From a43367b3be863fbb87cd2019f42178ef1e7720c3 Mon Sep 17 00:00:00 2001
From: Quentin Groulard <quentin.groulard@acsone.eu>
Date: Fri, 1 Dec 2023 10:18:35 +0100
Subject: [PATCH 1/2] [ADD] shopinvader_api_signin_jwt

---
 .../odoo/addons/shopinvader_api_signin_jwt    |   1 +
 setup/shopinvader_api_signin_jwt/setup.py     |   6 +
 shopinvader_api_signin_jwt/README.rst         |  67 +++
 shopinvader_api_signin_jwt/__init__.py        |   1 +
 shopinvader_api_signin_jwt/__manifest__.py    |  18 +
 .../readme/CONTRIBUTORS.rst                   |   1 +
 .../readme/DESCRIPTION.rst                    |   2 +
 shopinvader_api_signin_jwt/readme/ROADMAP.rst |   2 +
 .../routers/__init__.py                       |   1 +
 shopinvader_api_signin_jwt/routers/signin.py  |  55 +++
 .../security/acl_res_partner.xml              |  15 +
 .../security/res_groups.xml                   |  15 +
 .../static/description/index.html             | 425 ++++++++++++++++++
 shopinvader_api_signin_jwt/tests/__init__.py  |   1 +
 .../tests/test_signin.py                      |  80 ++++
 15 files changed, 690 insertions(+)
 create mode 120000 setup/shopinvader_api_signin_jwt/odoo/addons/shopinvader_api_signin_jwt
 create mode 100644 setup/shopinvader_api_signin_jwt/setup.py
 create mode 100644 shopinvader_api_signin_jwt/README.rst
 create mode 100644 shopinvader_api_signin_jwt/__init__.py
 create mode 100644 shopinvader_api_signin_jwt/__manifest__.py
 create mode 100644 shopinvader_api_signin_jwt/readme/CONTRIBUTORS.rst
 create mode 100644 shopinvader_api_signin_jwt/readme/DESCRIPTION.rst
 create mode 100644 shopinvader_api_signin_jwt/readme/ROADMAP.rst
 create mode 100644 shopinvader_api_signin_jwt/routers/__init__.py
 create mode 100644 shopinvader_api_signin_jwt/routers/signin.py
 create mode 100644 shopinvader_api_signin_jwt/security/acl_res_partner.xml
 create mode 100644 shopinvader_api_signin_jwt/security/res_groups.xml
 create mode 100644 shopinvader_api_signin_jwt/static/description/index.html
 create mode 100644 shopinvader_api_signin_jwt/tests/__init__.py
 create mode 100644 shopinvader_api_signin_jwt/tests/test_signin.py

