From be06d95d5c9dcb500e65bbb3d9e47b48d36add3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mauro=20Cebri=C3=A1=20Berbegal?= Date: Thu, 15 Jan 2026 17:22:31 +0100 Subject: [PATCH 1/4] [MIG] fastapi_auth_jwt: Migration to 17.0 --- .pre-commit-config.yaml | 1 - fastapi_auth_jwt/README.rst | 84 ++++++++++--------- fastapi_auth_jwt/__manifest__.py | 5 +- fastapi_auth_jwt/dependencies.py | 5 +- fastapi_auth_jwt/i18n/fastapi_auth_jwt.pot | 2 +- fastapi_auth_jwt/pyproject.toml | 3 + fastapi_auth_jwt/readme/DESCRIPTION.md | 2 + fastapi_auth_jwt/readme/DESCRIPTION.rst | 2 - fastapi_auth_jwt/readme/USAGE.md | 62 ++++++++++++++ fastapi_auth_jwt/readme/USAGE.rst | 56 ------------- .../static/description/index.html | 77 +++++++++-------- requirements.txt | 2 + 12 files changed, 165 insertions(+), 136 deletions(-) create mode 100644 fastapi_auth_jwt/pyproject.toml create mode 100644 fastapi_auth_jwt/readme/DESCRIPTION.md delete mode 100644 fastapi_auth_jwt/readme/DESCRIPTION.rst create mode 100644 fastapi_auth_jwt/readme/USAGE.md delete mode 100644 fastapi_auth_jwt/readme/USAGE.rst diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ec51f8640..ac171b3ff 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,6 @@ exclude: | ^datamodel/| ^extendable/| ^extendable_fastapi/| - ^fastapi_auth_jwt/| ^fastapi_auth_jwt_demo/| ^model_serializer/| ^rest_log/| diff --git a/fastapi_auth_jwt/README.rst b/fastapi_auth_jwt/README.rst index f7ab4df88..a0a4dec48 100644 --- a/fastapi_auth_jwt/README.rst +++ b/fastapi_auth_jwt/README.rst @@ -17,19 +17,20 @@ FastAPI Auth JWT support :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html :alt: License: LGPL-3 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Frest--framework-lightgray.png?logo=github - :target: https://github.com/OCA/rest-framework/tree/16.0/fastapi_auth_jwt + :target: https://github.com/OCA/rest-framework/tree/17.0/fastapi_auth_jwt :alt: OCA/rest-framework .. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png - :target: https://translation.odoo-community.org/projects/rest-framework-16-0/rest-framework-16-0-fastapi_auth_jwt + :target: https://translation.odoo-community.org/projects/rest-framework-17-0/rest-framework-17-0-fastapi_auth_jwt :alt: Translate me on Weblate .. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png - :target: https://runboat.odoo-community.org/builds?repo=OCA/rest-framework&target_branch=16.0 + :target: https://runboat.odoo-community.org/builds?repo=OCA/rest-framework&target_branch=17.0 :alt: Try me on Runboat |badge1| |badge2| |badge3| |badge4| |badge5| -This module provides ``FastAPI`` ``Depends`` to allow authentication with `auth_jwt -`_. +This module provides ``FastAPI`` ``Depends`` to allow authentication +with +`auth_jwt `__. **Table of contents** @@ -39,62 +40,69 @@ This module provides ``FastAPI`` ``Depends`` to allow authentication with `auth_ Usage ===== -The following FastAPI dependencies are provided and importable from +The following FastAPI dependencies are provided and importable from ``odoo.addons.fastapi_auth_jwt.dependencies``: ``def auth_jwt_authenticated_payload() -> Payload`` - Return the authenticated JWT payload. Raise a 401 (unauthorized) if absent or invalid. + Return the authenticated JWT payload. Raise a 401 (unauthorized) if + absent or invalid. ``def auth_jwt_optionally_authenticated_payload() -> Payload | None`` - Return the authenticated JWT payload, or ``None`` if the ``Authorization`` header and - cookie are absent. Raise a 401 (unauthorized) if present and invalid. + Return the authenticated JWT payload, or ``None`` if the + ``Authorization`` header and cookie are absent. Raise a 401 + (unauthorized) if present and invalid. ``def auth_jwt_authenticated_partner() -> Partner`` - Obtain the authenticated partner corresponding to the provided JWT token, according to - the partner strategy defined on the ``auth_jwt`` validator. Raise a 401 (unauthorized) - if the partner could not be determined for any reason. + Obtain the authenticated partner corresponding to the provided JWT + token, according to the partner strategy defined on the ``auth_jwt`` + validator. Raise a 401 (unauthorized) if the partner could not be + determined for any reason. - This is function suitable and intended to override - ``odoo.addons.fastapi.dependencies.authenticated_partner_impl``. + This is function suitable and intended to override + ``odoo.addons.fastapi.dependencies.authenticated_partner_impl``. - The