From 3cae188ec17df24e8205c43c72e91b358e836452 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Wed, 21 Dec 2022 15:17:44 +0700 Subject: use jwt and api user update --- indoteknik_api/controllers/api_v1/user.py | 85 +++++++++++++++++++++---------- indoteknik_api/models/__init__.py | 1 + indoteknik_api/models/res_users.py | 18 +++++++ 3 files changed, 78 insertions(+), 26 deletions(-) create mode 100644 indoteknik_api/models/res_users.py diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 41581961..0e87144a 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -3,10 +3,35 @@ from odoo import http from odoo.http import request from odoo.tools.config import config import random, string +import jwt class Auth(controller.Controller): prefix = '/api/v1/' + jwt_secret_key = "NTNv7j0TuYARvmNMmWXo6fKvM4o6nvaUi9ryX38ZHL1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiTqJACs1J0apruOOJCggOtkjB4c" + + def get_user_by_email(self, email): + return request.env['res.users'].search([ + ('login', '=', email), + ('active', 'in', [True, False]) + ]) + + def create_user_token(self, user): + return jwt.encode({'id': user.id}, self.jwt_secret_key) + + def verify_user_token(self, user, token): + try: + user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256']) + if user.id != user_token['id']: + return False + return True + except: + return False + + def response_with_token(self, user): + data = request.env['res.users'].api_single_response(user) + data['token'] = self.create_user_token(user) + return data @http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False) def login(self, **kw): @@ -18,7 +43,7 @@ class Auth(controller.Controller): if not email or not password: return self.response(code=400, description='email and password is required') - user = self.get_user(email) + user = self.get_user_by_email(email) if user and not user.active: return self.response({ 'is_auth': False, @@ -28,15 +53,11 @@ class Auth(controller.Controller): try: uid = request.session.authenticate(config.get('db_name'), email, password) user = request.env['res.users'].browse(uid) - return self.response({ + data = { 'is_auth': True, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } - }) + 'user': self.response_with_token(user) + } + return self.response(data) except: return self.response({ 'is_auth': False, @@ -54,7 +75,7 @@ class Auth(controller.Controller): if not name or not email or not password: return self.response(code=400, description='email, name and password is required') - user = self.get_user(email) + user = self.get_user_by_email(email) if user: return self.response({ @@ -72,16 +93,13 @@ class Auth(controller.Controller): return self.response({'register': True}) - def get_user(self, email): - return request.env['res.users'].search([('login', '=', email), ('active', 'in', [True, False])]) - @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False) def request_activation_user(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') email = kw.get('email') - user = self.get_user(email) + user = self.get_user_by_email(email) if not user: return self.response({'activation_request': False, 'reason': 'NOT_FOUND'}) @@ -93,14 +111,34 @@ class Auth(controller.Controller): return self.response({ 'activation_request': True, 'token': user.activation_token, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } }) + + @http.route(prefix + 'user/', auth='public', methods=['PUT'], csrf=False) + def update_user(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + id = kw.get('id') + if not id: + return self.response(code=400, description='id is required') + + user = request.env['res.users'].search([('id', '=', id)], limit=1) + if not user: + return self.response(code=400, description='User not found') + + token = kw.get('token') + is_verify = self.verify_user_token(user, token) + if not is_verify: + return self.response(code=401, description='Unauthorized') + + allowed_field = ['name', 'email', 'phone', 'mobile', 'password'] + for field in allowed_field: + user[field] = kw.get(field, '') + return self.response({ + 'user': self.response_with_token(user) + }) + @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) def activation_user(self, **kw): if not self.authenticate(): @@ -118,10 +156,5 @@ class Auth(controller.Controller): user.activation_token = '' return self.response({ 'activation': True, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } + 'user': self.response_with_token(user) }) \ No newline at end of file diff --git a/indoteknik_api/models/__init__.py b/indoteknik_api/models/__init__.py index 25f6997f..3e00e2f0 100644 --- a/indoteknik_api/models/__init__.py +++ b/indoteknik_api/models/__init__.py @@ -2,4 +2,5 @@ from . import blog_post from . import product_pricelist from . import product_product from . import product_template +from . import res_users from . import x_manufactures \ No newline at end of file diff --git a/indoteknik_api/models/res_users.py b/indoteknik_api/models/res_users.py new file mode 100644 index 00000000..608ec4df --- /dev/null +++ b/indoteknik_api/models/res_users.py @@ -0,0 +1,18 @@ +from odoo import models + + +class ResUsers(models.Model): + _inherit = 'res.users' + + def api_single_response(self, res_user, with_detail=''): + data = { + 'id': res_user.id, + 'name': res_user.name, + 'email': res_user.login, + 'phone': res_user.phone or '', + 'mobile': res_user.mobile or '', + 'external': res_user.share + } + + return data + -- cgit v1.2.3 From 56a0859b06725642ccca6f956147ee87a9d7e6a8 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Wed, 21 Dec 2022 16:04:15 +0700 Subject: Validation --- indoteknik_api/controllers/api_v1/user.