Skip to content

Comments

[IMP][16.0] auth_saml: download the provider metadata#739

Merged
OCA-git-bot merged 2 commits intoOCA:16.0from
dutrieuc:16.0-auth_saml_metadata
Feb 13, 2025
Merged

[IMP][16.0] auth_saml: download the provider metadata#739
OCA-git-bot merged 2 commits intoOCA:16.0from
dutrieuc:16.0-auth_saml_metadata

Conversation

@dutrieuc
Copy link

@dutrieuc dutrieuc commented Dec 18, 2024
edited
Loading

Reopening of #647
Migration to 16 of #602 feature

@OCA-git-bot
Copy link
Contributor

OCA-git-bot commented Dec 18, 2024

Hi @vincent-hatakeyama,
some modules you are maintaining are being modified, check this out!

@dutrieuc dutrieuc changed the title 16.0 auth saml metadata [IMP][16.0] auth_saml: download the provider metadata Dec 18, 2024
@dutrieuc dutrieuc marked this pull request as ready for review December 18, 2024 19:07
@dutrieuc dutrieuc force-pushed the 16.0-auth_saml_metadata branch 2 times, most recently from c0156e7 to aa1f1e1 Compare December 19, 2024 10:30
@dutrieuc
Copy link
Author

dutrieuc commented Jan 13, 2025

Hello @vincent-hatakeyama,
Should I ping someone for review ?

vincent-hatakeyama
vincent-hatakeyama suggested changes Jan 22, 2025
View reviewed changes
auth_saml/models/auth_saml_provider.py Outdated
Comment on lines 430 to 433
provider_ids = tuple(providers_to_update.keys())
self.env.cr.execute(
"SELECT id FROM auth_saml_provider WHERE id in %s FOR UPDATE",
(tuple(providers.ids),),
(tuple(provider_ids),),
Copy link
Contributor

@vincent-hatakeyama vincent-hatakeyama Jan 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

provider_idsis already a tuple, why use tuple again?

@vincent-hatakeyama
Copy link
Contributor

vincent-hatakeyama commented Jan 22, 2025

The last 3 commits need to be squashed and their title fixed.

The second commit title also does not match OCA standards.

gurneyalex and others added 2 commits January 22, 2025 17:07
@gurneyalex @dutrieuc
[IMP] auth_saml: download the provider metadata
2c9207b 
On Office365, what you get when configuring an application for SAML
authentication is the URL of the federation metadata document. This URL
is stable, but the content of the document is not. I suspect some of the
encryption keys can be updated / renewed over time. The result is that
the configured provider in Odoo suddenly stops working, because the
messages sent by the Office365 provider can no longer be validated by
Odoo (because the federation document is out of date). Downloading the
new version and updating the auth.saml.provider record fixes the issue.

This PR adds a new field to store the URL of the metadata document. When
this field is set on a provider, you get a button next to it in the form
view to download the document from the URL. The button will not update
the document if it has not changed.

Additionally, when a SignatureError happens, we check if downloading the
document again fixes the issue.
@Ricardoalso @dutrieuc
[IMP] auth_saml: only lock providers being updated
11343aa 
Fix logic of SELECT FOR UDPDATE to only lock records whose metadata will
be updated
@dutrieuc dutrieuc force-pushed the 16.0-auth_saml_metadata branch from 589c76d to 11343aa Compare January 22, 2025 16:07
@StefanRijnhart
Copy link
Member

StefanRijnhart commented Feb 12, 2025

@vincent-hatakeyama Is it OK for you now?

StefanRijnhart
StefanRijnhart approved these changes Feb 13, 2025
View reviewed changes
Copy link
Member

@StefanRijnhart StefanRijnhart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the port! Would you like to port this further, at least to 18.0 so that it will be included in future versions from now on?

@StefanRijnhart
Copy link
Member

StefanRijnhart commented Feb 13, 2025

/ocabot merge minor

@OCA-git-bot
Copy link
Contributor

OCA-git-bot commented Feb 13, 2025

This PR looks fantastic, let's merge it!
Prepared branch 16.0-ocabot-merge-pr-739-by-StefanRijnhart-bump-minor, awaiting test results.

@OCA-git-bot OCA-git-bot merged commit f826d83 into OCA:16.0 Feb 13, 2025
9 checks passed
@OCA-git-bot
Copy link
Contributor

OCA-git-bot commented Feb 13, 2025

Congratulations, your PR was merged at 6df1cae. Thanks a lot for contributing to OCA. ❤️

@dutrieuc
Copy link
Author

dutrieuc commented Mar 3, 2025

@StefanRijnhart I'll find some time to add it in 18

@dutrieuc dutrieuc mentioned this pull request Jun 10, 2025
Merged
@dutrieuc dutrieuc deleted the 16.0-auth_saml_metadata branch October 7, 2025 10:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@StefanRijnhart StefanRijnhart StefanRijnhart approved these changes

+1 more reviewer

@vincent-hatakeyama vincent-hatakeyama vincent-hatakeyama approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approved merged 🎉

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@dutrieuc @OCA-git-bot @vincent-hatakeyama @StefanRijnhart @gurneyalex @Ricardoalso