partner record returned by this function is bound to an environment that uses the - Odoo user obtained from the user strategy defined on the ``auth_jwt`` validator. When - used ``authenticated_partner_impl`` this in turn ensures that - ``odoo.addons.fastapi.dependencies.authenticated_partner_env`` is also bound to the - correct Odoo user. + The partner record returned by this function is bound to an + environment that uses the Odoo user obtained from the user strategy + defined on the ``auth_jwt`` validator. When used + ``authenticated_partner_impl`` this in turn ensures that + ``odoo.addons.fastapi.dependencies.authenticated_partner_env`` is + also bound to the correct Odoo user. ``def auth_jwt_optionally_authenticated_partner() -> Partner`` - Same as ``auth_jwt_partner`` except it returns an empty recordset bound to the - ``public`` user if the ``Authorization`` header and cookie are absent, or if the JWT - validator could not find the partner and declares that the partner is not required. + Same as ``auth_jwt_partner`` except it returns an empty recordset + bound to the ``public`` user if the ``Authorization`` header and + cookie are absent, or if the JWT validator could not find the partner + and declares that the partner is not required. ``def auth_jwt_authenticated_odoo_env() -> Environment`` - Return an Odoo environment using the the Odoo user obtained from the user strategy - defined on the ``auth_jwt`` validator, if the request could be authenticated using a - JWT validator. Raise a 401 (unauthorized) otherwise. + Return an Odoo environment using the the Odoo user obtained from the + user strategy defined on the ``auth_jwt`` validator, if the request + could be authenticated using a JWT validator. Raise a 401 + (unauthorized) otherwise. - This is function suitable and intended to override - ``odoo.addons.fastapi.dependencies.authenticated_odoo_env_impl``. + This is function suitable and intended to override + ``odoo.addons.fastapi.dependencies.authenticated_odoo_env_impl``. ``def auth_jwt_default_validator_name() -> str | None`` - Return the name of the default JWT validator to use. + Return the name of the default JWT validator to use. - The default implementation returns ``None`` meaning only one active JWT validator is - allowed. This dependency is meant to be overridden. + The default implementation returns ``None`` meaning only one active + JWT validator is allowed. This dependency is meant to be overridden. ``def auth_jwt_http_header_authorization() -> str | None`` - By default, return the credentials part of the ``Authorization`` header, or ``None`` - if absent. This dependency is meant to be overridden, in particular with - ``fastapi.security.OAuth2AuthorizationCodeBearer`` to let swagger handle OAuth2 - authorization (such override is only necessary for comfort when using the swagger - interface). + By default, return the credentials part of the ``Authorization`` + header, or ``None`` if absent. This dependency is meant to be + overridden, in particular with + ``fastapi.security.OAuth2AuthorizationCodeBearer`` to let swagger + handle OAuth2 authorization (such override is only necessary for + comfort when using the swagger interface). Bug Tracker =========== @@ -110,12 +118,12 @@ Credits ======= Authors -~~~~~~~ +------- * ACSONE SA/NV Maintainers -~~~~~~~~~~~ +----------- This module is maintained by the OCA. @@ -135,6 +143,6 @@ Current `maintainer `__: |maintainer-sbidoul| -This module is part of the `OCA/rest-framework `_ project on GitHub. +This module is part of the `OCA/rest-framework `_ project on GitHub. You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/fastapi_auth_jwt/__manifest__.py b/fastapi_auth_jwt/__manifest__.py index f914fea38..db83350ec 100644 --- a/fastapi_auth_jwt/__manifest__.py +++ b/fastapi_auth_jwt/__manifest__.py @@ -5,16 +5,17 @@ "name": "FastAPI Auth JWT support", "summary": """ JWT bearer token authentication for FastAPI.""", - "version": "16.0.1.0.1", + "version": "17.0.1.0.0", "license": "LGPL-3", "author": "ACSONE SA/NV,Odoo Community Association (OCA)", "maintainers": ["sbidoul"], "website": "https://github.com/OCA/rest-framework", + "external_dependencies": {"python": ["pyjwt", "cryptography"]}, "depends": [ "fastapi", "auth_jwt", ], "data": [], "demo": [], - "installable": False, + "installable": True, } diff --git a/fastapi_auth_jwt/dependencies.py b/fastapi_auth_jwt/dependencies.py index a2b3d3097..1795374fa 100644 --- a/fastapi_auth_jwt/dependencies.py +++ b/fastapi_auth_jwt/dependencies.py @@ -4,6 +4,8 @@ import logging from typing import Annotated, Any, Dict, Optional, Tuple, Union +from fastapi import Depends, HTTPException, Request, Response +from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer from starlette.status import HTTP_401_UNAUTHORIZED from odoo.api import Environment @@ -19,9 +21,6 @@ from odoo.addons.base.models.res_partner import Partner from odoo.addons.fastapi.dependencies import odoo_env -from fastapi import Depends, HTTPException, Request, Response -from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer - _logger = logging.getLogger(__name__) diff --git a/fastapi_auth_jwt/i18n/fastapi_auth_jwt.pot b/fastapi_auth_jwt/i18n/fastapi_auth_jwt.pot index 78d58d53f..716a0702d 100644 --- a/fastapi_auth_jwt/i18n/fastapi_auth_jwt.pot +++ b/fastapi_auth_jwt/i18n/fastapi_auth_jwt.pot @@ -3,7 +3,7 @@ # msgid "" msgstr "" -"Project-Id-Version: Odoo Server 16.0\n" +"Project-Id-Version: Odoo Server 17.0\n" "Report-Msgid-Bugs-To: \n" "Last-Translator: \n" "Language-Team: \n" diff --git a/fastapi_auth_jwt/pyproject.toml b/fastapi_auth_jwt/pyproject.toml new file mode 100644 index 000000000..4231d0ccc --- /dev/null +++ b/fastapi_auth_jwt/pyproject.toml @@ -0,0 +1,3 @@ +[build-system] +requires = ["whool"] +build-backend = "whool.buildapi" diff --git a/fastapi_auth_jwt/readme/DESCRIPTION.md b/fastapi_auth_jwt/readme/DESCRIPTION.md new file mode 100644 index 000000000..44f7744bb --- /dev/null +++ b/fastapi_auth_jwt/readme/DESCRIPTION.md @@ -0,0 +1,2 @@ +This module provides `FastAPI` `Depends` to allow authentication with +[auth_jwt](https://github.com/OCA/server-auth/tree/17.0/auth_jwt). diff --git a/fastapi_auth_jwt/readme/DESCRIPTION.rst b/fastapi_auth_jwt/readme/DESCRIPTION.rst deleted file mode 100644 index 9359fdd13..000000000 --- a/fastapi_auth_jwt/readme/DESCRIPTION.rst +++ /dev/null @@ -1,2 +0,0 @@ -This module provides ``FastAPI`` ``Depends`` to allow authentication with `auth_jwt -`_. diff --git a/fastapi_auth_jwt/readme/USAGE.md b/fastapi_auth_jwt/readme/USAGE.md new file mode 100644 index 000000000..fe95c103e --- /dev/null +++ b/fastapi_auth_jwt/readme/USAGE.md @@ -0,0 +1,62 @@ +The following FastAPI dependencies are provided and importable from +`odoo.addons.fastapi_auth_jwt.dependencies`: + +`def auth_jwt_authenticated_payload() -> Payload` + +> Return the authenticated JWT payload. Raise a 401 (unauthorized) if +> absent or invalid. + +`def auth_jwt_optionally_authenticated_payload() -> Payload | None` + +> Return the authenticated JWT payload, or `None` if the `Authorization` +> header and cookie are absent. Raise a 401 (unauthorized) if present +> and invalid. + +`def auth_jwt_authenticated_partner() -> Partner` + +> Obtain the authenticated partner corresponding to the provided JWT +> token, according to the partner strategy defined on the `auth_jwt` +> validator. Raise a 401 (unauthorized) if the partner could not be +> determined for any reason. +> +> This is function suitable and intended to override +> `odoo.addons.fastapi.dependencies.authenticated_partner_impl`. +> +> The partner record returned by this function is bound to an +> environment that uses the Odoo user obtained from the user strategy +> defined on the `auth_jwt` validator. When used +> `authenticated_partner_impl` this in turn ensures that +> `odoo.addons.fastapi.dependencies.authenticated_partner_env` is also +> bound to the correct Odoo user. + +`def auth_jwt_optionally_authenticated_partner() -> Partner` + +> Same as `auth_jwt_partner` except it returns an empty recordset bound +> to the `public` user if the `Authorization` header and cookie are +> absent, or if the JWT validator could not find the partner and +> declares that the partner is not required. + +`def auth_jwt_authenticated_odoo_env() -> Environment` + +> Return an Odoo environment using the the Odoo user obtained from the +> user strategy defined on the `auth_jwt` validator, if the request +> could be authenticated using a JWT validator. Raise a 401 +> (unauthorized) otherwise. +> +> This is function suitable and intended to override +> `odoo.addons.fastapi.dependencies.authenticated_odoo_env_impl`. + +`def auth_jwt_default_validator_name() -> str | None` + +> Return the name of the default JWT validator to use. +> +> The default implementation returns `None` meaning only one active JWT +> validator is allowed. This dependency is meant to be overridden. + +`def