def validate(self, attrs):
login_id = attrs.get('username')
password = attrs.get('password')
platform = attrs.get('platform', None)
device_id = attrs.get('device_id', None)
device_name = attrs.get('device_name', None)
client_version = attrs.get('client_version', None)
platform_version = attrs.get('platform_version', None)
v2_fields = (platform, device_id, device_name)
# Decide the version of token we need
if all_none(v2_fields):
v2 = False
elif all_not_none(v2_fields):
v2 = True
else:
raise serializers.ValidationError('invalid params')
username = Profile.objects.get_username_by_login_id(login_id)
if username is None:
username = login_id
if username and password:
user = authenticate(username=username, password=password)
if user:
if not user.is_active:
raise serializers.ValidationError('User account is disabled.')
else:
raise serializers.ValidationError('Unable to login with provided credentials.')
else:
raise serializers.ValidationError('Must include "username" and "password"')
populate_user_permissions(user)
if platform in DESKTOP_PLATFORMS:
if not user.permissions.can_connect_with_desktop_clients():
raise serializers.ValidationError('Not allowed to connect to desktop client.')
elif platform == 'android':
if not user.permissions.can_connect_with_android_clients():
raise serializers.ValidationError('Not allowed to connect to android client.')
elif platform == 'ios':
if not user.permissions.can_connect_with_ios_clients():
raise serializers.ValidationError('Not allowed to connect to ios client.')
else:
logger.info('%s: unrecognized device' % login_id)
self._two_factor_auth(self.context['request'], user)
# Now user is authenticated
if v2:
token = get_token_v2(self.context['request'], username, platform, device_id, device_name,
client_version, platform_version)
else:
token = get_token_v1(username)
return token.key
def authenticate_v2(self, request, key):
try:
token = TokenV2.objects.get(key=key)
except TokenV2.DoesNotExist:
# Continue authentication in token v1
return None
if token.wiped_at:
raise DeviceRemoteWipedException('Device set to be remote wiped')
try:
user = User.objects.get(email=token.user)
except User.DoesNotExist:
raise AuthenticationFailed('User inactive or deleted')
if MULTI_TENANCY:
orgs = ccnet_api.get_orgs_by_user(token.user)
if orgs:
user.org = orgs[0]
populate_user_permissions(user)
if user.is_active:
need_save = False
# We update the device's last_login_ip, client_version, platform_version if changed
ip = get_client_ip(request)
if ip and ip != token.last_login_ip:
token.last_login_ip = ip
need_save = True
client_version = request.META.get(HEADER_CLIENT_VERSION, '')
if client_version and client_version != token.client_version:
token.client_version = client_version
need_save = True
platform_version = request.META.get(HEADER_PLATFORM_VERSION, '')
if platform_version and platform_version != token.platform_version:
token.platform_version = platform_version
need_save = True
if not within_time_range(token.last_accessed,
datetime.datetime.now(), 10 * 60):
# We only need 10min precision for the last_accessed field
need_save = True
if need_save:
try:
token.save()
except:
logger.exception('error when save token v2:')
return (user, token)
def authenticate_v2(self, request, key):
try:
token = TokenV2.objects.get(key=key)
except TokenV2.DoesNotExist:
# Continue authentication in token v1
return None
if token.wiped_at:
raise DeviceRemoteWipedException('Device set to be remote wiped')
try:
user = User.objects.get(email=token.user)
except User.DoesNotExist:
raise AuthenticationFailed('User inactive or deleted')
if MULTI_TENANCY:
orgs = seaserv.get_orgs_by_user(token.user)
if orgs:
user.org = orgs[0]
populate_user_permissions(user)
if user.is_active:
need_save = False
# We update the device's last_login_ip, client_version, platform_version if changed
ip = get_client_ip(request)
if ip and ip != token.last_login_ip:
token.last_login_ip = ip
need_save = True
client_version = request.META.get(HEADER_CLIENT_VERSION, '')
if client_version and client_version != token.client_version:
token.client_version = client_version
need_save = True
platform_version = request.META.get(HEADER_PLATFORM_VERSION, '')
if platform_version and platform_version != token.platform_version:
token.platform_version = platform_version
need_save = True
if not within_time_range(token.last_accessed, datetime.datetime.now(), 10 * 60):
# We only need 10min precision for the last_accessed field
need_save = True
if need_save:
try:
token.save()
except:
logger.exception('error when save token v2:')
return (user, token)
def authenticate_v1(self, request, key):
try:
token = Token.objects.get(key=key)
except Token.DoesNotExist:
raise AuthenticationFailed('Invalid token')
try:
user = User.objects.get(email=token.user)
except User.DoesNotExist:
raise AuthenticationFailed('User inactive or deleted')
if MULTI_TENANCY:
orgs = seaserv.get_orgs_by_user(token.user)
if orgs:
user.org = orgs[0]
populate_user_permissions(user)
if user.is_active:
return (user, token)
def authenticate_v1(self, request, key):
try:
token = Token.objects.get(key=key)
except Token.DoesNotExist:
raise AuthenticationFailed('Invalid token')
try:
user = User.objects.get(email=token.user)
except User.DoesNotExist:
raise AuthenticationFailed('User inactive or deleted')
if MULTI_TENANCY:
orgs = ccnet_api.get_orgs_by_user(token.user)
if orgs:
user.org = orgs[0]
populate_user_permissions(user)
if user.is_active:
return (user, token)
def validate(self, attrs):
login_id = attrs.get('username')
password = attrs.get('password')
platform = attrs.get('platform', None)
device_id = attrs.get('device_id', None)
device_name = attrs.get('device_name', None)
client_version = attrs.get('client_version', None)
platform_version = attrs.get('platform_version', None)
v2_fields = (platform, device_id, device_name)
# Decide the version of token we need
if all_none(v2_fields):
v2 = False
elif all_not_none(v2_fields):
v2 = True
else:
raise serializers.ValidationError('invalid params')
username = Profile.objects.get_username_by_login_id(login_id)
if username is None:
username = login_id
p_id = ccnet_api.get_primary_id(username)
if p_id is not None:
username = p_id
if username and password:
user = authenticate(username=username, password=password)
if user:
if not user.is_active:
raise serializers.ValidationError(
'User account is disabled.')
else:
raise serializers.ValidationError(
'Unable to login with provided credentials.')
else:
raise serializers.ValidationError(
'Must include "username" and "password"')
populate_user_permissions(user)
self._two_factor_auth(self.context['request'], user)
# Now user is authenticated
if v2:
if platform in DESKTOP_PLATFORMS:
if not user.permissions.can_connect_with_desktop_clients():
raise serializers.ValidationError(
'Not allowed to connect to desktop client.')
elif platform == 'android':
if not user.permissions.can_connect_with_android_clients():
raise serializers.ValidationError(
'Not allowed to connect to android client.')
elif platform == 'ios':
if not user.permissions.can_connect_with_ios_clients():
raise serializers.ValidationError(
'Not allowed to connect to ios client.')
else:
logger.info('%s: unrecognized device' % login_id)
token = get_token_v2(self.context['request'], username, platform,
device_id, device_name, client_version,
platform_version)
else:
token = get_token_v1(username)
return token.key
