Merge branch '6-fix-auth-for-admin' into 'master'

Extremely basic auth for admin

Closes #6

See merge request !4

.gitlab-ci.yml

@@ -3,7 +3,7 @@ before_script:
 job install:
   variables:
     BASE_PATH: /srv/piphone/sip-backend/
-    VIRTUALENV: $/srv/piphone/sip-backend/.sip-backend_env
+    VIRTUALENV: /srv/piphone/sip-backend/.sip-backend_env
   script:
     - rsync -ruC ./ ${BASE_PATH}
     - source ${VIRTUALENV}/bin/activate

piphone.py

@@ -463,19 +463,29 @@ def static_files(filepath):
     """
     return static_file(filepath, root='./views')
 
+def login_admin(user, password):
+    user = db.execute('SELECT api, token, admin FROM users where api = ?', user).fetchone()
+    if user is None:
+        # user does not exist
+        return False
+    if password != user[1]:
+        # password does not match
+        return False
+    if user[2] == 0:
+        # User is not admin
+        return False
+    return True
+
+
 @app.get('/admin')
-@authenticated
+@auth_basic(login_admin)
 def little_admin(db):
     # We need to check if we're admin
-    admin = db.execute('SELECT admin FROM users WHERE api = ?', (request.params['api'],));
-    admin = admin.fetchone()
-    if admin[0] != 1:
-        abort(403, "You need to have an admin access")
     users = db.execute('SELECT api, token, admin FROM users').fetchall()
     return template('index', users=users, token=request.params['token'])
 
 @app.post('/admin')
-@authenticated
+@auth_basic(login_admin)
 def medium_admin(db):
     api = request.forms.get('api')
     token = request.forms.get('api_token')