From b9b234039273f45567ff03c049c9dcbaa4d4349b Mon Sep 17 00:00:00 2001
From: Cédric Bonhomme <cedric@cedricbonhomme.org>
Date: Wed, 18 Jun 2014 17:23:08 +0200
Subject: Authentication based on the session (when the user is already logged
 on the site) or authentication via HTTP only (with request.authorization).

---
 pyaggr3g470r/rest.py | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'pyaggr3g470r/rest.py')

diff --git a/pyaggr3g470r/rest.py b/pyaggr3g470r/rest.py
index 3e92b596..6efa9881 100644
--- a/pyaggr3g470r/rest.py
+++ b/pyaggr3g470r/rest.py
@@ -26,13 +26,13 @@ __revision__ = "$Date: 2014/06/18 $"
 __copyright__ = "Copyright (c) Cedric Bonhomme"
 __license__ = "AGPLv3"
 
+from functools import wraps
 from flask import g, Response, request, session, jsonify
 from flask.ext.restful import Resource, reqparse
 
 from pyaggr3g470r import api
 from pyaggr3g470r.models import User, Article
 
-from functools import wraps
 def authenticate(func):
     """
     Decorator for the authentication to the web services.
@@ -42,9 +42,21 @@ def authenticate(func):
         if not getattr(func, 'authenticated', True):
             return func(*args, **kwargs)
 
-        if 'email' in session:
+        # authentication based on the session (already logged on the site)
+        if 'email' in session or g.user.is_authenticated():
             return func(*args, **kwargs)
 
+        # authentication via HTTP only
+        auth = request.authorization
+        try:
+            email = auth.username
+            user = User.query.filter(User.email == email).first()
+            if user and user.check_password(auth.password):
+                g.user = user
+                return func(*args, **kwargs)
+        except AttributeError:
+            pass
+
         return Response('<Authentication required>', 401,
                         {'WWWAuthenticate':'Basic realm="Login Required"'})
     return wrapper
-- 
cgit