Optimize auth method

1 files changed, 7 insertions, 19 deletions

diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py
index 0c7f8153..1f1f2413 100644
--- a/indoteknik_api/controllers/api_v1/user.py
+++ b/indoteknik_api/controllers/api_v1/user.py
@@ -21,10 +21,8 @@ class User(controller.Controller):
         return data
     
     @http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False)
+    @controller.Controller.must_authorized()
     def login(self, **kw):
-        if not self.authenticate():
-            return self.response(code=401, description='Unauthorized')
-        
         email = kw.get('email')
         password = kw.get('password')
         if not email or not password:
@@ -52,10 +50,8 @@ class User(controller.Controller):
             })
     
     @http.route(prefix + 'user/register', auth='public', methods=['POST'], csrf=False)
+    @controller.Controller.must_authorized()
     def register(self, **kw):
-        if not self.authenticate():
-            return self.response(code=401, description='Unauthorized')
-        
         name = kw.get('name')
         email = kw.get('email')
         password = kw.get('password')
@@ -104,10 +100,8 @@ class User(controller.Controller):
         return self.response({'register': True})
     
     @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False)
+    @controller.Controller.must_authorized()
     def request_activation_user(self, **kw):
-        if not self.authenticate():
-            return self.response(code=401, description='Unauthorized')
-        
         email = kw.get('email')
         user = self.get_user_by_email(email)
         if not user:
@@ -117,7 +111,7 @@ class User(controller.Controller):
             return self.response({'activation_request': False, 'reason': 'ACTIVE'})
         
         token_source = string.ascii_letters + string.digits
-        user.activation_token = ''.join(random.choice(token_source) for i in range(20))
+        user.activation_token = ''.join(random.choice(token_source) for i in range(21))
         return self.response({
             'activation_request': True,
             'token': user.activation_token,
@@ -125,10 +119,8 @@ class User(controller.Controller):
         })
     
     @http.route(prefix + 'user/<id>', auth='public', methods=['PUT', 'OPTIONS'], csrf=False)
+    @controller.Controller.must_authorized()
     def update_user(self, **kw):
-        if not self.authenticate():
-            return self.response(code=401, description='Unauthorized')
-        
         id = kw.get('id')
         
         user = request.env['res.users'].search([('id', '=', id)], limit=1)
@@ -146,10 +138,8 @@ class User(controller.Controller):
         })
     
     @http.route(prefix + 'user/<id>/address', auth='public', methods=['GET', 'OPTIONS'])
+    @controller.Controller.must_authorized()
     def get_user_address_by_id(self, **kw):
-        if not self.authenticate(): 
-            return self.response(code=401, description='Unauthorized')
-        
         id = kw.get('id')
         
         user = request.env['res.users'].search([('id', '=', id)], limit=1)
@@ -163,10 +153,8 @@ class User(controller.Controller):
         return self.response(address)
     
     @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False)
+    @controller.Controller.must_authorized()
     def activation_user(self, **kw):
-        if not self.authenticate():
-            return self.response(code=401, description='Unauthorized')
-        
         token = kw.get('token')
         if not token:
             return self.response(code=400, description='token is required')