diff --git a/.copier-answers.yml b/.copier-answers.yml
index bb275c6d83..f888986b75 100644
--- a/.copier-answers.yml
+++ b/.copier-answers.yml
@@ -1,5 +1,5 @@
# Do NOT update manually; changes here will be overwritten by Copier
-_commit: v1.35
+_commit: v1.38
_src_path: git+https://github.com/OCA/oca-addons-repo-template
additional_ruff_rules: []
ci: GitHub
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index 5eb021ef15..852a07469b 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -17,6 +17,7 @@ jobs:
- uses: actions/setup-python@v5
with:
python-version: "3.11"
+ cache: 'pip'
- name: Get python version
run: echo "PY=$(python -VV | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV
- uses: actions/cache@v4
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 5851b71598..a3e2701930 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -76,6 +76,13 @@ jobs:
run: oca_init_test_database
- name: Run tests
run: oca_run_tests
+ - name: Upload screenshots from JS tests
+ uses: actions/upload-artifact@v4
+ if: ${{ failure() }}
+ with:
+ name: Screenshots of failed JS tests - ${{ matrix.name }}${{ join(matrix.include) }}
+ path: /tmp/odoo_tests/${{ env.PGDATABASE }}
+ if-no-files-found: ignore
- uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.pylintrc b/.pylintrc
index d103ffcd9a..197cb67370 100644
--- a/.pylintrc
+++ b/.pylintrc
@@ -99,22 +99,22 @@ enable=anomalous-backslash-in-string,
translation-positional-used,
website-manifest-key-not-valid-uri,
external-request-timeout,
- # messages that do not cause the lint step to fail
- consider-merging-classes-inherited,
+ missing-manifest-dependency,
+ too-complex,,
create-user-wo-reset-password,
dangerous-filter-wo-user,
- deprecated-module,
file-not-used,
- invalid-commit,
- missing-manifest-dependency,
missing-newline-extrafiles,
- missing-readme,
no-utf8-coding-comment,
- odoo-addons-relative-import,
old-api7-method-defined,
- redefined-builtin,
- too-complex,
unnecessary-utf8-coding-comment,
+ # messages that do not cause the lint step to fail
+ consider-merging-classes-inherited,
+ deprecated-module,
+ invalid-commit,
+ missing-readme,
+ odoo-addons-relative-import,
+ redefined-builtin,
manifest-external-assets
diff --git a/README.md b/README.md
index c3ed52d72d..cce7996e03 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,7 @@
+[](https://odoo-community.org/get-involved?utm_source=repo-readme)
+
+# server-auth
[](https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=18.0)
[](https://github.com/OCA/server-auth/actions/workflows/pre-commit.yml?query=branch%3A18.0)
[](https://github.com/OCA/server-auth/actions/workflows/test.yml?query=branch%3A18.0)
@@ -7,8 +10,6 @@
-# server-auth
-
server-auth
diff --git a/auth_jwt/tests/test_auth_jwt.py b/auth_jwt/tests/test_auth_jwt.py
index 6a87e87cbc..5175566869 100644
--- a/auth_jwt/tests/test_auth_jwt.py
+++ b/auth_jwt/tests/test_auth_jwt.py
@@ -51,7 +51,7 @@ def _mock_request(self, authorization):
def _create_token(
self,
- key="thesecret",
+ key="thesecret012345678901234567890123456789",
audience="me",
issuer="http://the.issuer",
exp_delta=100,
@@ -65,16 +65,17 @@ def _create_token(
payload["nbf"] = nbf
return jwt.encode(payload, key=key, algorithm="HS256")
+ @contextlib.contextmanager
def _create_validator(
self,
name,
audience="me",
issuer="http://the.issuer",
- secret_key="thesecret",
+ secret_key="thesecret012345678901234567890123456789",
partner_id_required=False,
static_user_id=1,
):
- return self.env["auth.jwt.validator"].create(
+ v = self.env["auth.jwt.validator"].create(
dict(
name=name,
signature_type="secret",
@@ -88,202 +89,237 @@ def _create_validator(
partner_id_required=partner_id_required,
)
)
+ try:
+ yield v
+ finally:
+ v.unlink()
def test_missing_authorization_header(self):
- self._create_validator("validator")
- with self._mock_request(authorization=None):
- with self.assertRaises(UnauthorizedMissingAuthorizationHeader):
- self.env["ir.http"]._auth_method_jwt(validator_name="validator")
+ with self._create_validator("validator"):
+ with self._mock_request(authorization=None):
+ with self.assertRaises(UnauthorizedMissingAuthorizationHeader):
+ self.env["ir.http"]._auth_method_jwt(validator_name="validator")
def test_malformed_authorization_header(self):
- self._create_validator("validator")
- for authorization in (
- "a",
- "Bearer",
- "Bearer ",
- "Bearer x y",
- "Bearer token ",
- "bearer token",
- ):
- with self._mock_request(authorization=authorization):
- with self.assertRaises(UnauthorizedMalformedAuthorizationHeader):
- self.env["ir.http"]._auth_method_jwt(validator_name="validator")
+ with self._create_validator("validator"):
+ for authorization in (
+ "a",
+ "Bearer",
+ "Bearer ",
+ "Bearer x y",
+ "Bearer token ",
+ "bearer token",
+ ):
+ with self._mock_request(authorization=authorization):
+ with self.assertRaises(UnauthorizedMalformedAuthorizationHeader):
+ self.env["ir.http"]._auth_method_jwt(validator_name="validator")
def test_auth_method_valid_token(self):
- self._create_validator("validator")
- authorization = "Bearer " + self._create_token()
- with self._mock_request(authorization=authorization):
- self.env["ir.http"]._auth_method_jwt_validator()
+ with self._create_validator("validator"):
+ authorization = "Bearer " + self._create_token()
+ with self._mock_request(authorization=authorization):
+ self.env["ir.http"]._auth_method_jwt_validator()
def test_auth_method_valid_token_two_validators_one_bad_issuer(self):
- self._create_validator("validator2", issuer="http://other.issuer")
- self._create_validator("validator3")
-
- authorization = "Bearer " + self._create_token()
- with self._mock_request(authorization=authorization):
- # first validator rejects the token because of invalid audience
- with self.assertRaises(UnauthorizedInvalidToken):
- self.env["ir.http"]._auth_method_jwt_validator2()
- # second validator accepts the token
- self.env["ir.http"]._auth_method_jwt_validator3()
+ with (
+ self._create_validator("validator2", issuer="http://other.issuer"),
+ self._create_validator("validator3"),
+ ):
+ authorization = "Bearer " + self._create_token()
+ with self._mock_request(authorization=authorization):
+ # first validator rejects the token because of invalid audience
+ with self.assertRaises(UnauthorizedInvalidToken):
+ self.env["ir.http"]._auth_method_jwt_validator2()
+ # second validator accepts the token
+ self.env["ir.http"]._auth_method_jwt_validator3()
def test_auth_method_valid_token_two_validators_one_bad_issuer_chained(self):
- validator2 = self._create_validator("validator2", issuer="http://other.issuer")
- validator3 = self._create_validator("validator3")
- validator2.next_validator_id = validator3
+ with (
+ self._create_validator(
+ "validator2", issuer="http://other.issuer"
+ ) as validator2,
+ self._create_validator("validator3") as validator3,
+ ):
+ validator2.next_validator_id = validator3
- authorization = "Bearer " + self._create_token()
- with self._mock_request(authorization=authorization):
- # Validator2 rejects the token because of invalid issuer but chain
- # on validator3 which accepts it
- self.env["ir.http"]._auth_method_jwt_validator2()
+ authorization = "Bearer " + self._create_token()
+ with self._mock_request(authorization=authorization):
+ # Validator2 rejects the token because of invalid issuer but chain
+ # on validator3 which accepts it
+ self.env["ir.http"]._auth_method_jwt_validator2()
def test_auth_method_valid_token_two_validators_one_bad_audience(self):
- self._create_validator("validator2", audience="bad")
- self._create_validator("validator3")
-
- authorization = "Bearer " + self._create_token()
- with self._mock_request(authorization=authorization):
- # first validator rejects the token because of invalid audience
- with self.assertRaises(UnauthorizedInvalidToken):
- self.env["ir.http"]._auth_method_jwt_validator2()
- # second validator accepts the token
- self.env["ir.http"]._auth_method_jwt_validator3()
+ with (
+ self._create_validator("validator2", audience="bad"),
+ self._create_validator("validator3"),
+ ):
+ authorization = "Bearer " + self._create_token()
