Base of authentication.

2015-06-05 18:15:50 +02:00 · 2015-06-05 18:15:50 +02:00 · b81188cb0d
commit b81188cb0d
parent 81d8380c4a
7 changed files with 64 additions and 6 deletions
--- a/init.py
+++ b/init.py
--- a/api/controller/init.py
+++ b/api/controller/init.py
@ -1,4 +1,7 @@
 import pkgutil
+from flask.ext.httpauth import HTTPBasicAuth
+
+auth = HTTPBasicAuth()

 __all__ = []

--- a/api/controller/accounts.py
+++ b/api/controller/accounts.py
@ -14,6 +14,7 @@
    You should have received a copy of the GNU Affero General Public License
    along with Accountant.  If not, see <http://www.gnu.org/licenses/>.
 """
+from . import auth
 from .. import api
 from ..model import db, session_scope
 from ..model.accounts import Account
@ -21,8 +22,10 @@ from ..model.entries import Entry
 from ..model.operations import Operation
 from flask import json, request
 from sqlalchemy import func, case, cast, extract, distinct
+from forms.accounts import AccountIdForm, AccountForm

@api.route("/accounts", methods=["GET"])
+@auth.login_required
 def get_accounts():
    """
    Returns accounts with their solds.
@ -47,6 +50,7 @@ def get_accounts():
        } for i in query.all()])

@api.route("/accounts/<account_id>/<year>/<month>/")
+@auth.login_required
 def get_account_status(account_id, year, month):
    with session_scope() as session:
        query = session.query(
@ -76,6 +80,7 @@ def get_account_status(account_id, year, month):
        })

@api.route("/accounts/<account_id>/months")
+@auth.login_required
 def get_months(account_id):
    with session_scope() as session:
        query = session.query(
@ -89,6 +94,7 @@ def get_months(account_id):
        } for i in query.all()])

@api.route("/accounts", methods=["PUT"])
+@auth.login_required
 def add_account():
    with session_scope() as session:
        account = Account(request.json['name'], request.json['authorized_overdraft'])
@ -99,18 +105,25 @@ def add_account():


@api.route("/accounts/<account_id>", methods=["PUT"])
+@auth.login_required
 def update_account(account_id):
-    with session_scope() as session:
-        account = session.query(Account).filter(Account.id == account_id).first()
+    account_form = AccountForm()

-        account.name = request.json['name']
-        account.authorized_overdraft = request.json['authorized_overdraft']
+    if account_form.validate():
+        with session_scope() as session:
+            account = session.query(Account).filter(Account.id == account_id).first()

-        session.merge(account)
+            account.name = request.json['name']
+            account.authorized_overdraft = request.json['authorized_overdraft']

-        return json.dumps("Account #%s updated." % account_id)
+            session.merge(account)
+
+            return json.dumps("Account #%s updated." % account_id)
+    else:
+        return json.dumps({'ok': False, 'error_type': 'validation', 'errors': account_form.errors})

@api.route("/accounts/<account_id>", methods=["DELETE"])
+@auth.login_required
 def delete_account(account_id):
    with session_scope() as session:
        account = session.query(Account).filter(Account.id == account_id).first()
--- a/api/controller/users.py
+++ b/api/controller/users.py
@ -0,0 +1,29 @@
+"""
+    This file is part of Accountant.
+
+    Accountant is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    Accountant is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with Accountant.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from . import auth
+from .. import api
+from ..model import db, session_scope
+
+@auth.verify_password
+def verify_password(username, password):
+
+    if username == 'titi' and password == 'toto':
+        return True
+        # Update principal identity
+
+    return False
--- a/app.py
+++ b/app.py
@ -16,6 +16,7 @@
 """

 from api import api
+#from api.controller import login_manager
 from api.model import db
 from flask import Flask
 from flask.ext.sqlalchemy import SQLAlchemy
@ -28,8 +29,11 @@ app = Flask(__name__, static_folder = None)

 app.config['SQLALCHEMY_DATABASE_URI'] = config.db_uri
 app.config['SQLALCHEMY_RECORD_QUERIES'] = config.debug
+app.config['WTF_CSRF_ENABLED'] = False
+app.config['SECRET_KEY'] = 'my_secret_key'

 db.init_app(app)
+#login_manager.init_app(app)

 app.register_blueprint(frontend, url_prefix='')
 app.register_blueprint(api, url_prefix='/api')
--- a/forms/init.py
+++ b/forms/init.py
--- a/forms/accounts.py
+++ b/forms/accounts.py
@ -0,0 +1,9 @@
+from flask_wtf import Form
+from wtforms import DecimalField, IntegerField, StringField
+
+class AccountIdForm(Form):
+    id = IntegerField()
+
+class AccountForm(AccountIdForm):
+    name = StringField()
+    authorized_overdraft = DecimalField()