diff options
| author | Brice Maron <brice@bmaron.net> | 2019-08-26 23:48:26 +0200 |
|---|---|---|
| committer | Alexis Metaireau <alexis@notmyidea.org> | 2019-09-30 23:55:28 +0200 |
| commit | ad6c6a4abb14df83b1a5ae72be9849f23bcb91b3 (patch) | |
| tree | e4c7972890735567dff61d2de6ae10806812ab90 /ihatemoney | |
| parent | 82d94a749097d8ae4348fed043a806ec7970bc70 (diff) | |
| download | ihatemoney-mirror-ad6c6a4abb14df83b1a5ae72be9849f23bcb91b3.zip ihatemoney-mirror-ad6c6a4abb14df83b1a5ae72be9849f23bcb91b3.tar.gz ihatemoney-mirror-ad6c6a4abb14df83b1a5ae72be9849f23bcb91b3.tar.bz2 | |
api: add bearer token support
Diffstat (limited to 'ihatemoney')
| -rw-r--r-- | ihatemoney/api.py | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ihatemoney/api.py b/ihatemoney/api.py index c9c5376..e55e9ed 100644 --- a/ihatemoney/api.py +++ b/ihatemoney/api.py @@ -26,12 +26,27 @@ def need_auth(f): auth = request.authorization project_id = kwargs.get("project_id") + # Use Basic Auth if auth and project_id and auth.username == project_id: project = Project.query.get(auth.username) if project and check_password_hash(project.password, auth.password): # The whole project object will be passed instead of project_id kwargs.pop("project_id") return f(*args, project=project, **kwargs) + else: + # Use Bearer token Auth + auth_header = request.headers.get('Authorization', '') + auth_token = '' + try: + auth_token = auth_header.split(" ")[1] + except IndexError: + abort(401) + project_id = Project.verify_token(auth_token, token_type='non_timed_token') + if auth_token and project_id: + project = Project.query.get(project_id) + if project: + kwargs.pop("project_id") + return f(*args, project=project, **kwargs) abort(401) return wrapper |