How To Create New User Accounts In Python Eve Api Secured With User-restricted Resource Access

January 19, 2024 Post a Comment

I first created a web api using the python-eve framework, without authentication or user accounts, and it worked great! I am now trying to add authentication and user accounts, and

Solution 1:

One simple solution would be to not restrict your user creation method. Something like so:

classBCryptAuth(BasicAuth):
    defcheck_auth(self, username, password, allowed_roles, resource, method):

        # allow anyone to create a new account.if resource == 'accounts'and method == 'POST':
            returnTrue

        accounts = Eve.app.data.driver.db['accounts']
        account = accounts.find_one({'username': username})
        if account and'user_id'in account:
           self.set_request_auth_value(account['user_id'])
        return account and bcrypt.hashpw(password.encode('utf-8'),account['salt'].encode('utf-8')) == account['password']

Alternatively, and especially so if you only allow POSTing to the account endpoint, you could opt out of authentication for the endpoint:

'accounts': {
    # or you could provide a different custom class here, # so you don't need the guard in the general-purpose auth class.'authentication': None,
    ...
}

Hope this helps.

Baca Juga

Python Tutorial for Beginners

How To Create New User Accounts In Python Eve Api Secured With User-restricted Resource Access

Solution 1:

Post a Comment for "How To Create New User Accounts In Python Eve Api Secured With User-restricted Resource Access"