From 6fe453ed5da6cfda56f4af454dbedc00b97f0f9e Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Fri, 13 Jan 2023 11:40:44 +0700
Subject: simplify authentication

---
 indoteknik_api/controllers/controller.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'indoteknik_api/controllers/controller.py')

diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index 6cc26cbc..a08d9fa4 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -30,10 +30,13 @@ class Controller(http.Controller):
             except:
                 authorization = None
             token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or ''
+            result = False
             if authorization == token:
                 request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378')
-                return True
-            return False
+                result = True
+            if self.verify_user_token():
+                result = True
+            return result
     
     def get_request_params(self, kw, queries):
         result = {
@@ -115,11 +118,12 @@ class Controller(http.Controller):
     def create_user_token(self, user):
         return jwt.encode({'id': user.id}, self.jwt_secret_key)
     
-    def verify_user_token(self, user_id):
+    def verify_user_token(self):
         try:
             token = request.httprequest.environ['HTTP_TOKEN']
             user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256'])
-            if int(user_id) != user_token['id']:
+            user = request.env['res.users'].search([('id', '=', user_token['id'])])
+            if not user:
                 return False
             return True
         except:
-- 
cgit v1.2.3