Skip to content
Permalink
Browse files

Token based authentication (#5752)

* token based authentication

* authentication

Basic base64encode(api_key:api_secret)
token api_key:api_secret

* test added

Validation: only user with system manager can generate the keys

* codacy issues fixed

* token based authentication

* authentication

Basic base64encode(api_key:api_secret)
token api_key:api_secret

* test added

Validation: only user with system manager can generate the keys

* codacy issues fixed

* use frappe.safe_encode

* base64 encode use frappe.safe_encode

* set frappe.local.form_dict after setting user

* removed test

* removed unused imports

* test for python 3

* Update user.js

* [user.py] throw correct error

* Update user.py
  • Loading branch information...
shridarpatil authored and rmehta committed Jul 23, 2018
1 parent b6ba391 commit abd3333baea8567152bd2f2efb3050dae1746486
Showing with 2,170 additions and 1,911 deletions.
  1. +33 −0 frappe/api.py
  2. +14 −1 frappe/core/doctype/user/user.js
  3. +2,061 −1,910 frappe/core/doctype/user/user.json
  4. +21 −0 frappe/core/doctype/user/user.py
  5. +41 −0 frappe/tests/test_api.py
@@ -9,6 +9,8 @@
from frappe.utils.response import build_response
from frappe import _
from six.moves.urllib.parse import urlparse, urlencode
import base64


def handle():
"""
@@ -35,6 +37,7 @@ def handle():
"""

validate_oauth()
validate_auth_via_api_keys()

parts = frappe.request.path[1:].split("/",3)
call = doctype = name = None
@@ -149,3 +152,33 @@ def validate_oauth():
if valid:
frappe.set_user(frappe.db.get_value("OAuth Bearer Token", token, "user"))
frappe.local.form_dict = form_dict


def validate_auth_via_api_keys():
"""
authentication using api key and api secret
set user
"""
try:
authorization_header = frappe.get_request_header("Authorization", None).split(" ") if frappe.get_request_header("Authorization") else None
if authorization_header and authorization_header[0] == 'Basic':
token = frappe.safe_decode(base64.b64decode(authorization_header[1])).split(":")
validate_api_key_secret(token[0], token[1])
elif authorization_header and authorization_header[0] == 'token':
token = authorization_header[1].split(":")
validate_api_key_secret(token[0], token[1])
except Exception as e:
raise e

def validate_api_key_secret(api_key, api_secret):
user = frappe.db.get_value(
doctype="User",
filters={"api_key": api_key},
fieldname=['name']
)
form_dict = frappe.local.form_dict
user_secret = frappe.utils.password.get_decrypted_password ("User", user, fieldname='api_secret')
if api_secret == user_secret:
frappe.set_user(user)
frappe.local.form_dict = form_dict
@@ -189,6 +189,19 @@ frappe.ui.form.on('User', {
}
}
})
},
generate_keys: function(frm){
frappe.call({
method: 'frappe.core.doctype.user.user.generate_keys',
args: {
user: frm.doc.name
},
callback: function(r){
if(r.message){
frappe.msgprint(__("Save API Secret: ") + r.message.api_secret);
}
}
})
}
})

@@ -236,4 +249,4 @@ frappe.ModuleEditor = Class.extend({
}
});
}
})
})

0 comments on commit abd3333

Please sign in to comment.
You can’t perform that action at this time.