From 4e6d79bc209927a21737fa24045a33ed21084003 Mon Sep 17 00:00:00 2001
From: Cédric Bonhomme <cedric@cedricbonhomme.org>
Date: Wed, 20 Apr 2016 08:52:05 +0200
Subject: Authenticate the user via the request.

---
 src/web/views/api/v3/common.py | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'src/web/views/api/v3')

diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py
index 84e1f104..1d546b64 100644
--- a/src/web/views/api/v3/common.py
+++ b/src/web/views/api/v3/common.py
@@ -1,6 +1,9 @@
+from flask import request
 from flask.ext.login import current_user
 from flask.ext.restless import ProcessingException
-from web.controllers import ArticleController
+from werkzeug.exceptions import NotFound
+from web.controllers import ArticleController, UserController
+from web.views.common import login_user_bundle
 
 
 url_prefix = '/api/v3'
@@ -10,6 +13,19 @@ def is_authorized_to_modify(user, obj):
     return user.id == obj.user_id
 
 def auth_func(*args, **kw):
+    if request.authorization:
+        ucontr = UserController()
+        try:
+            user = ucontr.get(nickname=request.authorization.username)
+        except NotFound:
+            raise ProcessingException("Couldn't authenticate your user",
+                                        code=401)
+        if not ucontr.check_password(user, request.authorization.password):
+            raise ProcessingException("Couldn't authenticate your user",
+                                        code=401)
+        if not user.is_active:
+            raise ProcessingException("User is desactivated", code=401)
+        login_user_bundle(user)
     if not current_user.is_authenticated:
         raise ProcessingException(description='Not authenticated!', code=401)
 
-- 
cgit