[ADD] auth_oauth_autologin

Author: sbidoul

auth_oauth_autologin/README.rst

@@ -0,0 +1,92 @@
+====================
+Auth Oauth Autologin
+====================
+
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/13.0/auth_oauth_autologin
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-13-0/server-auth-13-0-auth_oauth_autologin
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
+    :target: https://runbot.odoo-community.org/runbot/251/13.0
+    :alt: Try me on Runbot
+
+|badge1| |badge2| |badge3| |badge4| |badge5| 
+
+This modules implements an automatic redirection to the configured OAuth
+provider login page, if there is one and only one enabled. This effectively
+makes the regular Odoo login screen invisible in normal circumstances.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+Configure OAuth providers in Settings > Users and Companies, and make sure
+there is only one that has the enabled flag set.
+
+When this is done, users visiting the login page (/web/login), or being
+redirected to it because they are not authenticated yet, will be redirected to
+the identity provider login page instead of the regular Odoo login page.
+
+Be aware that this module does not actively prevent users from authenticating
+with an login and password stored in the Odoo database. In some unusual
+circumstances (such as identity provider errors), the regular Odoo login may
+still be displayed. Securely disabling Odoo login and password, if needed,
+should be the topic of another module.
+
+Also be aware that this has a possibly surprising effect on the logout menu
+item. When the user logs out of Odoo, a redirect to the login page happens. The
+login page in turn redirects to the identity provider, which, if the user is
+already authenticated there, automatically logs the user back in Odoo, in a
+fresh session.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_oauth_autologin%0Aversion:%2013.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* ACSONE SA/NV
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/13.0/auth_oauth_autologin>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_oauth_autologin/__init__.py

@@ -0,0 +1,2 @@
+from . import controllers
+from . import models

auth_oauth_autologin/__manifest__.py

@@ -0,0 +1,16 @@
+# Copyright 2021 ACSONE SA/NV
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Auth Oauth Autologin",
+    "summary": """
+        Automatically redirect to the OAuth provider for login""",
+    "version": "13.0.1.0.0",
+    "license": "AGPL-3",
+    "author": "ACSONE SA/NV,Odoo Community Association (OCA)",
+    "maintainers": ["sbidoul"],
+    "website": "https://github.com/OCA/server-auth",
+    "depends": ["auth_oauth"],
+    "data": ["views/auth_oauth_provider.xml"],
+    "demo": [],
+}

auth_oauth_autologin/controllers/__init__.py

@@ -0,0 +1 @@
+from . import main

auth_oauth_autologin/controllers/main.py

@@ -0,0 +1,35 @@
+# Copyright 2021 ACSONE SA/NV
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import werkzeug
+
+from odoo import http
+
+from odoo.addons.auth_oauth.controllers.main import OAuthLogin
+
+
+class OAuthAutoLogin(OAuthLogin):
+    def _autologin_disabled(self):
+        return (
+            "no_autologin" in http.request.params
+            or "oauth_error" in http.request.params
+            or "error" in http.request.params
+        )
+
+    def _autologin_link(self):
+        providers = [p for p in self.list_providers() if p.get("autologin")]
+        if len(providers) == 1:
+            return providers[0].get("auth_link")
+
+    @http.route()
+    def web_login(self, *args, **kw):
+        response = super().web_login(*args, **kw)
+        if not response.is_qweb:
+            # presumably a redirect already
+            return response
+        if self._autologin_disabled():
+            return response
+        auth_link = self._autologin_link()
+        if not auth_link:
+            return response
+        return werkzeug.utils.redirect(auth_link, 303)

auth_oauth_autologin/models/__init__.py

@@ -0,0 +1 @@
+from . import auth_oauth_provider

auth_oauth_autologin/models/auth_oauth_provider.py

@@ -0,0 +1,16 @@
+# Copyright 2021 ACSONE SA/NV <https://acsone.eu>
+# License: AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+
+from odoo import fields, models
+
+
+class AuthOauthProvider(models.Model):
+    _inherit = "auth.oauth.provider"
+
+    autologin = fields.Boolean(
+        string="Automatic Login",
+        help=(
+            "If exactly one enabled provider has this checked, "
+            "the login screen redirects to the OAuth provider."
+        ),
+    )

auth_oauth_autologin/readme/CONFIGURE.rst

@@ -0,0 +1,19 @@
+Configure OAuth providers in Settings > Users and Companies, and make sure
+there is one and only one that has both the enabled and automatic login flags
+set.
+
+When this is done, users visiting the login page (/web/login), or being
+redirected to it because they are not authenticated yet, will be redirected to
+the identity provider login page instead of the regular Odoo login page.
+
+Be aware that this module does not actively prevent users from authenticating
+with an login and password stored in the Odoo database. In some unusual
+circumstances (such as identity provider errors), the regular Odoo login may
+still be displayed. Securely disabling Odoo login and password, if needed,
+should be the topic of another module.
+
+Also be aware that this has a possibly surprising effect on the logout menu
+item. When the user logs out of Odoo, a redirect to the login page happens. The
+login page in turn redirects to the identity provider, which, if the user is
+already authenticated there, automatically logs the user back in Odoo, in a
+fresh session.

auth_oauth_autologin/readme/DESCRIPTION.rst

@@ -0,0 +1,3 @@
+This modules implements an automatic redirection to the configured OAuth
+provider login page, if there is one and only one enabled. This effectively
+makes the regular Odoo login screen invisible in normal circumstances.

auth_oauth_autologin/readme/USAGE.rst

@@ -0,0 +1,3 @@
+When configured, the Odoo login page redirects to the OAuth identify provider
+for authentication and login in Odoo. To access the regular Odoo login page,
+visit ``/web/login?no_autologin``.