from .. import controller from odoo import http from odoo.http import request from odoo.tools.config import config import random, string import jwt class User(controller.Controller): prefix = '/api/v1/' jwt_secret_key = "NTNv7j0TuYARvmNMmWXo6fKvM4o6nvaUi9ryX38ZHL1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiTqJACs1J0apruOOJCggOtkjB4c" def get_user_by_email(self, email): return request.env['res.users'].search([ ('login', '=', email), ('active', 'in', [True, False]) ]) def create_user_token(self, user): return jwt.encode({'id': user.id}, self.jwt_secret_key) def verify_user_token(self, user_id): try: token = request.httprequest.environ['HTTP_TOKEN'] user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256']) if int(user_id) != user_token['id']: return False return True except: return False def response_with_token(self, user): data = request.env['res.users'].api_single_response(user) data['token'] = self.create_user_token(user) return data @http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False) def login(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') email = kw.get('email') password = kw.get('password') if not email or not password: return self.response(code=400, description='email and password is required') user = self.get_user_by_email(email) if user and not user.active: return self.response({ 'is_auth': False, 'reason': 'NOT_ACTIVE' }) try: uid = request.session.authenticate(config.get('db_name'), email, password) user = request.env['res.users'].browse(uid) data = { 'is_auth': True, 'user': self.response_with_token(user) } return self.response(data) except: return self.response({ 'is_auth': False, 'reason': 'NOT_FOUND' }) @http.route(prefix + 'user/register', auth='public', methods=['POST'], csrf=False) def register(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') name = kw.get('name') email = kw.get('email') password = kw.get('password') if not name or not email or not password: return self.response(code=400, description='email, name and password is required') user = self.get_user_by_email(email) if user: return self.response({ 'register': False, 'reason': 'EMAIL_USED' }) user = request.env['res.users'].create({ 'name': name, 'login': email, 'password': password, 'active': False, 'sel_groups_1_9_10': 9 }) return self.response({'register': True}) @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False) def request_activation_user(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') email = kw.get('email') user = self.get_user_by_email(email) if not user: return self.response({'activation_request': False, 'reason': 'NOT_FOUND'}) if user.active: return self.response({'activation_request': False, 'reason': 'ACTIVE'}) token_source = string.ascii_letters + string.digits user.activation_token = ''.join(random.choice(token_source) for i in range(20)) return self.response({ 'activation_request': True, 'token': user.activation_token, 'user': request.env['res.users'].api_single_response(user) }) @http.route(prefix + 'user/', auth='public', methods=['PUT', 'OPTIONS'], csrf=False) def update_user(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') id = kw.get('id') user = request.env['res.users'].search([('id', '=', id)], limit=1) if not user: return self.response(code=400, description='User not found') is_verify = self.verify_user_token(id) if not is_verify: return self.response(code=401, description='Unauthorized') allowed_field = ['name', 'phone', 'mobile', 'password'] for field in allowed_field: field_value = kw.get(field) if field_value or field_value == '': user[field] = field_value return self.response({ 'user': self.response_with_token(user) }) @http.route(prefix + 'user//address', auth='public', methods=['GET', 'OPTIONS']) def get_user_address_by_id(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') id = kw.get('id') user = request.env['res.users'].search([('id', '=', id)], limit=1) if not user: return self.response(code=400, description='User not found') is_verify = self.verify_user_token(id) if not is_verify: return self.response(code=401, description='Unauthorized') partners = [user] + [x for x in user.child_ids] address = [request.env['res.users'].api_address_response(x) for x in partners] return self.response(address) @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) def activation_user(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') token = kw.get('token') if not token: return self.response(code=400, description='token is required') user = request.env['res.users'].search([('activation_token', '=', token), ('active', '=', False)], limit=1) if not user: return self.response({'activation': False, 'reason': 'INVALID_TOKEN'}) user.active = True user.activation_token = '' return self.response({ 'activation': True, 'user': self.response_with_token(user) })