|
|
@@ -6,7 +6,7 @@ from werkzeug.wrappers import Response
|
|
|
|
|
|
import os
|
|
|
import jwt
|
|
|
-import json
|
|
|
+import simplejson as json
|
|
|
import logging
|
|
|
|
|
|
RESOURCES_MAP = None
|
|
|
@@ -34,11 +34,11 @@ class Auth(http.Controller):
|
|
|
|
|
|
if not user:
|
|
|
self.make_warn_log('Invalid user received')
|
|
|
- return self.make_response({'error': 'Invalid user'}, 400) # bad request
|
|
|
+ return self.make_response({ 'error': 'Invalid user' }, 400) # bad request
|
|
|
|
|
|
if not self.get_crypt_context().verify(args['password'], user.password_crypt):
|
|
|
self.make_warn_log('invalid password received')
|
|
|
- return self.make_response({'error': 'Invalid password'}, 400) # bad request
|
|
|
+ return self.make_response({ 'error': 'Invalid password' }, 400) # bad request
|
|
|
|
|
|
payload = {
|
|
|
'uid': user.id,
|
|
|
@@ -47,13 +47,13 @@ class Auth(http.Controller):
|
|
|
|
|
|
encoded = jwt.encode(payload, JWT_SECRET_KEY, algorithm = 'HS256')
|
|
|
|
|
|
- user.write({'jwt_token': encoded})
|
|
|
+ user.write({ 'jwt_token': encoded })
|
|
|
|
|
|
self.make_info_log('To send token')
|
|
|
return self.make_response({'token': encoded})
|
|
|
except Exception, e:
|
|
|
self.make_error_log('Fields required to generate token')
|
|
|
- return self.make_response({'error': 'fields required'}, 400) # bad request
|
|
|
+ return self.make_response({ 'error': 'fields required' }, 400) # bad request
|
|
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
# Check JWT token auth
|
|
|
@@ -65,19 +65,19 @@ class Auth(http.Controller):
|
|
|
|
|
|
if not user:
|
|
|
self.make_warn_log('Invalid token received')
|
|
|
- return self.make_response({'error' : 'invalid token'}, 400) # bad request
|
|
|
+ return self.make_response({ 'error' : 'invalid token' }, 400) # bad request
|
|
|
|
|
|
decoded = jwt.decode(args['token'], JWT_SECRET_KEY, algorithms = ['HS256'])
|
|
|
|
|
|
if not self.get_crypt_context().verify(decoded['password'], user.password_crypt):
|
|
|
self.make_warn_log('Invalid token received')
|
|
|
- return self.make_response({'error' : 'invalid token'}, 400) # bad request
|
|
|
+ return self.make_response({ 'error' : 'invalid token' }, 400) # bad request
|
|
|
|
|
|
self.make_info_log('Token received is valid')
|
|
|
- return self.make_response({'token': 'valid'})
|
|
|
+ return self.make_response({ 'token': 'valid' })
|
|
|
except Exception, e:
|
|
|
self.make_error_log('Token not received')
|
|
|
- return self.make_response({'error': 'token required'}, 400) # bad request
|
|
|
+ return self.make_response({ 'error': 'token required' }, 400) # bad request
|
|
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
# Get context for encryption
|
|
|
@@ -126,11 +126,12 @@ class ApiManager(http.Controller):
|
|
|
auth = 'none',
|
|
|
cors = '*')
|
|
|
def restify(self, **args):
|
|
|
+ print args
|
|
|
if not self.valid_token():
|
|
|
- return self.make_response({'error': 'unauthorized resource'}, 401) # access denied
|
|
|
+ return self.make_response({ 'error': 'unauthorized resource' }, 401) # access denied
|
|
|
|
|
|
if not self.resource_exists(args['resource']):
|
|
|
- return self.make_response({'error': 'resource not available'}, 404) # not found
|
|
|
+ return self.make_response({ 'error': 'resource not available' }, 404) # not found
|
|
|
|
|
|
http_verb = request.httprequest.method
|
|
|
|
|
|
@@ -147,14 +148,14 @@ class ApiManager(http.Controller):
|
|
|
return self.http_delete(args)
|
|
|
|
|
|
self.make_warn_log('Request method not allowed')
|
|
|
- return self.make_response({'error': 'method not allowed'}, 405) # method not allowed
|
|
|
+ return self.make_response({ 'error': 'method not allowed' }, 405) # method not allowed
|
|
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
# Manage GET request
|
|
|
# --------------------------------------------------------------------------
|
|
|
def http_get(self, data):
|
|
|
if len(data) > 2:
|
|
|