+ with self._mock_request(authorization=authorization):
+ # first validator rejects the token because of invalid audience
+ with self.assertRaises(UnauthorizedInvalidToken):
+ self.env["ir.http"]._auth_method_jwt_validator2()
+ # second validator accepts the token
+ self.env["ir.http"]._auth_method_jwt_validator3()
def test_auth_method_valid_token_two_validators_one_bad_audience_chained(self):
- validator2 = self._create_validator("validator2", audience="bad")
- validator3 = self._create_validator("validator3")
-
- validator2.next_validator_id = validator3
- authorization = "Bearer " + self._create_token()
- with self._mock_request(authorization=authorization):
- self.env["ir.http"]._auth_method_jwt_validator2()
+ with (
+ self._create_validator("validator2", audience="bad") as validator2,
+ self._create_validator("validator3") as validator3,
+ ):
+ validator2.next_validator_id = validator3
+ authorization = "Bearer " + self._create_token()
+ with self._mock_request(authorization=authorization):
+ self.env["ir.http"]._auth_method_jwt_validator2()
def test_auth_method_invalid_token(self):
# Test invalid token via _auth_method_jwt
# Other types of invalid tokens are unit tested elswhere.
- self._create_validator("validator4")
- authorization = "Bearer " + self._create_token(audience="bad")
- with self._mock_request(authorization=authorization):
- with self.assertRaises(UnauthorizedInvalidToken):
- self.env["ir.http"]._auth_method_jwt_validator4()
+ with self._create_validator("validator4"):
+ authorization = "Bearer " + self._create_token(audience="bad")
+ with self._mock_request(authorization=authorization):
+ with self.assertRaises(UnauthorizedInvalidToken):
+ self.env["ir.http"]._auth_method_jwt_validator4()
def test_auth_method_invalid_token_on_chain(self):
- validator1 = self._create_validator("validator", issuer="http://other.issuer")
- validator2 = self._create_validator("validator2", audience="bad audience")
- validator3 = self._create_validator("validator3", secret_key="bad key")
- validator4 = self._create_validator(
- "validator4", issuer="http://other.issuer", audience="bad audience"
- )
- validator5 = self._create_validator(
- "validator5", issuer="http://other.issuer", secret_key="bad key"
- )
- validator6 = self._create_validator(
- "validator6", audience="bad audience", secret_key="bad key"
- )
- validator7 = self._create_validator(
- "validator7",
- issuer="http://other.issuer",
- audience="bad audience",
- secret_key="bad key",
- )
- validator1.next_validator_id = validator2
- validator2.next_validator_id = validator3
- validator3.next_validator_id = validator4
- validator4.next_validator_id = validator5
- validator5.next_validator_id = validator6
- validator6.next_validator_id = validator7
-
- authorization = "Bearer " + self._create_token()
- with self._mock_request(authorization=authorization):
- with self.assertRaises(UnauthorizedCompositeJwtError) as composite_error:
- self.env["ir.http"]._auth_method_jwt_validator()
- self.assertEqual(
- str(composite_error.exception),
- "401 Unauthorized: "
- "Multiple errors occurred during JWT chain validation:\n"
- "validator: 401 Unauthorized: "
- "The server could not verify that you are authorized to "
- "access the URL requested. You either supplied the wrong "
- "credentials (e.g. a bad password), or your browser doesn't "
- "understand how to supply the credentials required.\n"
- "validator2: 401 Unauthorized: "
- "The server could not verify that you are authorized to "
- "access the URL requested. You either supplied the wrong "
- "credentials (e.g. a bad password), or your browser doesn't "
- "understand how to supply the credentials required.\n"
- "validator3: 401 Unauthorized: "
- "The server could not verify that you are authorized to "
- "access the URL requested. You either supplied the wrong "
- "credentials (e.g. a bad password), or your browser doesn't "
- "understand how to supply the credentials required.\n"
- "validator4: 401 Unauthorized: "
- "The server could not verify that you are authorized to "
