[ADD] auth_oauth_autoredirect

auth_oauth_autoredirect/README.rst

@@ -0,0 +1,88 @@
+==================================
+OAuth2 Authentication Autoredirect
+==================================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:a407434cc13674942d02c5b874f84dd4e78594e03e4b8b3af7ce846fbb0b44cc
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/16.0/auth_oauth_autoredirect
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_oauth_autoredirect
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module adds autoredirection to an oauth provider.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+If all the users have a oauth id in a single provider, you can set automatic redirection
+in the provider settings. The autoredirection will only be done on the active provider
+with the highest priority. It is still possible to access the login without redirection
+by using the query parameter ``disable_autoredirect``, as in
+``https://example.com/web/login?disable_autoredirect=`` The login is also displayed if
+there is an error with login, in order to display any error message.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_oauth_autoredirect%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* XCG Consulting
+
+Contributors
+~~~~~~~~~~~~
+
+* `XCG Consulting <https://xcg-consulting.fr/>`__:
+
+  * Vincent Hatakeyama <vincent.hatakeyama@xcg-consulting.fr>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/auth_oauth_autoredirect>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_oauth_autoredirect/__init__.py

@@ -0,0 +1 @@
+from . import controllers, models

auth_oauth_autoredirect/__manifest__.py

@@ -0,0 +1,17 @@
+# Copyright (C) 2024 XCG Consulting <http://odoo.consulting>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "OAuth2 Authentication Autoredirect",
+    "version": "16.0.1.0.0",
+    "category": "Hidden/Tools",
+    "author": "XCG Consulting, Odoo Community Association (OCA)",
+    "website": "https://github.com/OCA/server-auth",
+    "license": "AGPL-3",
+    "depends": ["auth_oauth"],
+    "data": [
+        "views/auth_oauth_provider.xml",
+    ],
+    "installable": True,
+    "auto_install": False,
+}

auth_oauth_autoredirect/controllers/__init__.py

@@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import main

auth_oauth_autoredirect/controllers/main.py

@@ -0,0 +1,69 @@
+# Copyright (C) 2020 GlodoUK <https://www.glodo.uk/>
+# Copyright (C) 2010-2016, 2022-2024 XCG Consulting <https://xcg-consulting.fr/>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import werkzeug.utils
+
+from odoo import http
+from odoo.http import request
+
+from odoo.addons.auth_oauth.controllers.main import OAuthLogin
+from odoo.addons.web.controllers.utils import ensure_db
+
+
+# ----------------------------------------------------------
+# Controller
+# ----------------------------------------------------------
+class OAuthAutoredirectLogin(OAuthLogin):
+    """OAuth controller with autoredirect added"""
+
+    def list_providers_with_autoredirect(self):
+        providers = self.list_providers()
+        saml_providers = {
+            search_read["id"]
+            for search_read in request.env["auth.oauth.provider"]
+            .sudo()
+            .search_read([("autoredirect", "=", True)], ["id"])
+        }
+        return [provider for provider in providers if provider["id"] in saml_providers]
+
+    def _oauth_autoredirect(self):
+        # automatically redirect if any provider is set up to do that
+        autoredirect_providers = self.list_providers_with_autoredirect()
+        # do not redirect if asked too or if an error has been found
+        disable_autoredirect = (
+            "disable_autoredirect" in request.params or "error" in request.params
+        )
+        if autoredirect_providers and not disable_autoredirect:
+            return werkzeug.utils.redirect(
+                autoredirect_providers[0]["auth_link"],
+                303,
+            )
+        return None
+
+    @http.route()
+    def web_client(self, s_action=None, **kw):
+        if not request.session.uid:
+            result = self._oauth_autoredirect()
+            if result:
+                return result
+        return super().web_client(s_action, **kw)
+
+    @http.route()
+    def web_login(self, *args, **kw):
+        ensure_db()
+        # copied from super
+        if (
+            request.httprequest.method == "GET"
+            and request.session.uid
+            and request.params.get("redirect")
+        ):
+            # Redirect if already logged in and redirect param is present
+            return request.redirect(request.params.get("redirect"))
+
+        if request.httprequest.method == "GET":
+            result = self._oauth_autoredirect()
+            if result:
+                return result
+
+        return super().web_login(*args, **kw)

auth_oauth_autoredirect/models/__init__.py

@@ -0,0 +1 @@
+from . import auth_oauth_provider

auth_oauth_autoredirect/models/auth_oauth_provider.py

@@ -0,0 +1,15 @@
+# Copyright 2024 XCG Consulting <https://xcg-consulting.fr>
+# License: AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+
+from odoo import fields, models
+
+
+class AuthOauthProvider(models.Model):
+    _inherit = "auth.oauth.provider"
+
+    autoredirect = fields.Boolean(
+        "Automatic Redirection",
+        default=False,
+        help="Only the provider with the higher priority will be automatically "
+        "redirected",
+    )

auth_oauth_autoredirect/readme/CONFIGURE.rst

@@ -0,0 +1,6 @@
+If all the users have a oauth id in a single provider, you can set automatic redirection
+in the provider settings. The autoredirection will only be done on the active provider
+with the highest priority. It is still possible to access the login without redirection
+by using the query parameter ``disable_autoredirect``, as in
+``https://example.com/web/login?disable_autoredirect=`` The login is also displayed if
+there is an error with login, in order to display any error message.

auth_oauth_autoredirect/readme/CONTRIBUTORS.rst

@@ -0,0 +1,3 @@
+* `XCG Consulting <https://xcg-consulting.fr/>`__:
+
+  * Vincent Hatakeyama <vincent.hatakeyama@xcg-consulting.fr>

auth_oauth_autoredirect/readme/DESCRIPTION.rst

@@ -0,0 +1 @@
+This module adds autoredirection to an oauth provider.

auth_oauth_autoredirect/views/auth_oauth_provider.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" ?>
+<odoo>
+    <record model="ir.ui.view" id="view_oidc_provider_form">
+        <field name="name">auth.oidc.provider.form</field>
+        <field name="model">auth.oauth.provider</field>
+        <field name="inherit_id" ref="auth_oauth.view_oauth_provider_form" />
+        <field name="arch" type="xml">
+            <field name="enabled" position="after">
+                <field name="autoredirect" />
+            </field>
+        </field>
+    </record>
+</odoo>

setup/auth_oauth_autoredirect/odoo/addons/auth_oauth_autoredirect

@@ -0,0 +1 @@
+../../../../auth_oauth_autoredirect

setup/auth_oauth_autoredirect/setup.py

@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)