Start validating login in CNR

Fixes https://www.pivotaltracker.com/story/show/142342305
2017-03-23 15:07:46 -04:00 · 2017-03-23 15:07:46 -04:00 · c9a5ce6701
commit c9a5ce6701
parent 20306ef0f6
2 changed files with 42 additions and 7 deletions
--- a/endpoints/appr/registry.py
+++ b/endpoints/appr/registry.py
@ -11,6 +11,7 @@ from cnr.exception import (CnrException, InvalidUsage, InvalidParams, InvalidRel
                           PackageAlreadyExists, PackageNotFound, PackageReleaseNotFound)
 from flask import request, jsonify

+from app import authentication
 from auth.process import process_auth
 from auth.auth_context import get_authenticated_user
 from auth.permissions import CreateRepositoryPermission, ModifyRepositoryPermission
@ -50,13 +51,17 @@ def version():
@appr_bp.route("/api/v1/users/login", methods=['POST'])
@anon_allowed
 def login():
-  """
-    Todo:
-      * Implement better login protocol
-  """
-  values = request.get_json(force=True, silent=True)
-  return jsonify({'token': "basic " + b64encode("%s:%s" % (values['user']['username'],
-                                                           values['user']['password']))})
+  values = request.get_json(force=True, silent=True) or {}
+  username = values.get('user', {}).get('username')
+  password = values.get('user', {}).get('password')
+  if not username or not password:
+    raise InvalidUsage('Missing username or password')
+
+  user, err = authentication.verify_credentials(username, password)
+  if err is not None:
+    raise UnauthorizedAccess(err)
+
+  return jsonify({'token': "basic " + b64encode("%s:%s" % (user.username, password))})


 # @TODO: Redirect to S3 url