[MIG] auth_jwt: Migration to 19.0

pablo-cort-s73 · pablo-cort-s73 · commit 0e1ad1db73a9 · 2025-10-02T10:46:59.000+02:00
diff --git a/auth_jwt/README.rst b/auth_jwt/README.rst
@@ -21,13 +21,13 @@ Auth JWT
     :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
     :alt: License: LGPL-3
 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
-    :target: https://github.com/OCA/server-auth/tree/18.0/auth_jwt
+    :target: https://github.com/OCA/server-auth/tree/19.0/auth_jwt
     :alt: OCA/server-auth
 .. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
-    :target: https://translation.odoo-community.org/projects/server-auth-18-0/server-auth-18-0-auth_jwt
+    :target: https://translation.odoo-community.org/projects/server-auth-19-0/server-auth-19-0-auth_jwt
     :alt: Translate me on Weblate
 .. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
-    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=18.0
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=19.0
     :alt: Try me on Runboat
 
 |badge1| |badge2| |badge3| |badge4| |badge5|
@@ -52,24 +52,24 @@ Odoo controller routes.
 
 To use it, you must:
 
-- Create an ``auth.jwt.validator`` record to configure how the JWT token
-  will be validated.
-- Add an ``auth="jwt_{validator-name}"`` or
-  ``auth="public_or_jwt_{validator-name}"`` attribute to the routes you
-  want to protect where ``{validator-name}`` corresponds to the name
-  attribute of the JWT validator record.
+-  Create an ``auth.jwt.validator`` record to configure how the JWT
+   token will be validated.
+-  Add an ``auth="jwt_{validator-name}"`` or
+   ``auth="public_or_jwt_{validator-name}"`` attribute to the routes you
+   want to protect where ``{validator-name}`` corresponds to the name
+   attribute of the JWT validator record.
 
 The ``auth_jwt_demo`` module provides examples.
 
 The JWT validator can be configured with the following properties:
 
-- ``name``: the validator name, to match the
-  ``auth="jwt_{validator-name}"`` route property.
-- ``audience``: a comma-separated list of allowed audiences, used to
-  validate the ``aud`` claim.
-- ``issuer``: used to validate the ``iss`` claim.
-- Signature type (secret or public key), algorithm, secret and JWK URI
-  are used to validate the token signature.
+-  ``name``: the validator name, to match the
+   ``auth="jwt_{validator-name}"`` route property.
+-  ``audience``: a comma-separated list of allowed audiences, used to
+   validate the ``aud`` claim.
+-  ``issuer``: used to validate the ``iss`` claim.
+-  Signature type (secret or public key), algorithm, secret and JWK URI
+   are used to validate the token signature.
 
 In addition, the ``exp`` claim is validated to reject expired tokens.
 
@@ -124,7 +124,7 @@ Bug Tracker
 Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
 In case of trouble, please check there if your issue has already been reported.
 If you spotted it first, help us to smash it by providing a detailed and welcomed
-`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_jwt%0Aversion:%2018.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_jwt%0Aversion:%2019.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
 
 Do not contact contributors directly about support or help with technical issues.
 
@@ -139,8 +139,8 @@ Authors
 Contributors
 ------------
 
-- Stéphane Bidoul <stephane.bidoul@acsone.eu>
-- Mohamed Alkobrosli <malkobrosly@kencove.com>
+-  Stéphane Bidoul <stephane.bidoul@acsone.eu>
+-  Mohamed Alkobrosli <malkobrosly@kencove.com>
 
 Maintainers
 -----------
@@ -163,6 +163,6 @@ Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
 
 |maintainer-sbidoul| 
 
-This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/18.0/auth_jwt>`_ project on GitHub.
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/19.0/auth_jwt>`_ project on GitHub.
 
 You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/auth_jwt/__manifest__.py b/auth_jwt/__manifest__.py
@@ -5,7 +5,7 @@
     "name": "Auth JWT",
     "summary": """
         JWT bearer token authentication.""",
-    "version": "18.0.1.0.0",
+    "version": "19.0.1.0.0",
     "license": "LGPL-3",
     "author": "ACSONE SA/NV,Odoo Community Association (OCA)",
     "maintainers": ["sbidoul"],
diff --git a/auth_jwt/models/auth_jwt_validator.py b/auth_jwt/models/auth_jwt_validator.py
@@ -7,11 +7,11 @@
 from calendar import timegm
 from functools import partial
 
-import jwt  # pylint: disable=missing-manifest-dependency
+import jwt
 from jwt import PyJWKClient
 from werkzeug.exceptions import InternalServerError
 
-from odoo import _, api, fields, models, tools
+from odoo import api, fields, models, tools
 from odoo.exceptions import ValidationError
 
 from ..exceptions import (
@@ -98,16 +98,14 @@ class AuthJwtValidator(models.Model):
         default=True, help="Set to false only for development without https."
     )
 
-    _sql_constraints = [
-        ("name_uniq", "unique(name)", "JWT validator names must be unique !"),
-    ]
+    models.Constraint("UNIQUE(name)", "JWT validator names must be unique !")
 
