[IMP] auth_oidc: Add _auth_oauth_signing to (un)link from groups

Thanks to 4204bd8 @hbrunn & @26hpredraglazarevic
OCA · Aug 28, 2024 · 96788d5 · 96788d5
1 parent 62a5bdd
commit 96788d5
Showing 1 changed file with 36 additions and 0 deletions.
diff --git a/auth_oidc/models/res_users.py b/auth_oidc/models/res_users.py
@@ -8,6 +8,7 @@
 
 from odoo import api, models
 from odoo.exceptions import AccessDenied
+from odoo.fields import Command
 from odoo.http import request
 
 _logger = logging.getLogger(__name__)
@@ -44,6 +45,41 @@ def _auth_oauth_get_tokens_auth_code_flow(self, oauth_provider, params):
         # https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
         return response_json.get("access_token"), response_json.get("id_token")
 
+    @api.model
+    def _auth_oauth_signin(self, provider, validation, params):
+        """
+        retrieve and sign in the user corresponding to provider and validated
+        access token
+
+        :param provider: oauth provider id (int)
+        :param validation: result of validation of access token (dict)
+        :param params: oauth parameters (dict)
+        :return: user login (str)
+        :raise: AccessDenied if signin failed
+        """
+        login = super()._auth_oauth_signin(provider, validation, params)
+        user = self.search([("login", "=", login)])
+        oauth_provider = self.env["auth.oauth.provider"].browse(provider)
+        # Assume the groups are exclusively managed via OAuth 'groups'
+        if user and oauth_provider.groups_field in validation:
+            group_updates = []
+            for group_line in oauth_provider.group_line_ids:
+                if group_line.oauth_group_name in validation.get(
+                    oauth_provider.groups_field
+                ):
+                    _logger.debug(
+                        f"Add user {user.id} to the group {group_line.group_id.id}"
+                    )
+                    group_updates.append((Command.LINK, group_line.group_id.id))
+                else:
+                    _logger.debug(
+                        f"Remove user {user.id} from the group {group_line.group_id.id}"
+                    )
+                    group_updates.append((Command.UNLINK, group_line.group_id.id))
+            if group_updates:
+                user.write({"groups_id": group_updates})
+        return login
+
     @api.model
     def auth_oauth(self, provider, params):
         oauth_provider = self.env["auth.oauth.provider"].browse(provider)