summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--indoteknik_api/controllers/api_v1/user.py131
-rw-r--r--indoteknik_api/controllers/controller.py19
2 files changed, 104 insertions, 46 deletions
diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py
index 8ccdf824..7a522d0c 100644
--- a/indoteknik_api/controllers/api_v1/user.py
+++ b/indoteknik_api/controllers/api_v1/user.py
@@ -2,24 +2,27 @@ from .. import controller
from odoo import http
from odoo.http import request
from odoo.tools.config import config
-import random, string
+import random
+import string
+import requests
+import json
from difflib import SequenceMatcher
class User(controller.Controller):
prefix = '/api/v1/'
-
+
def get_user_by_email(self, email):
return request.env['res.users'].search([
- ('login', '=', email),
+ ('login', '=', email),
('active', 'in', [True, False])
])
-
+
def response_with_token(self, user):
data = request.env['res.users'].sudo().api_single_response(user)
data['token'] = self.create_user_token(user)
return data
-
+
@http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False)
@controller.Controller.must_authorized()
def login(self, **kw):
@@ -27,19 +30,20 @@ class User(controller.Controller):
password = kw.get('password')
if not email or not password:
return self.response(code=400, description='email and password is required')
-
+
user = self.get_user_by_email(email)
if user and not user.active:
return self.response({
'is_auth': False,
'reason': 'NOT_ACTIVE'
})
-
+
try:
- uid = request.session.authenticate(config.get('db_name'), email, password)
+ uid = request.session.authenticate(
+ config.get('db_name'), email, password)
user = request.env['res.users'].browse(uid)
data = {
- 'is_auth': True,
+ 'is_auth': True,
'user': self.response_with_token(user)
}
return self.response(data)
@@ -48,7 +52,41 @@ class User(controller.Controller):
'is_auth': False,
'reason': 'NOT_FOUND'
})
-
+
+ @http.route(prefix + 'user/validate-sso', auth='public', methods=['POST'], csrf=False)
+ @controller.Controller.must_authorized()
+ def user_validate_sso(self, **kw):
+ access_token = kw.get('access_token')
+
+ try:
+ userinfo_url = 'https://www.googleapis.com/oauth2/v3/userinfo?access_token=' + access_token
+ res_userinfo = requests.get(userinfo_url)
+ userinfo = json.loads(res_userinfo.text)
+ name = userinfo['name']
+ email = userinfo['email']
+ except:
+ return self.response({
+ 'is_auth': False,
+ 'reason': 'INVALID_TOKEN'
+ })
+
+ user = self.get_user_by_email(email)
+ if not user:
+ user_data = {
+ 'name': name,
+ 'login': email,
+ 'oauth_provider_id': request.env.ref('auth_oauth.provider_google').id,
+ 'sel_groups_1_9_10': 9
+ }
+
+ user = request.env['res.users'].create(user_data)
+
+ data = {
+ 'is_auth': True,
+ 'user': self.response_with_token(user)
+ }
+ return self.response(data)
+
@http.route(prefix + 'user/register', auth='public', methods=['POST'], csrf=False)
@controller.Controller.must_authorized()
def register(self, **kw):
@@ -57,7 +95,7 @@ class User(controller.Controller):
password = kw.get('password')
if not name or not email or not password:
return self.response(code=400, description='email, name and password is required')
-
+
user = self.get_user_by_email(email)
if user:
return self.response({
@@ -72,7 +110,7 @@ class User(controller.Controller):
'active': False,
'sel_groups_1_9_10': 9
}
-
+
user = request.env['res.users'].create(user_data)
user.partner_id.email = email
@@ -82,10 +120,12 @@ class User(controller.Controller):
('company_type', '=', 'company'),
('name', 'ilike', company)
]
- match_company = request.env['res.partner'].search(parameter, limit=1)
+ match_company = request.env['res.partner'].search(
+ parameter, limit=1)
match_ratio = 0
if match_company:
- match_ratio = SequenceMatcher(None, match_company.name, company).ratio()
+ match_ratio = SequenceMatcher(
+ None, match_company.name, company).ratio()
if match_ratio > 0.8:
request.env['user.company.request'].create({
'user_id': user.partner_id.id,
@@ -97,9 +137,9 @@ class User(controller.Controller):
'name': company
})
user.parent_id = new_company.id
-
+
return self.response({'register': True})
-
+
@http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False)
@controller.Controller.must_authorized()
def request_activation_user(self, **kw):
@@ -107,36 +147,38 @@ class User(controller.Controller):
user = self.get_user_by_email(email)
if not user:
return self.response({'activation_request': False, 'reason': 'NOT_FOUND'})
-
+
if user.active:
return self.response({'activation_request': False, 'reason': 'ACTIVE'})
-
+
token_source = string.ascii_letters + string.digits
- user.activation_token = ''.join(random.choice(token_source) for i in range(21))
+ user.activation_token = ''.join(
+ random.choice(token_source) for i in range(21))
return self.response({
'activation_request': True,
'token': user.activation_token,
