gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [taler-bank] branch master updated: implementing auth type


From: gnunet
Subject: [GNUnet-SVN] [taler-bank] branch master updated: implementing auth type basic
Date: Wed, 03 May 2017 21:21:45 +0200

This is an automated email from the git hooks/post-receive script.

marcello pushed a commit to branch master
in repository bank.

The following commit(s) were added to refs/heads/master by this push:
     new 382ffb2  implementing auth type basic
382ffb2 is described below

commit 382ffb2d48e0ee3322d326242d916e10a6d0f7b0
Author: Marcello Stanisci <address@hidden>
AuthorDate: Wed May 3 21:21:28 2017 +0200

    implementing auth type basic
---
 talerbank/app/schemas.py     | 25 +++++++++++++++++++++----
 talerbank/app/tests.py       |  7 +++++--
 talerbank/app/tests_admin.py |  7 +++++--
 talerbank/app/views.py       | 38 ++++++++++++++++++++++++++++++--------
 4 files changed, 61 insertions(+), 16 deletions(-)

diff --git a/talerbank/app/schemas.py b/talerbank/app/schemas.py
index 2e252e0..a116a21 100644
--- a/talerbank/app/schemas.py
+++ b/talerbank/app/schemas.py
@@ -22,6 +22,14 @@ definitions of JSON schemas for validating data
 import validictory
 from django.core.exceptions import ValidationError
 
+auth_basic_schema = {
+    "type": "object",
+    "properties": {
+        "username": {"type": "string"},
+        "password": {"type": "string"}
+    }
+}
+
 wiredetails_schema = {
     "type": "object",
     "properties": {
@@ -37,11 +45,18 @@ wiredetails_schema = {
     }
 }
 
+auth_schema = {
+    "type": "object",
+    "properties": {
+        "type": {"type": "string"},
+        "data": {"type": "object"}
+    }
+}
+
 history_schema = {
     "type": "object",
     "properties" : {
-        "username": {"type": "string"},
-        "password": {"type": "string"},
+        "auth": auth_schema,
         "start": {"type": "integer", "required": False},
         "delta": {"type": "integer", "required": False}
     }
@@ -63,8 +78,7 @@ incoming_request_schema = {
         "wtid": {"type": "string"},
         "exchange_url": {"type": "string"},
         "credit_account": {"type": "integer"},
-        "username": {"type": "string"},
-        "password": {"type": "string"}
+        "auth": auth_schema
     }
 }
 
@@ -79,3 +93,6 @@ def validate_wiredetails(wiredetails):
 
 def validate_incoming_request(incoming_request):
     validictory.validate(incoming_request, incoming_request_schema)
+
+def validate_auth_basic(auth_basic):
+    validictory.validate(auth_basic, auth_basic_schema)
diff --git a/talerbank/app/tests.py b/talerbank/app/tests.py
index 6170025..f72aac4 100644
--- a/talerbank/app/tests.py
+++ b/talerbank/app/tests.py
@@ -102,8 +102,11 @@ class HistoryTestCase(TestCase):
     def test_history(self):
         c = Client()
         response = c.post(reverse("history", urlconf=urls),
-                          data= '{"username": "User", \
-                                  "password": "Passoword", \
+                          data= '{"auth": \
+                                   {"type": "basic", \
+                                    "data": \
+                                      {"username": "User", \
+                                       "password": "Passoword"}}, \
                                   "start": 4, \
                                   "delta": 4}',
                           content_type="application/json")
diff --git a/talerbank/app/tests_admin.py b/talerbank/app/tests_admin.py
index 91b6938..71d30a7 100644
--- a/talerbank/app/tests_admin.py
+++ b/talerbank/app/tests_admin.py
@@ -47,8 +47,11 @@ class AddIncomingTestCase(TestCase):
 
     def test_add_incoming(self):
         c = Client()
-        data = '{"username": "bank_user", \
-                 "password": "bank_password", \
+        data = '{"auth": \
+                  {"type": "basic", \
+                   "data": \
+                     {"username": "bank_user", \
+                      "password": "bank_password"}}, \
                  "credit_account": 2, \
                  "wtid": "TESTWTID", \
                  "exchange_url": "https://exchange.test";, \
diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index 4c12ca2..d839a11 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -337,9 +337,9 @@ def history(request):
     try: schemas.validate_history(data)
     except ValueError:
         return HttpResponseBadRequest()
-    user_account = django.contrib.auth.authenticate(username=data["username"],
-                                                    password=data["password"])
-    if user_account is None:
+    user_account = auth_and_login(data["auth"])
+
+    if not user_account:
         return JsonResponse({"outcome": "fail",
                              "hint": "authentication failed"},
                              status=401)
@@ -371,6 +371,25 @@ def history(request):
     return HttpResponse(200)
 
 
+def auth_and_login(auth_obj):
+    """Return user instance after checking authentication
+       credentials, False if errors occur"""
+    if "basic" != auth_obj["type"]:
+        return JsonResponse({"outcome": "fail",
+                             "hint": "auth method not supported"},
+                            status=405)
+    try:
+        schemas.validate_auth_basic(auth_obj["data"])
+    except ValueError:
+        logger.error("'basic' auth data malfomed")
+        return False
+
+    return 
django.contrib.auth.authenticate(username=auth_obj["data"]["username"],
+                                            
password=auth_obj["data"]["password"])
+
+
+
+
 @csrf_exempt
 @require_POST
 def add_incoming(request):
@@ -389,8 +408,14 @@ def add_incoming(request):
     except ValueError:
         logger.error("Bad data POSTed")
         return HttpResponseBadRequest()
-    user_account = django.contrib.auth.authenticate(username=data["username"],
-                                                    password=data["password"])
+
+    user_account = auth_and_login(data["auth"])
+
+    if not user_account:
+        return JsonResponse({"outcome": "fail",
+                             "hint": "authentication failed"},
+                             status=401)
+
     if user_account is None:
         return JsonResponse({"outcome": "fail",
                              "hint": "authentication failed"},
@@ -409,9 +434,6 @@ def add_incoming(request):
         return JsonResponse({"outcome": "fail",
                              "hint": "debit count has reached its debt limit"},
                              status=403)
-    
-
-
     return JsonResponse({"outcome": "ok"}, status=200)
 
 

-- 
To stop receiving notification emails like this one, please contact
address@hidden



reply via email to

[Prev in Thread] Current Thread [Next in Thread]