#31 API further credential

* adds Kspuser as another expected header data to resolve the api user * adds/updates translations
2022-01-28 16:35:25 +01:00
parent cbf871f4b4
commit 5b52119e89
6 changed files with 20 additions and 13 deletions
--- a/api/models/token.py
+++ b/api/models/token.py
@@ -25,11 +25,12 @@ class APIUserToken(models.Model):
        return self.token

    @staticmethod
-    def get_user_from_token(token: str):
+    def get_user_from_token(token: str, username: str):
        """ Getter for the related user object

        Args:
            token (str): The used token
+            username (str): The username

        Returns:
            user (User): Otherwise None
@@ -38,11 +39,12 @@ class APIUserToken(models.Model):
        try:
            token_obj = APIUserToken.objects.get(
                token=token,
+                user__username=username
            )
            if not token_obj.is_active:
                raise PermissionError("Token unverified")
            if token_obj.valid_until is not None and token_obj.valid_until < _today:
                raise PermissionError("Token validity expired")
        except ObjectDoesNotExist:
-            raise PermissionError("Token invalid")
+            raise PermissionError("Credentials invalid")
        return token_obj.user