Commit 0935ed4b authored by okhin's avatar okhin 🚴

Merge branch '6-fix-auth-for-admin' into 'master'

Extremely basic auth for admin

Closes #6

See merge request !4
parents 868d8f6e 6618750c
Pipeline #922 passed with stage
in 3 seconds
......@@ -3,7 +3,7 @@ before_script:
job install:
variables:
BASE_PATH: /srv/piphone/sip-backend/
VIRTUALENV: $/srv/piphone/sip-backend/.sip-backend_env
VIRTUALENV: /srv/piphone/sip-backend/.sip-backend_env
script:
- rsync -ruC ./ ${BASE_PATH}
- source ${VIRTUALENV}/bin/activate
......
......@@ -463,19 +463,29 @@ def static_files(filepath):
"""
return static_file(filepath, root='./views')
def login_admin(user, password):
user = db.execute('SELECT api, token, admin FROM users where api = ?', user).fetchone()
if user is None:
# user does not exist
return False
if password != user[1]:
# password does not match
return False
if user[2] == 0:
# User is not admin
return False
return True
@app.get('/admin')
@authenticated
@auth_basic(login_admin)
def little_admin(db):
# We need to check if we're admin
admin = db.execute('SELECT admin FROM users WHERE api = ?', (request.params['api'],));
admin = admin.fetchone()
if admin[0] != 1:
abort(403, "You need to have an admin access")
users = db.execute('SELECT api, token, admin FROM users').fetchall()
return template('index', users=users, token=request.params['token'])
@app.post('/admin')
@authenticated
@auth_basic(login_admin)
def medium_admin(db):
api = request.forms.get('api')
token = request.forms.get('api_token')
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment