Search code examples
apiauthenticationodooodoo-14

Postman authentication for Odoo 14

How to use postman to test odoo 14.0 controller methods that require authentication?

I used to have a simple request for authentication:

url: http://localhost:8014/web/session/authenticate

method: GET

headers: Content-Type: application/json

body:

{
    "jsonrpc": "2.0", 
    "params": {
        "db": "v14pos", 
        "login": "admin", 
        "password": "admin"
    }
}

After sending the authentication request, postman will set the session_id cookie, and it will work.

But in 14.0 even though the session_id cookie is set, I get the following error when trying to call a url that requires authenticatoin:

{
    "jsonrpc": "2.0",
    "id": null,
    "error": {
        "code": 200,
        "message": "Odoo Server Error",
        "data": {
            "name": "odoo.exceptions.AccessDenied",
            "debug": "Traceback (most recent call last):\n  File \"/home/obi/src/vs/odoo14/addons/http_routing/models/ir_http.py\", line 450, in _dispatch\n    cls._authenticate(func)\n  File \"/home/obi/src/vs/odoo14/odoo/addons/base/models/ir_http.py\", line 132, in _authenticate\n    raise AccessDenied()\nException\n\nThe above exception was the direct cause of the following exception:\n\nTraceback (most recent call last):\n  File \"/home/obi/src/vs/odoo14/odoo/http.py\", line 639, in _handle_exception\n    return super(JsonRequest, self)._handle_exception(exception)\n  File \"/home/obi/src/vs/odoo14/odoo/http.py\", line 315, in _handle_exception\n    raise exception.with_traceback(None) from new_cause\nodoo.exceptions.AccessDenied: Access Denied\n",
            "message": "Access Denied",
            "arguments": [
                "Access Denied"
            ],
            "context": {}
        }
    }
}

This worked for me for version 11.0.

I noticed that the HTTP header in 14.0 includes the cookie in a different way:

Cookie: TWISTED_SESSION=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2luZm8iOnsiYW5vbnltb3VzIjp0cnVlfSwiZXhwIjoxNjAzNjM0NDM5fQ.pJs2oOjQYOQrFnolafUlNZ4Bg4OMJ_itRaZPEUoaLeE; frontend_lang=en_US; fileToken=dummy-because-api-expects-one; tz=Africa/Khartoum; session_id=d36df662e749f368c32dcbecc07bf578dd57de8a

What is the TWISTED_SESSOIN? is it causing the problem?

Solution

  • I found the solution, or rather the problem.

    I set wrong value for auth in the controller method, it was:

    @http.route('/route/', auth='auth', type='json')

    And changed it to:

    @http.route('/route/', auth='user', type='json')