Merge branch '6-fix-auth-for-admin' into 'master'

Extremely basic auth for admin Closes #6 See merge request !4

Merge branch '6-fix-auth-for-admin' into 'master'
Extremely basic auth for admin Closes #6 See merge request !4
0935ed4b · okhin · 868d8f6e · 6618750c · 0935ed4b · 0935ed4b
Commit 0935ed4b authored Apr 19, 2017 by okhin 🚴
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 7 deletions

.gitlab-ci.yml .gitlab-ci.yml +1 -1

piphone.py piphone.py +16 -6

No files found.
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,7 +3,7 @@ before_script:
 job install:
  variables:
    BASE_PATH: /srv/piphone/sip-backend/
-    VIRTUALENV: $/srv/piphone/sip-backend/.sip-backend_env
+    VIRTUALENV: /srv/piphone/sip-backend/.sip-backend_env
  script:
    - rsync -ruC ./ ${BASE_PATH}
    - source ${VIRTUALENV}/bin/activate

--- a/piphone.py
+++ b/piphone.py
@@ -463,19 +463,29 @@ def static_files(filepath):
    """
    return static_file(filepath, root='./views')

+def login_admin(user, password):
+    user = db.execute('SELECT api, token, admin FROM users where api = ?', user).fetchone()
+    if user is None:
+        # user does not exist
+        return False
+    if password != user[1]:
+        # password does not match
+        return False
+    if user[2] == 0:
+        # User is not admin
+        return False
+    return True
+
+
 @app.get('/admin')
-@authenticated
+@auth_basic(login_admin)
 def little_admin(db):
    # We need to check if we're admin
-    admin = db.execute('SELECT admin FROM users WHERE api = ?', (request.params['api'],));
-    admin = admin.fetchone()
-    if admin[0] != 1:
-        abort(403, "You need to have an admin access")
    users = db.execute('SELECT api, token, admin FROM users').fetchall()
    return template('index', users=users, token=request.params['token'])

 @app.post('/admin')
-@authenticated
+@auth_basic(login_admin)
 def medium_admin(db):
    api = request.forms.get('api')
    token = request.forms.get('api_token')