[FIX] google_gmail, fetchmail_gmail: use Odoo endpoint for authentication

Purpose
=======
The flow where we copy / paste the authorization code will be
depreciated. Because of that, we know use the newest authentication
system which use redirect URI.

Technical
=========
Now, the user is redirected to an Odoo endpoint "google_gmail/confirm"
and the access token / refresh token are automatically fetched.

Documentation
https://developers.google.com/identity/protocols/oauth2/native-app

Task-2852560

closes odoo#94404

X-original-commit: b62d2b4
Signed-off-by: Thibault Delavallee (tde) <[email protected]>

Author: std-odoo

addons/fetchmail_gmail/i18n/fetchmail_gmail.pot

@@ -28,7 +28,24 @@ msgstr ""
 #. module: fetchmail_gmail
 #: model:ir.model.fields,field_description:fetchmail_gmail.field_fetchmail_server__google_gmail_authorization_code
 #: model_terms:ir.ui.view,arch_db:fetchmail_gmail.fetchmail_server_view_form
-msgid "Authorization Code"
+msgid ""
+"<i class=\"fa fa-arrow-right\"/>\n"
+"                        Connect your Gmail account"
+msgstr ""
+
+#. module: fetchmail_gmail
+#: model_terms:ir.ui.view,arch_db:fetchmail_gmail.fetchmail_server_view_form
+msgid ""
+"<i class=\"fa fa-cog\"/>\n"
+"                        Edit Settings"
+msgstr ""
+
+#. module: fetchmail_gmail
+#: model_terms:ir.ui.view,arch_db:fetchmail_gmail.fetchmail_server_view_form
+msgid ""
+"<span attrs=\"{'invisible': ['|', ('use_google_gmail_service', '=', False), ('google_gmail_refresh_token', '=', False)]}\" class=\"badge badge-success\">\n"
+"                        Gmail Token Valid\n"
+"                    </span>"
 msgstr ""
 
 #. module: fetchmail_gmail

addons/fetchmail_gmail/views/fetchmail_server_views.xml

@@ -10,18 +10,30 @@
                 <field name="use_google_gmail_service" string="Gmail" attrs="{'readonly': [('state', '=', 'done')]}"/>
             </field>
             <field name="user" position="after">
-                <field string="Authorization Code" name="google_gmail_authorization_code" password="True"
-                    attrs="{'required': [('use_google_gmail_service', '=', True)], 'invisible': [('use_google_gmail_service', '=', False)], 'readonly': [('state', '=', 'done')]}"
-                    style="word-break: break-word;"/>
-                <field name="google_gmail_uri"
-                    class="fa fa-arrow-right oe_edit_only"
-                    widget="url"
-                    text=" Get an Authorization Code"
-                    attrs="{'invisible': ['|', ('use_google_gmail_service', '=', False), ('google_gmail_uri', '=', False)]}"
-                    nolabel="1"/>
-                <div class="alert alert-warning" role="alert"
-                    attrs="{'invisible': ['|', ('use_google_gmail_service', '=', False), ('google_gmail_uri', '!=', False)]}">
-                    Setup your Gmail API credentials in the general settings to link a Gmail account.
+                <field name="google_gmail_uri" invisible="1"/>
+                <field name="google_gmail_refresh_token" invisible="1"/>
+                <div></div>
+                <div attrs="{'invisible': [('use_google_gmail_service', '=', False)]}">
+                    <span attrs="{'invisible': ['|', ('use_google_gmail_service', '=', False), ('google_gmail_refresh_token', '=', False)]}"
+                        class="badge badge-success">
+                        Gmail Token Valid
+                    </span>
+                    <button type="object"
+                        name="open_google_gmail_uri" class="btn-link px-0"
+                        attrs="{'invisible': ['|', '|', ('google_gmail_uri', '=', False), ('use_google_gmail_service', '=', False), ('google_gmail_refresh_token', '!=', False)]}">
+                        <i class="fa fa-arrow-right"/>
+                        Connect your Gmail account
+                    </button>
+                    <button type="object"
+                        name="open_google_gmail_uri" class="btn-link px-0"
+                        attrs="{'invisible': ['|', '|', ('google_gmail_uri', '=', False), ('use_google_gmail_service', '=', False), ('google_gmail_refresh_token', '=', False)]}">
+                        <i class="fa fa-cog"/>
+                        Edit Settings
+                    </button>
+                    <div class="alert alert-warning" role="alert"
+                        attrs="{'invisible': ['|', ('use_google_gmail_service', '=', False), ('google_gmail_uri', '!=', False)]}">
+                        Setup your Gmail API credentials in the general settings to link a Gmail account.
+                    </div>
                 </div>
             </field>
             <field name="password" position="attributes">

addons/google_gmail/__init__.py

@@ -1,4 +1,5 @@
 # -*- coding: utf-8 -*-
 # Part of Odoo. See LICENSE file for full copyright and licensing details.
 
