Skip to content

[FIX] base_remote: Allow RPC authentication without HTTP context #3459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dtgagnon wants to merge 1 commit into
base: 18.0
Choose a base branch
from
Open

[FIX] base_remote: Allow RPC authentication without HTTP context #3459

dtgagnon wants to merge 1 commit into from

Conversation

@dtgagnon
Copy link

@dtgagnon dtgagnon commented Dec 7, 2025

Description

Fixes #3458

This PR fixes a bug where XML-RPC and JSON-RPC authentication fails with ValueError: Expected singleton: res.remote().

Root Cause

When authenticating via RPC (non-HTTP requests), there is no HTTP request context available. The remote property in models/base.py gracefully handles this by returning an empty recordset. However, _auth_check_remote in models/res_users.py unconditionally calls ensure_one() on this recordset, causing authentication to fail.

Changes

  • Modified line 19 in base_remote/models/res_users.py
  • Added check to skip ensure_one() when remote is empty (no HTTP context)
  • Maintains device tracking for web browser connections (primary use case)
  • Follows same pattern already used for test mode

Testing

Tested with OdooRPC Python library:

  • ✅ RPC/API authentication now works
  • ✅ Web browser authentication still works
  • ✅ Device tracking for HTTP connections maintained

Impact

  • ✅ Fixes RPC/API authentication (OdooRPC, mobile apps, external integrations)
  • ✅ Maintains existing web browser device tracking functionality
  • ✅ No security or functionality regression

@dtgagnon
[FIX] base_remote: Allow RPC authentication without HTTP context
84bfa39 
When authenticating via XML-RPC or JSON-RPC, there is no HTTP request
context available. The remote property gracefully handles this by
returning an empty recordset, but the ensure_one() check was still
enforced, causing authentication to fail.

This change skips the singleton check when remote is empty (no HTTP
context), while maintaining device tracking for web browser connections.

Fixes OCA#3458
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

base_remote: API authentication broken due to missing HTTP context check

1 participant

@dtgagnon