Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FIX] website_require_login: Login page recursion #1043

Open
wants to merge 4 commits into
base: 16.0
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions setup/website_require_login_queue_job/setup.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
import setuptools

setuptools.setup(
setup_requires=['setuptools-odoo'],
odoo_addon=True,
)
5 changes: 4 additions & 1 deletion website_require_login/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Website Login Required
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:a0f16f0655f6b5b9eec2c2e621f35dbcc40c69a3c5353dec8b07ddfab1874313
!! source digest: sha256:74ad683eba54803e4df9ebfe80d38fba6520b41c3d7ce6106be4aad28f2b2726
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
Expand Down Expand Up @@ -65,6 +65,9 @@ Contributors
~~~~~~~~~~~~

* Ooops404 <https://ooops404.com>
* `Aion Tech <https://aiontech.company/>`_:

* Simone Rubino <simone.rubino@aion-tech.it>

Maintainers
~~~~~~~~~~~
Expand Down
43 changes: 38 additions & 5 deletions website_require_login/models/ir_http.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# Copyright 2020 Advitus MB
# Copyright 2024 Simone Rubino - Aion Tech
# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl-3.0).
from pathlib import Path

Expand All @@ -23,12 +24,45 @@ def _serve_fallback(cls):
return res
return super()._serve_fallback()

@classmethod
def _require_login_whitelist_paths(cls):
"""List of paths that must always be available to all users."""
return [
# backend is already protected by login,
# also /web/login, /web/assets, /web/image and others
# are needed to correctly render the login page
"/web",
"/website/translations",
"/jsonrpc",
"/xmlrpc",
]

@classmethod
def _require_login_get_matching_path(cls, path, search_paths):
"""Return which one of `search_paths` is a parent of `path`."""
path_inst = Path(path)
for search_path in search_paths:
if search_path == path or Path(search_path) in path_inst.parents:
matching_path = search_path
break
else:
matching_path = None
return matching_path

@classmethod
def _check_require_auth(cls):
# if not website request - skip
website = request.env["website"].sudo().get_current_website()
if not website:
return None

# Skip whitelisted paths
path = request.httprequest.path
whitelist_paths = cls._require_login_whitelist_paths()
whitelist_path = cls._require_login_get_matching_path(path, whitelist_paths)
if whitelist_path:
return None

if request.uid and (request.uid != website.user_id.id):
return None
auth_paths = (
Expand All @@ -41,8 +75,7 @@ def _check_require_auth(cls):
)
.mapped("path")
)
path = request.httprequest.path
for auth_path in auth_paths:
if auth_path == path or Path(auth_path) in Path(path).parents:
redirect_path = "/web/login?redirect=%s" % path
return request.redirect(redirect_path, code=302)
auth_path = cls._require_login_get_matching_path(path, auth_paths)
if auth_path:
redirect_path = "/web/login?redirect=%s" % path
return request.redirect(redirect_path, code=302)
3 changes: 3 additions & 0 deletions website_require_login/readme/CONTRIBUTORS.rst
Original file line number Diff line number Diff line change
@@ -1 +1,4 @@
* Ooops404 <https://ooops404.com>
* `Aion Tech <https://aiontech.company/>`_:

* Simone Rubino <simone.rubino@aion-tech.it>
18 changes: 12 additions & 6 deletions website_require_login/static/description/index.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
Expand All @@ -9,10 +8,11 @@

/*
:Author: David Goodger (goodger@python.org)
:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
:Copyright: This stylesheet has been placed in the public domain.

Default cascading style sheet for the HTML output of Docutils.
Despite the name, some widely supported CSS2 features are used.

See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
customize this style sheet.
Expand Down Expand Up @@ -275,7 +275,7 @@
margin-left: 2em ;
margin-right: 2em }

pre.code .ln { color: grey; } /* line numbers */
pre.code .ln { color: gray; } /* line numbers */
pre.code, code { background-color: #eeeeee }
pre.code .comment, code .comment { color: #5C6576 }
pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
Expand All @@ -301,7 +301,7 @@
span.pre {
white-space: pre }

span.problematic {
span.problematic, pre.problematic {
color: red }

span.section-subtitle {
Expand Down Expand Up @@ -367,7 +367,7 @@ <h1 class="title">Website Login Required</h1>
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:a0f16f0655f6b5b9eec2c2e621f35dbcc40c69a3c5353dec8b07ddfab1874313
!! source digest: sha256:74ad683eba54803e4df9ebfe80d38fba6520b41c3d7ce6106be4aad28f2b2726
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/website/tree/16.0/website_require_login"><img alt="OCA/website" src="https://img.shields.io/badge/github-OCA%2Fwebsite-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/website-16-0/website-16-0-website_require_login"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/website&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
<p>This module allows to restrict access to specific website pages to logged users.</p>
Expand Down Expand Up @@ -410,12 +410,18 @@ <h2><a class="toc-backref" href="#toc-entry-4">Authors</a></h2>
<h2><a class="toc-backref" href="#toc-entry-5">Contributors</a></h2>
<ul class="simple">
<li>Ooops404 &lt;<a class="reference external" href="https://ooops404.com">https://ooops404.com</a>&gt;</li>
<li><a class="reference external" href="https://aiontech.company/">Aion Tech</a>:<ul>
<li>Simone Rubino &lt;<a class="reference external" href="mailto:simone.rubino&#64;aion-tech.it">simone.rubino&#64;aion-tech.it</a>&gt;</li>
</ul>
</li>
</ul>
</div>
<div class="section" id="maintainers">
<h2><a class="toc-backref" href="#toc-entry-6">Maintainers</a></h2>
<p>This module is maintained by the OCA.</p>
<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
<a class="reference external image-reference" href="https://odoo-community.org">
<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
</a>
<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.</p>
Expand Down
34 changes: 34 additions & 0 deletions website_require_login/tests/test_ir_http.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# Copyright 2024 Simone Rubino - Aion Tech
# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl-3.0).

