From 3f651ead83358d7fe109e4f5ff9f003bb9a49683 Mon Sep 17 00:00:00 2001
From: Archana Vaghasiya <arva@odoo.com>
Date: Fri, 9 Jun 2023 10:31:25 +0000
Subject: [PATCH] [FIX] google_account: accessing the url without any post data

When a user tries to access the URL directly, at that time the value of
dictionary `kw` is not available. The error will be generated.

Error : KeyError: 'state'

This commit will prevent the traceback.

sentry-3947033806

closes odoo/odoo#126346

X-original-commit: dfc1a188a1219ce05456dae3335a05a83afda10a
Signed-off-by: Achraf Ben Azzouz (abz) <abz@odoo.com>
---
 addons/google_account/controllers/main.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/addons/google_account/controllers/main.py b/addons/google_account/controllers/main.py
index 99890697fc62..3326e429362f 100644
--- a/addons/google_account/controllers/main.py
+++ b/addons/google_account/controllers/main.py
@@ -2,6 +2,7 @@
 # Part of Odoo. See LICENSE file for full copyright and licensing details.
 
 import json
+from werkzeug.exceptions import BadRequest
 
 from odoo import http
 from odoo.http import request
@@ -12,11 +13,13 @@ class GoogleAuth(http.Controller):
     @http.route('/google_account/authentication', type='http', auth="public")
     def oauth2callback(self, **kw):
         """ This route/function is called by Google when user Accept/Refuse the consent of Google """
-        state = json.loads(kw['state'])
+        state = json.loads(kw.get('state', '{}'))
         dbname = state.get('d')
         service = state.get('s')
         url_return = state.get('f')
         base_url = request.httprequest.url_root.strip('/')
+        if (not dbname or not service or (kw.get('code') and not url_return)):
+            raise BadRequest()
 
         if kw.get('code'):
             access_token, refresh_token, ttl = request.env['google.service'].with_context(base_url=base_url)._get_google_tokens(kw['code'], service)
-- 
GitLab