diff --git a/setup/shopinvader_api_signin_jwt/odoo/addons/shopinvader_api_signin_jwt b/setup/shopinvader_api_signin_jwt/odoo/addons/shopinvader_api_signin_jwt
new file mode 120000
index 0000000000..15a95e6209
--- /dev/null
+++ b/setup/shopinvader_api_signin_jwt/odoo/addons/shopinvader_api_signin_jwt
@@ -0,0 +1 @@
+../../../../shopinvader_api_signin_jwt
\ No newline at end of file
diff --git a/setup/shopinvader_api_signin_jwt/setup.py b/setup/shopinvader_api_signin_jwt/setup.py
new file mode 100644
index 0000000000..28c57bb640
--- /dev/null
+++ b/setup/shopinvader_api_signin_jwt/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)
diff --git a/shopinvader_api_signin_jwt/README.rst b/shopinvader_api_signin_jwt/README.rst
new file mode 100644
index 0000000000..b51b529b53
--- /dev/null
+++ b/shopinvader_api_signin_jwt/README.rst
@@ -0,0 +1,67 @@
+==========================
+Shopinvader Api Signin JWT
+==========================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:0c78d267b23414519ffd0969275305ffdcffeb4dcea4e76f63c2d8d3d0d35735
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-shopinvader%2Fodoo--shopinvader-lightgray.png?logo=github
+    :target: https://github.com/shopinvader/odoo-shopinvader/tree/16.0/shopinvader_api_signin_jwt
+    :alt: shopinvader/odoo-shopinvader
+
+|badge1| |badge2| |badge3|
+
+This addon adds a web API to signin into the application and create a partner
+if the email in the jwt payload is unknown.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Known issues / Roadmap
+======================
+
+* Manage anonymous cart (see https://github.com/shopinvader/odoo-shopinvader/issues/1428)
+* Use ``fastapi_auth_jwt.auth_jwt_authenticated_odoo_env`` dependency for the env (see https://github.com/OCA/rest-framework/issues/406)
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/shopinvader/odoo-shopinvader/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/shopinvader/odoo-shopinvader/issues/new?body=module:%20shopinvader_api_signin_jwt%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* ACSONE SA/NV
+
+Contributors
+~~~~~~~~~~~~
+
+* Quentin Groulard <quentin.groulard@acsone.eu>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is part of the `shopinvader/odoo-shopinvader <https://github.com/shopinvader/odoo-shopinvader/tree/16.0/shopinvader_api_signin_jwt>`_ project on GitHub.
+
+You are welcome to contribute.
diff --git a/shopinvader_api_signin_jwt/__init__.py b/shopinvader_api_signin_jwt/__init__.py
new file mode 100644
index 0000000000..62a5d54f85
--- /dev/null
+++ b/shopinvader_api_signin_jwt/__init__.py
@@ -0,0 +1 @@
+from . import routers
diff --git a/shopinvader_api_signin_jwt/__manifest__.py b/shopinvader_api_signin_jwt/__manifest__.py
new file mode 100644
index 0000000000..cd51a78571
--- /dev/null
+++ b/shopinvader_api_signin_jwt/__manifest__.py
@@ -0,0 +1,18 @@
+# Copyright 2023 ACSONE SA/NV
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Shopinvader Api Signin JWT",
+    "summary": """This module adds a signin service with jwt token.""",
+    "version": "16.0.1.0.0",
+    "license": "AGPL-3",
+    "author": "ACSONE SA/NV",
+    "website": "https://github.com/shopinvader/odoo-shopinvader",
+    "depends": ["fastapi_auth_jwt"],
+    "data": [
+        "security/res_groups.xml",
+        "security/acl_res_partner.xml",
+    ],
+    "demo": [],
+    "installable": True,
+}
diff --git a/shopinvader_api_signin_jwt/readme/CONTRIBUTORS.rst b/shopinvader_api_signin_jwt/readme/CONTRIBUTORS.rst
new file mode 100644
index 0000000000..5914f5529e
--- /dev/null
+++ b/shopinvader_api_signin_jwt/readme/CONTRIBUTORS.rst
@@ -0,0 +1 @@
+* Quentin Groulard <quentin.groulard@acsone.eu>
diff --git a/shopinvader_api_signin_jwt/readme/DESCRIPTION.rst b/shopinvader_api_signin_jwt/readme/DESCRIPTION.rst
new file mode 100644
index 0000000000..9d807c0111
--- /dev/null
+++ b/shopinvader_api_signin_jwt/readme/DESCRIPTION.rst
@@ -0,0 +1,2 @@
+This addon adds a web API to signin into the application and create a partner
+if the email in the jwt payload is unknown.
diff --git a/shopinvader_api_signin_jwt/readme/ROADMAP.rst b/shopinvader_api_signin_jwt/readme/ROADMAP.rst
new file mode 100644
index 0000000000..945ce1163b
--- /dev/null
+++ b/shopinvader_api_signin_jwt/readme/ROADMAP.rst
@@ -0,0 +1,2 @@
+* Manage anonymous cart (see https://github.com/shopinvader/odoo-shopinvader/issues/1428)
+* Use ``fastapi_auth_jwt.auth_jwt_authenticated_odoo_env`` dependency for the env (see https://github.com/OCA/rest-framework/issues/406)
diff --git a/shopinvader_api_signin_jwt/routers/__init__.py b/shopinvader_api_signin_jwt/routers/__init__.py
new file mode 100644
index 0000000000..20258b5295
--- /dev/null
+++ b/shopinvader_api_signin_jwt/routers/__init__.py
@@ -0,0 +1 @@
+from .signin import signin_router
diff --git a/shopinvader_api_signin_jwt/routers/signin.py b/shopinvader_api_signin_jwt/routers/signin.py
new file mode 100644
index 0000000000..e54da48361
--- /dev/null
+++ b/shopinvader_api_signin_jwt/routers/signin.py
@@ -0,0 +1,55 @@
+# Copyright 2023 ACSONE SA/NV
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+from typing import Annotated
