|
|
@@ -61,23 +61,61 @@ class ResUsersSettings(models.Model):
|
|
|
self.sudo().google_token_validity >= (fields.Datetime.now() + timedelta(minutes=1)))
|
|
|
|
|
|
def _refresh_google_token(self):
|
|
|
- """Refresh Google access token using refresh token"""
|
|
|
+ """Refresh Google access token using refresh token with custom credentials"""
|
|
|
self.ensure_one()
|
|
|
|
|
|
try:
|
|
|
- access_token, ttl = self.env['google.service']._refresh_google_token('drive', self.sudo().google_rtoken)
|
|
|
- self.sudo().write({
|
|
|
- 'google_token': access_token,
|
|
|
- 'google_token_validity': fields.Datetime.now() + timedelta(seconds=ttl),
|
|
|
- })
|
|
|
- _logger.info(f"Google token refreshed for user {self.user_id.name}")
|
|
|
- return True
|
|
|
+ # Get Google API credentials from system settings
|
|
|
+ config = self.env['ir.config_parameter'].sudo()
|
|
|
+ client_id = config.get_param('google_api.client_id', '')
|
|
|
+ client_secret = config.get_param('google_api.client_secret', '')
|
|
|
+ refresh_token = self.sudo().google_rtoken
|
|
|
+
|
|
|
+ if not all([client_id, client_secret, refresh_token]):
|
|
|
+ _logger.error(f"Missing credentials for token refresh for user {self.user_id.name}")
|
|
|
+ return False
|
|
|
+
|
|
|
+ # Exchange refresh token for new access token using our custom credentials
|
|
|
+ import requests
|
|
|
+
|
|
|
+ token_url = 'https://oauth2.googleapis.com/token'
|
|
|
+ data = {
|
|
|
+ 'client_id': client_id,
|
|
|
+ 'client_secret': client_secret,
|
|
|
+ 'refresh_token': refresh_token,
|
|
|
+ 'grant_type': 'refresh_token'
|
|
|
+ }
|
|
|
+
|
|
|
+ response = requests.post(token_url, data=data, timeout=30)
|
|
|
+
|
|
|
+ if response.status_code == 200:
|
|
|
+ token_data = response.json()
|
|
|
+ new_access_token = token_data.get('access_token')
|
|
|
+ expires_in = token_data.get('expires_in', 3600)
|
|
|
+
|
|
|
+ if new_access_token:
|
|
|
+ # Calculate expiration time
|
|
|
+ expires_at = fields.Datetime.now() + timedelta(seconds=expires_in)
|
|
|
+
|
|
|
+ self.sudo().write({
|
|
|
+ 'google_token': new_access_token,
|
|
|
+ 'google_token_validity': expires_at,
|
|
|
+ })
|
|
|
+ _logger.info(f"Google token refreshed for user {self.user_id.name}")
|
|
|
+ return True
|
|
|
+ else:
|
|
|
+ _logger.error(f"No access token in response for user {self.user_id.name}")
|
|
|
+ return False
|
|
|
+ else:
|
|
|
+ _logger.error(f"Token refresh failed for user {self.user_id.name}: {response.status_code} - {response.text}")
|
|
|
+ return False
|
|
|
+
|
|
|
except Exception as e:
|
|
|
_logger.error(f"Failed to refresh Google token for user {self.user_id.name}: {str(e)}")
|
|
|
|
|
|
# Solo eliminar tokens si es definitivamente un error de credenciales inválidas
|
|
|
- if 'invalid_grant' in str(e) or 'invalid_token' in str(e):
|
|
|
- _logger.warning(f"Invalid refresh token for user {self.user_id.name}, deleting tokens")
|
|
|
+ if 'invalid_grant' in str(e) or 'invalid_token' in str(e) or 'invalid_client' in str(e):
|
|
|
+ _logger.warning(f"Invalid credentials for user {self.user_id.name}, deleting tokens")
|
|
|
self.env.cr.rollback()
|
|
|
self.sudo()._set_google_auth_tokens(False, False, False)
|
|
|
self.env.cr.commit()
|
root