Use basic HTTP authentication for user Login.

This commit is contained in:
Alexis Lahouze 2017-05-18 10:29:36 +02:00
parent d013e4cda8
commit de59dc3bb0
2 changed files with 8 additions and 16 deletions

View File

@ -30,6 +30,9 @@ authorizations = {
'in': 'header', 'in': 'header',
'name': 'Authorization', 'name': 'Authorization',
}, },
'basic': {
'type': 'basic',
}
} }
# pylint: disable=invalid-name # pylint: disable=invalid-name

View File

@ -102,18 +102,6 @@ user_model = ns.model('User', {
description='Active state of the user') description='Active state of the user')
}) })
# Login model.
login_model = ns.model('Login', {
'email': fields.String(
required=True,
description='Email to use for login'
),
'password': fields.String(
required=True,
description='Plain text password to use for login'
)
})
@ns.route('/login') @ns.route('/login')
class LoginResource(Resource): class LoginResource(Resource):
@ -121,21 +109,22 @@ class LoginResource(Resource):
@ns.marshal_with(token_model) @ns.marshal_with(token_model)
@ns.doc( @ns.doc(
security='basic',
responses={ responses={
200: ('OK', token_model), 200: ('OK', token_model),
401: 'Unauthorized' 401: 'Unauthorized'
}) })
@ns.expect(login_model)
def post(self): def post(self):
"""Login to retrieve authentication token.""" """Login to retrieve authentication token."""
data = self.api.payload email = request.authorization['username']
password = request.authorization['password']
user = User.query().filter( user = User.query().filter(
User.email == data['email'] User.email == email
).one_or_none() ).one_or_none()
if not user or not user.verify_password(data['password']): if not user or not user.verify_password(password):
ns.abort(401, error_message="Bad user or password.") ns.abort(401, error_message="Bad user or password.")
token = user.generate_auth_token() token = user.generate_auth_token()