use other login validator thingie

4 files changed, 36 insertions, 12 deletions

diff --git a/animism-align/cli/app/controllers/auth_controller.py b/animism-align/cli/app/controllers/auth_controller.py
new file mode 100644
index 0000000..9ed0ac3
--- /dev/null
+++ b/animism-align/cli/app/controllers/auth_controller.py
@@ -0,0 +1,22 @@
+from flask import request, jsonify
+from flask_classful import FlaskView, route
+from flask_jwt_extended import create_access_token
+
+from app.settings import app_cfg
+from app.sql.common import db, Session
+from app.sql.models.user import User
+
+from app.utils.auth_utils import authenticate
+
+class AuthView(FlaskView):
+  @route('/login', methods=['POST'])
+  def login(self):
+    username = request.json.get('username', None)
+    password = request.json.get('password', None)
+
+    user = authenticate(username, password)
+
+    response = {
+      'token': create_access_token(identity=user.toJSON())
+    }
+    return jsonify(response), 200
diff --git a/animism-align/cli/app/controllers/crud_controller.py b/animism-align/cli/app/controllers/crud_controller.py
index 4fcb77d..78bff2d 100644
--- a/animism-align/cli/app/controllers/crud_controller.py
+++ b/animism-align/cli/app/controllers/crud_controller.py
@@ -1,7 +1,7 @@
 from flask import request, jsonify
 from flask_classful import FlaskView, route
 from werkzeug.datastructures import MultiDict
-from flask_jwt import jwt_required
+from flask_jwt_extended import jwt_required
 
 from app.sql.common import db, Session
 from app.server.helpers import parse_search_args, parse_sort_args
@@ -114,10 +114,10 @@ class CrudView(FlaskView):
     item = session.query(self.model).get(id)
     if item:
       raw_form = MultiDict(request.json) if request.json is not None else request.form
-      form = self.form(raw_form, obj=item)
-      # print(item.toJSON())
+      form = self.form(obj=item)
+      print(item.toJSON())
+      form.populate_obj(item)
       if form.validate():
-        form.populate_obj(item)
         self.on_update(session, raw_form, item)
         session.add(item)
         session.commit()
@@ -126,6 +126,7 @@ class CrudView(FlaskView):
           'res': item.toJSON(),
         }
       else:
+        print(form.errors)
         res = {
           'status': 'error',
           'error': form.errors,
diff --git a/animism-align/cli/app/controllers/upload_controller.py b/animism-align/cli/app/controllers/upload_controller.py
index f363b0d..a81312d 100644
--- a/animism-align/cli/app/controllers/upload_controller.py
+++ b/animism-align/cli/app/controllers/upload_controller.py
@@ -1,6 +1,6 @@
 from flask import request, jsonify
 from flask_classful import FlaskView, route
-from flask_jwt import jwt_required
+from flask_jwt_extended import jwt_required
 from werkzeug.datastructures import MultiDict
 from werkzeug.utils import secure_filename
 import os
diff --git a/animism-align/cli/app/controllers/user_controller.py b/animism-align/cli/app/controllers/user_controller.py
index 54b39ab..26aa656 100644
--- a/animism-align/cli/app/controllers/user_controller.py
+++ b/animism-align/cli/app/controllers/user_controller.py
@@ -7,14 +7,15 @@ from app.sql.models.user import User, UserForm
 from app.controllers.crud_controller import CrudView
 from app.utils.auth_utils import encrypt_password
 
-from flask_jwt import current_identity
+from flask_jwt_extended import get_jwt_identity
 
 class UserView(CrudView):
   model = User
   form = UserForm
 
   def on_create(self, session, form, item):
-    if not current_identity.is_admin:
+    current_user = get_jwt_identity()
+    if not current_user['is_admin']:
       raise ValueError("Unauthorized")
     if 'password' in form:
       item.password = encrypt_password(form['password'])
@@ -24,10 +25,10 @@ class UserView(CrudView):
       item.settings = form['settings']
 
   def on_update(self, session, form, item):
-    if not current_identity.is_admin:
-      if item.id != current_identity.id:
+    if not current_user['is_admin']:
+      if item.id != current_user['id']:
         raise ValueError("Unauthorized")
-      if current_identity.is_admin != item.is_admin:
+      if current_user['is_admin'] != item.is_admin:
         raise ValueError("Unauthorized")
     if 'password' in form:
       item.password = encrypt_password(form['password'])
@@ -35,7 +36,7 @@ class UserView(CrudView):
       item.settings = form['settings']
 
   def on_destroy(self, session, item):
-    if not current_identity.is_admin:
+    if not current_user['is_admin']:
       raise ValueError("Unauthorized")
-    if item.id == current_identity.id:
+    if item.id == current_user['id']:
       raise ValueError("Unauthorized")