[19.0][MIG] auth_jwt: Migration to 19.0 #844
Conversation
Because it allows validating with a list of audiences.
Make it work with pyjwt.
pablo-cort-s73
force-pushed
the
19.0-mig-auth_jwt
branch
2 times, most recently
from
c958190 to
0e1ad1d
Compare
|
/ocabot migration auth_jwt |
sbidoul
left a comment
sbidoul
left a comment
There was a problem hiding this comment.
Thanks for this migration! Looks good, just a minor comment.
I mark it as change requested, just because it is important to not merge this until we are sure that the tests in auth_jwt_demo pass too (this was forgotten in 17 and 18). Would you like to migrate it too, starting from #846? This migration can be done in this same PR since the modules are so closely related.
| if not validators: | ||
| break | ||
| validators._register_auth_method() | ||
| offset += BATCH_SIZE |
There was a problem hiding this comment.
This is not worth the added complexitty. In this case we know that there will never be thousands of validators so search([]) is fine. Let's silence the pylint warning instead # pylint: disable=... on the search line.
pablo-cort-s73
force-pushed
the
19.0-mig-auth_jwt
branch
7 times, most recently
from
809c82b to
ff1ee24
Compare
Hello @sbidoul , I have migrated the demo module, but it seems that it does not load the demo data in the tests, since in the first test where it checks if the validator exists, it no longer finds it. Best regards, |
|
Indeed Odoo 19 does not load demo data by default. The general thinking is that this is a good thing and that tests should work independently of demo data. It makes sense to me that tests should not depend on demo data of other modules, but I kind of think depending on demo data of the module itself is okay. I'm not sure what to do with that here yet. I'll need to look closer. Ah, I see you have tried to make the linter happy on the js lib. But since that one is copied from elsewhere, it's better to keep it untouched and exclude it in |
pablo-cort-s73
force-pushed
the
19.0-mig-auth_jwt
branch
2 times, most recently
from
a8ff3c0 to
cafd0d9
Compare
|
Hello @sbidoul, have you seen or do you know how we can launch the demo data for the tests? |
pablo-cort-s73
force-pushed
the
19.0-mig-auth_jwt
branch
9 times, most recently
from
0234962 to
205e0c8
Compare
This method is useful for public endpoints that need to work for anonymous user, but can be enhanced when an authenticated user is know. A typical use case is a "add to cart" enpoint that can work for anonymous users, but can be enhanced by binding the cart to a known customer when the authenticated user is known.
The unit tests were broken for non-functional reasons (interaction with the mock) and is easier to implement as integration test.
This is necessary to avoid warnings in test logs, and it improves coverage.
pablo-cort-s73
force-pushed
the
19.0-mig-auth_jwt
branch
from
205e0c8 to
7a267ba
Compare
ProblemWhen using Keycloak as an OAuth/OIDC provider via As a result, when the user clicks "Log out" in Odoo and then goes back to the login page, clicking the SSO button logs them back in immediately because the Keycloak session is still active. This is a common expectation for OIDC-based SSO: Odoo should support RP-Initiated Logout (OIDC end_session_endpoint), or at least offer a way to redirect to the IdP logout endpoint. Environment
Steps to reproduce
Actual behaviorUser is logged in again immediately because Keycloak session was not terminated. Expected behaviorOn Odoo logout, user should also be logged out of Keycloak (or Odoo should redirect to IdP logout endpoint). Additional notes / suggestion
Thanks! |
15 participants
Migration to v19.0
18.0.1.0.0to19.0.1.0.0.Technical changes
_sql_constraintswith the new syntaxmodels.Constraint(‘UNIQUE(name)’, ...)._()toself.env._()with modernised parameter formatting.Changes to exceptions