[FIX] auth response

api/resources/jwt_resource.py

@@ -68,12 +68,14 @@ class JWTResource(Resource):
          # Check content type
         if request.content_type != 'application/json':
             return self.create_response(request, {
+                'auth': False,
                 'error': 'request is not json'
             })
 
         # Check body
         if not request.body:
             return self.create_response(request, {
+                'auth': 'False',
                 'error': 'request body is empty'
             })
 
@@ -82,13 +84,16 @@ class JWTResource(Resource):
         # Check required parameters
         if 'token' not in body:
             return self.create_response(request, {
+                'auth': False,
                 'error': 'token not provided in request'
             })
 
+        print(body['token'])
+
         nice_token = jwt_token.check_token(body['token'])
 
         bundle = self.build_bundle(obj={
-            'status': nice_token
+            'auth': bool(nice_token)
         }, request=request)
 
         return self.create_response(request, bundle.obj)

api/utils/jwt_authentication.py

@@ -10,10 +10,9 @@ class JWTAuthentication(Authentication):
     '''
     '''
     def is_authenticated(self, request, **kwargs):
-
-        # Check content type
-        if request.content_type != 'application/json':
-            return False
+        # # Check content type
+        # if request.content_type != 'application/json':
+        #     return False
 
         # Check authorization header
         if settings.JWT_ACCEPT_HEADER not in request.META:
@@ -26,12 +25,12 @@ class JWTAuthentication(Authentication):
             return False
 
         return check_token(authorization_header[4:])
-
     '''
     '''
     def get_identifier(self, request):
         # Check content type
         if request.content_type != 'application/json':
+
             return False
 
         # Check authorization header

api/utils/jwt_token.py

@@ -31,6 +31,11 @@ def create_token(username, password):
 '''
 '''
 def explode_token(token):
+    # Normalize token
+    if token.startswith(settings.JWT_PREFIX_HEADER):
+        prefix_length = len(settings.JWT_PREFIX_HEADER) 
+        token = token[prefix_length + 1:]
+
     # Check if exists jwt key
     if not settings.JWT_SECRET_KEY:
         return None
@@ -40,6 +45,7 @@ def explode_token(token):
     try:
         payload = jwt.decode(token, settings.JWT_SECRET_KEY, algorithm='HS256')
     except DecodeError:
+        print('error')
         return False
 
     # Check payload parameters

odoo_control/settings.py

@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals
 from decouple import config, Csv
+from corsheaders.defaults import default_headers
 import os
 
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -75,6 +76,11 @@ TASTYPIE_DEFAULT_FORMATS = ['json', 'xml']
 SECRET_KEY = config('SECRET_KEY')
 ALLOWED_HOSTS = config('ALLOWED_HOSTS', cast=Csv())
 CORS_ORIGIN_ALLOW_ALL = True
+# CORS_ALLOW_HEADERS = default_headers + (
+#     'withCredentials',
+#     'credentials'
+# )
+CORS_ALLOW_CREDENTIALS = True
 DEBUG = config('DEBUG', default=False, cast=bool)
 JWT_ACCEPT_HEADER = config('JWT_ACCEPT_HEADER')
 JWT_PREFIX_HEADER = config('JWT_PREFIX_HEADER')