From 954d60164d586746fdc8dd4149bb17e0ed391907 Mon Sep 17 00:00:00 2001
From: hongwei1 <hongwei@tesobe.com>
Date: Sat, 10 Aug 2019 23:20:33 +0200
Subject: [PATCH] added some comments for DirectLogin

---
 apimanager/obp/directlogin.py | 17 +++++++++++++----
 apimanager/obp/forms.py       |  2 +-
 apimanager/obp/views.py       |  1 +
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/apimanager/obp/directlogin.py b/apimanager/obp/directlogin.py
index 69ce4ee..81e209e 100644
--- a/apimanager/obp/directlogin.py
+++ b/apimanager/obp/directlogin.py
@@ -19,7 +19,10 @@ class DirectLoginAuthenticator(Authenticator):
     def __init__(self, token=None):
         self.token = token
 
-    def login_to_api(self, data):
+    # This method will call '/my/logins/direct' endpoint and get the directLogin token back, store it to self.token filed.
+    # the requestheaders are from the home.html form. eg:
+    # username="susan.uk.29@example.com",password="2b78e8", consumer_key="my5qhma1cfig5wstj5poa355onjchk0enkf3boq4"
+    def prepare_direct_login_token(self, requestheaders):
         """
         Logs into the API and returns the token
 
@@ -27,12 +30,16 @@ class DirectLoginAuthenticator(Authenticator):
         """
         url = settings.API_HOST + settings.DIRECTLOGIN_PATH
         authorization = 'DirectLogin username="{}",password="{}",consumer_key="{}"'.format(  # noqa
-            data['username'],
-            data['password'],
-            data['consumer_key'])
+            requestheaders['username'],
+            requestheaders['password'],
+            requestheaders['consumer_key'])
         headers = {'Authorization': authorization}
 
         try:
+            # 'http://127.0.0.1:8080/my/logins/direct'
+            # Headers:{'Authorization': 'DirectLogin username="susan.uk.29@example.com",password="2b78e8",
+            # consumer_key="my5qhma1cfig5wstj5poa355onjchk0enkf3boq4"'}
+            # This will get the directLogin Token back.
             response = requests.post(url, headers=headers)
         except requests.exceptions.ConnectionError as err:
             raise AuthenticatorError(Exception("OBP-API server is not running or do not response properly. "
@@ -41,6 +48,8 @@ class DirectLoginAuthenticator(Authenticator):
         except BaseException as err:
             raise AuthenticatorError(Exception("Unknown Error. Details:"+ str(err)))
 
+        # This is the direct-Login Token:
+        # <class 'dict'>: {'token': 'eyJhbGciOiJIUzI1NiJ9.eyIiOiIifQ.HURJVvyGgcPcjvrfRCSbRyk1_ssjlAUk8fP0leKx8kw'}
         result = response.json()
         if response.status_code != 201:
             raise AuthenticatorError(result['message'])
diff --git a/apimanager/obp/forms.py b/apimanager/obp/forms.py
index c39cf34..2299b8f 100644
--- a/apimanager/obp/forms.py
+++ b/apimanager/obp/forms.py
@@ -25,7 +25,7 @@ class DirectLoginForm(forms.Form):
         cleaned_data = super(DirectLoginForm, self).clean()
         authenticator = DirectLoginAuthenticator()
         try:
-            authenticator.login_to_api(cleaned_data)
+            authenticator.prepare_direct_login_token(cleaned_data)
             cleaned_data['authenticator'] = authenticator
         except AuthenticatorError as err:
             raise forms.ValidationError(err)
diff --git a/apimanager/obp/views.py b/apimanager/obp/views.py
index 0cea5ad..4e7fa73 100644
--- a/apimanager/obp/views.py
+++ b/apimanager/obp/views.py
@@ -25,6 +25,7 @@ class LoginToDjangoMixin(object):
         Logs the user into Django
         Kind of faking it to establish if a user is authenticated later on
         """
+        # Here, we already get the Token for the api call.
         api = API(self.request.session.get('obp'))
         try:
             data = api.get('/users/current')