Use basic HTTP authentication for user Login.

2017-05-18 10:29:36 +02:00 · 2017-05-18 10:29:36 +02:00 · de59dc3bb0
parent d013e4cda8
commit de59dc3bb0
2 changed files with 8 additions and 16 deletions
--- a/accountant/views/init.py
+++ b/accountant/views/init.py
@ -30,6 +30,9 @@ authorizations = {
        'in': 'header',
        'name': 'Authorization',
    },
+    'basic': {
+        'type': 'basic',
+    }
 }

 # pylint: disable=invalid-name
--- a/accountant/views/users.py
+++ b/accountant/views/users.py
@ -102,18 +102,6 @@ user_model = ns.model('User', {
        description='Active state of the user')
 })

-# Login model.
-login_model = ns.model('Login', {
-    'email': fields.String(
-        required=True,
-        description='Email to use for login'
-    ),
-    'password': fields.String(
-        required=True,
-        description='Plain text password to use for login'
-    )
-})
-

@ns.route('/login')
 class LoginResource(Resource):
@ -121,21 +109,22 @@ class LoginResource(Resource):

    @ns.marshal_with(token_model)
    @ns.doc(
+        security='basic',
        responses={
            200: ('OK', token_model),
            401: 'Unauthorized'
        })
-    @ns.expect(login_model)
    def post(self):
        """Login to retrieve authentication token."""

-        data = self.api.payload
+        email = request.authorization['username']
+        password = request.authorization['password']

        user = User.query().filter(
-            User.email == data['email']
+            User.email == email
        ).one_or_none()

-        if not user or not user.verify_password(data['password']):
+        if not user or not user.verify_password(password):
            ns.abort(401, error_message="Bad user or password.")

        token = user.generate_auth_token()