How to create new user accounts in python eve api secured with User-Restricted Resource Access
One simple solution would be to not restrict your user creation method. Something like so:
class BCryptAuth(BasicAuth): def check_auth(self, username, password, allowed_roles, resource, method): # allow anyone to create a new account. if resource == 'accounts' and method == 'POST': return True accounts = Eve.app.data.driver.db['accounts'] account = accounts.find_one({'username': username}) if account and 'user_id' in account: self.set_request_auth_value(account['user_id']) return account and bcrypt.hashpw(password.encode('utf-8'),account['salt'].encode('utf-8')) == account['password']
Alternatively, and especially so if you only allow POSTing to the account
endpoint, you could opt out of authentication for the endpoint:
'accounts': { # or you could provide a different custom class here, # so you don't need the guard in the general-purpose auth class. 'authentication': None, ...}
Hope this helps.