summaryrefslogtreecommitdiff
path: root/indoteknik_api/controllers/controller.py
diff options
context:
space:
mode:
Diffstat (limited to 'indoteknik_api/controllers/controller.py')
-rw-r--r--indoteknik_api/controllers/controller.py12
1 files changed, 8 insertions, 4 deletions
diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index 6cc26cbc..a08d9fa4 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -30,10 +30,13 @@ class Controller(http.Controller):
except:
authorization = None
token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or ''
+ result = False
if authorization == token:
request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378')
- return True
- return False
+ result = True
+ if self.verify_user_token():
+ result = True
+ return result
def get_request_params(self, kw, queries):
result = {
@@ -115,11 +118,12 @@ class Controller(http.Controller):
def create_user_token(self, user):
return jwt.encode({'id': user.id}, self.jwt_secret_key)
- def verify_user_token(self, user_id):
+ def verify_user_token(self):
try:
token = request.httprequest.environ['HTTP_TOKEN']
user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256'])
- if int(user_id) != user_token['id']:
+ user = request.env['res.users'].search([('id', '=', user_token['id'])])
+ if not user:
return False
return True
except:
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-18 04:54:14 +0000