def permission_denied(self, request):
"""
If request is not permitted, determine what kind of exception to raise.
"""
if not request.successful_authenticator:
raise exceptions.NotAuthenticated()
raise exceptions.PermissionDenied()
def get_user_for_application_token(token:str) -> object:
"""
Given an application token it tries to find an associated user
"""
app_token = apps.get_model("external_apps", "ApplicationToken").objects.filter(token=token).first()
if not app_token:
raise exc.NotAuthenticated(_("Invalid token"))
return app_token.user
def authorize(self, request, pk=None):
if self.request.user.is_anonymous():
raise exc.NotAuthenticated(_("Authentication required"))
application_id = request.DATA.get("application", None)
state = request.DATA.get("state", None)
application_token = services.authorize_token(application_id, request.user, state)
auth_code_data = serializers.AuthorizationCodeSerializer(application_token).data
return response.Ok(auth_code_data)
def get_queryset(self):
if self.request.user.is_anonymous:
raise exc.NotAuthenticated(_("Authentication required"))
queryset = models.ApplicationToken.objects.filter(user=self.request.user)
application_id = self.request.QUERY_PARAMS.get("application", None)
if application_id:
queryset = queryset.filter(application_id=application_id)
return queryset
def get_user_for_token(token):
"""
Given a selfcontained token, try parse and
unsign it.
If token passes a validation, returns
a user instance corresponding with user_id stored
in the incoming token.
"""
try:
data = signing.loads(token)
except signing.BadSignature:
raise exc.NotAuthenticated("Invalid token")
model_cls = get_model("users", "User")
try:
user = model_cls.objects.get(pk=data["user_id"])
except model_cls.DoesNotExist:
raise exc.NotAuthenticated("Invalid token")
else:
return user
def get_user_for_token(token, scope, max_age=None):
"""
Given a selfcontained token and a scope try to parse and
unsign it.
If max_age is specified it checks token expiration.
If token passes a validation, returns
a user instance corresponding with user_id stored
in the incoming token.
"""
try:
data = signing.loads(token, max_age=max_age)
except signing.BadSignature:
raise exc.NotAuthenticated(_("Invalid token"))
model_cls = apps.get_model("users", "User")
try:
user = model_cls.objects.get(pk=data["user_%s_id" % (scope)])
except (model_cls.DoesNotExist, KeyError):
raise exc.NotAuthenticated(_("Invalid token"))
else:
return user
def token(self, request, *args, **kwargs):
if self.request.user.is_anonymous():
raise exc.NotAuthenticated(_("Authentication required"))
application = get_object_or_404(models.Application, **kwargs)
self.check_permissions(request, 'token', request.user)
try:
application_token = models.ApplicationToken.objects.get(user=request.user, application=application)
application_token.update_auth_code()
application_token.state = request.GET.get("state", None)
application_token.save()
except models.ApplicationToken.DoesNotExist:
application_token = models.ApplicationToken(
user=request.user,
application=application
)
auth_code_data = serializers.ApplicationTokenSerializer(application_token).data
return response.Ok(auth_code_data)
def get_queryset(self):
if self.request.user.is_anonymous():
raise exc.NotAuthenticated(_("Authentication required"))
return models.ApplicationToken.objects.filter(user=self.request.user)