diff options
Diffstat (limited to 'qvisqve/auth_router.py')
-rw-r--r-- | qvisqve/auth_router.py | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/qvisqve/auth_router.py b/qvisqve/auth_router.py index 717e46f..378a995 100644 --- a/qvisqve/auth_router.py +++ b/qvisqve/auth_router.py @@ -17,14 +17,18 @@ import urllib.parse +import bottle + + import qvisqve class AuthRouter(qvisqve.Router): - def __init__(self, apps): + def __init__(self, apps, users): super().__init__() self._apps = apps + self._users = users def get_routes(self): return [ @@ -44,6 +48,12 @@ class AuthRouter(qvisqve.Router): if content_type != 'application/x-www-form-urlencoded': return qvisqve.bad_request_response('Wrong content type') + params = self._get_form_params(body) + username = self._get_param(params, 'username') + password = self._get_param(params, 'password') + if not self._users.is_valid_secret(username, password): + return qvisqve.unauthorized_response('Access denied') + # TODO: # - perform actual auth # - create and store auth code @@ -59,3 +69,10 @@ class AuthRouter(qvisqve.Router): qvisqve.log.log('xxx', msg_text='Returning redirect', url=url) return qvisqve.found_response('Redirect to callback url', url) + + def _get_param(self, params, name): + return params[name][0] + + def _get_form_params(self, body): + body = body.decode('UTF-8') + return urllib.parse.parse_qs(body) |