rattail/tailbone
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add way to prevent user login via API, per custom logic

Browse source
This commit is contained in:
Lance Edgar 2020-02-10 15:43:10 -06:00
parent 5faced8d22
commit a6f80e07e0
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
tailbone/api/auth.py
View file

@ -83,16 +83,33 @@ class AuthenticationView(APIView):
if not (username and password): if not (username and password):
return {'error': "Invalid username or password"} return {'error': "Invalid username or password"}
# make sure credentials are valid
user = self.authenticate_user(username, password) user = self.authenticate_user(username, password)
if not user: if not user:
return {'error': "Invalid username or password"} return {'error': "Invalid username or password"}
# is there some reason this user should not login?
error = self.why_cant_user_login(user)
if error:
return {'error': error}
login_user(self.request, user) login_user(self.request, user)
return self.user_info(user) return self.user_info(user)
def authenticate_user(self, username, password): def authenticate_user(self, username, password):
return authenticate_user(Session(), username, password) return authenticate_user(Session(), username, password)
def why_cant_user_login(self, user):
"""
This method is given a ``User`` instance, which represents someone who
is just now trying to login, and has already cleared the basic hurdle
of providing the correct credentials for a user on file. This method
is responsible then, for further verification that this user *should*
in fact be allowed to login to this app node. If the method determines
a reason the user should *not* be allowed to login, then it should
return that reason as a simple string.
"""
@api @api
def logout(self): def logout(self):
""" """