|
|
@@ -33,12 +33,12 @@ class Auth(http.Controller):
|
|
|
user = request.env['res.users'].sudo().search([('login', '=', args['username']), ('active', '=', True)])
|
|
|
|
|
|
if not user:
|
|
|
- self.make_warn_log('invalid user received')
|
|
|
- return self.make_response({'error': 'invalid user'}, 400) # bad request
|
|
|
+ self.make_warn_log('Invalid user received')
|
|
|
+ return self.make_response({'error': 'Invalid user'}, 400) # bad request
|
|
|
|
|
|
if not self.get_crypt_context().verify(args['password'], user.password_crypt):
|
|
|
self.make_warn_log('invalid password received')
|
|
|
- return self.make_response({'error': 'invalid password'}, 400) # bad request
|
|
|
+ return self.make_response({'error': 'Invalid password'}, 400) # bad request
|
|
|
|
|
|
payload = {
|
|
|
'uid': user.id,
|
|
|
@@ -49,7 +49,7 @@ class Auth(http.Controller):
|
|
|
|
|
|
user.write({'jwt_token': encoded})
|
|
|
|
|
|
- self.make_info_log('to send token')
|
|
|
+ self.make_info_log('To send token')
|
|
|
return self.make_response({'token': encoded})
|
|
|
except Exception, e:
|
|
|
self.make_error_log('Fields required to generate token')
|
|
|
@@ -101,7 +101,7 @@ class Auth(http.Controller):
|
|
|
# Make log for infos
|
|
|
# --------------------------------------------------------------------------
|
|
|
def make_info_log(self, log):
|
|
|
- LOGGER.error(log)
|
|
|
+ LOGGER.info(log)
|
|
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
# Make log for errors
|
|
|
@@ -125,26 +125,26 @@ class ApiManager(http.Controller):
|
|
|
type = 'http',
|
|
|
auth = 'none',
|
|
|
cors = '*')
|
|
|
- def restify(self, resource, uid = None):
|
|
|
+ def restify(self, **args):
|
|
|
if not self.valid_token():
|
|
|
return self.make_response({'error': 'unauthorized resource'}, 401) # access denied
|
|
|
|
|
|
- if not self.resource_exists(resource):
|
|
|
+ if not self.resource_exists(args['resource']):
|
|
|
return self.make_response({'error': 'resource not available'}, 404) # not found
|
|
|
|
|
|
http_verb = request.httprequest.method
|
|
|
|
|
|
if http_verb == 'GET':
|
|
|
- return self.http_get(resource, uid)
|
|
|
+ return self.http_get(args)
|
|
|
|
|
|
if http_verb == 'POST':
|
|
|
- return json.dumps({'verb': 'POST'}, sort_keys = True)
|
|
|
+ return self.http_post(args)
|
|
|
|
|
|
if http_verb == 'PUT' or http_verb == 'PATCH':
|
|
|
return json.dumps({'verb': 'PUT OR PATCH'})
|
|
|
|
|
|
if http_verb == 'DELETE':
|
|
|
- return self.http_delete(resource, uid)
|
|
|
+ return self.http_delete(args)
|
|
|
|
|
|
self.make_warn_log('Request method not allowed')
|
|
|
return self.make_response({'error': 'method not allowed'}, 405) # method not allowed
|
|
|
@@ -152,7 +152,13 @@ class ApiManager(http.Controller):
|
|
|
# --------------------------------------------------------------------------
|
|
|
# Manage GET request
|
|
|
# --------------------------------------------------------------------------
|
|
|
- def http_get(self, resource, uid):
|
|
|
+ def http_get(self, data):
|
|
|
+ if len(data) > 2:
|
|
|
+ return self.make_response({'error': 'cannot be process request'}, 400) # bad request
|
|
|
+
|
|
|
+ resource = data['resource']
|
|
|
+ uid = data['uid']
|
|
|
+
|
|
|
model, filters = self.resource_inflater(resource)
|
|
|
data = []
|
|
|
|
|
|
@@ -167,10 +173,43 @@ class ApiManager(http.Controller):
|
|
|
self.make_info_log('To send data response')
