mirror of
https://github.com/fergalmoran/dss.api.git
synced 2025-12-22 17:28:55 +00:00
95 lines
3.4 KiB
Python
Executable File
95 lines
3.4 KiB
Python
Executable File
from requests import HTTPError
|
|
from rest_framework import parsers
|
|
from rest_framework.authentication import get_authorization_header
|
|
from rest_framework.authtoken.models import Token
|
|
from rest_framework.authtoken.serializers import AuthTokenSerializer
|
|
from rest_framework.response import Response
|
|
from rest_framework.status import *
|
|
from rest_framework.views import APIView
|
|
from rest_framework import status
|
|
from rest_framework import renderers
|
|
from social.apps.django_app.utils import strategy, load_strategy, load_backend
|
|
from dss import settings
|
|
|
|
|
|
class LoginException(Exception):
|
|
pass
|
|
|
|
|
|
@strategy()
|
|
def register_by_access_token(request, backend):
|
|
strat = load_strategy(request)
|
|
auth = get_authorization_header(request).split()
|
|
if not auth or auth[0].lower() != b'social':
|
|
raise LoginException("Unable to register_by_access_token: No token header provided")
|
|
|
|
access_token = auth[1]
|
|
user = request.backend.do_auth(access_token)
|
|
return user
|
|
|
|
|
|
class ObtainAuthToken(APIView):
|
|
serializer_class = AuthTokenSerializer
|
|
model = Token
|
|
|
|
def post(self, request):
|
|
# Here we call PSA to authenticate like we would if we used PSA on server side.
|
|
try:
|
|
backend = request.META.get('HTTP_AUTH_BACKEND')
|
|
if backend is None:
|
|
# Work around django test client oddness
|
|
return Response("No Auth-Backend header specified", HTTP_400_BAD_REQUEST)
|
|
|
|
user = register_by_access_token(request, backend)
|
|
|
|
# If user is active we get or create the REST token and send it back with user data
|
|
if user and user.is_active:
|
|
token, created = Token.objects.get_or_create(user=user)
|
|
return Response({
|
|
'slug': user.userprofile.slug,
|
|
'token': token.key
|
|
})
|
|
except LoginException, ex:
|
|
return Response(ex.message, HTTP_400_BAD_REQUEST)
|
|
except HTTPError, ex:
|
|
return Response(ex.message, HTTP_400_BAD_REQUEST)
|
|
|
|
|
|
class ObtainUser(APIView):
|
|
throttle_classes = ()
|
|
permission_classes = ()
|
|
parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,)
|
|
renderer_classes = (renderers.JSONRenderer,)
|
|
serializer_class = AuthTokenSerializer
|
|
model = Token
|
|
|
|
def get(self, request):
|
|
serializer = self.serializer_class(data=request.DATA)
|
|
if request.META.get('HTTP_AUTHORIZATION'):
|
|
|
|
auth = request.META.get('HTTP_AUTHORIZATION').split()
|
|
|
|
if not auth or auth[0].lower() != b'token' or len(auth) != 2:
|
|
msg = 'Invalid token header. No credentials provided.'
|
|
return Response(msg, status=status.HTTP_401_UNAUTHORIZED)
|
|
|
|
token = Token.objects.get(key=auth[1])
|
|
if token and token.user.is_active:
|
|
return Response({'id': token.user_id, 'name': token.user.username, 'firstname': token.user.first_name,
|
|
'userRole': 'user', 'token': token.key})
|
|
else:
|
|
return Response(serializer.errors, status=status.HTTP_401_UNAUTHORIZED)
|
|
|
|
|
|
class ObtainLogout(APIView):
|
|
throttle_classes = ()
|
|
permission_classes = ()
|
|
parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,)
|
|
renderer_classes = (renderers.JSONRenderer,)
|
|
serializer_class = AuthTokenSerializer
|
|
model = Token
|
|
|
|
# Logout le user
|
|
def get(self, request):
|
|
return Response({'User': ''})
|