- return self.make_response({'error': 'cannot be process request'}, 400) # bad request
|
|
|
+ return self.make_response({ 'error': 'cannot be process request' }, 400) # bad request
|
|
|
|
|
|
resource = data['resource']
|
|
|
model, filters = self.resource_inflater(resource)
|
|
|
@@ -176,7 +177,7 @@ class ApiManager(http.Controller):
|
|
|
# --------------------------------------------------------------------------
|
|
|
def http_post(self, data):
|
|
|
if len(data) <= 1 or 'uid' in data:
|
|
|
- return self.make_response({'error': 'cannot be process request'}, 400) # bad request
|
|
|
+ return self.make_response({ 'error': 'cannot be process request' }, 400) # bad request
|
|
|
|
|
|
model, filters = self.resource_inflater(data['resource'])
|
|
|
data = self.digest_data(data)
|
|
|
@@ -186,14 +187,14 @@ class ApiManager(http.Controller):
|
|
|
|
|
|
return self.make_response(result.id)
|
|
|
except Exception, e:
|
|
|
- return self.make_response({'response': False})
|
|
|
+ return self.make_response({' response': False })
|
|
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
# Manage PUT or PATCH request
|
|
|
# --------------------------------------------------------------------------
|
|
|
def http_put_or_patch(self, data):
|
|
|
if len(data) <= 2 or not 'uid' in data:
|
|
|
- return self.make_response({'error': 'cannot be process request'}, 400) # bad request
|
|
|
+ return self.make_response({ 'error': 'cannot be process request' }, 400) # bad request
|
|
|
|
|
|
uid = data['uid']
|
|
|
model, filters = self.resource_inflater(data['resource'])
|
|
|
@@ -203,12 +204,12 @@ class ApiManager(http.Controller):
|
|
|
result = request.env[model].sudo().browse(uid)
|
|
|
|
|
|
if not result.exists():
|
|
|
- return self.make_response({'error': 'cannot be updated'})
|
|
|
+ return self.make_response({ 'error': 'cannot be updated' })
|
|
|
|
|
|
self.make_info_log('To update object')
|
|
|
- return self.make_response({'response': result.sudo().write(data)})
|
|
|
+ return self.make_response({ 'response': result.sudo().write(data) })
|
|
|
except Exception, e:
|
|
|
- return self.make_response({'response': False})
|
|
|
+ return self.make_response({ 'response': False })
|
|
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
# Digest data for POST request
|
|
|
@@ -222,6 +223,15 @@ class ApiManager(http.Controller):
|
|
|
if 'uid' in data:
|
|
|
del data['uid']
|
|
|
|
|
|
+ if 'remote_id' in data:
|
|
|
+ del data['remote_id']
|
|
|
+
|
|
|
+ for key in data:
|
|
|
+ try:
|
|
|
+ data[key] = json.loads(data[key])
|
|
|
+ except Exception, e:
|
|
|
+ continue;
|
|
|
+
|
|
|
return data
|
|
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
@@ -229,7 +239,7 @@ class ApiManager(http.Controller):
|
|
|
# --------------------------------------------------------------------------
|
|
|
def http_delete(self, data):
|
|
|
if len(data) > 2 or not 'uid' in data:
|
|
|
- return self.make_response({'error': 'cannot be process request'}, 400) # bad request
|
|
|
+ return self.make_response({ 'error': 'cannot be process request' }, 400) # bad request
|
|
|
|
|
|
resource = data['resource']
|
|
|
uid = data['uid']
|
|
|
@@ -238,10 +248,10 @@ class ApiManager(http.Controller):
|
|
|
result = request.env[model].sudo().browse(uid)
|
|
|
|
|
|
if not result.exists():
|
|
|
- return self.make_response({'error': 'cannot be deleted'})
|
|
|
+ return self.make_response({ 'error': 'cannot be deleted' })
|
|
|
|
|
|
self.make_info_log('To delete object')
|
|
|
- return self.make_response({'response': result.sudo().unlink()})
|
|
|
+ return self.make_response({ 'response': result.sudo().unlink() })
|
|
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
# Make JSON response
|
|
|
@@ -298,6 +308,7 @@ class ApiManager(http.Controller):
|
|
|
return False
|
|
|
|
|
|
self.make_info_log('Token is valid')
|
|
|
+ request.context['lang'] = user.lang
|
|
|
return True
|
|
|
except Exception, e:
|
|
|
self.make_error_log('Token is not valid')
|
robert2206