Base of authentication.

This commit is contained in:
Alexis Lahouze 2015-06-05 18:15:50 +02:00
parent e6b61f97e0
commit f646831891
7 changed files with 64 additions and 6 deletions

0
__init__.py Normal file
View File

View File

@ -1,4 +1,7 @@
import pkgutil import pkgutil
from flask.ext.httpauth import HTTPBasicAuth
auth = HTTPBasicAuth()
__all__ = [] __all__ = []

View File

@ -14,6 +14,7 @@
You should have received a copy of the GNU Affero General Public License You should have received a copy of the GNU Affero General Public License
along with Accountant. If not, see <http://www.gnu.org/licenses/>. along with Accountant. If not, see <http://www.gnu.org/licenses/>.
""" """
from . import auth
from .. import api from .. import api
from ..model import db, session_scope from ..model import db, session_scope
from ..model.accounts import Account from ..model.accounts import Account
@ -21,8 +22,10 @@ from ..model.entries import Entry
from ..model.operations import Operation from ..model.operations import Operation
from flask import json, request from flask import json, request
from sqlalchemy import func, case, cast, extract, distinct from sqlalchemy import func, case, cast, extract, distinct
from forms.accounts import AccountIdForm, AccountForm
@api.route("/accounts", methods=["GET"]) @api.route("/accounts", methods=["GET"])
@auth.login_required
def get_accounts(): def get_accounts():
""" """
Returns accounts with their solds. Returns accounts with their solds.
@ -47,6 +50,7 @@ def get_accounts():
} for i in query.all()]) } for i in query.all()])
@api.route("/accounts/<account_id>/<year>/<month>/") @api.route("/accounts/<account_id>/<year>/<month>/")
@auth.login_required
def get_account_status(account_id, year, month): def get_account_status(account_id, year, month):
with session_scope() as session: with session_scope() as session:
query = session.query( query = session.query(
@ -76,6 +80,7 @@ def get_account_status(account_id, year, month):
}) })
@api.route("/accounts/<account_id>/months") @api.route("/accounts/<account_id>/months")
@auth.login_required
def get_months(account_id): def get_months(account_id):
with session_scope() as session: with session_scope() as session:
query = session.query( query = session.query(
@ -89,6 +94,7 @@ def get_months(account_id):
} for i in query.all()]) } for i in query.all()])
@api.route("/accounts", methods=["PUT"]) @api.route("/accounts", methods=["PUT"])
@auth.login_required
def add_account(): def add_account():
with session_scope() as session: with session_scope() as session:
account = Account(request.json['name'], request.json['authorized_overdraft']) account = Account(request.json['name'], request.json['authorized_overdraft'])
@ -99,18 +105,25 @@ def add_account():
@api.route("/accounts/<account_id>", methods=["PUT"]) @api.route("/accounts/<account_id>", methods=["PUT"])
@auth.login_required
def update_account(account_id): def update_account(account_id):
with session_scope() as session: account_form = AccountForm()
account = session.query(Account).filter(Account.id == account_id).first()
account.name = request.json['name'] if account_form.validate():
account.authorized_overdraft = request.json['authorized_overdraft'] with session_scope() as session:
account = session.query(Account).filter(Account.id == account_id).first()
session.merge(account) account.name = request.json['name']
account.authorized_overdraft = request.json['authorized_overdraft']
return json.dumps("Account #%s updated." % account_id) session.merge(account)
return json.dumps("Account #%s updated." % account_id)
else:
return json.dumps({'ok': False, 'error_type': 'validation', 'errors': account_form.errors})
@api.route("/accounts/<account_id>", methods=["DELETE"]) @api.route("/accounts/<account_id>", methods=["DELETE"])
@auth.login_required
def delete_account(account_id): def delete_account(account_id):
with session_scope() as session: with session_scope() as session:
account = session.query(Account).filter(Account.id == account_id).first() account = session.query(Account).filter(Account.id == account_id).first()

29
api/controller/users.py Normal file
View File

@ -0,0 +1,29 @@
"""
This file is part of Accountant.
Accountant is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Accountant is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with Accountant. If not, see <http://www.gnu.org/licenses/>.
"""
from . import auth
from .. import api
from ..model import db, session_scope
@auth.verify_password
def verify_password(username, password):
if username == 'titi' and password == 'toto':
return True
# Update principal identity
return False

4
app.py
View File

@ -16,6 +16,7 @@
""" """
from api import api from api import api
#from api.controller import login_manager
from api.model import db from api.model import db
from flask import Flask from flask import Flask
from flask.ext.sqlalchemy import SQLAlchemy from flask.ext.sqlalchemy import SQLAlchemy
@ -28,8 +29,11 @@ app = Flask(__name__, static_folder = None)
app.config['SQLALCHEMY_DATABASE_URI'] = config.db_uri app.config['SQLALCHEMY_DATABASE_URI'] = config.db_uri
app.config['SQLALCHEMY_RECORD_QUERIES'] = config.debug app.config['SQLALCHEMY_RECORD_QUERIES'] = config.debug
app.config['WTF_CSRF_ENABLED'] = False
app.config['SECRET_KEY'] = 'my_secret_key'
db.init_app(app) db.init_app(app)
#login_manager.init_app(app)
app.register_blueprint(frontend, url_prefix='') app.register_blueprint(frontend, url_prefix='')
app.register_blueprint(api, url_prefix='/api') app.register_blueprint(api, url_prefix='/api')

0
forms/__init__.py Normal file
View File

9
forms/accounts.py Normal file
View File

@ -0,0 +1,9 @@
from flask_wtf import Form
from wtforms import DecimalField, IntegerField, StringField
class AccountIdForm(Form):
id = IntegerField()
class AccountForm(AccountIdForm):
name = StringField()
authorized_overdraft = DecimalField()