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 0e87144a..31ec8a96 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -133,7 +133,9 @@ class Auth(controller.Controller): allowed_field = ['name', 'email', 'phone', 'mobile', 'password'] for field in allowed_field: - user[field] = kw.get(field, '') + field_value = kw.get(field) + if field_value: + user[field] = field_value return self.response({ 'user': self.response_with_token(user) -- cgit v1.2.3 From 3d13c85ef615a88a6bdce454904bf0a3cda08690 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Wed, 21 Dec 2022 16:52:43 +0700 Subject: update user cors --- indoteknik_api/controllers/api_v1/user.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 31ec8a96..46ac82ae 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -113,7 +113,7 @@ class Auth(controller.Controller): 'token': user.activation_token, }) - @http.route(prefix + 'user/', auth='public', methods=['PUT'], csrf=False) + @http.route(prefix + 'user/', auth='public', methods=['PUT', 'OPTIONS'], csrf=False) def update_user(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') @@ -131,7 +131,7 @@ class Auth(controller.Controller): if not is_verify: return self.response(code=401, description='Unauthorized') - allowed_field = ['name', 'email', 'phone', 'mobile', 'password'] + allowed_field = ['name', 'phone', 'mobile', 'password'] for field in allowed_field: field_value = kw.get(field) if field_value: -- cgit v1.2.3 From 604c76be4c198dff8bd170789d6082e8990ceaa8 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Wed, 21 Dec 2022 17:00:39 +0700 Subject: Fix cors response --- indoteknik_api/controllers/controller.py | 1 + 1 file changed, 1 insertion(+) diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py index a085d084..10cd76a1 100644 --- a/indoteknik_api/controllers/controller.py +++ b/indoteknik_api/controllers/controller.py @@ -65,6 +65,7 @@ class Controller(http.Controller): return request.make_response(response, [ ('Access-Control-Allow-Origin', '*'), ('Access-Control-Allow-Headers', '*'), + ('Access-Control-Allow-Methods', '*'), ('Content-Type', 'application/json'), ]) -- cgit v1.2.3 From 01a5286fd37137879b702fbb333a3f0cdf21e172 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Mon, 26 Dec 2022 10:46:17 +0700 Subject: Fix bug api account activation request --- indoteknik_api/controllers/api_v1/user.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 46ac82ae..0477c134 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -111,6 +111,7 @@ class Auth(controller.Controller): return self.response({ 'activation_request': True, 'token': user.activation_token, + 'user': request.env['res.users'].api_single_response(user) }) @http.route(prefix + 'user/', auth='public', methods=['PUT', 'OPTIONS'], csrf=False) @@ -134,8 +135,7 @@ class Auth(controller.Controller): allowed_field = ['name', 'phone', 'mobile', 'password'] for field in allowed_field: field_value = kw.get(field) - if field_value: - user[field] = field_value + user[field] = field_value return self.response({ 'user': self.response_with_token(user) -- cgit v1.2.3 From f4119b3e936af798138f57df5a4b8294536255a1 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Mon, 26 Dec 2022 10:56:23 +0700 Subject: Fix update user --- indoteknik_api/controllers/api_v1/user.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 0477c134..1b47e1b0 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -135,7 +135,8 @@ class Auth(controller.Controller): allowed_field = ['name', 'phone', 'mobile', 'password'] for field in allowed_field: field_value = kw.get(field) - user[field] = field_value + if field_value or field_value == '': + user[field] = field_value return self.response({ 'user': self.response_with_token(user) -- cgit v1.2.3 From 2f4860787fc09d07cf538bb73f897c9b897b025e Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Tue, 27 Dec 2022 17:25:32 +0700 Subject: Update verify user token and get user address api --- indoteknik_api/controllers/api_v1/user.py | 32 +++++++++++++++++++++++------- indoteknik_api/models/res_users.py | 33 +++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 7 deletions(-) diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 1b47e1b0..3080be7d 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -6,7 +6,7 @@ import random, string import jwt -class Auth(controller.Controller): +class User(controller.Controller): prefix = '/api/v1/' jwt_secret_key = "NTNv7j0TuYARvmNMmWXo6fKvM4o6nvaUi9ryX38ZHL1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiTqJACs1J0apruOOJCggOtkjB4c" @@ -19,10 +19,11 @@ class Auth(controller.Controller): def create_user_token(self, user): return