+
+from fastapi import APIRouter, Depends, Response, status
+
+from odoo import api, models
+
+from odoo.addons.base.models.res_partner import Partner
+from odoo.addons.fastapi.dependencies import odoo_env
+from odoo.addons.fastapi_auth_jwt.dependencies import (
+    Payload,
+    auth_jwt_authenticated_payload,
+    auth_jwt_optionally_authenticated_partner,
+)
+
+signin_router = APIRouter(tags=["signin"])
+
+
+@signin_router.post("/signin", status_code=200)
+def signin(
+    env: Annotated[api.Environment, Depends(odoo_env)],
+    partner: Annotated[Partner, Depends(auth_jwt_optionally_authenticated_partner)],
+    payload: Annotated[Payload, Depends(auth_jwt_authenticated_payload)],
+    response: Response,
+) -> None:
+    """
+    Authenticate the partner based on a JWT token or a session cookie.
+    Set the session cookie if allowed.
+    Return HTTP code 201 if res.partner created (case of the first signin).
+    """
+    if not partner:
+        env[
+            "shopinvader_api_signin_jwt.signin_router.helper"
+        ]._create_partner_from_payload(payload)
+        response.status_code = status.HTTP_201_CREATED
+
+
+class ShopinvaderApSigninJwtRouterHelper(models.AbstractModel):
+    _name = "shopinvader_api_signin_jwt.signin_router.helper"
+    _description = "ShopInvader API Signin Jwt Router Helper"
+
+    @api.model
+    def _get_partner_create_vals(self, payload: Payload):
+        return {"name": payload.get("name"), "email": payload.get("email")}
+
+    @api.model
+    def _create_partner_from_payload(self, payload: Payload):
+        partner = (
+            self.env["res.partner"]
+            .sudo()
+            .create(self._get_partner_create_vals(payload))
+        )
+        return self.env["res.partner"].browse(partner.id)
diff --git a/shopinvader_api_signin_jwt/security/acl_res_partner.xml b/shopinvader_api_signin_jwt/security/acl_res_partner.xml
new file mode 100644
index 0000000000..64f0f24fab
--- /dev/null
+++ b/shopinvader_api_signin_jwt/security/acl_res_partner.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- Copyright 2023 ACSONE SA/NV
+     License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
+<odoo>
+    <record id="shopinvader_signin_res_partner_access" model="ir.model.access">
+        <field name="name">Shopinvader Signin: user read/write/create partners</field>
+        <field name="model_id" ref="base.model_res_partner" />
+        <field name="group_id" ref="shopinvader_signin_user_group" />
+        <field name="perm_read" eval="1" />
+        <field name="perm_write" eval="1" />
+        <field name="perm_create" eval="1" />
+        <field name="perm_unlink" eval="0" />
+    </record>
+
+</odoo>
diff --git a/shopinvader_api_signin_jwt/security/res_groups.xml b/shopinvader_api_signin_jwt/security/res_groups.xml
new file mode 100644
index 0000000000..3b0ca2b5a3
--- /dev/null
+++ b/shopinvader_api_signin_jwt/security/res_groups.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- Copyright 2023 ACSONE SA/NV
+     License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
+<odoo>
+  <record id="shopinvader_signin_user_group" model="res.groups">
+    <field name="name">Shopinvader Signin user</field>
+    <field
+            name="implied_ids"
+            eval="[
+      (4, ref('fastapi.group_fastapi_endpoint_runner')),
+      ]"
+        />
+  </record>
+
+</odoo>
diff --git a/shopinvader_api_signin_jwt/static/description/index.html b/shopinvader_api_signin_jwt/static/description/index.html
new file mode 100644
index 0000000000..d2ccff8bd8
--- /dev/null
+++ b/shopinvader_api_signin_jwt/static/description/index.html
@@ -0,0 +1,425 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
+<title>Shopinvader Api Signin JWT</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: grey; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="shopinvader-api-signin-jwt">
+<h1 class="title">Shopinvader Api Signin JWT</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! source digest: sha256:0c78d267b23414519ffd0969275305ffdcffeb4dcea4e76f63c2d8d3d0d35735
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/shopinvader/odoo-shopinvader/tree/16.0/shopinvader_api_signin_jwt"><img alt="shopinvader/odoo-shopinvader" src="https://img.shields.io/badge/github-shopinvader%2Fodoo--shopinvader-lightgray.png?logo=github" /></a></p>
+<p>This addon adds a web API to signin into the application and create a partner
+if the email in the jwt payload is unknown.</p>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#known-issues-roadmap" id="toc-entry-1">Known issues / Roadmap</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-2">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-3">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="toc-entry-4">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="toc-entry-5">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="toc-entry-6">Maintainers</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="known-issues-roadmap">
+<h1><a class="toc-backref" href="#toc-entry-1">Known issues / Roadmap</a></h1>
+<ul class="simple">
