Use basic HTTP authentication for user Login.

This commit is contained in:
Alexis Lahouze 2017-05-18 10:29:36 +02:00
parent d013e4cda8
commit de59dc3bb0
2 changed files with 8 additions and 16 deletions

View File

@ -30,6 +30,9 @@ authorizations = {
'in': 'header',
'name': 'Authorization',
},
'basic': {
'type': 'basic',
}
}
# pylint: disable=invalid-name

View File

@ -102,18 +102,6 @@ user_model = ns.model('User', {
description='Active state of the user')
})
# Login model.
login_model = ns.model('Login', {
'email': fields.String(
required=True,
description='Email to use for login'
),
'password': fields.String(
required=True,
description='Plain text password to use for login'
)
})
@ns.route('/login')
class LoginResource(Resource):
@ -121,21 +109,22 @@ class LoginResource(Resource):
@ns.marshal_with(token_model)
@ns.doc(
security='basic',
responses={
200: ('OK', token_model),
401: 'Unauthorized'
})
@ns.expect(login_model)
def post(self):
"""Login to retrieve authentication token."""
data = self.api.payload
email = request.authorization['username']
password = request.authorization['password']
user = User.query().filter(
User.email == data['email']
User.email == email
).one_or_none()
if not user or not user.verify_password(data['password']):
if not user or not user.verify_password(password):
ns.abort(401, error_message="Bad user or password.")
token = user.generate_auth_token()