auth_jwt_http_header_authorization() -> str | None` + +> By default, return the credentials part of the `Authorization` header, +> or `None` if absent. This dependency is meant to be overridden, in +> particular with `fastapi.security.OAuth2AuthorizationCodeBearer` to +> let swagger handle OAuth2 authorization (such override is only +> necessary for comfort when using the swagger interface). diff --git a/fastapi_auth_jwt/readme/USAGE.rst b/fastapi_auth_jwt/readme/USAGE.rst deleted file mode 100644 index 34198d2a7..000000000 --- a/fastapi_auth_jwt/readme/USAGE.rst +++ /dev/null @@ -1,56 +0,0 @@ -The following FastAPI dependencies are provided and importable from -``odoo.addons.fastapi_auth_jwt.dependencies``: - -``def auth_jwt_authenticated_payload() -> Payload`` - - Return the authenticated JWT payload. Raise a 401 (unauthorized) if absent or invalid. - -``def auth_jwt_optionally_authenticated_payload() -> Payload | None`` - - Return the authenticated JWT payload, or ``None`` if the ``Authorization`` header and - cookie are absent. Raise a 401 (unauthorized) if present and invalid. - -``def auth_jwt_authenticated_partner() -> Partner`` - - Obtain the authenticated partner corresponding to the provided JWT token, according to - the partner strategy defined on the ``auth_jwt`` validator. Raise a 401 (unauthorized) - if the partner could not be determined for any reason. - - This is function suitable and intended to override - ``odoo.addons.fastapi.dependencies.authenticated_partner_impl``. - - The partner record returned by this function is bound to an environment that uses the - Odoo user obtained from the user strategy defined on the ``auth_jwt`` validator. When - used ``authenticated_partner_impl`` this in turn ensures that - ``odoo.addons.fastapi.dependencies.authenticated_partner_env`` is also bound to the - correct Odoo user. - -``def auth_jwt_optionally_authenticated_partner() -> Partner`` - - Same as ``auth_jwt_partner`` except it returns an empty recordset bound to the - ``public`` user if the ``Authorization`` header and cookie are absent, or if the JWT - validator could not find the partner and declares that the partner is not required. - -``def auth_jwt_authenticated_odoo_env() -> Environment`` - - Return an Odoo environment using the the Odoo user obtained from the user strategy - defined on the ``auth_jwt`` validator, if the request could be authenticated using a - JWT validator. Raise a 401 (unauthorized) otherwise. - - This is function suitable and intended to override - ``odoo.addons.fastapi.dependencies.authenticated_odoo_env_impl``. - -``def auth_jwt_default_validator_name() -> str | None`` - - Return the name of the default JWT validator to use. - - The default implementation returns ``None`` meaning only one active JWT validator is - allowed. This dependency is meant to be overridden. - -``def auth_jwt_http_header_authorization() -> str | None`` - - By default, return the credentials part of the ``Authorization`` header, or ``None`` - if absent. This dependency is meant to be overridden, in particular with - ``fastapi.security.OAuth2AuthorizationCodeBearer`` to let swagger handle OAuth2 - authorization (such override is only necessary for comfort when using the swagger - interface). diff --git a/fastapi_auth_jwt/static/description/index.html b/fastapi_auth_jwt/static/description/index.html index 221790628..aab7ae78a 100644 --- a/fastapi_auth_jwt/static/description/index.html +++ b/fastapi_auth_jwt/static/description/index.html @@ -1,4 +1,3 @@ - @@ -9,10 +8,11 @@ /* :Author: David Goodger (goodger@python.org) -:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $ +:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $ :Copyright: This stylesheet has been placed in the public domain. Default cascading style sheet for the HTML output of Docutils. +Despite the name, some widely supported CSS2 features are used. See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to customize this style sheet. @@ -275,7 +275,7 @@ margin-left: 2em ; margin-right: 2em } -pre.code .ln { color: grey; } /* line numbers */ +pre.code .ln { color: gray; } /* line numbers */ pre.code, code { background-color: #eeeeee } pre.code .comment, code .comment { color: #5C6576 } pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold } @@ -301,7 +301,7 @@ span.pre { white-space: pre } -span.problematic { +span.problematic, pre.problematic { color: red } span.section-subtitle { @@ -369,8 +369,10 @@

FastAPI Auth JWT support

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! source digest: sha256:2829a34d48a1906819029e7b796d33a1ee2ad2a47693396da96f92ede04ec17d !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! --> -

Beta License: LGPL-3 OCA/rest-framework Translate me on Weblate Try me on Runboat

-

This module provides FastAPI Depends to allow authentication with auth_jwt.

+

Beta License: LGPL-3 OCA/rest-framework Translate me on Weblate Try me on Runboat

+

This module provides FastAPI Depends to allow authentication +with +auth_jwt.

Table of contents

    @@ -385,54 +387,61 @@

    FastAPI Auth JWT support

Usage

-

The following FastAPI dependencies are provided and importable from +

The following FastAPI dependencies are provided and importable from odoo.addons.fastapi_auth_jwt.dependencies:

def auth_jwt_authenticated_payload() -> Payload

-Return the authenticated JWT payload. Raise a 401 (unauthorized) if absent or invalid.
+Return the authenticated JWT payload. Raise a 401 (unauthorized) if +absent or invalid.

def auth_jwt_optionally_authenticated_payload() -> Payload | None

-Return the authenticated JWT payload, or None if the Authorization header and -cookie are absent. Raise a 401 (unauthorized) if present and invalid.
+Return the authenticated JWT payload, or None if the +Authorization header and cookie are absent. Raise a 401 +(unauthorized) if present and invalid.

def auth_jwt_authenticated_partner() -> Partner

-

Obtain the authenticated partner corresponding to the provided JWT token, according to -the partner strategy defined on the auth_jwt validator. Raise a 401 (unauthorized) -if the partner could not be determined for any reason.

+

Obtain the authenticated partner corresponding to the provided JWT +token, according to the partner strategy defined on the auth_jwt +validator. Raise a 401 (unauthorized) if the partner could not be +determined for any reason.

This is function suitable and intended to override odoo.addons.fastapi.dependencies.authenticated_partner_impl.

-

The partner record returned by this function is bound to an environment that uses the -Odoo user obtained from the user strategy defined on the auth_jwt validator. When -used authenticated_partner_impl this in turn ensures that -odoo.addons.fastapi.dependencies.authenticated_partner_env is also bound to the -correct Odoo user.

+

The partner record returned by this function is bound to an +environment that uses the Odoo user obtained from the user strategy +defined on the auth_jwt validator. When used +authenticated_partner_impl this in turn ensures that +odoo.addons.fastapi.dependencies.authenticated_partner_env is +also bound to the correct Odoo user.

def auth_jwt_optionally_authenticated_partner() -> Partner

-Same as auth_jwt_partner except it returns an empty recordset bound to the -public user if the Authorization header and cookie are absent, or if the JWT -validator could not find the partner and declares that the partner is not required.
+Same as auth_jwt_partner except it returns an empty recordset +bound to the public user if the Authorization header and +cookie are absent, or if the JWT validator could not find the partner +and declares that the partner is not required.

def auth_jwt_authenticated_odoo_env() -> Environment

-

Return an Odoo environment using the the Odoo user obtained from the user strategy -defined on the auth_jwt validator, if the request could be authenticated using a -JWT validator. Raise a 401 (unauthorized) otherwise.

