问题
I have a requirement where I need to have a redirect from the external php system to Odoo, and the user should be logged in as well. I thought of the following two ways to get this done:
A url redirection from the php side which calls a particular controller,and pass the credentials alongiwth the url, which is not a secure option for obvious reasons
A call of method using xmlrpc from php, and pass the necessary arguments along from php, use the arguments to sign in and then in the method over here a call for redirect is made. Will have to check further whether this method will work, as the controller and normal functions work in different ways when it comes to redirections within odoo.
Please suggest as to which way would be better or are there any other ways to get this done which might be simpler. And, would it make sense to add a new method in the openerp/service/common.py and call that method, and then will it be possible to redirect to the odoo logged in page from there?
Hoping for inputs on the above, and I also hope that this helps out with other external system integration queries which are frequent in Odoo.
Thanks And Regards, Yaseen Shareef
回答1:
In your php code you could make a jsonrpc call to /web/session/authenticate and receive the session_id in the response. You could pass the session_id as the hash of your url in your redirect. Create a page in odoo that uses javascript to read the hash and write the cookie "session_id=733a54f4663629ffb89d3895f357f6b1715e8666" (obviously an example) to your browser on your odoo page. At this point you should be able to navigate in odoo as the user you authenticated as in your php code.
from requests import Request,Session
import json
base_url = "127.0.0.1:8069"
url = "%s/web/session/authenticate" % base_url
db = <db_name>
user = <login>
passwd = <password>
s = Session()
data = {
'jsonrpc': '2.0',
'params': {
'context': {},
'db': db,
'login': user,
'password': passwd,
},
}
headers = {
'Content-type': 'application/json'
}
req = Request('POST',url,data=json.dumps(data),headers=headers)
prepped = req.prepare()
resp = s.send(prepped)
r_data = json.loads(resp.text)
session_id = r_data['result']['session_id']
This example uses vanilla curl. Which I know is not php however I may update this post later for php. The principle still stands however. Just convert this curl to php.
How you pass this session_id with your redirect is up to you. There are security concerns which you will need to be wary of. So be careful not to pass the session_id insecurely or someone could sniff it and become your logged in user.
This is an example (untested), you will have to create json encoded string similar to the curl example I provided above. Hope this helps.
$data = <your_json_data>
$data_string = json_encode($data);
$ch = curl_init('http://127.0.0.1:8069/web/session/authenticate');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($data_string))
);
$result = curl_exec($ch);
Once you have your session_id you will redirect to your odoo server to a route which is handled by a controller in your addon.
Controller
imports ...
class MyAddon(http.Controller):
@http.route('/path/for/controller', type='http', auth='public', website=True)
def ext_login_redirect(self, **kw):
return http.request.render('myaddon.template',{})
The important part is that the hash in the url contains the session_id you obtained in your php.
Your template your_template.xml
<openerp>
<data>
<template id="template" name="Redirect Template" page="True">
document.cookie = "session_id=" + window.location.hash;
window.location = "127.0.0.1:8069/web";
</template>
</data>
</openerp>
来源:https://stackoverflow.com/questions/39609130/login-to-odoo-from-external-php-system