Added reset password endpoint and method

b9cb25a3 · Benjami · 3345ce79 · b9cb25a3 · b9cb25a3 · b9cb25a3
Commit b9cb25a3 authored 1 year ago by Benjami
--- a/energy_communities/models/auth_oauth_provider.py
+++ b/energy_communities/models/auth_oauth_provider.py
@@ -8,6 +8,7 @@ URL_AUTH = "{root_endpoint}realms/{realm_name}/protocol/openid-connect/auth"
 URL_VALIDATION = "{root_endpoint}realms/{realm_name}/protocol/openid-connect/userinfo"
 URL_TOKEN = "{root_endpoint}realms/{realm_name}/protocol/openid-connect/token"
 URL_JWKS = "{root_endpoint}realms/{realm_name}/protocol/openid-connect/certs"
+URL_RESET_PASSWORD = "{root_endpoint}admin/realms/{realm_name}/users/{kc_uid}/execute-actions-email?redirect_uri={odoo_url}&client_id={cliend_id}"


 class OAuthProvider(models.Model):
@@ -22,6 +23,8 @@ class OAuthProvider(models.Model):
    admin_user_endpoint = fields.Char(string='User admin URL', required=True)
    root_endpoint = fields.Char(string='Root URL', required=True, default='http://keycloak-ccee.local:8080/auth/')
    realm_name = fields.Char(string='Realm name', required=True, default='0')
+    reset_password_endpoint = fields.Char(string='Reset password URL', required=True)
+    redirect_admin_url = fields.Char(string='Redirect Link after update password', required=True)

    def validate_admin_provider(self):
        if not self.client_secret:
@@ -31,6 +34,7 @@ class OAuthProvider(models.Model):

    @api.onchange('root_endpoint')
    def _onchange_root_endpoint(self):
+        # TODO: Duplicated code? 🤔
        if self.is_keycloak_provider and self.root_endpoint and self.realm_name:
            self.admin_user_endpoint = URL_ADMIN_USERS.format(**{'root_endpoint': self.root_endpoint,
                                                                 'realm_name': self.realm_name})
@@ -42,9 +46,17 @@ class OAuthProvider(models.Model):
                                                      'realm_name': self.realm_name})
            self.jwks_uri = URL_JWKS.format(**{'root_endpoint': self.root_endpoint,
                                               'realm_name': self.realm_name})
+            self.reset_password_endpoint = URL_RESET_PASSWORD.format(
+                root_endpoint=self.root_endpoint,
+                realm_name=self.realm_name,
+                kc_uid='{kc_uid}',
+                odoo_url=self.redirect_admin_url,
+                cliend_id=self.client_id,
+            )

    @api.onchange('realm_name')
    def _onchange_realm_name(self):
+        # TODO: Duplicated code? 🤔
        if self.is_keycloak_provider and self.root_endpoint and self.realm_name:
            self.admin_user_endpoint = URL_ADMIN_USERS.format(**{'root_endpoint': self.root_endpoint,
                                                                 'realm_name': self.realm_name})
@@ -56,6 +68,13 @@ class OAuthProvider(models.Model):
                                                      'realm_name': self.realm_name})
            self.jwks_uri = URL_JWKS.format(**{'root_endpoint': self.root_endpoint,
                                               'realm_name': self.realm_name})
+            self.reset_password_endpoint = URL_RESET_PASSWORD.format(
+                root_endpoint=self.root_endpoint,
+                realm_name=self.realm_name,
+                kc_uid='{kc_uid}',
+                odoo_url=self.redirect_admin_url,
+                cliend_id=self.client_id,
+            )

    def get_auth_link(self):
        self.ensure_one()

--- a/energy_communities/models/res_users.py
+++ b/energy_communities/models/res_users.py
@@ -193,3 +193,20 @@ class ResUsers(models.Model):
            for company in role_line.allowed_company_ids:
                communities.append(company.id)
        return communities
+
+    def send_reset_password_mail(self):
+        provider_id = self.env.ref('energy_communities.keycloak_admin_provider')
+        provider_id.validate_admin_provider()
+        headers = {
+            'Authorization': 'Bearer %s' % self._get_admin_token(provider_id)
+        }
+        headers['Content-Type'] = "application/json"
+
+        endpoint = provider_id.reset_password_endpoint.format(
+            kc_uid = self.oauth_uid
+        )
+        response = requests.put(endpoint, headers=headers, data='["UPDATE_PASSWORD"]')
+        if response.status_code != 204:
+            raise exceptions.UserError(
+                _('Something went wrong. Mail can not be sended. More details: {}').format(response.json())
+            )
--- a/energy_communities/views/auth_oauth_views.xml
+++ b/energy_communities/views/auth_oauth_views.xml
@@ -16,6 +16,10 @@
                ('is_keycloak_provider', '=', False)]}"/>
                <field name="admin_user_endpoint" attrs="{'invisible': ['|', ('is_admin_provider','=',False),
                ('is_keycloak_provider', '=', False)]}"/>
+                <field name="redirect_admin_url" attrs="{'invisible': ['|', ('is_admin_provider','=',False),
+                ('is_keycloak_provider', '=', False)]}"/>
+                <field name="reset_password_endpoint" attrs="{'invisible': ['|', ('is_admin_provider','=',False),
+                ('is_keycloak_provider', '=', False)]}"/>
            </xpath>
        </field>
    </record>