Use basic HTTP authentication for user Login.

accountant/views/__init__.py

@@ -30,6 +30,9 @@ authorizations = {
         'in': 'header',
         'name': 'Authorization',
     },
+    'basic': {
+        'type': 'basic',
+    }
 }
 
 # pylint: disable=invalid-name

accountant/views/users.py

@@ -102,18 +102,6 @@ user_model = ns.model('User', {
         description='Active state of the user')
 })
 
-# Login model.
-login_model = ns.model('Login', {
-    'email': fields.String(
-        required=True,
-        description='Email to use for login'
-    ),
-    'password': fields.String(
-        required=True,
-        description='Plain text password to use for login'
-    )
-})
-
 
 @ns.route('/login')
 class LoginResource(Resource):
@@ -121,21 +109,22 @@ class LoginResource(Resource):
 
     @ns.marshal_with(token_model)
     @ns.doc(
+        security='basic',
         responses={
             200: ('OK', token_model),
             401: 'Unauthorized'
         })
-    @ns.expect(login_model)
     def post(self):
         """Login to retrieve authentication token."""
 
-        data = self.api.payload
+        email = request.authorization['username']
+        password = request.authorization['password']
 
         user = User.query().filter(
-            User.email == data['email']
+            User.email == email
         ).one_or_none()
 
-        if not user or not user.verify_password(data['password']):
+        if not user or not user.verify_password(password):
             ns.abort(401, error_message="Bad user or password.")
 
         token = user.generate_auth_token()