Ejemplo n.º 1
0
    def post(self, request, *args, **kwargs):
        url, headers, body, status = self.create_token_response(request)
        if status == 200:
            body = json.loads(body)
            access_token = body.get("access_token")
            if access_token is not None:
                token = get_access_token_model().objects.get(
                    token=access_token)
                app_authorized.send(sender=self, request=request, token=token)
                body = CustomResponse.build_response(True, body)
                body = json.dumps(body)
                response = HttpResponse(content=body, status=200)
                for k, v in headers.items():
                    response[k] = v
                return response
        else:
            body = json.loads(body)
            body['error'] = 'Username or Password is incorrect'
            body = CustomResponse.build_response(False, [body['error']])
            body = json.dumps(body)

            response = HttpResponse(content=body, status=422)
            for k, v in headers.items():
                response[k] = v
            return response
Ejemplo n.º 2
0
 def post(self, request, *args, **kwargs):
     url, headers, body, status = self.create_token_response(request)
     if status == 200:
         body = json.loads(body)
         access_token = body.get("access_token")
         if access_token is not None:
             token = get_access_token_model().objects.get(
                 token=access_token)
             app_authorized.send(sender=self, request=request, token=token)
             role = 'user'
             if token.user.is_staff == 1:
                 role = 'admin'
             body['role'] = role
             body = json.dumps(body)
     response = HttpResponse(content=body, status=status)
     for k, v in headers.items():
         response[k] = v
     return response
Ejemplo n.º 3
0
 def post(self, request, *args, **kwargs):
     url, headers, body, status = self.create_token_response(request)
     if status == 200:
         body = json.loads(body)
         access_token = body.get("access_token")
         if access_token is not None:
             token = get_access_token_model().objects.get(
                 token=access_token)
             app_authorized.send(sender=self, request=request, token=token)
             body['investor'] = {
                 'id': token.user.id,
                 'username': token.user.username
             }
             body = json.dumps(body)
     response = HttpResponse(content=body, status=status)
     for k, v in headers.items():
         response[k] = v
     return response
Ejemplo n.º 4
0
    def post(self, request, *args, **kwargs):
        tenant_name = request.GET.get("tenant");
        if tenant_name is None:
            raise APIException('A tenant name is mandatory.')
        try:
            tenant = Tenant.objects.get(tenant_name=tenant_name)
        except ObjectDoesNotExist as ex:
            raise APIException(TenantAPIErrors.API_ERROR_TENANT_NOT_FOUND["message"])

        if tenant is not None:
            """ TENANT AWARE - START """
            TenantUtils.set_current_tenant(tenant, request)
            """ TENANT AWARE - END """
            url, headers, body, status = self.create_token_response(request)
            if status == 200:
                body = json.loads(body)
                access_token = body.get("access_token")
                refresh_token = body.get("refresh_token")
                if access_token is not None:
                    token = get_access_token_model().objects.get(token=access_token)
                    # token = jwt.encode({'token': token}, '0VYVGEHMlXDDsdKloKKyHVr8e5slQd7r', algorithm='HS256')
                    app_authorized.send(
                        sender=self, request=request,
                        token=token)
                    access_token_object = {
                        "token": access_token,
                        "tenant": tenant_name,
                        "user": {
                            "username": token.user.username,
                            "email": token.user.email
                        }
                    }
                    refresh_token_object = {
                        "token": refresh_token
                    }
                    body["access_token"] = JWTUtils.encode_access_token(payload=access_token_object)
                    body["refresh_token"] = JWTUtils.encode_refresh_token(payload=refresh_token_object)
                    body = json.dumps(body)
            response = HttpResponse(content=body, status=status)
            for k, v in headers.items():
                response[k] = v
        else:
            raise APIException(TenantAPIErrors.API_ERROR_TENANT_NOT_FOUND["message"])
        return response
Ejemplo n.º 5
0
    def post(self, request):

        data = request.POST
        cred_key = 'HTTP_AUTHORIZATION'
        scopes = data.get('scope')
        if cred_key not in request.META:
            if 'client_id' in data and 'client_secret' in data:
                client_id = data.get('client_id')
                client_secret = data.get('client_secret')
            else:
                return Response({'message': 'invalid client credential'}, status=404)
        else:
            client_id, client_secret = decode_credential(request.META[cred_key])

        try:
            app = Application.objects.filter(client_id=client_id).first()

            if app is not None:
                app_user = app.user
                if scopes is not None:
                    scopes = scopes.split(" ")
                    res = check_scope(scopes, app_user)
                    if not res:
                        return Response({'message': 'unauthorize'}, status=403)
            else:
                return Response({'message': 'client not found'}, status=404)
            AccessToken.objects.filter(application=app).delete()
        except Exception as e:

            return Response(str(e), status=400)
        url, headers, body, status = self.create_token_response(request)
        if status == 200:
            access_token = json.loads(body).get("access_token")
            if access_token is not None:
                token = get_access_token_model().objects.get(
                    token=access_token)
                app_authorized.send(
                    sender=self, request=request,
                    token=token)
        response = HttpResponse(content=body, status=status)

        for k, v in headers.items():
            response[k] = v
        return response
Ejemplo n.º 6
0
    def post(self, request, *args, **kwargs):
        """
          Generate user's access token
        """
        url, headers, body, status = self.create_token_response(request)
        content = {}
        if status == 200:
            access_token = json.loads(body).get("access_token")
            if access_token is not None:
                token = get_access_token_model().objects.get(
                    token=access_token)
                app_authorized.send(
                    sender=self, request=request,
                    token=token)

