Add way to prevent user login via API, per custom logic

2020-02-10 15:43:10 -06:00 · 2020-02-10 15:43:10 -06:00 · a6f80e07e0
parent 5faced8d22
commit a6f80e07e0
1 changed files with 17 additions and 0 deletions
--- a/tailbone/api/auth.py
+++ b/tailbone/api/auth.py
@ -83,16 +83,33 @@ class AuthenticationView(APIView):
        if not (username and password):
            return {'error': "Invalid username or password"}

+        # make sure credentials are valid
        user = self.authenticate_user(username, password)
        if not user:
            return {'error': "Invalid username or password"}

+        # is there some reason this user should not login?
+        error = self.why_cant_user_login(user)
+        if error:
+            return {'error': error}
+
        login_user(self.request, user)
        return self.user_info(user)

    def authenticate_user(self, username, password):
        return authenticate_user(Session(), username, password)

+    def why_cant_user_login(self, user):
+        """
+        This method is given a ``User`` instance, which represents someone who
+        is just now trying to login, and has already cleared the basic hurdle
+        of providing the correct credentials for a user on file.  This method
+        is responsible then, for further verification that this user *should*
+        in fact be allowed to login to this app node.  If the method determines
+        a reason the user should *not* be allowed to login, then it should
+        return that reason as a simple string.
+        """
+
    @api
    def logout(self):
        """