jwt.encode({'id': user.id}, self.jwt_secret_key) - def verify_user_token(self, user, token): + def verify_user_token(self, user_id): try: + token = request.httprequest.environ['HTTP_TOKEN'] user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256']) - if user.id != user_token['id']: + if int(user_id) != user_token['id']: return False return True except: @@ -120,15 +121,12 @@ class Auth(controller.Controller): return self.response(code=401, description='Unauthorized') id = kw.get('id') - if not id: - return self.response(code=400, description='id is required') user = request.env['res.users'].search([('id', '=', id)], limit=1) if not user: return self.response(code=400, description='User not found') - token = kw.get('token') - is_verify = self.verify_user_token(user, token) + is_verify = self.verify_user_token(id) if not is_verify: return self.response(code=401, description='Unauthorized') @@ -142,6 +140,26 @@ class Auth(controller.Controller): 'user': self.response_with_token(user) }) + @http.route(prefix + 'user//address', auth='public', methods=['GET', 'OPTIONS']) + def get_user_address_by_id(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + id = kw.get('id') + + user = request.env['res.users'].search([('id', '=', id)], limit=1) + if not user: + return self.response(code=400, description='User not found') + + is_verify = self.verify_user_token(id) + if not is_verify: + return self.response(code=401, description='Unauthorized') + + partners = [user] + [x for x in user.child_ids] + address = [request.env['res.users'].api_address_response(x) for x in partners] + + return self.response(address) + @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) def activation_user(self, **kw): if not self.authenticate(): diff --git a/indoteknik_api/models/res_users.py b/indoteknik_api/models/res_users.py index 608ec4df..2cab29bd 100644 --- a/indoteknik_api/models/res_users.py +++ b/indoteknik_api/models/res_users.py @@ -16,3 +16,36 @@ class ResUsers(models.Model): return data + def api_address_response(self, user): + data = { + 'id': user.id, + 'name': user.name, + 'mobile': user.mobile, + 'street': user.street, + 'street2': user.street2, + 'city': None, + 'district': None, + 'sub_district': None, + 'zip': user.zip + } + + if user.kota_id: + data['city'] = { + 'id': user.kota_id.id, + 'name': user.kota_id.name + } or None + + if user.kecamatan_id: + data['district'] = { + 'id': user.kecamatan_id.id, + 'name': user.kecamatan_id.name + } + + if user.kelurahan_id: + data['sub_district'] = { + 'id': user.kelurahan_id.id, + 'name': user.kelurahan_id.name + } + + return data + -- cgit v1.2.3 From 3a5407d507ff985e10b4675727643bf5af107d11 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Tue, 27 Dec 2022 17:25:50 +0700 Subject: Fix class name --- indoteknik_api/models/product_product.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/indoteknik_api/models/product_product.py b/indoteknik_api/models/product_product.py index 4cff6b5c..92c738fd 100644 --- a/indoteknik_api/models/product_product.py +++ b/indoteknik_api/models/product_product.py @@ -1,7 +1,7 @@ from odoo import models -class ProductTemplate(models.Model): +class ProductProduct(models.Model): _inherit = 'product.product' def api_single_response(self, product_product): -- cgit v1.2.3 From 329c743adc3bb0cf63b7586efd8adbde58a62c24 Mon Sep 17 00:00:00 2001 From: Rafi Zadanly Date: Thu, 5 Jan 2023 11:23:05 +0700 Subject: Fixing get sale order --- indoteknik_api/controllers/api_v1/sale_order.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index 99302a66..05946f77 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -6,7 +6,9 @@ from odoo.http import request class SaleOrder(controller.Controller): @http.route('/api/sale_order/invoiced', auth='public', methods=['GET']) def get_sale_order_invoiced_by_partner_id(self, **kw): - self.authenticate() + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + partner_id = kw.get('partner_id') if not partner_id: return self.response(code=400, description='Field partner_id is required') @@ -21,9 +23,7 @@ class SaleOrder(controller.Controller): data = [] default_domain = [ ('partner_id', 'in', partner_child_ids), - '|', - ('invoice_status', '=', 'invoiced'), - ('invoice_status', '=', 'to_invoice') + ('state', 'in', ['sale', 'done']) ] sale_orders = self.search_filter('sale.order', kw, default_domain) for sale_order in sale_orders: @@ -51,7 +51,8 @@ class SaleOrder(controller.Controller): @http.route('/api/sale_order/invoiced/detail', auth='public', methods=['GET']) def get_sale_order_invoiced_detail_by_partner(self, **kw): - self.authenticate(kw) + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') id = kw.get('id') partner_id = kw.get('partner_id') @@ -62,9 +63,7 @@ class SaleOrder(controller.Controller): default_domain = [ ('id', '=', id), - '|', - ('invoice_status', '=', 'invoiced'), - ('invoice_status', '=', 'to_invoice') + ('state', 'in', ['sale', 'done']) ] parent_partner_id = request.env['res.partner'].search([('id', '=', int(partner_id))], limit=1).parent_id.id partner_childs = request.env['res.partner'].search([('parent_id', '=', int(parent_partner_id))]) -- cgit v1.2.3