked, "
+            "the login screen redirects to the OAuth provider."
+        ),
+    )

auth_oauth_autologin/readme/CONFIGURE.rst

@@ -0,0 +1,19 @@
+Configure OAuth providers in Settings > Users and Companies, and make sure
+there is one and only one that has both the enabled and automatic login flags
+set.
+
+When this is done, users visiting the login page (/web/login), or being
+redirected to it because they are not authenticated yet, will be redirected to
+the identity provider login page instead of the regular Odoo login page.
+
+Be aware that this module does not actively prevent users from authenticating
+with an login and password stored in the Odoo database. In some unusual
+circumstances (such as identity provider errors), the regular Odoo login may
+still be displayed. Securely disabling Odoo login and password, if needed,
+should be the topic of another module.
+
+Also be aware that this has a possibly surprising effect on the logout menu
+item. When the user logs out of Odoo, a redirect to the login page happens. The
+login page in turn redirects to the identity provider, which, if the user is
+already authenticated there, automatically logs the user back in Odoo, in a
+fresh session.

auth_oauth_autologin/readme/DESCRIPTION.rst

@@ -0,0 +1,3 @@
+This modules implements an automatic redirection to the configured OAuth
+provider login page, if there is one and only one enabled. This effectively
+makes the regular Odoo login screen invisible in normal circumstances.

auth_oauth_autologin/readme/USAGE.rst

@@ -0,0 +1,3 @@
+When configured, the Odoo login page redirects to the OAuth identify provider
+for authentication and login in Odoo. To access the regular Odoo login page,
+visit ``/web/login?no_autologin``.