                # Only access_token in response
                content = {'access_token': access_token}

        return HttpResponse(content=json.dumps(content), status=status)
 def post(self, request, *args, **kwargs):
     url, headers, body, status = self.create_token_response(request)
     if status == 200:
         body = json.loads(body)
         access_token = body.get("access_token")
         if access_token is not None:
             token = get_access_token_model().objects.get(
                 token=access_token)
             app_authorized.send(sender=self, request=request, token=token)
             # drop refresh token from response
             body.pop('refresh_token', None)
             # add username and role to response
             body['user'] = {
                 'username': token.user.username,
                 'role': token.user.role,
                 'email': token.user.email
             }
             body = json.dumps(body)
     response = HttpResponse(content=body, status=status)
     for k, v in headers.items():
         response[k] = v
     return response
Ejemplo n.º 8
0
    def post(self, request, *args, **kwargs):
        url, headers, body, status = self.create_token_response(request)
        if status == 200:
            body = json.loads(body)
            access_token = body.get("access_token")
            if access_token is not None:
                token = get_access_token_model().objects.get(
                    token=access_token)
                app_authorized.send(sender=self, request=request, token=token)
                body['posto'] = {'cnpj': token.user.posto.cnpj}
                try:
                    body['posto']['preco'] = {
                        'aditivada': token.user.posto.preco.aditivada
                    }
                except:
                    pass
                body = json.dumps(body)
        response = HttpResponse(content=body, status=status)

        for k, v in headers.items():
            response[k] = v
        return response
Ejemplo n.º 9
0
    def post(self, request, *args, **kwargs):
        url, headers, body, status = self.create_token_response(request)
        resp = None
        if status == 200:
            access_token = json.loads(body).get("access_token")
            if access_token is not None:
                token = get_access_token_model().objects.get(
                    token=access_token)
                app_authorized.send(sender=self, request=request, token=token)
            resp = body
        else:
            body = json.loads(body)
            resp = {'error': {'code': body['error']}}
            if 'error_description' in body:
                resp['error']['description'] = body['error_description']
            else:
                resp['error']['description'] = body['error']
            resp = json.dumps(resp)
        response = HttpResponse(content=resp, status=status)

        for k, v in headers.items():
            response[k] = v
        return response
Ejemplo n.º 10
0
    def post(self, request, *args, **kwargs):
        augment_request_auth(request)
        url, headers, body, status = self.create_token_response(request)
        json_body = json.loads(body)

        if status == 200:
            access_token = json.loads(body).get("access_token")
            if access_token is not None:
                token = get_access_token_model().objects.get(
                    token=access_token)
                app_authorized.send(sender=self, request=request, token=token)
                response_body = {'access_token': access_token}
                response_body['profile'] = {
                    'id': token.user.id,
                    'username': token.user.username,
                    'first_name': token.user.first_name,
                    'last_name': token.user.last_name,
                    'email': token.user.email
                }
        response = Response(response_body, status=status)
        for k, v in headers.items():
            response[k] = v
        return response
Ejemplo n.º 11
0
    def form_valid(self, form):
        client_id = form.cleaned_data["client_id"]
        application = get_application_model().objects.get(client_id=client_id)
        credentials = {
            "client_id":
            form.cleaned_data.get("client_id"),
            "redirect_uri":
            form.cleaned_data.get("redirect_uri"),
            "response_type":
            form.cleaned_data.get("response_type", None),
            "state":
            form.cleaned_data.get("state", None),
            "code_challenge":
            form.cleaned_data.get("code_challenge", None),
            "code_challenge_method":
            form.cleaned_data.get("code_challenge_method", None),
        }
        scopes = form.cleaned_data.get("scope")
        allow = form.cleaned_data.get("allow")

        try:
            uri, headers, body, status = self.create_authorization_response(
                request=self.request,
                scopes=scopes,
                credentials=credentials,
                allow=allow)
        except OAuthToolkitError as error:
            return self.error_response(error, application)

        app_authorized.send(sender=self,
                            request=self.request,
                            token=None,
                            application=application)

        self.success_url = uri
        log.debug("Success url for the request: {0}".format(self.success_url))
        return self.redirect(self.success_url, application)
Ejemplo n.º 12
0
    def post(self, request, *args, **kwargs):
        url, headers, body, status = self.create_token_response(request)
        if status == 200:
            json_body = json.loads(body)
            access_token = json_body.get('access_token')
            if access_token is not None:
                token = get_access_token_model().objects.get(
                    token=access_token)

                # --- customization starts here

                WRITE_SCOPE = 'write'
                print("#############################")
                user = token.user
                print(token.user)
                print(type(token.user))
                scopes = json_body.get('scope').split()
                print(user.__dict__)
                if (WRITE_SCOPE in scopes and not (user.is_staff)):
                    scopes.remove(WRITE_SCOPE)
                    scope = ' '.join(scopes)

                    token.scope = scope
                    token.save()

                    json_body['scope'] = scope
                    body = json.dumps(json_body)

                # --- customization ends here

                app_authorized.send(sender=self, request=request, token=token)
        response = HttpResponse(content=body, status=status)

        for k, v in headers.items():
            response[k] = v
        return response