From de59dc3bb0676ae68b90b332ea9fc2cb6a33a086 Mon Sep 17 00:00:00 2001 From: Alexis Lahouze Date: Thu, 18 May 2017 10:29:36 +0200 Subject: [PATCH] Use basic HTTP authentication for user Login. --- accountant/views/__init__.py | 3 +++ accountant/views/users.py | 21 +++++---------------- 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/accountant/views/__init__.py b/accountant/views/__init__.py index 07ca4cf..c3b9b6e 100644 --- a/accountant/views/__init__.py +++ b/accountant/views/__init__.py @@ -30,6 +30,9 @@ authorizations = { 'in': 'header', 'name': 'Authorization', }, + 'basic': { + 'type': 'basic', + } } # pylint: disable=invalid-name diff --git a/accountant/views/users.py b/accountant/views/users.py index 7514b86..1bd80ea 100644 --- a/accountant/views/users.py +++ b/accountant/views/users.py @@ -102,18 +102,6 @@ user_model = ns.model('User', { description='Active state of the user') }) -# Login model. -login_model = ns.model('Login', { - 'email': fields.String( - required=True, - description='Email to use for login' - ), - 'password': fields.String( - required=True, - description='Plain text password to use for login' - ) -}) - @ns.route('/login') class LoginResource(Resource): @@ -121,21 +109,22 @@ class LoginResource(Resource): @ns.marshal_with(token_model) @ns.doc( + security='basic', responses={ 200: ('OK', token_model), 401: 'Unauthorized' }) - @ns.expect(login_model) def post(self): """Login to retrieve authentication token.""" - data = self.api.payload + email = request.authorization['username'] + password = request.authorization['password'] user = User.query().filter( - User.email == data['email'] + User.email == email ).one_or_none() - if not user or not user.verify_password(data['password']): + if not user or not user.verify_password(password): ns.abort(401, error_message="Bad user or password.") token = user.generate_auth_token()