+from . import controllers
 from . import models

addons/google_gmail/controllers/__init__.py

@@ -0,0 +1,4 @@
+# -*- coding: utf-8 -*
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from . import main

addons/google_gmail/controllers/main.py

@@ -0,0 +1,76 @@
+# -*- coding: utf-8 -*-
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+import json
+import logging
+import werkzeug
+
+from werkzeug.exceptions import Forbidden
+from werkzeug.urls import url_encode
+
+from odoo import _, http
+from odoo.exceptions import UserError
+from odoo.http import request
+from odoo.tools import consteq
+
+_logger = logging.getLogger(__name__)
+
+
+class GoogleGmailController(http.Controller):
+    @http.route('/google_gmail/confirm', type='http', auth='user')
+    def google_gmail_callback(self, code=None, state=None, error=None, **kwargs):
+        """Callback URL during the OAuth process.
+
+        Gmail redirects the user browser to this endpoint with the authorization code.
+        We will fetch the refresh token and the access token thanks to this authorization
+        code and save those values on the given mail server.
+        """
+        if not request.env.user.has_group('base.group_system'):
+            _logger.error('Google Gmail: non-system user trying to link an Gmail account.')
+            raise Forbidden()
+
+        if error:
+            return _('An error occur during the authentication process: %s.') % error
+
+        try:
+            state = json.loads(state)
+            model_name = state['model']
+            rec_id = state['id']
+            csrf_token = state['csrf_token']
+        except Exception:
+            _logger.error('Google Gmail: Wrong state value %r.', state)
+            raise Forbidden()
+
+        model = request.env[model_name]
+
+        if not issubclass(type(model), request.env.registry['google.gmail.mixin']):
+            # The model must inherits from the "google.gmail.mixin" mixin
+            raise Forbidden()
+
+        record = model.browse(rec_id).exists()
+        if not record:
+            raise Forbidden()
+
+        if not csrf_token or not consteq(csrf_token, record._get_gmail_csrf_token()):
+            _logger.error('Google Gmail: Wrong CSRF token during Gmail authentication.')
+            raise Forbidden()
+
+        try:
+            refresh_token, access_token, expiration = record._fetch_gmail_refresh_token(code)
+        except UserError as e:
+            return _('An error occur during the authentication process: %s.') % str(e.name)
+
+        record.write({
+            'google_gmail_access_token': access_token,
+            'google_gmail_access_token_expiration': expiration,
+            'google_gmail_authorization_code': code,
+            'google_gmail_refresh_token': refresh_token,
+        })
+
+        url_params = {
+            'id': rec_id,
+            'model': model_name,
+            'view_type': 'form'
+        }
+        url = '/web?#' + url_encode(url_params)
+        return werkzeug.utils.redirect(url, 303)

addons/google_gmail/i18n/google_gmail.pot

@@ -15,6 +15,28 @@ msgstr ""
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: \n"
 
+#. module: google_gmail
+#: model_terms:ir.ui.view,arch_db:google_gmail.ir_mail_server_view_form
+msgid ""
+"<i class=\"fa fa-arrow-right\"/>\n"
+"                        Connect your Gmail account"
+msgstr ""
+
+#. module: google_gmail
+#: model_terms:ir.ui.view,arch_db:google_gmail.ir_mail_server_view_form
+msgid ""
+"<i class=\"fa fa-cog\"/>\n"
+"                        Edit Settings"
+msgstr ""
+
+#. module: google_gmail
+#: model_terms:ir.ui.view,arch_db:google_gmail.ir_mail_server_view_form
+msgid ""
+"<span attrs=\"{'invisible': ['|', ('use_google_gmail_service', '=', False), ('google_gmail_refresh_token', '=', False)]}\" class=\"badge badge-success\">\n"
+"                        Gmail Token Valid\n"
+"                    </span>"
+msgstr ""
+
 #. module: google_gmail
 #: model_terms:ir.ui.view,arch_db:google_gmail.res_config_settings_view_form
 msgid "<span class=\"o_form_label\">Gmail Credentials</span>"
@@ -32,10 +54,22 @@ msgstr ""
 msgid "Access Token Expiration Timestamp"
 msgstr ""
 
+#. module: google_gmail
+#: code:addons/google_gmail/controllers/main.py:0
+#: code:addons/google_gmail/controllers/main.py:0
+#, python-format
+msgid "An error occur during the authentication process: %s."
+msgstr ""
+
+#. module: google_gmail
+#: code:addons/google_gmail/models/google_gmail_mixin.py:0
+#, python-format
+msgid "An error occurred when fetching the access token."
+msgstr ""
+
 #. module: google_gmail
 #: model:ir.model.fields,field_description:google_gmail.field_google_gmail_mixin__google_gmail_authorization_code
 #: model:ir.model.fields,field_description:google_gmail.field_ir_mail_server__google_gmail_authorization_code
-#: model_terms:ir.ui.view,arch_db:google_gmail.ir_mail_server_view_form
 msgid "Authorization Code"
 msgstr ""
 
@@ -90,6 +124,18 @@ msgstr ""
 msgid "Mail Server"
 msgstr ""
 
+#. module: google_gmail
+#: code:addons/google_gmail/models/google_gmail_mixin.py:0
+#, python-format
+msgid "Only the administrator can link a Gmail mail server."
+msgstr ""
+
+#. module: google_gmail
+#: code:addons/google_gmail/models/google_gmail_mixin.py:0
+#, python-format
+msgid "Please configure your Gmail credentials."
+msgstr ""
+
 #. module: google_gmail
 #: model:ir.model.fields,field_description:google_gmail.field_google_gmail_mixin__google_gmail_refresh_token
 #: model:ir.model.fields,field_description:google_gmail.field_ir_mail_server__google_gmail_refresh_token