def post(self, request, *args, **kwargs):
"""
---
type:
token:
type: string
required: true
consumes:
- application/json
produces:
- application/json
request_serializer: rest_framework.authtoken.serializers.AuthTokenSerializer
"""
serializer = AuthTokenSerializer(data=request.data)
if serializer.is_valid():
token, _ = ExpiringToken.objects.get_or_create(user=serializer.validated_data['user'])
if not token.user.is_superuser and token.expired():
# If the token is expired, generate a new one.
token.delete()
token = ExpiringToken.objects.create(user=serializer.validated_data['user'])
data = {'token': token.key}
return Response(data)
return Response(serializer.errors, status=HTTP_400_BAD_REQUEST)
def post(self, request):
"""
Retorna um token valido para o usuario atenticado.
---
parameters:
- name: username
description: Foobar long description goes here
required: true
type: text
paramType: form
- name: password
paramType: text
responseMessages:
- code: 401
message: Crendenciais invalidas
- code: 200
message: OK
"""
serializer = AuthTokenSerializer(data=request.data)
if serializer.is_valid():
usuario = User.objects.get(username=request.data[unicode('username')])
token, created = Token.objects.get_or_create(user=usuario)
imagem = models.Perfil.objects.filter(usuario=usuario).values('imagem')[0]['imagem']
serializer = serializers.UserSerializer(usuario)
return Response(data={"token": token.key, "user": serializer.data, "image": imagem})
return Response(serializer.errors, status=status.HTTP_401_UNAUTHORIZED)
def register(request):
if request.method == 'POST':
username = request.data['username']
password = request.data['password']
is_staff = request.data['is_staff']
if is_staff == 'true':
staff = True
else:
staff = False
if User.objects.filter(username__iexact=username).exists():
return json_response({'error': 'Username already exists'}, status=400)
else:
user = User.objects.create_user(username, email=None, password=password)
user.is_staff = staff
user.save()
auth_serializer = AuthTokenSerializer(data={'username': username, 'password': password})
if auth_serializer.is_valid():
token, created = Token.objects.get_or_create(user=user)
return json_response({'token': token.key, 'username': user.username, 'userId': user.id, 'is_staff': user.is_staff})
else:
return json_response({'error': 'Register failed'}, status=400)
elif request.method == 'OPTIONS':
return json_response({})
else:
return json_response({'error': 'Invalid Call'}, status=405)
def post(self, request):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token = Token.objects.filter(user=user)
if token.exists():
token.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
return Response(status=status.HTTP_404_NOT_FOUND)
def obtain_auth_token(self, request):
"""
---
serializer: AuthTokenSerializer
"""
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data["user"]
token, created = Token.objects.get_or_create(user=user)
return Response({"token": token.key, "id": user.id})
def post(self, request):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
utc_now = datetime.datetime.utcnow()
if not created and token.created < utc_now - datetime.timedelta(hours=24):
token.delete()
token = Token.objects.create(user=serializer.object['user'])
token.created = datetime.datetime.utcnow()
token.save()
return Response({'token': token.key})
def post(self, request):
"""
Retrieve authorization token.
"""
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
return Response({
'username': user.username,
'token': token.key
})
def post(self, request):
"""
Take a request containing a token and, if it's valid,
return a token and user primary key in JSON format.
This allows us to send an individual requesting user's data
back to them, and doesn't expose anything that an attacker with
access to the token wouldn't be able to get anyway.
"""
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
return Response({'token': token.key, 'user': user.pk})
def post(self, request):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
try:
client = self.request.session['client']
client.login(user.email, serializer.validated_data['password'])
client.user = user
except:
msg = _('Unable to log in with provided credentials.')
raise exceptions.ValidationError(msg)
token, created = Token.objects.get_or_create(user=user)
return Response({'token': token.key})
def login(request):
if request.method == 'POST':
auth_serializer = AuthTokenSerializer(data=request.data)
if auth_serializer.is_valid():
user = auth_serializer.validated_data['user']
user_serializer = UserSerializer(user)
token, created = Token.objects.get_or_create(user=user)
return json_response({'token': token.key,
'username': user_serializer.data['username'],
'userId': user_serializer.data['id']})
else:
return json_response({'error': 'Invalid Username/Password'}, status=400)
elif request.method == 'OPTIONS':
return json_response({})
else:
return json_response({'error': 'Invalid Call'}, status=405)
def post(self, request, format=None):
serializer = AuthTokenSerializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except:
raise exceptions.ValidationError(
{'message': 'Não foi possível autenticar com as credenciais informadas.'})
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
account = {
'name': user.name,
'email': user.email
}
return Response({'token': token.key, 'user': account})
def post(self, request):
"""Respond to POSTed username/password with token."""
