diff options
Diffstat (limited to 'indoteknik_api/controllers/api_v1/user.py')
| -rw-r--r-- | indoteknik_api/controllers/api_v1/user.py | 28 |
1 files changed, 8 insertions, 20 deletions
diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 800f6bf1..1f1f2413 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -21,10 +21,8 @@ class User(controller.Controller): return data @http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False) + @controller.Controller.must_authorized() def login(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - email = kw.get('email') password = kw.get('password') if not email or not password: @@ -52,10 +50,8 @@ class User(controller.Controller): }) @http.route(prefix + 'user/register', auth='public', methods=['POST'], csrf=False) + @controller.Controller.must_authorized() def register(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - name = kw.get('name') email = kw.get('email') password = kw.get('password') @@ -89,7 +85,7 @@ class User(controller.Controller): match_ratio = 0 if match_company: match_ratio = SequenceMatcher(None, match_company.name, company).ratio() - if match_ratio > 0.7: + if match_ratio > 0.8: request.env['user.company.request'].create({ 'user_id': user.partner_id.id, 'user_company_id': match_company.id, @@ -104,10 +100,8 @@ class User(controller.Controller): return self.response({'register': True}) @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False) + @controller.Controller.must_authorized() def request_activation_user(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - email = kw.get('email') user = self.get_user_by_email(email) if not user: @@ -117,7 +111,7 @@ class User(controller.Controller): return self.response({'activation_request': False, 'reason': 'ACTIVE'}) token_source = string.ascii_letters + string.digits - user.activation_token = ''.join(random.choice(token_source) for i in range(20)) + user.activation_token = ''.join(random.choice(token_source) for i in range(21)) return self.response({ 'activation_request': True, 'token': user.activation_token, @@ -125,10 +119,8 @@ class User(controller.Controller): }) @http.route(prefix + 'user/<id>', auth='public', methods=['PUT', 'OPTIONS'], csrf=False) + @controller.Controller.must_authorized() def update_user(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - id = kw.get('id') user = request.env['res.users'].search([('id', '=', id)], limit=1) @@ -146,10 +138,8 @@ class User(controller.Controller): }) @http.route(prefix + 'user/<id>/address', auth='public', methods=['GET', 'OPTIONS']) + @controller.Controller.must_authorized() def get_user_address_by_id(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - id = kw.get('id') user = request.env['res.users'].search([('id', '=', id)], limit=1) @@ -163,10 +153,8 @@ class User(controller.Controller): return self.response(address) @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) + @controller.Controller.must_authorized() def activation_user(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - token = kw.get('token') if not token: return self.response(code=400, description='token is required') |