[14.0][ADD] force_https_redirection: perform http -> https redirections

.github/workflows/test.yml

@@ -73,6 +73,8 @@ jobs:
         run: manifestoo -d . check-dev-status --default-dev-status=Beta
       - name: Initialize test db
         run: oca_init_test_database
+      - name: Config server wide config
+        run: echo "server_wide_modules=base,web,force_https_redirection" >> /etc/odoo.cfg
       - name: Run tests
         run: oca_run_tests
       - uses: codecov/codecov-action@v1

force_https_redirection/README.rst

@@ -0,0 +1,85 @@
+========================
+Force HTTPS redirections
+========================
+
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--tools-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-tools/tree/14.0/force_https_redirection
+    :alt: OCA/server-tools
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-tools-14-0/server-tools-14-0-force_https_redirection
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
+    :target: https://runbot.odoo-community.org/runbot/149/14.0
+    :alt: Try me on Runbot
+
+|badge1| |badge2| |badge3| |badge4| |badge5| 
+
+This module provide a way to perform https redirection
+which can be useful on cloud platform that manage ssl
+end point but not http redirections (ie: heroku).
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+To enable HTTPS redirection needs to set this module
+in the `server_wide_modules` list.
+
+This is required to properly load the middleware at the very beginning.
+of the module. So even the module is not
+installed on any database the middleware will be loaded.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-tools/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-tools/issues/new?body=module:%20force_https_redirection%0Aversion:%2014.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Pierre Verkest
+
+Contributors
+~~~~~~~~~~~~
+
+* Pierre Verkest <pierreverkest84@gmail.com>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-tools <https://github.com/OCA/server-tools/tree/14.0/force_https_redirection>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

force_https_redirection/__init__.py

@@ -0,0 +1,38 @@
+# Copyright 2023 Foodles (http://www.foodles.co).
+# @author Pierre Verkest <pierreverkest84@gmail.com>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+import werkzeug
+from odoo.service import wsgi_server
+
+
+class RedirectMiddleware(object):
+    def __init__(self, app):
+        self.app = app
+
+    def __call__(self, environ, start_response):
+        """Redirect user to HTTPS in case of odoo is behind
+        a reverse proxy and the connexion between client and
+        reverse proxy was HTTP call.
+
+        Popular reverse proxy set an header X-Forwarded-Proto
+        that let the upstream server (odoo) knows what was the formal
+        protocol used.
+
+        In case of no proxy HTTP_X_FORWARDED_PROTO shouldn't be set
+        so it won't redirect user to https.
+
+        note: This middleware is called
+        before werkzeug.middleware.proxy_fix.ProxyFix  middleware
+        used when --proxy-mode is True
+        """
+        httprequest = werkzeug.wrappers.Request(environ)
+        if httprequest.environ.get("HTTP_X_FORWARDED_PROTO") == "http":
+            response = werkzeug.utils.redirect(
+                httprequest.url.replace("http", "https", 1), 301
+            )
+            return response(environ, start_response)
+
+        return self.app(environ, start_response)
+
+
+wsgi_server.application = RedirectMiddleware(wsgi_server.application)

force_https_redirection/__manifest__.py

@@ -0,0 +1,15 @@
+# Copyright 2023 Foodles (http://www.foodles.co).
+# @author Pierre Verkest <pierreverkest84@gmail.com>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+{
+    "name": "Force HTTPS redirections",
+    "summary": "Forcing https redirection",
+    "version": "14.0.1.0.0",
+    "category": "Tools",
+    "website": "https://github.com/OCA/server-tools",
+    "author": "Pierre Verkest, " "Odoo Community Association (OCA)",
+    "license": "AGPL-3",
+    "application": False,
+    "installable": True,
+    "depends": ["base"],
+}

force_https_redirection/readme/CONFIGURE.rst

@@ -0,0 +1,6 @@
+To enable HTTPS redirection needs to set this module
+in the `server_wide_modules` list.
+
+This is required to properly load the middleware at the very beginning.
+of the module. So even the module is not
+installed on any database the middleware will be loaded.

force_https_redirection/readme/CONTRIBUTORS.rst

@@ -0,0 +1 @@
+* Pierre Verkest <pierreverkest84@gmail.com>

force_https_redirection/readme/DESCRIPTION.rst

@@ -0,0 +1,3 @@
+This module provide a way to perform https redirection
+which can be useful on cloud platform that manage ssl
+end point but not http redirections (ie: heroku).