def post(self, request, format='json'):
username = request.data.get('username')
password = request.data.get('password')
authobj = BasicAuthentication()
try:
roleList = []
res = authobj.authenticate_credentials(username, password)
user = userRoles.objects.filter(user=User.objects.get(
username=username))
for indUser in user:
for j in indUser.roles.all():
roleList.append(j.roleName)
response = {"status": "1", "roles": roleList}
return Response(response)
except Exception as e:
response = {"status": "0", "description": str(e)}
return Response(response)
def post(self, request, format=None):
"""
This leverages the HTTP basic authentication middleware
that exists for authenticating requests to the application.
The difference lies in where the user data is coming from.
This data will be a part of the request payload, probably as
Base64 encoded data.
"""
auth = BasicAuthentication()
serializer = UserAuthSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
encoded = serializer.data['value']
credentials = decode_credentials(encoded)
user = auth.authenticate_credentials(
credentials['username'], credentials['password']
)
instance = user[0]
serialized_user = UserSerializer(instance)
return Response({'user': serialized_user.data})
def test_basic_authentication_raises_error_if_user_not_found(self):
auth = BasicAuthentication()
with pytest.raises(exceptions.AuthenticationFailed):
auth.authenticate_credentials('invalid id', 'invalid password')
def test_basic_authentication_raises_error_if_user_not_found(self):
auth = BasicAuthentication()
with pytest.raises(exceptions.AuthenticationFailed):
auth.authenticate_credentials('invalid id', 'invalid password')