+

Return an Odoo environment using the the Odoo user obtained from the +user strategy defined on the auth_jwt validator, if the request +could be authenticated using a JWT validator. Raise a 401 +(unauthorized) otherwise.

This is function suitable and intended to override odoo.addons.fastapi.dependencies.authenticated_odoo_env_impl.

def auth_jwt_default_validator_name() -> str | None

Return the name of the default JWT validator to use.

-

The default implementation returns None meaning only one active JWT validator is -allowed. This dependency is meant to be overridden.

+

The default implementation returns None meaning only one active +JWT validator is allowed. This dependency is meant to be overridden.

def auth_jwt_http_header_authorization() -> str | None

-By default, return the credentials part of the Authorization header, or None -if absent. This dependency is meant to be overridden, in particular with -fastapi.security.OAuth2AuthorizationCodeBearer to let swagger handle OAuth2 -authorization (such override is only necessary for comfort when using the swagger -interface).
+By default, return the credentials part of the Authorization +header, or None if absent. This dependency is meant to be +overridden, in particular with +fastapi.security.OAuth2AuthorizationCodeBearer to let swagger +handle OAuth2 authorization (such override is only necessary for +comfort when using the swagger interface).

Bug Tracker

@@ -453,13 +462,15 @@

Authors

Maintainers

This module is maintained by the OCA.

-Odoo Community Association + +Odoo Community Association +

OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.

Current maintainer:

sbidoul

-

This module is part of the OCA/rest-framework project on GitHub.

+

This module is part of the OCA/rest-framework project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

