diff options
| author | Rafi Zadanly <zadanlyr@gmail.com> | 2023-01-13 11:40:44 +0700 |
|---|---|---|
| committer | Rafi Zadanly <zadanlyr@gmail.com> | 2023-01-13 11:40:44 +0700 |
| commit | 6fe453ed5da6cfda56f4af454dbedc00b97f0f9e (patch) | |
| tree | 7d088c21df7a7ac74d896259aefa94d940920294 | |
| parent | 7460334ff51a0bb1d049730f3c3577bf262db59e (diff) | |
simplify authentication
| -rw-r--r-- | indoteknik_api/controllers/api_v1/partner.py | 4 | ||||
| -rw-r--r-- | indoteknik_api/controllers/api_v1/sale_order.py | 6 | ||||
| -rw-r--r-- | indoteknik_api/controllers/api_v1/user.py | 12 | ||||
| -rw-r--r-- | indoteknik_api/controllers/controller.py | 12 | ||||
| -rw-r--r-- | indoteknik_api/models/res_users.py | 1 | ||||
| -rwxr-xr-x | indoteknik_custom/__manifest__.py | 1 |
6 files changed, 13 insertions, 23 deletions
diff --git a/indoteknik_api/controllers/api_v1/partner.py b/indoteknik_api/controllers/api_v1/partner.py index 2d7d04e8..043a82b8 100644 --- a/indoteknik_api/controllers/api_v1/partner.py +++ b/indoteknik_api/controllers/api_v1/partner.py @@ -25,10 +25,6 @@ class Partner(controller.Controller): 'zip': ['required'], }) - is_verified = self.verify_user_token(validate_request['query']['user_id']) - if not is_verified: - return self.response(code=401, description='Unauthorized') - if not validate_request['valid']: return self.response(code=400, description=validate_request) diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index 5604a86c..a8c5bacc 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -10,12 +10,6 @@ class SaleOrder(controller.Controller): def create_sale_order(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') - - user_id = kw.get('user_id') - - is_verify = self.verify_user_token(user_id) - if not is_verify: - return self.response(code=401, description='Unauthorized') product_pricelist_default_discount_id = request.env['ir.config_parameter'].get_param('product.pricelist.default_discount_id') product_pricelist_default_discount_id = int(product_pricelist_default_discount_id) diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index d71c30ea..ae04e0ff 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -109,11 +109,7 @@ class User(controller.Controller): user = request.env['res.users'].search([('id', '=', id)], limit=1) if not user: - return self.response(code=400, description='User not found') - - is_verify = self.verify_user_token(id) - if not is_verify: - return self.response(code=401, description='Unauthorized') + return self.response(code=404, description='User not found') allowed_field = ['name', 'phone', 'mobile', 'password'] for field in allowed_field: @@ -131,15 +127,13 @@ class User(controller.Controller): return self.response(code=401, description='Unauthorized') id = kw.get('id') - is_verify = self.verify_user_token(id) - if not is_verify: - return self.response(code=401, description='Unauthorized') user = request.env['res.users'].search([('id', '=', id)], limit=1) if not user: return self.response(code=404, description='User not found') - partners = [user.partner_id] + [x for x in user.child_ids] + partner_ids = [user.partner_id.id] + [x.id for x in user.child_ids] + partners = request.env['res.partner'].search([('id', 'in', partner_ids)], order='create_date DESC') address = [request.env['res.users'].api_address_response(x) for x in partners] return self.response(address) diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py index 6cc26cbc..a08d9fa4 100644 --- a/indoteknik_api/controllers/controller.py +++ b/indoteknik_api/controllers/controller.py @@ -30,10 +30,13 @@ class Controller(http.Controller): except: authorization = None token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or '' + result = False if authorization == token: request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378') - return True - return False + result = True + if self.verify_user_token(): + result = True + return result def get_request_params(self, kw, queries): result = { @@ -115,11 +118,12 @@ class Controller(http.Controller): def create_user_token(self, user): return jwt.encode({'id': user.id}, self.jwt_secret_key) - def verify_user_token(self, user_id): + def verify_user_token(self): try: token = request.httprequest.environ['HTTP_TOKEN'] user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256']) - if int(user_id) != user_token['id']: + user = request.env['res.users'].search([('id', '=', user_token['id'])]) + if not user: return False return True except: diff --git a/indoteknik_api/models/res_users.py b/indoteknik_api/models/res_users.py index 8eddc85e..e5b4bed6 100644 --- a/indoteknik_api/models/res_users.py +++ b/indoteknik_api/models/res_users.py @@ -20,6 +20,7 @@ class ResUsers(models.Model): def api_address_response(self, user): data = { 'id': user.id, + 'type': user.type, 'name': user.name, 'mobile': user.mobile, 'street': user.street, diff --git a/indoteknik_custom/__manifest__.py b/indoteknik_custom/__manifest__.py index 92fa895c..908e74df 100755 --- a/indoteknik_custom/__manifest__.py +++ b/indoteknik_custom/__manifest__.py @@ -15,6 +15,7 @@ 'views/coupon_program.xml', 'views/delivery_order.xml', 'views/product_pricelist.xml', + 'views/res_partner.xml', 'views/product_pricelist_item.xml', 'views/product_public_category.xml', 'views/product_template.xml', |