'user': request.env['res.users'].api_single_response(user)
})
-
+
@http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False)
@controller.Controller.must_authorized()
def activation_user(self, **kw):
token = kw.get('token')
if not token:
return self.response(code=400, description='token is required')
-
- user = request.env['res.users'].search([('activation_token', '=', token), ('active', '=', False)], limit=1)
+
+ user = request.env['res.users'].search(
+ [('activation_token', '=', token), ('active', '=', False)], limit=1)
if not user:
return self.response({'activation': False, 'reason': 'INVALID_TOKEN'})
-
+
user.active = True
user.activation_token = ''
return self.response({
'activation': True,
'user': self.response_with_token(user)
})
-
+
@http.route(prefix + 'user/forgot-password', auth='public', methods=['POST'], csrf=False)
@controller.Controller.must_authorized()
def forgot_password_user(self, **kw):
@@ -146,25 +188,27 @@ class User(controller.Controller):
return self.response({'success': False, 'reason': 'NOT_FOUND'})
token_source = string.ascii_letters + string.digits
- user.reset_password_token = ''.join(random.choice(token_source) for i in range(21))
+ user.reset_password_token = ''.join(
+ random.choice(token_source) for i in range(21))
return self.response({
'success': True,
'token': user.reset_password_token,
'user': request.env['res.users'].api_single_response(user)
})
-
+
@http.route(prefix + 'user/reset-password', auth='public', methods=['POST', 'OPTIONS'], csrf=False)
@controller.Controller.must_authorized()
def reset_password_user(self, **kw):
token = kw.get('token')
if not token:
return self.response(code=400, description='token is required')
-
- user = request.env['res.users'].search([('reset_password_token', '=', token), ('active', 'in', [False, True])], limit=1)
-
+
+ user = request.env['res.users'].search(
+ [('reset_password_token', '=', token), ('active', 'in', [False, True])], limit=1)
+
if not user:
return self.response({'success': False, 'reason': 'INVALID_TOKEN'})
-
+
password = kw.get('password', '')
user.password = password
user.reset_password_token = ''
@@ -172,38 +216,39 @@ class User(controller.Controller):
'success': True,
'user': request.env['res.users'].api_single_response(user)
})
-
+
@http.route(prefix + 'user/<id>', auth='public', methods=['PUT', 'OPTIONS'], csrf=False)
@controller.Controller.must_authorized()
def update_user(self, **kw):
id = kw.get('id')
-
+
user = request.env['res.users'].search([('id', '=', id)], limit=1)
- if not user:
+ if not user:
return self.response(code=404, description='User not found')
-
+
allowed_field = ['name', 'phone', 'mobile', 'password']
for field in allowed_field:
field_value = kw.get(field)
if field_value or field_value == '':
user[field] = field_value
-
+
return self.response({
'user': self.response_with_token(user)
})
-
+
@http.route(prefix + 'user/<id>/address', auth='public', methods=['GET', 'OPTIONS'])
@controller.Controller.must_authorized()
def get_user_address_by_id(self, **kw):
id = kw.get('id')
-
+
user = request.env['res.users'].search([('id', '=', id)], limit=1)
- if not user:
+ if not user:
return self.response(code=404, description='User not found')
-
+
partner_ids = [user.partner_id.id] + [x.id for x in user.child_ids]
- partners = request.env['res.partner'].search([('id', 'in', partner_ids)], order='write_date DESC')
- address = [request.env['res.users'].api_address_response(x) for x in partners]
-
+ partners = request.env['res.partner'].search(
+ [('id', 'in', partner_ids)], order='write_date DESC')
+ address = [request.env['res.users'].api_address_response(
+ x) for x in partners]
+
return self.response(address)
- \ No newline at end of file
diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index 010e66fd..1e9f01ee 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -42,9 +42,19 @@ class Controller(http.Controller):
request.session.authenticate(db, username, password)
return True
except:
+ try:
+ authorization = wsgienv['HTTP_AUTHORIZATION']
+ except:
+ authorization = None
request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378')
+ token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or ''
+ result = False
+ if authorization == token:
+ result = True
user_token = self.verify_user_token()
- return user_token or True
+ if user_token:
+ result = user_token
+ return result
def user_pricelist(self):
user_token = self.authenticate()
@@ -137,10 +147,13 @@ class Controller(http.Controller):
user = request.env['res.users'].browse([ user_token['id'] ])
if not user:
return False
- return {
+ data = {
'user_id': user.id,
- 'partner_id': user.partner_id.id or None
+ 'partner_id': None
}
+ if user.partner_id:
+ data['partner_id'] = user.partner_id.id
+ return data
except:
return False
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-20 02:09:53 +0000