serializer = AuthTokenSerializer(data=request.data)
if serializer.is_valid():
token, _ = ExpiringToken.objects.get_or_create(user=serializer.validated_data["user"])
if token.expired():
# If the token is expired, generate a new one.
token.delete()
token = ExpiringToken.objects.create(user=serializer.validated_data["user"])
data = {"token": token.key}
return Response(data)
return Response(serializer.errors, status=HTTP_400_BAD_REQUEST)
def post(self, request):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
# # Account into
request.data.update({'preferences':{'wtf':''}})
request.data.update({'user':user.id})
profile = ProfileSerializer(user.profile)
token, created = Token.objects.get_or_create(user=user)
accountInfo = {
'token': token.key,
'username':user.username,
'profile': profile.data
}
return Response(accountInfo)
def authenticate(request):
"""
Authenticates user with username/password.\n
HTTP Method:\n
POST\n
Accepts:\n
{
"username": "******",
"password": "******",
"device_type": "[iPhone/Android/Desktop]",
"token": "[token]",
"push_token": [push_token]"
}\n
Returns:\n
{
"token": "b95175a8e01d3ac718d12669f1ca8ddd37bf6f3d",
"type": 'S'
}\n
"""
data = {
"username": request.DATA.get("username").lower(),
"password": request.DATA.get("password")
}
serializer = AuthTokenSerializer(data=data)
if serializer.is_valid():
user = serializer.object['user']
device_type = request.DATA.get("device_type")
push_token = request.DATA.get("push_token")
token, created = Token.objects.get_or_create(user=user)
my_device, created = UserDevice.objects.get_or_create(user=user, device_type=device_type, push_token=push_token)
my_device.push_token = push_token
my_device.save()
my_user = MyUser.objects.filter(user=user).first()
if my_user:
if my_user.user.is_active:
type = my_user.type
response = {
'token': token.key,
'type': type,
'user_id': my_user.user.id
}
return Response(response)
return Response(error_as_text(serializer.errors, HTTP_400_BAD_REQUEST), status=HTTP_400_BAD_REQUEST)
def post(self, request):
"""
Login user, returns token and user data
---
request_serializer: rest_framework.authtoken.serializers.AuthTokenSerializer
response_serializer: member.serializers.MemberSerializer
"""
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
if not user.is_verified:
return Response({'error':{'username':['User not yet verified']}},status=status.HTTP_400_BAD_REQUEST)
serializedMember = MemberSerializer(user)
token, created = Token.objects.get_or_create(user=user)
if not created:
token.delete()
token.created = datetime.utcnow().replace(tzinfo=pytz.utc)
token.key = binascii.hexlify(os.urandom(20)).decode()
token.save()
return Response({'token': token.key,'message':'Login Successful','user':serializedMember.data})
def post(self, request):
"""Respond to POSTed username/password with token."""
serializer = AuthTokenSerializer(data=request.data)
if serializer.is_valid():
token, _ = ExpiringToken.objects.get_or_create(
user=serializer.validated_data['user']
)
if not token.expiration_set():
# If no EXPIRING_TOKEN_LIFESPAN is set in settings file, then skip checking if token is expired
return Response({'token': token.key})
if token.expired():
