Merge branch '602-on-17-0-1-2-1' into openspp-17.0.1.2.1

kneckinator · kneckinator · commit 7ef10a4d45fc · 2024-10-04T12:42:50.000+07:00
diff --git a/spp_api/controllers/pinguin.py b/spp_api/controllers/pinguin.py
@@ -36,7 +36,7 @@
 
 # fmt: off
 from odoo.addons.spp_base_api.lib.pinguin import error_response, get_dict_from_record, get_model_for_read
-from odoo.addons.spp_oauth.tools.rsa_encode_decode import verify_and_decode_signature
+from odoo.addons.spp_oauth.tools.rsa_encode_decode import OpenSPPOAuthJWTException, verify_and_decode_signature
 
 # fmt: on
 from odoo.addons.web.controllers.main import ReportController
@@ -231,9 +231,12 @@ def get_data_from_bearer_auth_header(header):
                                               in the wrong format
     """
     normalized_token = header.replace("Bearer ", "").replace("\\n", "").encode("utf-8")
-    decoded, res = verify_and_decode_signature(normalized_token)
-    if not decoded:
-        raise werkzeug.exceptions.HTTPException(response=error_response(*CODE__no_user_auth))
+
+    try:
+        res = verify_and_decode_signature(normalized_token)
+    except OpenSPPOAuthJWTException as e:
+        raise werkzeug.exceptions.HTTPException(response=error_response(*CODE__no_user_auth)) from e
+
     if not all([key in res.keys() for key in ("database", "token")]):
         err_descrip = 'Bearer auth header payload must include "database" & "token"'
         raise werkzeug.exceptions.HTTPException(response=error_response(500, "Invalid header", err_descrip))
diff --git a/spp_base_gis_rest/controllers/controllers.py b/spp_base_gis_rest/controllers/controllers.py
@@ -6,7 +6,7 @@
 from odoo.http import Controller, request, route
 from odoo.tools import date_utils
 
-from odoo.addons.spp_oauth.tools import verify_and_decode_signature
+from odoo.addons.spp_oauth.tools import OpenSPPOAuthJWTException, verify_and_decode_signature
 
 ALLOWED_LAYER_TYPE = [
     "point",
@@ -107,7 +107,12 @@ def verify_auth_header():
 
     if auth_header.startswith("Bearer "):
         access_token = auth_header.replace("Bearer ", "").replace("\\n", "").encode("utf-8")
-        verified, _ = verify_and_decode_signature(access_token)
+        try:
+            verify_and_decode_signature(access_token)
+            verified = True
+        except OpenSPPOAuthJWTException:
+            verified = False
+
     elif auth_header.startswith("Basic "):
         access_token = auth_header.replace("Basic ", "").replace("\\n", "").encode("utf-8")
         verified = verify_and_decode_token(access_token)
diff --git a/spp_base_gis_rest/models/api_client_credentials.py b/spp_base_gis_rest/models/api_client_credentials.py
@@ -1,4 +1,5 @@
 import calendar
+import os
 import uuid
 from datetime import datetime, timedelta
 
@@ -7,6 +8,8 @@
 
 from odoo.addons.spp_oauth.tools import calculate_signature
 
+TOKEN_EXPIRATION_MIN = os.environ.get("SPP_BASE_GIS_TOKEN_EXP_MIN", 10)
+
 
 class GisApiClientCredential(models.Model):
     _name = "spp.gis.api.client.credential"
@@ -65,14 +68,12 @@ def _generate_client_token(self):
         ),
     ]
 
-    TOKEN_EXPIRATION_MIN = 10
-
     ALLOW_EXPORT = False
 
     @api.model
     def generate_access_token(self):
         today = datetime.today()
-        expiry_datetime = today + timedelta(minutes=self.TOKEN_EXPIRATION_MIN)
+        expiry_datetime = today + timedelta(minutes=TOKEN_EXPIRATION_MIN)
 
         header = {"alg": "RS256", "typ": "JWT"}
         payload = {
diff --git a/spp_dci_api_server/controllers/controllers.py b/spp_dci_api_server/controllers/controllers.py
@@ -9,7 +9,7 @@
 from odoo.service.db import list_dbs
 from odoo.tools import date_utils
 
-from odoo.addons.spp_oauth.tools import verify_and_decode_signature
+from odoo.addons.spp_oauth.tools import OpenSPPOAuthJWTException, verify_and_decode_signature
 
 from ..tools import constants
 
@@ -139,9 +139,9 @@ def retrieve_registry(self, **kw):
 
         access_token = auth_header.replace("Bearer ", "").replace("\\n", "").encode("utf-8")
 
-        verified, payload = verify_and_decode_signature(access_token)
-
-        if not verified:
+        try:
+            payload = verify_and_decode_signature(access_token)
+        except OpenSPPOAuthJWTException:
             return error_wrapper(401, "Invalid Access Token.")
 
         req = request
diff --git a/spp_dci_api_server/models/client_credentials.py b/spp_dci_api_server/models/client_credentials.py
@@ -1,4 +1,5 @@
 import calendar
+import os
 import uuid
 from datetime import datetime, timedelta
 
@@ -7,6 +8,8 @@
 
 from odoo.addons.spp_oauth.tools import calculate_signature
 
+TOKEN_EXPIRATION_MIN = os.environ.get("SPP_DCI_API_SERVER_TOKEN_EXP_MIN", 10)
+
 
 class ClientCredential(models.Model):
     _name = "spp.dci.api.client.credential"
@@ -43,14 +46,12 @@ def _generate_client_secret(self):
         ),
     ]
 