+<li>Manage anonymous cart (see <a class="reference external" href="https://github.com/shopinvader/odoo-shopinvader/issues/1428">https://github.com/shopinvader/odoo-shopinvader/issues/1428</a>)</li>
+<li>Use <tt class="docutils literal">fastapi_auth_jwt.auth_jwt_authenticated_odoo_env</tt> dependency for the env (see <a class="reference external" href="https://github.com/OCA/rest-framework/issues/406">https://github.com/OCA/rest-framework/issues/406</a>)</li>
+</ul>
+</div>
+<div class="section" id="bug-tracker">
+<h1><a class="toc-backref" href="#toc-entry-2">Bug Tracker</a></h1>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/shopinvader/odoo-shopinvader/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/shopinvader/odoo-shopinvader/issues/new?body=module:%20shopinvader_api_signin_jwt%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h1><a class="toc-backref" href="#toc-entry-3">Credits</a></h1>
+<div class="section" id="authors">
+<h2><a class="toc-backref" href="#toc-entry-4">Authors</a></h2>
+<ul class="simple">
+<li>ACSONE SA/NV</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h2><a class="toc-backref" href="#toc-entry-5">Contributors</a></h2>
+<ul class="simple">
+<li>Quentin Groulard &lt;<a class="reference external" href="mailto:quentin.groulard&#64;acsone.eu">quentin.groulard&#64;acsone.eu</a>&gt;</li>
+</ul>
+</div>
+<div class="section" id="maintainers">
+<h2><a class="toc-backref" href="#toc-entry-6">Maintainers</a></h2>
+<p>This module is part of the <a class="reference external" href="https://github.com/shopinvader/odoo-shopinvader/tree/16.0/shopinvader_api_signin_jwt">shopinvader/odoo-shopinvader</a> project on GitHub.</p>
+<p>You are welcome to contribute.</p>
+</div>
+</div>
+</div>
+</body>
+</html>
diff --git a/shopinvader_api_signin_jwt/tests/__init__.py b/shopinvader_api_signin_jwt/tests/__init__.py
new file mode 100644
index 0000000000..a54b73281f
--- /dev/null
+++ b/shopinvader_api_signin_jwt/tests/__init__.py
@@ -0,0 +1 @@
+from . import test_signin
diff --git a/shopinvader_api_signin_jwt/tests/test_signin.py b/shopinvader_api_signin_jwt/tests/test_signin.py
new file mode 100644
index 0000000000..2fe43c64b1
--- /dev/null
+++ b/shopinvader_api_signin_jwt/tests/test_signin.py
@@ -0,0 +1,80 @@
+# Copyright 2023 ACSONE SA/NV
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import time
+
+import jwt
+
+from odoo.addons.fastapi.tests.common import FastAPITransactionCase
+from odoo.addons.fastapi_auth_jwt.dependencies import auth_jwt_default_validator_name
+
+from ..routers import signin_router
+
+
+class SigninCase(FastAPITransactionCase):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        api_signin_jwt_group = cls.env.ref(
+            "shopinvader_api_signin_jwt.shopinvader_signin_user_group"
+        )
+        user_with_rights = cls.env["res.users"].create(
+            {
+                "name": "Test User With Rights",
+                "login": "user_with_rights",
+                "groups_id": [(6, 0, [api_signin_jwt_group.id])],
+            }
+        )
+
+        cls.validator = cls.env["auth.jwt.validator"].create(
+            {
+                "name": "test",
+                "audience": "auth_jwt_test_signin_api",
+                "issuer": "testissuer",
+                "signature_type": "secret",
+                "secret_algorithm": "HS256",
+                "secret_key": "secret",
+                "user_id_strategy": "static",
+                "static_user_id": cls.env.ref("base.user_demo").id,
+                "partner_id_strategy": "email",
+                "partner_id_required": False,
+            }
+        )
+
+        cls.default_fastapi_running_user = user_with_rights
+        cls.default_fastapi_router = signin_router
+        cls.default_fastapi_dependency_overrides = {
+            auth_jwt_default_validator_name: (lambda: "test")
+        }
+
+    def _get_token(self):
+        payload = {
+            "aud": self.validator.audience,
+            "iss": self.validator.issuer,
+            "exp": time.time() + 60,
+            "email": "test@mail.com",
+            "name": "Test partner",
+            "email_verified": True,
+        }
+        access_token = jwt.encode(
+            payload,
+            key=self.validator.secret_key,
+            algorithm=self.validator.secret_algorithm,
+        )
+        return "Bearer " + access_token
+
+    def test_signin(self):
+        token = self._get_token()
+        partner = self.env["res.partner"].search([("email", "=", "test@mail.com")])
+        self.assertFalse(partner)
+        # Call signin with unknown partner
+        with self._create_test_client() as client:
+            res = client.post("/signin", headers={"Authorization": token})
+        self.assertEqual(res.status_code, 201)
+        partner = self.env["res.partner"].search([("email", "=", "test@mail.com")])
+        self.assertTrue(partner)
+        self.assertEqual(partner.name, "Test partner")
+        # Try again now that partner exists
+        with self._create_test_client() as client:
+            res = client.post("/signin", headers={"Authorization": token})
+        self.assertEqual(res.status_code, 200)

