encabezado de respuesta 401 agregado

controllers/http_handler.py

@@ -2,11 +2,11 @@
 from openerp import http
 from openerp.http import request
 from passlib.context import CryptContext
+from werkzeug.wrappers import Response
 
 import os
 import jwt
 import json
-from werkzeug.wrappers import Response
 
 RESOURCES_MAP = None
 JWT_SECRET_KEY = '@MjSk$2016?'
@@ -31,10 +31,10 @@ class Auth(http.Controller):
             user = request.env['res.users'].sudo().search([('login', '=', args['username']), ('active', '=', True)])
 
             if not user:
-                return self.make_response({'error': 'invalid user'}) # bad request
+                return self.make_response({'error': 'invalid user'}, 400) # bad request
 
             if not self.get_crypt_context().verify(args['password'], user.password_crypt):
-                return self.make_response({'error': 'invalid password'}, status = 400) # bad request
+                return self.make_response({'error': 'invalid password'}, 400) # bad request
 
             payload = {
                 'uid': user.id,
@@ -47,7 +47,7 @@ class Auth(http.Controller):
 
             return self.make_response({'token': encoded})
         except Exception, e:
-            return self.make_response({'error': 'fields required'}, status = 400) # bad request
+            return self.make_response({'error': 'fields required'}, 400) # bad request
 
     # --------------------------------------------------------------------------
     # Check JWT token auth
@@ -58,16 +58,16 @@ class Auth(http.Controller):
             user = request.env['res.users'].sudo().search([('jwt_token', '=', args['token'])])
 
             if not user:
-                return self.make_response({'error' : 'invalid token'}, status = 400) # bad request
+                return self.make_response({'error' : 'invalid token'}, 400) # bad request
 
             decoded = jwt.decode(args['token'], JWT_SECRET_KEY, algorithms = ['HS256'])
 
             if not self.get_crypt_context().verify(decoded['password'], user.password_crypt):
-                return self.make_response({'error' : 'invalid token'}, status = 400) # bad request
+                return self.make_response({'error' : 'invalid token'}, 400) # bad request
 
             return self.make_response({'token': 'valid'})
         except Exception, e:
-            return self.make_response({'error': 'token required'}, status = 400) # bad request
+            return self.make_response({'error': 'token required'}, 400) # bad request
 
     # --------------------------------------------------------------------------
     # Get context for encryption
@@ -79,8 +79,7 @@ class Auth(http.Controller):
     # Make JSON response
     # --------------------------------------------------------------------------
     def make_response(self, data, status = 200):
-        return Response(json.dumps(data), status = status, mimetype = 'application/json')
-
+        return Response(json.dumps(data), status = status, content_type = 'application/json')
 
 '''
     Class for manage rest api interaction
@@ -99,10 +98,10 @@ class ApiManager(http.Controller):
                 cors = '*')
     def restify(self, resource, uid = None):
         if not self.valid_token():
-            return self.make_response({'error': 'denied resource'}, status = 403) # access denied
+            return self.make_response({'error': 'unauthorized resource'}, 401) # access denied
 
         if not self.resource_exists(resource):
-            return self.make_response({'error': 'resource not available'}, status = 404) # not found
+            return self.make_response({'error': 'resource not available'}, 404) # not found
 
         http_verb = request.httprequest.method
 
@@ -118,7 +117,7 @@ class ApiManager(http.Controller):
         if http_verb == 'DELETE':
             return self.http_delete(resource, uid)
 
-        return self.make_response({'error': 'method not allowed'}, status = 405) # method not allowed
+        return self.make_response({'error': 'method not allowed'}, 405) # method not allowed
 
     # --------------------------------------------------------------------------
     # Manage GET request
@@ -137,7 +136,6 @@ class ApiManager(http.Controller):
 
         return self.make_response(data);
 
-
     # --------------------------------------------------------------------------
     # Manage DELETE request
     # --------------------------------------------------------------------------
@@ -157,7 +155,12 @@ class ApiManager(http.Controller):
     # Make JSON response
     # --------------------------------------------------------------------------
     def make_response(self, data, status = 200):
-        return Response(json.dumps(data), status = status, mimetype = 'application/json')
+        headers = [('Content-Type', 'application/json')]
+
+        if status == 401:
+            headers.append(('WWW-Authenticate', 'JWT'))
+
+        return Response(json.dumps(data), status = status, headers = headers)
 
     # --------------------------------------------------------------------------
     # Check if resource is available
@@ -178,6 +181,8 @@ class ApiManager(http.Controller):
     # --------------------------------------------------------------------------
     def valid_token(self):
         try:
+            print request.httprequest.headers
+
             auth_header = request.httprequest.headers[JWT_HEADER]
 
             if not auth_header.startswith(JWT_HEADER_PREFIX):