- "access the URL requested. You either supplied the wrong "
- "credentials (e.g. a bad password), or your browser doesn't "
- "understand how to supply the credentials required.\n"
- "validator5: 401 Unauthorized: "
- "The server could not verify that you are authorized to "
- "access the URL requested. You either supplied the wrong "
- "credentials (e.g. a bad password), or your browser doesn't "
- "understand how to supply the credentials required.\n"
- "validator6: 401 Unauthorized: "
- "The server could not verify that you are authorized to "
- "access the URL requested. You either supplied the wrong "
- "credentials (e.g. a bad password), or your browser doesn't "
- "understand how to supply the credentials required.\n"
- "validator7: 401 Unauthorized: "
- "The server could not verify that you are authorized to "
- "access the URL requested. You either supplied the wrong "
- "credentials (e.g. a bad password), or your browser doesn't "
- "understand how to supply the credentials required.",
- )
+ with (
+ self._create_validator(
+ "validator",
+ issuer="http://other.issuer",
+ ) as validator1,
+ self._create_validator(
+ "validator2",
+ audience="bad audience",
+ ) as validator2,
+ self._create_validator(
+ "validator3",
+ secret_key="bad key 012345678901234567890123456789",
+ ) as validator3,
+ self._create_validator(
+ "validator4",
+ issuer="http://other.issuer",
+ audience="bad audience",
+ ) as validator4,
+ self._create_validator(
+ "validator5",
+ issuer="http://other.issuer",
+ secret_key="bad key 012345678901234567890123456789",
+ ) as validator5,
+ self._create_validator(
+ "validator6",
+ audience="bad audience",
+ secret_key="bad key 012345678901234567890123456789",
+ ) as validator6,
+ self._create_validator(
+ "validator7",
+ issuer="http://other.issuer",
+ audience="bad audience",
+ secret_key="bad key 012345678901234567890123456789",
+ ) as validator7,
+ ):
+ validator1.next_validator_id = validator2
+ validator2.next_validator_id = validator3
+ validator3.next_validator_id = validator4
+ validator4.next_validator_id = validator5
+ validator5.next_validator_id = validator6
+ validator6.next_validator_id = validator7
+
+ authorization = "Bearer " + self._create_token()
+ with self._mock_request(authorization=authorization):
+ with self.assertRaises(
+ UnauthorizedCompositeJwtError
+ ) as composite_error:
+ self.env["ir.http"]._auth_method_jwt_validator()
+ self.assertEqual(
+ str(composite_error.exception),
+ "401 Unauthorized: "
+ "Multiple errors occurred during JWT chain validation:\n"
+ "validator: 401 Unauthorized: "
+ "The server could not verify that you are authorized to "
+ "access the URL requested. You either supplied the wrong "
+ "credentials (e.g. a bad password), or your browser doesn't "
+ "understand how to supply the credentials required.\n"
+ "validator2: 401 Unauthorized: "
+ "The server could not verify that you are authorized to "
+ "access the URL requested. You either supplied the wrong "
+ "credentials (e.g. a bad password), or your browser doesn't "
+ "understand how to supply the credentials required.\n"
+ "validator3: 401 Unauthorized: "
+ "The server could not verify that you are authorized to "
+ "access the URL requested. You either supplied the wrong "
+ "credentials (e.g. a bad password), or your browser doesn't "
+ "understand how to supply the credentials required.\n"
+ "validator4: 401 Unauthorized: "
+ "The server could not verify that you are authorized to "
+ "access the URL requested. You either supplied the wrong "
+ "credentials (e.g. a bad password), or your browser doesn't "
+ "understand how to supply the credentials required.\n"
+ "validator5: 401 Unauthorized: "
+ "The server could not verify that you are authorized to "
+ "access the URL requested. You either supplied the wrong "
+ "credentials (e.g. a bad password), or your browser doesn't "
+ "understand how to supply the credentials required.\n"
+ "validator6: 401 Unauthorized: "
+ "The server could not verify that you are authorized to "
+ "access the URL requested. You either supplied the wrong "
+ "credentials (e.g. a bad password), or your browser doesn't "
+ "understand how to supply the credentials required.\n"
+ "validator7: 401 Unauthorized: "
+ "The server could not verify that you are authorized to "
+ "access the URL requested. You either supplied the wrong "
+ "credentials (e.g. a bad password), or your browser doesn't "
+ "understand how to supply the credentials required.",
+ )
def test_invalid_validation_chain(self):
- validator1 = self._create_validator("validator")
- validator2 = self._create_validator("validator2")
- validator3 = self._create_validator("validator3")
-
- validator1.next_validator_id = validator2
- validator2.next_validator_id = validator3
- with self.assertRaises(ValidationError) as error:
- validator3.next_validator_id = validator1
- self.assertEqual(
- str(error.exception),
- "Validators mustn't make a closed chain: "
- "validator3 -> validator -> validator2 -> validator3.",
- )
+ with (
+ self._create_validator("validator") as validator1,
+ self._create_validator("validator2") as validator2,
+ self._create_validator("validator3") as validator3,
+ ):
+ validator1.next_validator_id = validator2
+ validator2.next_validator_id = validator3
+ with self.assertRaises(ValidationError) as error:
+ validator3.next_validator_id = validator1
+ self.assertEqual(
+ str(error.exception),
+ "Validators mustn't make a closed chain: "
+ "validator3 -> validator -> validator2 -> validator3.",
+ )
def test_invalid_validation_auto_chain(self):
- validator = self._create_validator("validator")
- with self.assertRaises(ValidationError) as error:
- validator.next_validator_id = validator
- self.assertEqual(
- str(error.exception),
- "Validators mustn't make a closed chain: " "validator -> validator.",
- )
+ with self._create_validator("validator") as validator:
+ with self.assertRaises(ValidationError) as error:
+ validator.next_validator_id = validator
+ self.assertEqual(
+ str(error.exception),
+ "Validators mustn't make a closed chain: validator -> validator.",
+ )
def test_partner_id_strategy_email_found(self):
partner = self.env["res.partner"].search([("email", "!=", False)])[0]
- self._create_validator("validator6")
- authorization = "Bearer " + self._create_token(email=partner.email)
- with self._mock_request(authorization=authorization) as request:
- self.env["ir.http"]._auth_method_jwt_validator6()
- self.assertEqual(request.jwt_partner_id, partner.id)
+ with self._create_validator("validator6"):
+ authorization = "Bearer " + self._create_token(email=partner.email)
+ with self._mock_request(authorization=authorization) as request:
+ self.env["ir.http"]._auth_method_jwt_validator6()
+ self.assertEqual(request.jwt_partner_id, partner.id)
def test_partner_id_strategy_email_not_found(self):
- self._create_validator("validator6")
- authorization = "Bearer " + self._create_token(email="notanemail@example.com")
- with self._mock_request(authorization=authorization) as request:
- self.env["ir.http"]._auth_method_jwt_validator6()
- self.assertFalse(request.jwt_partner_id)
+ with self._create_validator("validator6"):
+ authorization = "Bearer " + self._create_token(
+ email="notanemail@example.com"
+ )
+ with self._mock_request(authorization=authorization) as request:
+ self.env["ir.http"]._auth_method_jwt_validator6()
+ self.assertFalse(request.jwt_partner_id)
def test_partner_id_strategy_email_not_found_partner_required(self):
- self._create_validator("validator6", partner_id_required=True)
- authorization = "Bearer " + self._create_token(email="notanemail@example.com")
- with self._mock_request(authorization=authorization):
- with self.assertRaises(UnauthorizedPartnerNotFound):
- self.env["ir.http"]._auth_method_jwt_validator6()
+ with self._create_validator("validator6", partner_id_required=True):
+ authorization = "Bearer " + self._create_token(
+ email="notanemail@example.com"
+ )
+ with self._mock_request(authorization=authorization):
+ with self.assertRaises(UnauthorizedPartnerNotFound):
+ self.env["ir.http"]._auth_method_jwt_validator6()