From 77fc96a9449f6bb06a5ac85904c582f5765fa670 Mon Sep 17 00:00:00 2001
From: Quentin Groulard <quentin.groulard@acsone.eu>
Date: Wed, 31 Jan 2024 14:32:50 +0100
Subject: [PATCH 2/2] [ADD] shopinvader_api_signin_jwt: Route /signout

---
 shopinvader_api_signin_jwt/routers/signin.py  | 34 ++++++++++++++++++-
 .../tests/test_signin.py                      | 12 +++++++
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/shopinvader_api_signin_jwt/routers/signin.py b/shopinvader_api_signin_jwt/routers/signin.py
index e54da48361..0b9b688b40 100644
--- a/shopinvader_api_signin_jwt/routers/signin.py
+++ b/shopinvader_api_signin_jwt/routers/signin.py
@@ -1,7 +1,8 @@
 # Copyright 2023 ACSONE SA/NV
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
 
-from typing import Annotated
+import logging
+from typing import Annotated, Union
 
 from fastapi import APIRouter, Depends, Response, status
 
@@ -12,9 +13,12 @@
 from odoo.addons.fastapi_auth_jwt.dependencies import (
     Payload,
     auth_jwt_authenticated_payload,
+    auth_jwt_default_validator_name,
     auth_jwt_optionally_authenticated_partner,
 )
 
+_logger = logging.getLogger(__name__)
+
 signin_router = APIRouter(tags=["signin"])
 
 
@@ -37,6 +41,34 @@ def signin(
         response.status_code = status.HTTP_201_CREATED
 
 
+@signin_router.post("/signout")
+def signout(
+    env: Annotated[api.Environment, Depends(odoo_env)],
+    default_validator_name: Annotated[
+        Union[str, None], Depends(auth_jwt_default_validator_name)
+    ],
+    response: Response,
+) -> None:
+    """
+    Remove the session cookie.
+    """
+    validator = (
+        env["auth.jwt.validator"].sudo()._get_validator_by_name(default_validator_name)
+    )
+    if not validator:
+        _logger.info("No validator found with name '%s'", default_validator_name)
+        return
+    if not validator.cookie_name:
+        _logger.info("Cookie name not set for validator %s", validator.name)
+        return
+    response.delete_cookie(
+        key=validator.cookie_name,
+        path=validator.cookie_path or "/",
+        secure=validator.cookie_secure,
+        httponly=True,
+    )
+
+
 class ShopinvaderApSigninJwtRouterHelper(models.AbstractModel):
     _name = "shopinvader_api_signin_jwt.signin_router.helper"
     _description = "ShopInvader API Signin Jwt Router Helper"
diff --git a/shopinvader_api_signin_jwt/tests/test_signin.py b/shopinvader_api_signin_jwt/tests/test_signin.py
index 2fe43c64b1..3243e0283c 100644
--- a/shopinvader_api_signin_jwt/tests/test_signin.py
+++ b/shopinvader_api_signin_jwt/tests/test_signin.py
@@ -78,3 +78,15 @@ def test_signin(self):
         with self._create_test_client() as client:
             res = client.post("/signin", headers={"Authorization": token})
         self.assertEqual(res.status_code, 200)
+
+    def test_signout(self):
+        self.validator.write({"cookie_enabled": True, "cookie_name": "test_cookie"})
+        token = self._get_token()
+        with self._create_test_client() as client:
+            res = client.post("/signin", headers={"Authorization": token})
+        cookie = res.cookies.get("test_cookie")
+        self.assertTrue(cookie)
+        with self._create_test_client() as client:
+            res = client.post("/signout")
+        cookie = res.cookies.get("test_cookie")
+        self.assertFalse(cookie)