[ADD] generate punchout setup using qweb, handle cxml-base64, use sav…

…e_session and auth=none for browser form post url
OCA · Nov 28, 2023 · 906a55e · 906a55e
1 parent 831a995
commit 906a55e
Show file tree

Hide file tree

Showing 21 changed files with 452 additions and 304 deletions.
diff --git a/punchout/__manifest__.py b/punchout/__manifest__.py
@@ -14,9 +14,11 @@
     ],
     "data": [
         "security/punchout_backend.xml",
-        "security/punchout_request.xml",
+        "security/punchout_session.xml",
+        "data/cxml/common.xml",
+        "data/cxml/punchout_setup_request.xml",
         "views/punchout_backend.xml",
-        "views/punchout_request.xml",
+        "views/punchout_session.xml",
     ],
-    "external_dependencies": {"python": ["cryptography", "lxml"]},
+    "external_dependencies": {"python": ["lxml"]},
 }
diff --git a/punchout/controllers/main.py b/punchout/controllers/main.py
@@ -2,6 +2,7 @@
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
 import logging
+from base64 import b64decode
 
 from odoo.http import Controller, local_redirect, request, route
 
@@ -12,26 +13,31 @@ class PunchoutController(Controller):
     @route(
         "/punchout/cxml/receive/<int:backend_id>",
         type="http",
-        auth="user",
+        auth="none",
         methods=["POST"],
+        save_session=False,
         csrf=False,
     )
     def receive_punchout_response(self, backend_id, *args, **kwargs):
         env = request.env
-        cxml_string = kwargs.get("cxml-urlencoded")
-        punchout_request = (
-            env["punchout.request"]
+        cxml_b64_string = kwargs.get("cXML-base64")
+        cxml_string = False
+        if cxml_b64_string:
+            cxml_string = b64decode(cxml_b64_string)
+        cxml_string = cxml_string or kwargs.get("cxml-urlencoded")
+        punchout_session = (
+            env["punchout.session"]
             .sudo()
-            ._store_punchout_request(backend_id, cxml_string)
+            ._store_punchout_session_response(backend_id, cxml_string)
         )
         backend = env["punchout.backend"].sudo().browse(backend_id)
-        if not punchout_request:
+        if not punchout_session:
             redirect_url = backend._get_redirect_url()
             _logger.error(
                 "Unable to link the punchout response to a punchout.request "
                 "with given XML: \n%s",
                 cxml_string,
             )
         else:
-            redirect_url = punchout_request._get_redirect_url()
+            redirect_url = punchout_session._get_redirect_url()
         return local_redirect(redirect_url)
diff --git a/punchout/data/cxml/common.xml b/punchout/data/cxml/common.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- Copyright 2023 ACSONE SA/NV
+     License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). -->
+<odoo>
+
+    <template id="cxml_punchout_request">
+<!--        <t t-raw="backend._get_cxml_xml_declaration()" />-->
+<!--        <t t-raw="backend._get_cxml_dtd_declaration()" />-->
+        <cXML
+            t-att-version="backend._get_cxml_version()"
+            t-att-payloadID="session._get_punchout_payload_identity()"
+            t-att-timestamp="session._get_punchout_request_timestamp()"
+        >
+            <t t-call="punchout.cxml_punchout_header" />
+            <Request t-att-deploymentMode="backend.deployment_mode">
+                <t t-raw="0" />
+            </Request>
+        </cXML>
+    </template>
+
+    <template id="cxml_punchout_header">
+      <Header>
+        <From>
+          <Credential t-att-domain="backend.from_domain">
+            <Identity><t t-esc="backend.from_identity" /></Identity>
+          </Credential>
+        </From>
+        <To>
+          <Credential t-att-domain="backend.to_domain">
+            <Identity><t t-esc="backend.to_identity" /></Identity>
+          </Credential>
+        </To>
+        <Sender>
+          <Credential domain="Networkid">
+            <Identity><t t-esc="backend.from_identity" /></Identity>
+            <SharedSecret><t t-esc="backend.shared_secret" /></SharedSecret>
+          </Credential>
+          <UserAgent><t t-esc="backend.user_agent" /></UserAgent>
+        </Sender>
+      </Header>
+    </template>
+
+</odoo>
diff --git a/punchout/data/cxml/punchout_setup_request.xml b/punchout/data/cxml/punchout_setup_request.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- Copyright 2023 ACSONE SA/NV
+     License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). -->
+<odoo>
+
+    <template id="cxml_punchout_PunchOutSetupRequest">
+        <t t-call="punchout.cxml_punchout_request">
+            <PunchOutSetupRequest operation="create">
+              <BuyerCookie><t t-esc="session.buyer_cookie_id" /></BuyerCookie>
+              <Extrinsic name="UserEmail"><t t-esc="user.email" /></Extrinsic>
+              <BrowserFormPost>
+                <URL><t t-esc="backend._get_browser_form_post_url()" /></URL>
+              </BrowserFormPost>
+            </PunchOutSetupRequest>
+        </t>
+    </template>
+
+</odoo>