|
|
|
return self.make_response(data);
|
|
|
|
|
|
+ # --------------------------------------------------------------------------
|
|
|
+ # Manage POST request
|
|
|
+ # --------------------------------------------------------------------------
|
|
|
+ def http_post(self, data):
|
|
|
+ if len(data) <= 1 or 'uid' in data:
|
|
|
+ return self.make_response({'error': 'cannot be process request'}, 400) # bad request
|
|
|
+
|
|
|
+ model, filters = self.resource_inflater(data['resource'])
|
|
|
+ data = self.digest_data(data)
|
|
|
+
|
|
|
+ try:
|
|
|
+ result = request.env[model].sudo().create(data)
|
|
|
+
|
|
|
+ return self.make_response(result.id)
|
|
|
+ except Exception, e:
|
|
|
+ return self.make_response(e)
|
|
|
+
|
|
|
+ # --------------------------------------------------------------------------
|
|
|
+ # Digest data for POST request
|
|
|
+ # --------------------------------------------------------------------------
|
|
|
+ def digest_data(self, data):
|
|
|
+ data = dict(data)
|
|
|
+ del data['resource']
|
|
|
+
|
|
|
+ return data
|
|
|
+
|
|
|
# --------------------------------------------------------------------------
|
|
|
# Manage DELETE request
|
|
|
# --------------------------------------------------------------------------
|
|
|
- def http_delete(self, resource, uid):
|
|
|
+ def http_delete(self, data):
|
|
|
+ if len(data) > 2:
|
|
|
+ return self.make_response({'error': 'cannot be process request'}, 400) # bad request
|
|
|
+
|
|
|
+
|
|
|
+ resource = data['resource']
|
|
|
+ uid = data['uid']
|
|
|
+
|
|
|
if uid == None:
|
|
|
return self.make_response({'error': 'uid not provided'})
|
|
|
|
|
|
@@ -181,7 +220,7 @@ class ApiManager(http.Controller):
|
|
|
return self.make_response({'error': 'cannot be deleted'})
|
|
|
|
|
|
self.make_info_log('To delete object')
|
|
|
- return self.make_response({'response': result.unlink()})
|
|
|
+ return self.make_response({'response': result.sudo().unlink()})
|
|
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
# Make JSON response
|
|
|
@@ -232,7 +271,7 @@ class ApiManager(http.Controller):
|
|
|
if not user:
|
|
|
return False
|
|
|
|
|
|
- decoded = jwt.decode(jwt_token, JWT_SECRET_KEY, algorithms = ['HS256'])
|
|
|
+ decoded = self.decode_token(jwt_token)
|
|
|
|
|
|
if not self.get_crypt_context().verify(decoded['password'], user.password_crypt):
|
|
|
return False
|
|
|
@@ -243,6 +282,12 @@ class ApiManager(http.Controller):
|
|
|
self.make_error_log('Token is not valid')
|
|
|
return False
|
|
|
|
|
|
+ # --------------------------------------------------------------------------
|
|
|
+ # Decode provide JWT token
|
|
|
+ # --------------------------------------------------------------------------
|
|
|
+ def decode_token(self, jwt_token):
|
|
|
+ return jwt.decode(jwt_token, JWT_SECRET_KEY, algorithms = ['HS256'])
|
|
|
+
|
|
|
# --------------------------------------------------------------------------
|
|
|
# Manage GET request
|
|
|
# --------------------------------------------------------------------------
|
|
|
@@ -276,7 +321,7 @@ class ApiManager(http.Controller):
|
|
|
# Make log for infos
|
|
|
# --------------------------------------------------------------------------
|
|
|
def make_info_log(self, log):
|
|
|
- LOGGER.error(log)
|
|
|
+ LOGGER.info(log)
|
|
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
# Make log for errors
|
robert2206