better login view and better user_api related : authenticate_user method

tracim/exceptions.py

@@ -85,5 +85,9 @@ class DigestAuthNotImplemented(Exception):
     pass
 
 
-class LoginFailed(TracimException):
+class AuthenticationFailed(TracimException):
+    pass
+
+
+class BadUserPassword(TracimException):
     pass

tracim/lib/core/user.py

@@ -5,6 +5,9 @@ import transaction
 import typing as typing
 
 from tracim.models.auth import User
+from sqlalchemy.orm.exc import NoResultFound
+from tracim.exceptions import BadUserPassword
+from tracim.exceptions import AuthenticationFailed
 
 
 class UserApi(object):
@@ -14,21 +17,46 @@ class UserApi(object):
         self._user = current_user
         self._config = config
 
-    def get_all(self):
-        return self._session.query(User).order_by(User.display_name).all()
-
     def _base_query(self):
         return self._session.query(User)
 
-    def get_one(self, user_id: int):
+    def get_one(self, user_id: int) -> User:
         return self._base_query().filter(User.user_id==user_id).one()
 
-    def get_one_by_email(self, email: str):
+    def get_one_by_email(self, email: str) -> User:
         return self._base_query().filter(User.email==email).one()
 
     def get_one_by_id(self, id: int) -> User:
         return self._base_query().filter(User.user_id==id).one()
 
+    def get_all(self) -> typing.Iterable[User]:
+        return self._session.query(User).order_by(User.display_name).all()
+
+    def user_with_email_exists(self, email: str):
+        try:
+            self.get_one_by_email(email)
+            return True
+        # TODO - G.M - 09-04-2018 - Better exception
+        except:
+            return False
+
+    def authenticate_user(self, email, password) -> User:
+        """
+        Authenticate user with email and password, raise AuthenticationFailed
+        if uncorrect.
+        :param email: email of the user
+        :param password: cleartext password of the user
+        :return: User who was authenticated.
+        """
+        try:
+            user = self.get_one_by_email(email)
+            if user.validate_password(password):
+                return user
+            else:
+                raise BadUserPassword()
+        except (BadUserPassword, NoResultFound):
+            raise AuthenticationFailed
+
     def update(
             self,
             user: User,
@@ -48,14 +76,6 @@ class UserApi(object):
         if do_save:
             self.save(user)
 
-    def user_with_email_exists(self, email: str):
-        try:
-            self.get_one_by_email(email)
-            return True
-        # TODO - G.M - 09-04-2018 - Better exception
-        except:
-            return False
-
     def create_user(self, email=None, groups=[], save_now=False) -> User:
         user = User()
 

tracim/views/core_api/session_controller.py

@@ -14,10 +14,13 @@ from tracim.views.controllers import Controller
 from pyramid.config import Configurator
 
 from tracim.views import BASE_API_V2
-from tracim.views.core_api.schemas import UserSchema, NoContentSchema
+from tracim.views.core_api.schemas import UserSchema
+from tracim.views.core_api.schemas import NoContentSchema
+
 from tracim.views.core_api.schemas import LoginOutputHeaders
 from tracim.views.core_api.schemas import BasicAuthSchema
-from tracim.exceptions import NotAuthentificated, LoginFailed
+from tracim.exceptions import NotAuthentificated
+from tracim.exceptions import AuthenticationFailed
 
 try:  # Python 3.5+
     from http import HTTPStatus
@@ -30,7 +33,7 @@ class SessionController(Controller):
     @hapic.with_api_doc()
     @hapic.input_headers(LoginOutputHeaders())
     @hapic.input_body(BasicAuthSchema())
-    @hapic.handle_exception(LoginFailed, http_code=HTTPStatus.BAD_REQUEST)
+    @hapic.handle_exception(AuthenticationFailed, http_code=HTTPStatus.BAD_REQUEST)
     # TODO - G.M - 17-04-2018 - fix output header ?
     # @hapic.output_headers()
     @hapic.output_body(
@@ -44,21 +47,12 @@ class SessionController(Controller):
         email = request.json_body['email']
         password = request.json_body['password']
         app_config = request.registry.settings['CFG']
-        try:
-            uapi = UserApi(
-                None,
-                session=request.dbsession,
-                config=app_config,
-            )
-            user = uapi.get_one_by_email(email)
-            valid_password = user.validate_password(password)
-            if not valid_password:
-                # Bad password
-                raise LoginFailed('Bad Credentials')
-        except NoResultFound:
-            # User does not exist
-            raise LoginFailed('Bad Credentials')
-        return
+        uapi = UserApi(
+            None,
+            session=request.dbsession,
+            config=app_config,
+        )
+        return uapi.authenticate_user(email, password)
 
     @hapic.with_api_doc()
     @hapic.output_body(