aboutsummaryrefslogtreecommitdiff
path: root/src/web/views/api
diff options
context:
space:
mode:
authorCédric Bonhomme <cedric@cedricbonhomme.org>2016-04-20 08:52:05 +0200
committerCédric Bonhomme <cedric@cedricbonhomme.org>2016-04-20 08:52:05 +0200
commit4e6d79bc209927a21737fa24045a33ed21084003 (patch)
treedbb0d9edc92bcfbfb67f4b775fa80611b6160052 /src/web/views/api
parentAdded preprocessor for GET_MANY. (diff)
downloadnewspipe-4e6d79bc209927a21737fa24045a33ed21084003.tar.gz
newspipe-4e6d79bc209927a21737fa24045a33ed21084003.tar.bz2
newspipe-4e6d79bc209927a21737fa24045a33ed21084003.zip
Authenticate the user via the request.
Diffstat (limited to 'src/web/views/api')
-rw-r--r--src/web/views/api/v3/common.py18
1 files changed, 17 insertions, 1 deletions
diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py
index 84e1f104..1d546b64 100644
--- a/src/web/views/api/v3/common.py
+++ b/src/web/views/api/v3/common.py
@@ -1,6 +1,9 @@
+from flask import request
from flask.ext.login import current_user
from flask.ext.restless import ProcessingException
-from web.controllers import ArticleController
+from werkzeug.exceptions import NotFound
+from web.controllers import ArticleController, UserController
+from web.views.common import login_user_bundle
url_prefix = '/api/v3'
@@ -10,6 +13,19 @@ def is_authorized_to_modify(user, obj):
return user.id == obj.user_id
def auth_func(*args, **kw):
+ if request.authorization:
+ ucontr = UserController()
+ try:
+ user = ucontr.get(nickname=request.authorization.username)
+ except NotFound:
+ raise ProcessingException("Couldn't authenticate your user",
+ code=401)
+ if not ucontr.check_password(user, request.authorization.password):
+ raise ProcessingException("Couldn't authenticate your user",
+ code=401)
+ if not user.is_active:
+ raise ProcessingException("User is desactivated", code=401)
+ login_user_bundle(user)
if not current_user.is_authenticated:
raise ProcessingException(description='Not authenticated!', code=401)
bgstack15