Change authentication algorithm.

This commit is contained in:
Alexis Lahouze 2016-01-13 12:57:27 +01:00
parent 24ed36cc1b
commit 3fd746916c

View File

@ -22,10 +22,6 @@ from functools import wraps
from flask import request, g from flask import request, g
from flask.ext.restful import Resource, fields, reqparse, marshal_with, marshal_with_field from flask.ext.restful import Resource, fields, reqparse, marshal_with, marshal_with_field
from sqlalchemy.orm.exc import NoResultFound
from werkzeug.exceptions import BadRequest
from accountant import app from accountant import app
from .. import api from .. import api
@ -44,27 +40,6 @@ def load_user_from_auth(auth):
return load_user_from_token(token) return load_user_from_token(token)
def load_user_from_request():
# No token found, trying to authenticate using request data.
try:
data = parser.parse_args()
try:
user = User.query().filter(
User.email == data['email']
).one()
if user and user.verify_password(data['password']):
return user
except NoResultFound:
pass
except BadRequest:
pass
return None
def authenticate(): def authenticate():
return {'error': 'Please login before executing this request.'}, 401 return {'error': 'Please login before executing this request.'}, 401
@ -72,11 +47,11 @@ def authenticate():
def requires_auth(f): def requires_auth(f):
@wraps(f) @wraps(f)
def wrapped(*args, **data): def wrapped(*args, **data):
user = None
if 'Authorization' in request.headers: if 'Authorization' in request.headers:
auth = request.headers['Authorization'] auth = request.headers['Authorization']
user = load_user_from_auth(auth) user = load_user_from_auth(auth)
else:
user = load_user_from_request()
if user: if user:
g.user = user g.user = user
@ -104,10 +79,19 @@ parser.add_argument('password', type=str, required=True)
class LoginResource(Resource): class LoginResource(Resource):
@requires_auth
@marshal_with(token_resource_fields) @marshal_with(token_resource_fields)
def post(self): def post(self):
user = g.user """
Login to retrieve authentication token.
"""
data = parser.parse_args()
user = User.query().filter(
User.email == data['email']
).one_or_none()
if not user or not user.verify_password(data['password']):
authenticate()
token = user.generate_auth_token() token = user.generate_auth_token()
expiration_time = arrow.now().replace( expiration_time = arrow.now().replace(