Use basic HTTP authentication for user Login.
This commit is contained in:
parent
d013e4cda8
commit
de59dc3bb0
@ -30,6 +30,9 @@ authorizations = {
|
||||
'in': 'header',
|
||||
'name': 'Authorization',
|
||||
},
|
||||
'basic': {
|
||||
'type': 'basic',
|
||||
}
|
||||
}
|
||||
|
||||
# pylint: disable=invalid-name
|
||||
|
@ -102,18 +102,6 @@ user_model = ns.model('User', {
|
||||
description='Active state of the user')
|
||||
})
|
||||
|
||||
# Login model.
|
||||
login_model = ns.model('Login', {
|
||||
'email': fields.String(
|
||||
required=True,
|
||||
description='Email to use for login'
|
||||
),
|
||||
'password': fields.String(
|
||||
required=True,
|
||||
description='Plain text password to use for login'
|
||||
)
|
||||
})
|
||||
|
||||
|
||||
@ns.route('/login')
|
||||
class LoginResource(Resource):
|
||||
@ -121,21 +109,22 @@ class LoginResource(Resource):
|
||||
|
||||
@ns.marshal_with(token_model)
|
||||
@ns.doc(
|
||||
security='basic',
|
||||
responses={
|
||||
200: ('OK', token_model),
|
||||
401: 'Unauthorized'
|
||||
})
|
||||
@ns.expect(login_model)
|
||||
def post(self):
|
||||
"""Login to retrieve authentication token."""
|
||||
|
||||
data = self.api.payload
|
||||
email = request.authorization['username']
|
||||
password = request.authorization['password']
|
||||
|
||||
user = User.query().filter(
|
||||
User.email == data['email']
|
||||
User.email == email
|
||||
).one_or_none()
|
||||
|
||||
if not user or not user.verify_password(data['password']):
|
||||
if not user or not user.verify_password(password):
|
||||
ns.abort(401, error_message="Bad user or password.")
|
||||
|
||||
token = user.generate_auth_token()
|
||||
|
Loading…
Reference in New Issue
Block a user