-    TOKEN_EXPIRATION_MIN = 10
-
     ALLOW_EXPORT = False
 
     @api.model
     def generate_access_token(self, db_name):
         today = datetime.today()
-        expiry_datetime = today + timedelta(minutes=self.TOKEN_EXPIRATION_MIN)
+        expiry_datetime = today + timedelta(minutes=TOKEN_EXPIRATION_MIN)
 
         header = {"alg": "RS256", "typ": "JWT"}
         payload = {
diff --git a/spp_dci_api_server/views/client_credentials_view.xml b/spp_dci_api_server/views/client_credentials_view.xml
@@ -51,7 +51,9 @@
                     <field name="client_id" widget="CopyClipboardChar" string="Client ID" />
                     <field name="client_secret" widget="CopyClipboardChar" />
                 </group>
+                <footer>
                     <button string="OK" special="cancel" class="oe_highlight" />
+                </footer>
             </sheet>
         </form>
     </field>
diff --git a/spp_import_dci_api/models/fetch_crvs_beneficiary.py b/spp_import_dci_api/models/fetch_crvs_beneficiary.py
@@ -201,10 +201,13 @@ def create_locations(self):
 
             if location_path:
                 url = f"{data_source_id.url}{location_path}"
-                response = requests.get(url, timeout=constants.REQUEST_TIMEOUT)
-                if response.ok:
-                    result = response.json()
-                    self.process_location(result)
+                try:
+                    response = requests.get(url, timeout=constants.REQUEST_TIMEOUT)
+                    if response.ok:
+                        result = response.json()
+                        self.process_location(result)
+                except requests.exceptions.ConnectionError as e:
+                    _logger.error(e)
 
     def get_parent(self):
         """
diff --git a/spp_import_dci_api/tools/__init__.py b/spp_import_dci_api/tools/__init__.py
@@ -1,2 +1 @@
 from .field_onchange import field_onchange
-from .calculate_signature import calculate_signature
diff --git a/spp_import_dci_api/tools/calculate_signature.py b/spp_import_dci_api/tools/calculate_signature.py
diff --git a/spp_oauth/tests/test_rsa_encode_decode.py b/spp_oauth/tests/test_rsa_encode_decode.py
@@ -15,16 +15,13 @@ def test_calculate_signature(self, mock_encode):
         signature = calculate_signature(header, payload)
 
         self.assertEqual(signature, "mocked_signature")
-        mock_encode.assert_called_once_with(headers=header, payload=payload, key="", algorithm="RS256")
 
     @patch("odoo.addons.spp_oauth.tools.rsa_encode_decode.jwt.decode")
     def test_verify_and_decode_signature(self, mock_decode):
         mock_decode.return_value = {"data": "test"}
 
         access_token = "mocked_access_token"
 
-        success, decoded = verify_and_decode_signature(access_token)
+        decoded = verify_and_decode_signature(access_token)
 
-        self.assertTrue(success)
         self.assertEqual(decoded, {"data": "test"})
-        mock_decode.assert_called_once_with(access_token, key="", algorithms=["RS256"])
diff --git a/spp_oauth/tools/__init__.py b/spp_oauth/tools/__init__.py
@@ -1,2 +1,3 @@
 from .rsa_encode_decode import calculate_signature
 from .rsa_encode_decode import verify_and_decode_signature
+from .oauth_exception import OpenSPPOAuthJWTException
diff --git a/spp_oauth/tools/oauth_exception.py b/spp_oauth/tools/oauth_exception.py
@@ -0,0 +1,10 @@
+import logging
+
+# Configure the logging
+logging.basicConfig(level=logging.ERROR, format="%(asctime)s - %(levelname)s - %(message)s")
+
+
+class OpenSPPOAuthJWTException(Exception):
+    def __init__(self, message):
+        super().__init__(message)
+        logging.error(message)
diff --git a/spp_oauth/tools/rsa_encode_decode.py b/spp_oauth/tools/rsa_encode_decode.py
@@ -1,23 +1,42 @@
+import os
+
 import jwt  # pylint: disable=missing-manifest-dependency
 
-from odoo.tools.misc import file_open
+from .oauth_exception import OpenSPPOAuthJWTException
 
 JWT_ALGORITHM = "RS256"
 
+# Initialize cache variables to None
+_privkey = None
+_pubkey = None
+
+
+def get_private_key():
+    global _privkey
+    if _privkey is None:
+        private_key_path = os.environ.get("SPP_OAUTH_RSA_PRIV_KEY_PATH", "/etc/secrets/private_key.pem")
+        with open(private_key_path) as privatefile:
+            _privkey = privatefile.read()
+    return _privkey
 
-with file_open("spp_oauth/tools/private_key.pem") as privatefile:
-    privkey = privatefile.read()
 
-with file_open("spp_oauth/tools/public_key.pub") as publicfile:
-    pubkey = publicfile.read()
+def get_public_key():
+    global _pubkey
+    if _pubkey is None:
+        public_key_path = os.environ.get("SPP_OAUTH_RSA_PUB_KEY_PATH", "/etc/secrets/public_key.pub")
+        with open(public_key_path) as publicfile:
+            _pubkey = publicfile.read()
+    return _pubkey
 
 
 def calculate_signature(header, payload):
+    privkey = get_private_key()
     return jwt.encode(headers=header, payload=payload, key=privkey, algorithm=JWT_ALGORITHM)
 
 
 def verify_and_decode_signature(access_token):
+    pubkey = get_public_key()
     try:
-        return True, jwt.decode(access_token, key=pubkey, algorithms=[JWT_ALGORITHM])
+        return jwt.decode(access_token, key=pubkey, algorithms=[JWT_ALGORITHM])
     except Exception as e:
-        return False, str(e)
+        raise OpenSPPOAuthJWTException(str(e)) from e

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1 @@`
`1`	`1`	`from .field_onchange import field_onchange`
`2`		`-from .calculate_signature import calculate_signature`