def test_get_validator(self):
AuthJwtValidator = self.env["auth.jwt.validator"]
@@ -298,59 +334,59 @@ def test_get_validator(self):
mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"),
):
AuthJwtValidator._get_validator_by_name("notavalidator")
- validator1 = self._create_validator(name="validator1")
- with (
- self.assertRaises(JwtValidatorNotFound),
- mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"),
- ):
- AuthJwtValidator._get_validator_by_name("notavalidator")
- self.assertEqual(AuthJwtValidator._get_validator_by_name(None), validator1)
- self.assertEqual(
- AuthJwtValidator._get_validator_by_name("validator1"), validator1
- )
- # create a second validator
- validator2 = self._create_validator(name="validator2")
- with (
- self.assertRaises(AmbiguousJwtValidator),
- mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"),
- ):
- AuthJwtValidator._get_validator_by_name(None)
- self.assertEqual(
- AuthJwtValidator._get_validator_by_name("validator2"), validator2
- )
+ with self._create_validator(name="validator1") as validator1:
+ with (
+ self.assertRaises(JwtValidatorNotFound),
+ mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"),
+ ):
+ AuthJwtValidator._get_validator_by_name("notavalidator")
+ self.assertEqual(AuthJwtValidator._get_validator_by_name(None), validator1)
+ self.assertEqual(
+ AuthJwtValidator._get_validator_by_name("validator1"), validator1
+ )
+ # create a second validator
+ with self._create_validator(name="validator2") as validator2:
+ with (
+ self.assertRaises(AmbiguousJwtValidator),
+ mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"),
+ ):
+ AuthJwtValidator._get_validator_by_name(None)
+ self.assertEqual(
+ AuthJwtValidator._get_validator_by_name("validator2"), validator2
+ )
def test_bad_tokens(self):
- validator = self._create_validator("validator")
- token = self._create_token(key="badsecret")
- with self.assertRaises(UnauthorizedInvalidToken):
- validator._decode(token)
- token = self._create_token(audience="badaudience")
- with self.assertRaises(UnauthorizedInvalidToken):
- validator._decode(token)
- token = self._create_token(issuer="badissuer")
- with self.assertRaises(UnauthorizedInvalidToken):
- validator._decode(token)
- token = self._create_token(exp_delta=-100)
- with self.assertRaises(UnauthorizedInvalidToken):
- validator._decode(token)
+ with self._create_validator("validator") as validator:
+ token = self._create_token(key="badsecret 012345678901234567890123456789")
+ with self.assertRaises(UnauthorizedInvalidToken):
+ validator._decode(token)
+ token = self._create_token(audience="badaudience")
+ with self.assertRaises(UnauthorizedInvalidToken):
+ validator._decode(token)
+ token = self._create_token(issuer="badissuer")
+ with self.assertRaises(UnauthorizedInvalidToken):
+ validator._decode(token)
+ token = self._create_token(exp_delta=-100)
+ with self.assertRaises(UnauthorizedInvalidToken):
+ validator._decode(token)
def test_multiple_aud(self):
- validator = self._create_validator("validator", audience="a1,a2")
- token = self._create_token(audience="a1")
- validator._decode(token)
- token = self._create_token(audience="a2")
- validator._decode(token)
- token = self._create_token(audience="a3")
- with self.assertRaises(UnauthorizedInvalidToken):
+ with self._create_validator("validator", audience="a1,a2") as validator:
+ token = self._create_token(audience="a1")
+ validator._decode(token)
+ token = self._create_token(audience="a2")
validator._decode(token)
+ token = self._create_token(audience="a3")
+ with self.assertRaises(UnauthorizedInvalidToken):
+ validator._decode(token)
def test_nbf(self):
- validator = self._create_validator("validator")
- token = self._create_token(nbf=time.time() - 60)
- validator._decode(token)
- token = self._create_token(nbf=time.time() + 60)
- with self.assertRaises(UnauthorizedInvalidToken):
+ with self._create_validator("validator") as validator:
+ token = self._create_token(nbf=time.time() - 60)
validator._decode(token)
+ token = self._create_token(nbf=time.time() + 60)
