Skip to content
Snippets Groups Projects
Commit d0dbbe23 authored by Xavier Morel's avatar Xavier Morel Committed by Olivier Dony
Browse files

[ADD] base: API keys support 


* ability for a user to request / create keys associated to their user
* overrides can block RPC solely through API keys, by overriding
  `_rpc_api_keys_only()` (to require API auth even in
  situations where the user has not requested it themselves)
* hash keys just in case as we can do so and might as well, add a
  cleartext index (first 4 bytes of 20) to avoid blowing up the DB if
  a user decides to create millions of keys for some daft reason
* users can delete their own keys, admins can delete (invalidate)
  anyone's keys
* `scope` on API keys can be used to restrict usage to certain
  kind of applications, so API keys can be used for other things
  than global authentication. New keys manually created by users
  have no scope by default so they are valid everywhere (global
  keys). RPC auth (stateless XML-RPC/JSON-RPC) requires global keys

Co-authored-by: default avatarFlorimond Husquinet <fhu@odoo.com>
Co-authored-by: default avatarOlivier Dony <odo@odoo.com>
parent 9f82605d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 581 additions and 13 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment