aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCédric Bonhomme <cedric@cedricbonhomme.org>2014-06-18 17:23:08 +0200
committerCédric Bonhomme <cedric@cedricbonhomme.org>2014-06-18 17:23:08 +0200
commitb9b234039273f45567ff03c049c9dcbaa4d4349b (patch)
treecd2cf60054ce03ea019e4567ab69fce8e29ee243
parentTesting a REST API. (diff)
downloadnewspipe-b9b234039273f45567ff03c049c9dcbaa4d4349b.tar.gz
newspipe-b9b234039273f45567ff03c049c9dcbaa4d4349b.tar.bz2
newspipe-b9b234039273f45567ff03c049c9dcbaa4d4349b.zip
Authentication based on the session (when the user is already logged on the site) or authentication via HTTP only (with request.authorization).
-rw-r--r--pyaggr3g470r/rest.py16
1 files changed, 14 insertions, 2 deletions
diff --git a/pyaggr3g470r/rest.py b/pyaggr3g470r/rest.py
index 3e92b596..6efa9881 100644
--- a/pyaggr3g470r/rest.py
+++ b/pyaggr3g470r/rest.py
@@ -26,13 +26,13 @@ __revision__ = "$Date: 2014/06/18 $"
__copyright__ = "Copyright (c) Cedric Bonhomme"
__license__ = "AGPLv3"
+from functools import wraps
from flask import g, Response, request, session, jsonify
from flask.ext.restful import Resource, reqparse
from pyaggr3g470r import api
from pyaggr3g470r.models import User, Article
-from functools import wraps
def authenticate(func):
"""
Decorator for the authentication to the web services.
@@ -42,9 +42,21 @@ def authenticate(func):
if not getattr(func, 'authenticated', True):
return func(*args, **kwargs)
- if 'email' in session:
+ # authentication based on the session (already logged on the site)
+ if 'email' in session or g.user.is_authenticated():
return func(*args, **kwargs)
+ # authentication via HTTP only
+ auth = request.authorization
+ try:
+ email = auth.username
+ user = User.query.filter(User.email == email).first()
+ if user and user.check_password(auth.password):
+ g.user = user
+ return func(*args, **kwargs)
+ except AttributeError:
+ pass
+
return Response('<Authentication required>', 401,
{'WWWAuthenticate':'Basic realm="Login Required"'})
return wrapper
bgstack15