# If the token is expired, generate a new one.
token.delete()
token = ExpiringToken.objects.create(
user=serializer.validated_data['user']
)
data = {'token': token.key}
return Response(data)
return Response(serializer.errors, status=HTTP_400_BAD_REQUEST)
def post(self, request):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
return Response({'token': token.key})
def post(self, request, format=None):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
login(request, user)
return super(LoginAPI, self).post(request, format=None)
def get_serializer(self):
return AuthTokenSerializer()
def test_whitespace_in_password(self):
data = {'username': self.user.username, 'password': '******'}
self.user.set_password(data['password'])
self.user.save()
assert AuthTokenSerializer(data=data).is_valid()
def test_validate_raise_error_if_no_credentials_provided(self):
with pytest.raises(ValidationError):
AuthTokenSerializer().validate({})
def post(self, request, *args, **kwargs):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
login(request, user)
return super().post(request, *args, **kwargs)
def __create_token(self, request):
token_serializer = AuthTokenSerializer(data=request.data)
token_serializer.is_valid(raise_exception=True)
user = token_serializer.validated_data['user']
login(request, user)
return super(AbstractRegistrationView, self).post(request, format=None).data
def post(self, request):
auth_seriarializer = AuthTokenSerializer(data=request.DATA)
if auth_seriarializer.is_valid():
user = User.objects.get(username=request.DATA['username'])
return Response(TokenSerializer(user.authentification_token).data)
return Response(auth_seriarializer.errors, status=status.HTTP_401_UNAUTHORIZED)
def login_view(request):
user = {}
user['username'] = request.POST.get('username', None)
user['password'] = request.POST.get('password', None)
if user['username'] is not None:
EMAIL_REGEX = re.compile(r"[^@]+@[^@]+\.[^@]+")
if EMAIL_REGEX.match(user['username']):
email = user['username']
user_obj = User.objects.filter(email=email).values('username')
if len(user_obj) > 0:
user['username'] = user_obj[0]['username']
serializer = AuthTokenSerializer(data=user)
if serializer.is_valid(raise_exception=False):
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
if user.is_superuser:
if settings.DEBUG:
response = HttpResponseRedirect(
'%s%s:%s%s' %
(settings.SERVER_PROTOCOL, settings.APP_SERVER_NAME,
settings.APP_SERVER_PORT,
settings.APP_ADMIN_LOGGED_IN_PATH))
else:
response = HttpResponseRedirect(
'%s%s%s' %
(settings.SERVER_PROTOCOL, settings.APP_SERVER_NAME,
settings.APP_ADMIN_LOGGED_IN_PATH))
else:
if settings.DEBUG:
response = HttpResponseRedirect(
'%s%s:%s%s' %
(settings.SERVER_PROTOCOL, settings.APP_SERVER_NAME,
settings.APP_SERVER_PORT,
settings.APP_USER_LOGGED_IN_PATH))
else:
response = HttpResponseRedirect(
'%s%s%s' %
(settings.SERVER_PROTOCOL, settings.APP_SERVER_NAME,
settings.APP_USER_LOGGED_IN_PATH))
max_age = 7 * 24 * 60 * 60
expires = datetime.datetime.strftime(
datetime.datetime.utcnow() + datetime.timedelta(seconds=max_age),
"%a, %d-%b-%Y %H:%M:%S GMT")
response.set_cookie('auth_token',
token.key,
max_age=max_age,
expires=expires,
domain=settings.SESSION_COOKIE_DOMAIN,
secure=settings.SESSION_COOKIE_SECURE or None)
user.last_login = timezone.now()
user.save()
else:
if settings.DEBUG:
response = HttpResponseRedirect(
'%s%s:%s%s' %
(settings.SERVER_PROTOCOL, settings.APP_SERVER_NAME,
settings.APP_SERVER_PORT,
settings.APP_USER_LOG_IN_FAILED_PATH))
else:
response = HttpResponseRedirect(
'%s%s%s' % (settings.SERVER_PROTOCOL, settings.APP_SERVER_NAME,
settings.APP_USER_LOG_IN_FAILED_PATH))
return response
def list(self, request):
return Response(AuthTokenSerializer().data)
def get(self, request): #used for frontend
serializer = AuthTokenSerializer()
return Response({'serializer': serializer})
def post(self, request, format=None):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
return super(LoginView, self).post(request, format)
def login(request):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data.get('user')
token, created = Token.objects.get_or_create(user=user)
return Response({'token': token.key, 'username': user.username})
def post(self, request):
serializer = AuthTokenSerializer(data=request.data)
if serializer.is_valid():
return Response({'serializer': serializer})
serializer.save()
return redirect('product-list')
def post(self, request, format=None):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
return Response("ok")
def login(request):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token, _ = Token.objects.get_or_create(user=user)
return Response({'token': token.key}, status=status.HTTP_200_OK)
def post(self, request):
serializer = AuthTokenSerializer(data=request.DATA)
if serializer.is_valid():
token, created = Token.objects.get_or_create(user=serializer.object['user'])
return Response({'token': token.key})
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def login(request):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
contact = serializer.validated_data.get('contact')
token, created = Token.objects.get_or_create(contact=contact)
return Response({'token': token.key})
def create(self, request):
"""Use ObtainAuthToken APIView to validate and create token"""
serializer = AuthTokenSerializer(data=request.data)
return ObtainAuthToken().post(request)
def request_token(self, request, *args, **kwargs):
serializer = AuthTokenSerializer(data=request.data,
context={'request': request})
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
return self.login(user)
def post(self, request):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
return Response({'token': token.key})
def post(self, request, format=None):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
return Response({"token": AuthToken.objects.create(user)[1]})
