#4: Move credentials checking to post body

ral-facilities · Jun 18, 2019 · 08fc3e6 · 08fc3e6
1 parent 647dde6
commit 08fc3e6
Showing 1 changed file with 3 additions and 5 deletions.
diff --git a/src/resources/non_entities/sessions_endpoints.py b/src/resources/non_entities/sessions_endpoints.py
@@ -1,5 +1,6 @@
 import uuid
 
+from flask import request
 from flask_restful import Resource, reqparse
 
 from common.database_helpers import insert_row_into_table, delete_row_by_id, get_row_by_id
@@ -14,12 +15,9 @@ def post(self):
         Generates a sessionID if the user has correct credentials
         :return: String - SessionID
         """
-        parser = reqparse.RequestParser()
-        parser.add_argument("Authorization", location="headers")
-        args = parser.parse_args()
-        if args["Authorization"] is None:
+        if request.data == b"":  # request.data returns a byte object, it can only be checked for empty like this
             return "Unauthorized", 401
-        if args["Authorization"] == "user:password":
+        if request.json == {"username": "user", "password": "password"}:
             session_id = str(uuid.uuid1())
             insert_row_into_table(SESSION(ID=session_id))
             return {"sessionID": session_id}, 201