+ with self.assertRaises(UnauthorizedInvalidToken):
+ validator._decode(token)
def test_auth_method_registration_on_create(self):
IrHttp = self.env["ir.http"]
@@ -358,20 +394,19 @@ def test_auth_method_registration_on_create(self):
self.assertFalse(
hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1")
)
- self._create_validator("validator1")
- self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1"))
- self.assertTrue(
- hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1")
- )
+ with self._create_validator("validator1"):
+ self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1"))
+ self.assertTrue(
+ hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1")
+ )
def test_auth_method_unregistration_on_unlink(self):
IrHttp = self.env["ir.http"]
- validator = self._create_validator("validator1")
- self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1"))
- self.assertTrue(
- hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1")
- )
- validator.unlink()
+ with self._create_validator("validator1"):
+ self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1"))
+ self.assertTrue(
+ hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1")
+ )
self.assertFalse(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1"))
self.assertFalse(
hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1")
@@ -379,28 +414,29 @@ def test_auth_method_unregistration_on_unlink(self):
def test_auth_method_registration_on_rename(self):
IrHttp = self.env["ir.http"]
- validator = self._create_validator("validator1")
- self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1"))
- self.assertTrue(
- hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1")
- )
- validator.name = "validator2"
- self.assertFalse(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1"))
- self.assertFalse(
- hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1")
- )
- self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator2"))
- self.assertTrue(
- hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator2")
- )
+ with self._create_validator("validator1") as validator:
+ self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1"))
+ self.assertTrue(
+ hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1")
+ )
+ validator.name = "validator2"
+ self.assertFalse(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1"))
+ self.assertFalse(
+ hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1")
+ )
+ self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator2"))
+ self.assertTrue(
+ hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator2")
+ )
def test_name_check(self):
with self.assertRaises(ValidationError):
- self._create_validator(name="not an identifier")
+ with self._create_validator(name="not an identifier"):
+ pass
def test_public_or_jwt_valid_token(self):
- self._create_validator("validator")
- authorization = "Bearer " + self._create_token()
- with self._mock_request(authorization=authorization) as request:
- self.env["ir.http"]._auth_method_public_or_jwt_validator()
- assert request.jwt_payload["aud"] == "me"
+ with self._create_validator("validator"):
+ authorization = "Bearer " + self._create_token()
+ with self._mock_request(authorization=authorization) as request:
+ self.env["ir.http"]._auth_method_public_or_jwt_validator()
+ assert request.jwt_payload["aud"] == "me"
diff --git a/auth_jwt_demo/demo/auth_jwt_validator.xml b/auth_jwt_demo/demo/auth_jwt_validator.xml
index 6bba454a67..31593e7a32 100644
--- a/auth_jwt_demo/demo/auth_jwt_validator.xml
+++ b/auth_jwt_demo/demo/auth_jwt_validator.xml
@@ -5,7 +5,7 @@
theissuer
secret
HS256
- thesecret
+ thesecret 012345678901234567890123456789
static
email
@@ -17,7 +17,7 @@
theissuer
secret
HS256
- thesecret
+ thesecret 012345678901234567890123456789
static
email
diff --git a/checklog-odoo.cfg b/checklog-odoo.cfg
index 0b55b7bf66..9cc94b30dd 100644
--- a/checklog-odoo.cfg
+++ b/checklog-odoo.cfg
@@ -1,3 +1,4 @@
[checklog-odoo]
ignore=
WARNING.* 0 failed, 0 error\(s\).*
+ WARNING.* Missing widget: res_partner_many2one for field of type many2one.*