Rewrote REST auth management.

2015-12-09 22:52:50 +01:00 · 2015-12-09 22:52:50 +01:00 · a49e00c8af
commit a49e00c8af
parent 76f9902f0c
1 changed files with 108 additions and 9 deletions
--- a/accountant/api/views/users.py
+++ b/accountant/api/views/users.py
@ -14,17 +14,116 @@
    You should have received a copy of the GNU Affero General Public License
    along with Accountant.  If not, see <http://www.gnu.org/licenses/>.
 """
-#from accountant import session_scope
+# vim: set tw=80 ts=4 sw=4 sts=4:
 import arrow
-from . import auth
+from functools import wraps
-#from .. import api
+
 from flask import request, g
 from flask.ext.restful import Resource, fields, reqparse, marshal_with, marshal_with_field
 from sqlalchemy.orm.exc import NoResultFound
 from werkzeug.exceptions import BadRequest
 from accountant import app
 from .. import api_api
 from ..fields import Object
 from ..models.users import User
-@auth.verify_password
+def load_user_from_token(token):
-def verify_password(username, password):
+    return User.verify_auth_token(token)
    if username == 'titi' and password == 'toto':
        return True
        # Update principal identity
-    return False
+def load_user_from_auth(auth):
    token = auth.replace('Bearer ', '', 1)
    return load_user_from_token(token)
 def load_user_from_request():
    # No token found, trying to authenticate using request data.
    try:
        kwargs = parser.parse_args()
        try:
            user = User.query().filter(
                User.email == kwargs['email']
            ).one()
            if user and user.verify_password(kwargs['password']):
                return user
        except NoResultFound:
            pass
    except BadRequest:
        pass
    return None
 def authenticate():
    return {'error': 'Please login before executing this request.'}, 401
 def requires_auth(f):
    @wraps(f)
    def wrapped(*args, **kwargs):
        if 'Authorization' in request.headers:
            auth = request.headers['Authorization']
            user = load_user_from_auth(auth)
        else:
            user = load_user_from_request()
        if user:
            g.user = user
            return f(*args, **kwargs)
        return authenticate()
    return wrapped
 token_resource_fields = {
    'token': fields.String,
    'expiration': fields.DateTime(dt_format='iso8601'),
    'token_type': fields.String
 }
 user_resource_fields = {
    'id': fields.Integer(default=None),
    'email': fields.String,
    'active': fields.Boolean
 }
 parser = reqparse.RequestParser()
 parser.add_argument('email', type=str, required=True)
 parser.add_argument('password', type=str, required=True)
 class LoginResource(Resource):
    @requires_auth
    @marshal_with(token_resource_fields)
    def post(self):
        user = g.user
        token = user.generate_auth_token()
        expiration_time = arrow.now().replace(
            seconds=app.config['SESSION_TTL']
        )
        return {
            'token': token,
            'expiration': expiration_time.datetime,
            'token_type': 'Bearer'
        }, 200
    @requires_auth
    @marshal_with_field(Object(user_resource_fields))
    def get(self):
        return g.user
 api_api.add_resource(LoginResource, "/users/login")