Panda Odoo MCP Server

mcp-odoo-panda
odoo_mcp
authentication

authenticator.py•8.58 KiB

import logging from typing import Dict, Any, Optional, Tuple import hashlib # For basic hashing if storing tokens locally (use stronger methods for production) # Consider using 'cryptography' library for actual encryption import socket from xmlrpc.client import Fault, ProtocolError as XmlRpcProtocolError from odoo_mcp.core.connection_pool import ConnectionPool from odoo_mcp.error_handling.exceptions import ( AuthError, NetworkError, OdooMCPError, PoolTimeoutError, ConnectionError as PoolConnectionError, ) # Placeholder for ConnectionPool and custom exceptions # from odoo_mcp.connection.connection_pool import ConnectionPool # from odoo_mcp.error_handling import AuthError, NetworkError logger = logging.getLogger(__name__) # Import custom exceptions # from odoo_mcp.error_handling.exceptions import AuthError, NetworkError, OdooMCPError, PoolTimeoutError, ConnectionError as PoolConnectionError # Alias to avoid name clash class OdooAuthenticator: """ Handles authentication logic against the target Odoo instance. Uses the connection pool to perform authentication checks via Odoo's `common.authenticate` method (typically XML-RPC). Includes placeholders for future enhancements like token caching and secure credential storage. """ def __init__(self, config: Dict[str, Any]): """ Initialize the OdooAuthenticator. Args: config: The server configuration dictionary. Requires keys like 'odoo_url', 'database'. """ self.config = config self.connection_pool = ConnectionPool(config) self._authenticated_users: Dict[str, Dict[str, Any]] = {} self.odoo_url = config.get("odoo_url") self.database = config.get("database") # TODO: Implement secure storage/retrieval if caching tokens/credentials self._token_cache: Dict[str, Tuple[int, float]] = {} # Example: {username: (uid, expiry_time)} self.token_lifetime = config.get("auth_token_lifetime", 3600) # e.g., 1 hour async def authenticate(self, username: str, password: str) -> Dict[str, Any]: """ Authenticate a user. Args: username: Username password: Password Returns: Dict[str, Any]: Authentication result Raises: AuthError: If authentication fails """ try: # Check if user is already authenticated if username in self._authenticated_users: return self._authenticated_users[username] # Get connection from pool async with self.connection_pool.get_connection() as conn: # Authenticate with Odoo result = await conn.authenticate(username, password) if not result: raise AuthError("Authentication failed") # Store authentication result self._authenticated_users[username] = result return result except (NetworkError, PoolTimeoutError, PoolConnectionError) as e: raise AuthError(f"Authentication failed: {str(e)}") except Exception as e: raise OdooMCPError(f"Unexpected error during authentication: {str(e)}") def logout(self, username: str) -> None: """ Logout a user. Args: username: Username """ if username in self._authenticated_users: del self._authenticated_users[username] def is_authenticated(self, username: str) -> bool: """ Check if a user is authenticated. Args: username: Username Returns: bool: True if authenticated, False otherwise """ return username in self._authenticated_users def get_user_info(self, username: str) -> Optional[Dict[str, Any]]: """ Get user information. Args: username: Username Returns: Optional[Dict[str, Any]]: User information if authenticated, None otherwise """ return self._authenticated_users.get(username) async def verify_token(self, token: str) -> Optional[int]: """ Verify a session token (placeholder). In a real implementation, this would check a token cache or validate the token against an external system or Odoo itself. Args: token: The session token to verify. Returns: The user ID (UID) associated with the token if valid, otherwise None. """ # TODO: Implement token verification logic # - Check internal cache (e.g., self._token_cache) # - Check token expiry based on self.token_lifetime # - Potentially re-validate against Odoo periodically if needed logger.warning("Token verification is not yet implemented.") return None def _generate_token(self, user_id: int) -> str: """ Generate a secure session token (placeholder). Uses UUID4 for simplicity. A production system should use a more robust, cryptographically secure method (e.g., using `secrets` module). Args: user_id: The user ID the token is being generated for. Returns: A newly generated session token string. """ # TODO: Implement secure token generation (e.g., using secrets module) import uuid # Example using UUID4 - NOT SECURE FOR PRODUCTION token = str(uuid.uuid4()) logger.debug(f"Generated placeholder token: {token} for user {user_id}") return token def _store_credentials_securely(self, username: str, api_key: str): """ Placeholder for securely storing user credentials. WARNING: Storing raw credentials locally is highly discouraged due to security risks. Consider using system keyrings (via the 'keyring' library) or other secure storage mechanisms appropriate for the deployment environment. Args: username: The username associated with the credentials. api_key: The sensitive API key or password to store. """ logger.warning("Secure credential storage is not implemented. Avoid storing raw credentials.") # Example using keyring (requires installation and backend setup): # import keyring # keyring.set_password(f"odoo_mcp_{self.config.get('database', 'defaultdb')}", username, api_key) pass def _get_stored_credentials(self, username: str) -> Optional[str]: """ Placeholder for retrieving securely stored credentials. Args: username: The username whose credentials are to be retrieved. Returns: The stored API key/password if found, otherwise None. """ logger.warning("Secure credential retrieval is not implemented.") # Example using keyring: # import keyring # return keyring.get_password(f"odoo_mcp_{self.config.get('database', 'defaultdb')}", username) return None # Example Usage (Conceptual) async def auth_example(): # Assume config and pool_mock are set up config = { "odoo_url": "http://localhost:8069", "database": "db", "username": "user", "api_key": "key", } # Mock pool that returns a mock connection with a mock 'common' object mock_common = type( "CommonMock", (), {"authenticate": lambda db, u, p, _: (1 if u == "user" and p == "key" and db == "db" else False)}, )() mock_connection = type("ConnectionMock", (), {"common": mock_common})() mock_wrapper = type("WrapperMock", (), {"connection": mock_connection})() pool_mock = type( "PoolMock", (), { "get_connection": lambda: type( "AsyncContextManager", (), {"__aenter__": lambda: mock_wrapper, "__aexit__": lambda *a: None}, )() }, )() authenticator = OdooAuthenticator(config) try: print("Authenticating valid user...") uid = await authenticator.authenticate("user", "key") print(f"Authentication successful! UID: {uid}") print("\nAuthenticating invalid user...") await authenticator.authenticate("wrong_user", "key") except AuthError as e: print(f"Authentication failed as expected: {e}") except NetworkError as e: print(f"Network error during authentication: {e}") except Exception as e: print(f"An unexpected error occurred: {e}") if __name__ == "__main__": logging.basicConfig(level=logging.INFO) # asyncio.run(auth_example()) # Uncomment to run example pass

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/pandeussilvae/mcp-odoo-panda'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

authenticator.py•8.58 KiB