     @api.constrains("name")
     def _check_name(self):
         for rec in self:
             if not rec.name.isidentifier():
                 raise ValidationError(
-                    _("Name %r is not a valid python identifier.") % (rec.name,)
+                    self.env._("Name %r is not a valid python identifier.", rec.name)
                 )
 
     @api.constrains("next_validator_id")
@@ -121,8 +119,9 @@ def _check_next_validator_id(self):
                 chain.append(validator.name)
                 if rec == validator:
                     raise ValidationError(
-                        _("Validators mustn't make a closed chain: {}.").format(
-                            " -> ".join(chain)
+                        self.env._(
+                            "Validators mustn't make a closed chain: %s.",
+                            " -> ".join(chain),
                         )
                     )
 
@@ -131,11 +130,11 @@ def _check_cookie_name(self):
         for rec in self:
             if rec.cookie_enabled and not rec.cookie_name:
                 raise ValidationError(
-                    _(
+                    self.env._(
                         "A cookie name must be provided on JWT validator %s "
-                        "because it has cookie mode enabled."
+                        "because it has cookie mode enabled.",
+                        rec.name,
                     )
-                    % (rec.name,)
                 )
 
     @api.model
@@ -246,7 +245,14 @@ def _get_and_check_partner_id(self, payload):
 
     def _register_hook(self):
         res = super()._register_hook()
-        self.search([])._register_auth_method()
+        BATCH_SIZE = 100
+        offset = 0
+        while True:
+            validators = self.search([], limit=BATCH_SIZE, offset=offset)
+            if not validators:
+                break
+            validators._register_auth_method()
+            offset += BATCH_SIZE
         return res
 
     def _register_auth_method(self):
diff --git a/auth_jwt/static/description/index.html b/auth_jwt/static/description/index.html
@@ -374,7 +374,7 @@ <h1>Auth JWT</h1>
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 !! source digest: sha256:0257cb75b9a02ab9b3f1aeebe8e0c5aee0b983f8b5ac1692132897dfb1986d02
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
-<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/license-LGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/18.0/auth_jwt"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-18-0/server-auth-18-0-auth_jwt"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=18.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/license-LGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/19.0/auth_jwt"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-19-0/server-auth-19-0-auth_jwt"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=19.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>JWT bearer token authentication.</p>
 <p><strong>Table of contents</strong></p>
 <div class="contents local topic" id="contents">
@@ -400,8 +400,8 @@ <h2><a class="toc-backref" href="#toc-entry-2">Usage</a></h2>
 Odoo controller routes.</p>
 <p>To use it, you must:</p>
 <ul class="simple">
-<li>Create an <tt class="docutils literal">auth.jwt.validator</tt> record to configure how the JWT token
-will be validated.</li>
+<li>Create an <tt class="docutils literal">auth.jwt.validator</tt> record to configure how the JWT
+token will be validated.</li>
 <li>Add an <tt class="docutils literal"><span class="pre">auth=&quot;jwt_{validator-name}&quot;</span></tt> or
 <tt class="docutils literal"><span class="pre">auth=&quot;public_or_jwt_{validator-name}&quot;</span></tt> attribute to the routes you
 want to protect where <tt class="docutils literal"><span class="pre">{validator-name}</span></tt> corresponds to the name
@@ -463,7 +463,7 @@ <h2><a class="toc-backref" href="#toc-entry-3">Bug Tracker</a></h2>
 <p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-auth/issues">GitHub Issues</a>.
 In case of trouble, please check there if your issue has already been reported.
 If you spotted it first, help us to smash it by providing a detailed and welcomed
-<a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20auth_jwt%0Aversion:%2018.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20auth_jwt%0Aversion:%2019.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
 <p>Do not contact contributors directly about support or help with technical issues.</p>
 </div>
 <div class="section" id="credits">
@@ -492,7 +492,7 @@ <h3><a class="toc-backref" href="#toc-entry-7">Maintainers</a></h3>
 promote its widespread use.</p>
 <p>Current <a class="reference external" href="https://odoo-community.org/page/maintainer-role">maintainer</a>:</p>
 <p><a class="reference external image-reference" href="https://github.com/sbidoul"><img alt="sbidoul" src="https://github.com/sbidoul.png?size=40px" /></a></p>
-<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-auth/tree/18.0/auth_jwt">OCA/server-auth</a> project on GitHub.</p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-auth/tree/19.0/auth_jwt">OCA/server-auth</a> project on GitHub.</p>
 <p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
 </div>
 </div>
diff --git a/auth_jwt/tests/test_auth_jwt.py b/auth_jwt/tests/test_auth_jwt.py
@@ -264,7 +264,9 @@ def test_invalid_validation_auto_chain(self):
         )
 
     def test_partner_id_strategy_email_found(self):
-        partner = self.env["res.partner"].search([("email", "!=", False)])[0]
+        partner = self.env["res.partner"].create(
+            {"name": "Test Partner Found", "email": "found@example.com"}
+        )
         self._create_validator("validator6")
         authorization = "Bearer " + self._create_token(email=partner.email)
         with self._mock_request(authorization=authorization) as request:
