Rewrote REST auth management.

This commit is contained in:
Alexis Lahouze 2015-12-09 22:52:50 +01:00
parent 76f9902f0c
commit a49e00c8af

View File

@ -14,17 +14,116 @@
You should have received a copy of the GNU Affero General Public License
along with Accountant. If not, see <http://www.gnu.org/licenses/>.
"""
#from accountant import session_scope
# vim: set tw=80 ts=4 sw=4 sts=4:
import arrow
from . import auth
#from .. import api
from functools import wraps
from flask import request, g
from flask.ext.restful import Resource, fields, reqparse, marshal_with, marshal_with_field
from sqlalchemy.orm.exc import NoResultFound
from werkzeug.exceptions import BadRequest
from accountant import app
from .. import api_api
from ..fields import Object
from ..models.users import User
@auth.verify_password
def verify_password(username, password):
def load_user_from_token(token):
return User.verify_auth_token(token)
if username == 'titi' and password == 'toto':
return True
# Update principal identity
return False
def load_user_from_auth(auth):
token = auth.replace('Bearer ', '', 1)
return load_user_from_token(token)
def load_user_from_request():
# No token found, trying to authenticate using request data.
try:
kwargs = parser.parse_args()
try:
user = User.query().filter(
User.email == kwargs['email']
).one()
if user and user.verify_password(kwargs['password']):
return user
except NoResultFound:
pass
except BadRequest:
pass
return None
def authenticate():
return {'error': 'Please login before executing this request.'}, 401
def requires_auth(f):
@wraps(f)
def wrapped(*args, **kwargs):
if 'Authorization' in request.headers:
auth = request.headers['Authorization']
user = load_user_from_auth(auth)
else:
user = load_user_from_request()
if user:
g.user = user
return f(*args, **kwargs)
return authenticate()
return wrapped
token_resource_fields = {
'token': fields.String,
'expiration': fields.DateTime(dt_format='iso8601'),
'token_type': fields.String
}
user_resource_fields = {
'id': fields.Integer(default=None),
'email': fields.String,
'active': fields.Boolean
}
parser = reqparse.RequestParser()
parser.add_argument('email', type=str, required=True)
parser.add_argument('password', type=str, required=True)
class LoginResource(Resource):
@requires_auth
@marshal_with(token_resource_fields)
def post(self):
user = g.user
token = user.generate_auth_token()
expiration_time = arrow.now().replace(
seconds=app.config['SESSION_TTL']
)
return {
'token': token,
'expiration': expiration_time.datetime,
'token_type': 'Bearer'
}, 200
@requires_auth
@marshal_with_field(Object(user_resource_fields))
def get(self):
return g.user
api_api.add_resource(LoginResource, "/users/login")