from odoo.tests import HttpCase


Expand Down Expand Up @@ -35,3 +38,34 @@ def test_dispatch_authorized(self):
200,
"Expected the response status code to be 200 which means no redirection",
)

def test_authorize_everything(self):
"""Requiring "/" for authorization always redirects to login page."""
# Arrange
self.env["website.auth.url"].unlink()
root_path = "/"
self.env["website.auth.url"].create(
{"website_id": self.website.id, "path": root_path}
)
self.env["ir.qweb"]._pregenerate_assets_bundles()
asset_attachment = self.env["ir.attachment"].search(
[
("url", "like", "/web/assets/%"),
],
limit=1,
)

redirection_path_map = {
"/": "/web/login?redirect=/",
"/contactus": "/web/login?redirect=/contactus",
asset_attachment.url: asset_attachment.url,
"/web/login": "/web/login",
"/jsonrpc": "/jsonrpc",
"/xmlrpc/2/common": "/xmlrpc/2/common",
"/xmlrpc/2/object": "/xmlrpc/2/object",
}

# Assert
for requested_path, expected_redirected_path in redirection_path_map.items():
response = self.url_open(requested_path)
self.assertTrue(response.url.endswith(expected_redirected_path))
80 changes: 80 additions & 0 deletions website_require_login_queue_job/README.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
==================================
Website Login Required - Queue Job
==================================

..
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:74ad683eba54803e4df9ebfe80d38fba6520b41c3d7ce6106be4aad28f2b2726
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
:target: https://odoo-community.org/page/development-status
:alt: Beta
.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
:target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
:alt: License: LGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fwebsite-lightgray.png?logo=github
:target: https://github.com/OCA/website/tree/16.0/website_require_login_queue_job
:alt: OCA/website
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
:target: https://translation.odoo-community.org/projects/website-16-0/website-16-0-website_require_login_queue_job
:alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
:target: https://runboat.odoo-community.org/builds?repo=OCA/website&target_branch=16.0
:alt: Try me on Runboat

|badge1| |badge2| |badge3| |badge4| |badge5|

This module allows to use jobs of **queue_job** when login restriction is active.

This is needed when the authorized paths are in conflict with **queue_job**'s paths.

**Table of contents**

.. contents::
:local:

Bug Tracker
===========

Bugs are tracked on `GitHub Issues <https://github.com/OCA/website/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
`feedback <https://github.com/OCA/website/issues/new?body=module:%20website_require_login_queue_job%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.

Do not contact contributors directly about support or help with technical issues.

Credits
=======

Authors
~~~~~~~

* Aion Tech

Contributors
~~~~~~~~~~~~

* `Aion Tech <https://aiontech.company/>`_:

* Simone Rubino <simone.rubino@aion-tech.it>

Maintainers
~~~~~~~~~~~

This module is maintained by the OCA.

.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org

OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.

This module is part of the `OCA/website <https://github.com/OCA/website/tree/16.0/website_require_login_queue_job>`_ project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
3 changes: 3 additions & 0 deletions website_require_login_queue_job/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl-3.0).

from . import models
15 changes: 15 additions & 0 deletions website_require_login_queue_job/__manifest__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# Copyright 2024 Simone Rubino - Aion Tech
# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl).

{
"name": "Website Login Required - Queue Job",
"category": "Website",
"version": "16.0.1.0.0",
"author": "Aion Tech, Odoo Community Association (OCA)",
"website": "https://github.com/OCA/website",
"license": "LGPL-3",
"depends": [
"queue_job",
"website_require_login",
],
}
3 changes: 3 additions & 0 deletions website_require_login_queue_job/models/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl).

from . import ir_http
19 changes: 19 additions & 0 deletions website_require_login_queue_job/models/ir_http.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Copyright 2024 Simone Rubino - Aion Tech
# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl).


from odoo import models


class IrHttp(models.AbstractModel):
_inherit = "ir.http"

@classmethod
def _require_login_whitelist_paths(cls):
whitelist_paths = super()._require_login_whitelist_paths()
whitelist_paths.extend(
[
"/queue_job/runjob",
]
)
return whitelist_paths
3 changes: 3 additions & 0 deletions website_require_login_queue_job/readme/CONTRIBUTORS.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
* `Aion Tech <https://aiontech.company/>`_:

* Simone Rubino <simone.rubino@aion-tech.it>
3 changes: 3 additions & 0 deletions website_require_login_queue_job/readme/DESCRIPTION.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
This module allows to use jobs of **queue_job** when login restriction is active.

This is needed when the authorized paths are in conflict with **queue_job**'s paths.
Loading
Loading