[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-bank] branch master updated: moving auth credentials
From: |
gnunet |
Subject: |
[GNUnet-SVN] [taler-bank] branch master updated: moving auth credentials in the HTTP headers |
Date: |
Fri, 05 May 2017 15:39:34 +0200 |
This is an automated email from the git hooks/post-receive script.
marcello pushed a commit to branch master
in repository bank.
The following commit(s) were added to refs/heads/master by this push:
new 867bf7e moving auth credentials in the HTTP headers
867bf7e is described below
commit 867bf7eb66d5614b6fab0cdee6705f07dad3750f
Author: Marcello Stanisci <address@hidden>
AuthorDate: Fri May 5 15:39:20 2017 +0200
moving auth credentials in the HTTP headers
---
talerbank/app/schemas.py | 10 +---------
talerbank/app/tests.py | 11 ++++-------
talerbank/app/tests_admin.py | 8 ++------
talerbank/app/views.py | 26 +++++++++++++-------------
4 files changed, 20 insertions(+), 35 deletions(-)
diff --git a/talerbank/app/schemas.py b/talerbank/app/schemas.py
index dc016a1..0d821ef 100644
--- a/talerbank/app/schemas.py
+++ b/talerbank/app/schemas.py
@@ -22,14 +22,6 @@ definitions of JSON schemas for validating data
import validictory
from django.core.exceptions import ValidationError
-auth_basic_schema = {
- "type": "object",
- "properties": {
- "username": {"type": "string"},
- "password": {"type": "string"}
- }
-}
-
wiredetails_schema = {
"type": "object",
"properties": {
@@ -49,7 +41,7 @@ auth_schema = {
"type": "object",
"properties": {
"type": {"type": "string"},
- "data": {"type": "object"}
+ "data": {"type": "object", "required": False}
}
}
diff --git a/talerbank/app/tests.py b/talerbank/app/tests.py
index 4090d6a..7783e3c 100644
--- a/talerbank/app/tests.py
+++ b/talerbank/app/tests.py
@@ -91,7 +91,7 @@ class AmountTestCase(TestCase):
class HistoryTestCase(TestCase):
def setUp(self):
- user = User.objects.create_user(username='User', password="Passoword")
+ user = User.objects.create_user(username='User', password="Password")
uba = BankAccount(user=user, currency=settings.TALER_CURRENCY)
uba.account_no = 1
uba.save()
@@ -102,15 +102,12 @@ class HistoryTestCase(TestCase):
def test_history(self):
c = Client()
response = c.post(reverse("history", urlconf=urls),
- data='{"auth": \
- {"type": "basic", \
- "data": \
- {"username": "User", \
- "password": "Passoword"}}, \
+ data='{"auth": {"type": "basic"}, \
"start": 4, \
"delta": 4, \
"direction": "whatever"}',
- content_type="application/json")
+ content_type="application/json",
+ **{"X-Taler-Bank-Username": "User",
"X-Taler-Bank-Password": "Password"})
# Because of the 'whatever' direction given
self.assertEqual(400, response.status_code)
diff --git a/talerbank/app/tests_admin.py b/talerbank/app/tests_admin.py
index 71d30a7..9db35e3 100644
--- a/talerbank/app/tests_admin.py
+++ b/talerbank/app/tests_admin.py
@@ -47,11 +47,7 @@ class AddIncomingTestCase(TestCase):
def test_add_incoming(self):
c = Client()
- data = '{"auth": \
- {"type": "basic", \
- "data": \
- {"username": "bank_user", \
- "password": "bank_password"}}, \
+ data = '{"auth": {"type": "basic"}, \
"credit_account": 2, \
"wtid": "TESTWTID", \
"exchange_url": "https://exchange.test", \
@@ -63,5 +59,5 @@ class AddIncomingTestCase(TestCase):
response = c.post(reverse("add-incoming", urlconf=urlsadmin),
data=data,
content_type="application/json",
- follow=True)
+ follow=True, **{"X-Taler-Bank-Username":
"user_user", "X-Taler-Bank-Password": "user_password"})
self.assertEqual(200, response.status_code)
diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index 47c9128..591eead 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -335,7 +335,7 @@ def history(request):
try: schemas.validate_history(data)
except ValueError:
return HttpResponseBadRequest()
- user_account = auth_and_login(data["auth"])
+ user_account = auth_and_login(request)
if not user_account:
return JsonResponse(dict(error="authentication failed"),
@@ -382,20 +382,23 @@ def history(request):
return JsonResponse(dict(error="Unknown 'direction' indication"),
status=400)
-def auth_and_login(auth_obj):
+def auth_and_login(request):
"""Return user instance after checking authentication
credentials, False if errors occur"""
- if "basic" != auth_obj["type"]:
+
+ data = json.loads(request.body.decode("utf-8"))
+ if "basic" != data["auth"]["type"]:
return JsonResponse(dict(error="auth method not supported"),
status=405)
- try:
- schemas.validate_auth_basic(auth_obj["data"])
- except ValueError:
- logger.error("'basic' auth data malfomed")
+
+ username = request.META["X-Taler-Bank-Username"]
+ password = request.META["X-Taler-Bank-Password"]
+
+ if not username or not password:
return False
- return
django.contrib.auth.authenticate(username=auth_obj["data"]["username"],
-
password=auth_obj["data"]["password"])
+ return django.contrib.auth.authenticate(username=username,
+ password=password)
@@ -419,15 +422,12 @@ def add_incoming(request):
logger.error("Bad data POSTed")
return HttpResponseBadRequest()
- user_account = auth_and_login(data["auth"])
+ user_account = auth_and_login(request)
if not user_account:
return JsonResponse(dict(error="authentication failed"),
status=401)
- if user_account is None:
- return JsonResponse(dict(error="authentication failed"),
- status=401)
logger.info("Submitting wire transfer: '%s'", subject)
try:
credit_account = BankAccount.objects.get(user=data["credit_account"])
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-bank] branch master updated: moving auth credentials in the HTTP headers,
gnunet <=