diff --git a/requirements.txt b/requirements.txt index 49b121142..889a0cc08 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,11 +1,13 @@ # generated from manifests external_dependencies a2wsgi>=1.10.6 contextvars +cryptography fastapi>=0.110.0 graphene graphql_server==3.0.0b7 parse-accept-language pydantic>=2.0 +pyjwt python-multipart typing-extensions ujson From a209d2801a2ecddde87ac85e20fe0ac38ad4fd64 Mon Sep 17 00:00:00 2001 From: Quentin Groulard Date: Thu, 30 Nov 2023 16:51:48 +0100 Subject: [PATCH 2/4] [FIX] fastapi_auth_jwt: Don't raise error if partner not found and unauthenticated partner is allowed --- fastapi_auth_jwt/dependencies.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fastapi_auth_jwt/dependencies.py b/fastapi_auth_jwt/dependencies.py index 1795374fa..23bbff9b3 100644 --- a/fastapi_auth_jwt/dependencies.py +++ b/fastapi_auth_jwt/dependencies.py @@ -203,8 +203,9 @@ def __call__( except Unauthorized as e: raise HTTPException(status_code=HTTP_401_UNAUTHORIZED) from e if not partner_id: - _logger.info("Could not determine partner from JWT payload.") - raise HTTPException(status_code=HTTP_401_UNAUTHORIZED) + if not self.allow_unauthenticated or validator.partner_id_required: + _logger.info("Could not determine partner from JWT payload.") + raise HTTPException(status_code=HTTP_401_UNAUTHORIZED) return env["res.partner"].with_user(uid).browse(partner_id) From ec245fc4c6d35e913d5bb9503d314d9818ec890d Mon Sep 17 00:00:00 2001 From: mymage Date: Mon, 5 Jan 2026 17:55:57 +0000 Subject: [PATCH 3/4] Added translation using Weblate (Italian) --- fastapi_auth_jwt/i18n/it.po | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 fastapi_auth_jwt/i18n/it.po diff --git a/fastapi_auth_jwt/i18n/it.po b/fastapi_auth_jwt/i18n/it.po new file mode 100644 index 000000000..8af45f7b8 --- /dev/null +++ b/fastapi_auth_jwt/i18n/it.po @@ -0,0 +1,14 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 17.0\n" +"Report-Msgid-Bugs-To: \n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" From 40326b7b1dcfd4b4448c9f11e244c5bf1f954a55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mauro=20Cebri=C3=A1=20Berbegal?= Date: Fri, 16 Jan 2026 10:21:03 +0100 Subject: [PATCH 4/4] [IMP] fastapi_auth_jwt: pre-commit auto fixes --- fastapi_auth_jwt/dependencies.py | 43 ++++++++++++++++---------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/fastapi_auth_jwt/dependencies.py b/fastapi_auth_jwt/dependencies.py index 23bbff9b3..ffd172bab 100644 --- a/fastapi_auth_jwt/dependencies.py +++ b/fastapi_auth_jwt/dependencies.py @@ -2,10 +2,8 @@ # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl). import logging -from typing import Annotated, Any, Dict, Optional, Tuple, Union +from typing import Annotated, Any -from fastapi import Depends, HTTPException, Request, Response -from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer from starlette.status import HTTP_401_UNAUTHORIZED from odoo.api import Environment @@ -21,14 +19,17 @@ from odoo.addons.base.models.res_partner import Partner from odoo.addons.fastapi.dependencies import odoo_env +from fastapi import Depends, HTTPException, Request, Response +from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer + _logger = logging.getLogger(__name__) -Payload = Dict[str, Any] +Payload = dict[str, Any] def _get_auth_jwt_validator( - validator_name: Union[str, None], + validator_name: str | None, env: Environment, ) -> AuthJwtValidator: validator = env["auth.jwt.validator"].sudo()._get_validator_by_name(validator_name) @@ -38,9 +39,9 @@ def _get_auth_jwt_validator( def _request_has_authentication( request: Request, - authorization_header: Optional[str], + authorization_header: str | None, validator: AuthJwtValidator, -) -> Union[Payload, None]: +) -> Payload | None: if authorization_header is not None: return True if not validator.cookie_enabled: @@ -51,7 +52,7 @@ def _request_has_authentication( def _get_jwt_payload( request: Request, - authorization_header: Optional[str], + authorization_header: str | None, validator: AuthJwtValidator, ) -> Payload: """Obtain and validate the JWT payload from the request authorization header or @@ -75,9 +76,9 @@ def _get_jwt_payload( def _get_jwt_payload_and_validator( request: Request, response: Response, - authorization_header: Optional[str], + authorization_header: str | None, validator: AuthJwtValidator, -) -> Tuple[Payload, AuthJwtValidator]: +) -> tuple[Payload, AuthJwtValidator]: try: payload = None exceptions = {} @@ -116,15 +117,15 @@ def _get_jwt_payload_and_validator( raise HTTPException(status_code=HTTP_401_UNAUTHORIZED) from e -def auth_jwt_default_validator_name() -> Union[str, None]: +def auth_jwt_default_validator_name() -> str | None: return None def auth_jwt_http_header_authorization( credentials: Annotated[ - Optional[HTTPAuthorizationCredentials], + HTTPAuthorizationCredentials | None, Depends(HTTPBearer(auto_error=False)), - ] + ], ): if credentials is None: return None @@ -133,7 +134,7 @@ def auth_jwt_http_header_authorization( class BaseAuthJwt: # noqa: B903 def __init__( - self, validator_name: Optional[str] = None, allow_unauthenticated: bool = False + self, validator_name: str | None = None, allow_unauthenticated: bool = False ): self.validator_name = validator_name self.allow_unauthenticated = allow_unauthenticated @@ -145,18 +146,18 @@ def __call__( request: Request, response: Response, authorization_header: Annotated[ - Optional[str], + str | None, Depends(auth_jwt_http_header_authorization), ], default_validator_name: Annotated[ - Union[str, None], + str | None, Depends(auth_jwt_default_validator_name), ], env: Annotated[ Environment, Depends(odoo_env), ], - ) -> Optional[Payload]: + ) -> Payload | None: validator = _get_auth_jwt_validator( self.validator_name or default_validator_name, env ) @@ -175,11 +176,11 @@ def __call__( request: Request, response: Response, authorization_header: Annotated[ - Optional[str], + str | None, Depends(auth_jwt_http_header_authorization), ], default_validator_name: Annotated[ - Union[str, None], + str | None, Depends(auth_jwt_default_validator_name), ], env: Annotated[ @@ -215,11 +216,11 @@ def __call__( request: Request, response: Response, authorization_header: Annotated[ - Optional[str], + str | None, Depends(auth_jwt_http_header_authorization), ], default_validator_name: Annotated[ - Union[str, None], + str | None, Depends(auth_jwt_default_validator_name), ], env: Annotated[