# -*- coding: utf-8 -*- # Part of Odoo. See LICENSE file for full copyright and licensing details. import json import logging from werkzeug.exceptions import Forbidden from odoo import _, http from odoo.exceptions import UserError from odoo.http import request from odoo.tools import consteq _logger = logging.getLogger(__name__) class GoogleGmailController(http.Controller): @http.route('/google_gmail/confirm', type='http', auth='user') def google_gmail_callback(self, code=None, state=None, error=None, **kwargs): """Callback URL during the OAuth process. Gmail redirects the user browser to this endpoint with the authorization code. We will fetch the refresh token and the access token thanks to this authorization code and save those values on the given mail server. """ if not request.env.user.has_group('base.group_system'): _logger.error('Google Gmail: non-system user trying to link an Gmail account.') raise Forbidden() if error: return _('An error occur during the authentication process.') try: state = json.loads(state) model_name = state['model'] rec_id = state['id'] csrf_token = state['csrf_token'] except Exception: _logger.error('Google Gmail: Wrong state value %r.', state) raise Forbidden() model = request.env[model_name] if not isinstance(model, request.env.registry['google.gmail.mixin']): # The model must inherits from the "google.gmail.mixin" mixin raise Forbidden() record = model.browse(rec_id).exists() if not record: raise Forbidden() if not csrf_token or not consteq(csrf_token, record._get_gmail_csrf_token()): _logger.error('Google Gmail: Wrong CSRF token during Gmail authentication.') raise Forbidden() try: refresh_token, access_token, expiration = record._fetch_gmail_refresh_token(code) except UserError: return _('An error occur during the authentication process.') record.write({ 'google_gmail_access_token': access_token, 'google_gmail_access_token_expiration': expiration, 'google_gmail_authorization_code': code, 'google_gmail_refresh_token': refresh_token, }) url = f'/odoo/{model_name}/{rec_id}' return request.redirect(url)