| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334 |
- # -*- coding: utf-8 -*-
- # Part of Odoo. See LICENSE file for full copyright and licensing details.
- from datetime import timedelta
- import logging
- from odoo import api, fields, models, _
- from odoo.exceptions import UserError
- _logger = logging.getLogger(__name__)
- class ResUsersSettings(models.Model):
- _inherit = "res.users.settings"
- # Google API tokens and synchronization information
- google_rtoken = fields.Char('Google Refresh Token', copy=False, groups='base.group_system')
- google_token = fields.Char('Google User Token', copy=False, groups='base.group_system')
- google_token_validity = fields.Datetime('Google Token Validity', copy=False, groups='base.group_system')
- google_email = fields.Char('Google Email', copy=False, groups='base.group_system')
- google_sync_enabled = fields.Boolean('Google Sync Enabled', default=False, copy=False, groups='base.group_system')
-
- # CRM Meets Files Configuration
- google_crm_meets_folder_id = fields.Char(
- string='Archivos Meets CRM',
- help='ID de la carpeta en Google Drive donde se almacenan archivos de meets para sincronización con CRM',
- copy=False,
- groups='base.group_system'
- )
- @api.model
- def _get_fields_blacklist(self):
- """Get list of google drive fields that won't be formatted in session_info."""
- google_fields_blacklist = [
- 'google_rtoken',
- 'google_token',
- 'google_token_validity',
- 'google_email',
- 'google_sync_enabled',
- 'google_crm_meets_folder_id'
- ]
- return super()._get_fields_blacklist() + google_fields_blacklist
- def _set_google_auth_tokens(self, access_token, refresh_token, expires_at):
- """Set Google authentication tokens for the user"""
- self.sudo().write({
- 'google_rtoken': refresh_token,
- 'google_token': access_token,
- 'google_token_validity': expires_at if expires_at else False,
- })
- def _google_authenticated(self):
- """Check if user is authenticated with Google"""
- self.ensure_one()
- # Verificar que tenemos tanto refresh token como access token
- return bool(self.sudo().google_rtoken and self.sudo().google_token)
- def _is_google_token_valid(self):
- """Check if Google token is still valid"""
- self.ensure_one()
- return (self.sudo().google_token_validity and
- self.sudo().google_token_validity >= (fields.Datetime.now() + timedelta(minutes=1)))
- def _refresh_google_token(self):
- """Refresh Google access token using refresh token with custom credentials"""
- self.ensure_one()
- try:
- # Get Google API credentials from system settings
- config = self.env['ir.config_parameter'].sudo()
- client_id = config.get_param('google_api.client_id', '')
- client_secret = config.get_param('google_api.client_secret', '')
- refresh_token = self.sudo().google_rtoken
- if not all([client_id, client_secret, refresh_token]):
- _logger.error(f"Missing credentials for token refresh for user {self.user_id.name}")
- return False
- # Exchange refresh token for new access token using our custom credentials
- import requests
-
- token_url = 'https://oauth2.googleapis.com/token'
- data = {
- 'client_id': client_id,
- 'client_secret': client_secret,
- 'refresh_token': refresh_token,
- 'grant_type': 'refresh_token'
- }
- response = requests.post(token_url, data=data, timeout=30)
- if response.status_code == 200:
- token_data = response.json()
- new_access_token = token_data.get('access_token')
- expires_in = token_data.get('expires_in', 3600)
- if new_access_token:
- # Calculate expiration time
- expires_at = fields.Datetime.now() + timedelta(seconds=expires_in)
-
- self.sudo().write({
- 'google_token': new_access_token,
- 'google_token_validity': expires_at,
- })
- _logger.info(f"Google token refreshed for user {self.user_id.name}")
- return True
- else:
- _logger.error(f"No access token in response for user {self.user_id.name}")
- return False
- else:
- _logger.error(f"Token refresh failed for user {self.user_id.name}: {response.status_code} - {response.text}")
- return False
- except Exception as e:
- _logger.error(f"Failed to refresh Google token for user {self.user_id.name}: {str(e)}")
-
- # Solo eliminar tokens si es definitivamente un error de credenciales inválidas
- if 'invalid_grant' in str(e) or 'invalid_token' in str(e) or 'invalid_client' in str(e):
- _logger.warning(f"Invalid credentials for user {self.user_id.name}, deleting tokens")
- self.env.cr.rollback()
- self.sudo()._set_google_auth_tokens(False, False, False)
- self.env.cr.commit()
- return False
- else:
- # Para otros errores (timeout, red, etc.), mantener los tokens y reintentar después
- _logger.warning(f"Temporary error refreshing token for user {self.user_id.name}, keeping tokens for retry")
- return False
- def _get_google_access_token(self):
- """Get a valid Google access token, refreshing if necessary"""
- self.ensure_one()
-
- if not self._google_authenticated():
- return None
-
- # Si el token no es válido, intentar renovarlo
- if not self._is_google_token_valid():
- _logger.info(f"Token expired for user {self.user_id.name}, attempting refresh")
-
- # Intentar renovar el token
- if not self._refresh_google_token():
- _logger.warning(f"Token refresh failed for user {self.user_id.name}")
-
- # Si falla la renovación, verificar si aún tenemos refresh token
- if not self.sudo().google_rtoken:
- _logger.error(f"No refresh token available for user {self.user_id.name}")
- return None
-
- # Intentar una vez más con un pequeño delay
- import time
- time.sleep(1)
- _logger.info(f"Retrying token refresh for user {self.user_id.name}")
-
- if not self._refresh_google_token():
- _logger.error(f"Final token refresh attempt failed for user {self.user_id.name}")
- return None
-
- # Verificar que tenemos un token válido
- token = self.sudo().google_token
- if not token:
- _logger.warning(f"No access token available for user {self.user_id.name}")
- return None
-
- return token
- def _clean_invalid_tokens(self):
- """Clean invalid tokens when they can't be refreshed"""
- self.ensure_one()
- _logger.warning(f"Cleaning invalid tokens for user {self.user_id.name}")
- self.sudo()._set_google_auth_tokens(False, False, False)
- self.sudo().write({
- 'google_email': False,
- 'google_sync_enabled': False,
- })
- def action_connect_google(self):
- """Connect user's Google account"""
- self.ensure_one()
-
- # Get Google API credentials from system settings
- config = self.env['ir.config_parameter'].sudo()
- client_id = config.get_param('google_api.client_id', '')
- client_secret = config.get_param('google_api.client_secret', '')
- if not client_id or not client_secret:
- _logger.error("Google API credentials not configured.")
- raise UserError(_('Google API credentials not configured. Please contact your administrator.'))
-
- # Build OAuth authorization URL
- base_url = self.env['ir.config_parameter'].sudo().get_param('web.base.url')
- redirect_uri = f"{base_url}/web/google_oauth_callback"
-
- scope = 'https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/calendar'
-
- # Generate the authorization URL using our own credentials
- authorize_uri = self._get_google_authorize_uri(
- client_id=client_id,
- redirect_uri=redirect_uri,
- scope=scope,
- state=str(self.id) # Pass user settings ID as state
- )
-
- return {
- 'type': 'ir.actions.act_url',
- 'url': authorize_uri,
- 'target': 'new',
- }
- def action_disconnect_google(self):
- """Disconnect user's Google account"""
- self.ensure_one()
-
- self.sudo()._set_google_auth_tokens(False, False, False)
- self.sudo().write({
- 'google_email': False,
- 'google_sync_enabled': False,
- })
-
- return {
- 'type': 'ir.actions.client',
- 'tag': 'display_notification',
- 'params': {
- 'title': _('Success'),
- 'message': _('Google account disconnected successfully.'),
- 'type': 'success',
- 'sticky': False,
- }
- }
- def action_test_google_connection(self):
- """Test Google connection for the user"""
- self.ensure_one()
-
- if not self._google_authenticated():
- raise UserError(_('Google account not connected. Please connect your account first.'))
-
- access_token = self._get_google_access_token()
- if not access_token:
- raise UserError(_('Could not obtain valid access token. Please reconnect your Google account.'))
-
- try:
- # Test Google Drive API access
- headers = {
- 'Authorization': f'Bearer {access_token}',
- 'Content-Type': 'application/json'
- }
-
- response = self.env['google.drive.service']._do_request(
- '/drive/v3/about',
- params={'fields': 'user'},
- headers=headers
- )
-
- if response and 'user' in response:
- user_email = response['user'].get('emailAddress', 'Unknown')
- self.sudo().write({'google_email': user_email})
-
- return {
- 'type': 'ir.actions.client',
- 'tag': 'display_notification',
- 'params': {
- 'title': _('Success'),
- 'message': _('Google connection successful! Connected as: %s') % user_email,
- 'type': 'success',
- 'sticky': False,
- }
- }
- else:
- raise UserError(_('Could not retrieve user information from Google.'))
-
- except Exception as e:
- _logger.error(f"Google connection test failed for user {self.user_id.name}: {str(e)}")
- raise UserError(_('Google connection test failed: %s') % str(e))
- def _get_google_authorize_uri(self, client_id, redirect_uri, scope, state):
- """Generate Google OAuth authorization URI using our own credentials"""
- import urllib.parse
-
- params = {
- 'response_type': 'code',
- 'client_id': client_id,
- 'redirect_uri': redirect_uri,
- 'scope': scope,
- 'state': state,
- 'access_type': 'offline',
- 'prompt': 'consent select_account', # Force account selection
- 'hd': '', # Allow any hosted domain
- 'include_granted_scopes': 'true'
- }
-
- base_url = 'https://accounts.google.com/o/oauth2/auth'
- query_string = urllib.parse.urlencode(params)
- return f"{base_url}?{query_string}"
- def _exchange_authorization_code_for_tokens(self, code, client_id, client_secret, redirect_uri):
- """Exchange authorization code for access and refresh tokens"""
- import requests
-
- token_url = 'https://oauth2.googleapis.com/token'
-
- data = {
- 'code': code,
- 'client_id': client_id,
- 'client_secret': client_secret,
- 'redirect_uri': redirect_uri,
- 'grant_type': 'authorization_code'
- }
-
- response = requests.post(token_url, data=data)
-
- if response.status_code != 200:
- _logger.error(f"Token exchange failed: {response.status_code} - {response.text}")
- raise UserError(_('Failed to exchange authorization code for tokens: %s') % response.text)
-
- token_data = response.json()
-
- access_token = token_data.get('access_token')
- refresh_token = token_data.get('refresh_token')
- expires_in = token_data.get('expires_in', 3600)
-
- if not access_token:
- raise UserError(_('No access token received from Google'))
-
- # Calculate expiration time
- from datetime import datetime, timedelta
- expires_at = datetime.now() + timedelta(seconds=expires_in)
-
- return access_token, refresh_token, expires_at
|
