class CustomAuthToken(ObtainAuthToken):
"""View for custom auth token"""
serializer_class = CustomAuthTokenSerializer
if coreapi_schema.is_enabled():
schema = ManualSchema(
fields=[
coreapi.Field(
name="email",
required=True,
location='form',
schema=coreschema.String(
title="Email",
description="Valid email for authentication",
),
),
coreapi.Field(
name="password",
required=True,
location='form',
schema=coreschema.String(
title="Password",
description="Valid password for authentication",
),
),
],
encoding="application/json",
)
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
return Response({'token': token.key, 'user_id': user.id})
class CustomAuthToken(ObtainAuthToken):
serializer_class = CustomAuthTokenSerializer
if coreapi_schema.is_enabled():
schema = ManualSchema(
fields=[
coreapi.Field(
name="email",
required=True,
location='form',
schema=coreschema.String(
title="Email",
description="Valid email for authentication",
),
),
coreapi.Field(
name="password",
required=True,
location='form',
schema=coreschema.String(
title="Password",
description="Valid password for authentication",
),
),
],
encoding="application/json",
)
class AddGroupUsersAPIView(views.APIView):
permission_classes = (permissions.AllowAny, )
if coreapi_schema.is_enabled():
schema = ManualSchema(
fields=[
coreapi.Field(
name="users",
required=False,
location='form',
schema=coreschema.Array(
items={"email": "string"},
title="Email",
description="an array with users of a group",
),
),
],
encoding="application/json",
)
def patch(self, request, **kwargs):
group_name = kwargs.get('group_name', 'default')
try:
group = models.Group.objects.get(name=group_name)
except models.Group.DoesNotExist:
logger.info(f"group={group_name} - group not found")
return response.Response(status=status.HTTP_404_NOT_FOUND)
users_emails = json.loads(request.data)
for user_data in users_emails:
if "email" not in user_data:
return response.Response(status=status.HTTP_400_BAD_REQUEST)
user = models.User.objects.get(email=user_data['email'])
group.user_set.add(user)
return response.Response({"group": group, status: status.HTTP_200_OK})
class GroupAPIView(generics.RetrieveUpdateDestroyAPIView):
if coreapi_schema.is_enabled():
schema = ManualSchema(
fields=[
coreapi.Field(
name="users",
required=False,
location='form',
schema=coreschema.Array(
items={"email": "string"},
title="Email",
description="an array with users of a group",
),
),
coreapi.Field(
name="group",
required=True,
location='form',
schema=coreschema.String(
title="Group name",
description="a string with a group name",
),
),
],
encoding="application/json",
)
# Allow any user (authenticated or not) to access this url
permission_classes = (permissions.AllowAny, )
queryset = models.Group.objects.all()
serializer_class = serializers.GroupSerializer
lookup_field = 'name'
class ObtainAuthToken(APIView):
throttle_classes = ()
authentication_classes = []
permission_classes = []
parser_classes = (
parsers.FormParser,
parsers.MultiPartParser,
parsers.JSONParser,
)
renderer_classes = (renderers.JSONRenderer, )
serializer_class = AuthTokenSerializer
if coreapi_schema.is_enabled():
schema = ManualSchema(
fields=[
coreapi.Field(
name="username",
required=True,
location='form',
schema=coreschema.String(
title="Username",
description="Valid username for authentication",
),
),
coreapi.Field(
name="password",
required=True,
location='form',
schema=coreschema.String(
title="Password",
description="Valid password for authentication",
),
),
],
encoding="application/json",
)
def get_serializer_context(self):
return {
'request': self.request,
'format': self.format_kwarg,
'view': self
}
def get_serializer(self, *args, **kwargs):
kwargs['context'] = self.get_serializer_context()
return self.serializer_class(*args, **kwargs)
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
return Response({'token': token.key})
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
if self.renderer_classes is None:
if coreapi.is_enabled():
self.renderer_classes = [
renderers.CoreAPIOpenAPIRenderer,
renderers.CoreJSONRenderer
]
else:
self.renderer_classes = [
renderers.OpenAPIRenderer,
renderers.JSONOpenAPIRenderer,
]
if renderers.BrowsableAPIRenderer in api_settings.DEFAULT_RENDERER_CLASSES:
self.renderer_classes += [renderers.BrowsableAPIRenderer]
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
if self.renderer_classes is None:
if coreapi.is_enabled():
self.renderer_classes = [
renderers.CoreAPIOpenAPIRenderer,
renderers.CoreJSONRenderer
]
else:
self.renderer_classes = [
renderers.OpenAPIRenderer,
renderers.JSONOpenAPIRenderer,
]
if renderers.BrowsableAPIRenderer in api_settings.DEFAULT_RENDERER_CLASSES:
self.renderer_classes += [renderers.BrowsableAPIRenderer]
def get_mode(self):
return COREAPI_MODE if coreapi.is_enabled() else OPENAPI_MODE
class CreateQuizAPIView(generics.CreateAPIView):
if coreapi_schema.is_enabled():
schema = ManualSchema(
fields=[
coreapi.Field(
name="title",
required=True,
location='form',
schema=coreschema.String(
title="Title",
description="name of a quiz",
),
),
coreapi.Field(
name="quiz_type",
required=True,
location='form',
schema=coreschema.String(
title="Type of a quiz",
description="Type of a quiz",
),
),
coreapi.Field(
name="timestamp",
required=True,
location='form',
schema=coreschema.Integer(
title="Timestamp",
description="timestamp",
),
),
coreapi.Field(
name="goal",
required=True,
location='form',
schema=coreschema.Integer(
title="Goal",
description="goal for the users",
),
),
coreapi.Field(
name="indicator_value",
required=True,
location='form',
schema=coreschema.Number(
title="Indicator value",
description="indicator value",
),
),
coreapi.Field(
name="author",
required=True,
location='form',
schema=coreschema.String(
title="Author username",
description="author username",
),
),
coreapi.Field(
name="description",
required=True,
location='form',
schema=coreschema.String(
title="question description",
description="description",
),
),
coreapi.Field(
name="vote_detail",
required=True,
location='form',
schema=coreschema.Object(
title="Vote detail",
description="vote details in json format",
),
),
],
encoding="application/json",
)
permission_classes = (permissions.AllowAny, )
serializer_class = serializers.QuizSerializer
queryset = models.Vote.objects.all()
class TokenLogin(APIView):
throttle_classes = ()
permission_classes = ()
parser_classes = (
parsers.FormParser,
parsers.MultiPartParser,
parsers.JSONParser,
)
renderer_classes = (renderers.JSONRenderer, )
serializer_class = AuthTokenSerializer
if coreapi_schema.is_enabled():
schema = ManualSchema(
fields=[
coreapi.Field(
name="username",
required=True,
location='form',
schema=coreschema.String(
title="Username",
description="Valid username for authentication",
),
),
coreapi.Field(
name="password",
required=True,
location='form',
schema=coreschema.String(
title="Password",
description="Valid password for authentication",
),
),
],
encoding="application/json",
)
def get_serializer_context(self):
return {
'request': self.request,
'format': self.format_kwarg,
'view': self
}
def get_serializer(self, *args, **kwargs):
kwargs['context'] = self.get_serializer_context()
return self.serializer_class(*args, **kwargs)
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
user.last_login = timezone.now()
if Token.objects.filter(user=user).exists():
Token.objects.get(user=user).delete()
token = Token.objects.create(user=user)
token, created = Token.objects.get_or_create(user=user)
response = Response(status=status.HTTP_200_OK)
response.set_cookie(settings.AUTH_HTTP_COOKIE,
token.key,
expires=timezone.now() +
datetime.timedelta(days=1),
secure=settings.SESSION_COOKIE_SECURE,
httponly=True,
samesite="Strict")
# response.cookies[settings.AUTH_HTTP_COOKIE]['httponly'] = True
return response
class CreateUserAPIView(generics.CreateAPIView):
# Allow any user (authenticated or not) to access this url
permission_classes = (permissions.AllowAny, )
queryset = models.User.objects.all()
serializer_class = serializers.UserSerializer
if coreapi_schema.is_enabled():
schema = ManualSchema(
fields=[
coreapi.Field(
name="email",
required=True,
location='form',
schema=coreschema.String(
title="Email",
description="Valid email for authentication",
),
),
coreapi.Field(
name="username",
required=True,
location='form',
schema=coreschema.String(
title="Username",
description="user login",
),
),
coreapi.Field(
name="password",
required=True,
location='form',
schema=coreschema.String(
title="Password",
description="Valid password for authentication",
),
),
coreapi.Field(
name="first_name",
required=True,
location='form',
schema=coreschema.String(
title="First name",
description="user first name",
),
),
coreapi.Field(
name="last_name",
required=True,
location='form',
schema=coreschema.String(
title="Last name",
description="user last name",
),
),
coreapi.Field(
name="is_staff",
required=True,
location='form',
schema=coreschema.Boolean(
title="User status",
description="is user staff",
),
),
],
encoding="application/json",
)
