def post(self, request, format=None): token_limit_per_user = self.get_token_limit_per_user() if token_limit_per_user is not None: now = timezone.now() token = request.user.auth_token_set.filter(expiry__gt=now) if token.count() >= token_limit_per_user: return Response( {"error": "Maximum amount of tokens allowed per user exceeded."}, status=status.HTTP_403_FORBIDDEN ) token_ttl = self.get_token_ttl() instance, token = AuthToken.objects.create(request.user, token_ttl) user_logged_in.send(sender=request.user.__class__, request=request, user=request.user) UserSerializer = self.get_user_serializer_class() data = { 'expiry': instance.expiry, 'token': token } if UserSerializer is not None: data["user"] = UserSerializer( request.user, context=self.get_context() ).data return Response(data)
def process_request(self, request): if "HTTP_X_FORWARDED_FOR" in request.META: request.META["HTTP_X_PROXY_REMOTE_ADDR"] = request.META["REMOTE_ADDR"] parts = request.META["HTTP_X_FORWARDED_FOR"].split(",", 1) request.META["REMOTE_ADDR"] = parts[0] useragent = request.META.get('HTTP_USER_AGENT', '') if useragent: request.META['HTTP_USER_AGENT'] = useragent.replace('FrontendTest', '') is_running_tests = ('FrontendTest' in useragent or getattr(settings, 'TEST', False)) user = getattr(request, 'user', None) if user and user.is_anonymous() and not is_running_tests: remoteip = request.META.get('REMOTE_ADDR') remotehost = request.META.get('REMOTE_HOST') is_auto_allowed = ( (remoteip in LOCALHOST or remotehost == 'localhost') or (remoteip and remoteip in (CONVERSION_SERVER_HOST, CAPTURE_SERVER_HOST)) or (remotehost and remotehost in (CONVERSION_SERVER_HOST, CAPTURE_SERVER_HOST)) ) if is_auto_allowed: logger.info("Auto-login for %s/%s" % (remoteip, remotehost)) user = get_internal_user() try: user_logged_in.send(self, user=user, request=request) except DatabaseError: logger.error("Could not update last-login field of internal user") request.user = user return None
def obj_create(self, bundle, request, **kwargs): with statsd.timer("auth.browserid.verify"): profile, msg = browserid_authenticate( request, bundle.data["assertion"], browserid_audience=bundle.data["audience"], is_native=bundle.data.get("is_native", False), ) if profile is None: log.info("No profile") raise http_error(http.HttpUnauthorized, "No profile.") request.user, request.amo_user = profile.user, profile request.groups = profile.groups.all() # TODO: move this to the signal. profile.log_login_attempt(True) user_logged_in.send(sender=profile.user.__class__, request=request, user=profile.user) bundle.data = { "error": None, "token": self.get_token(request.user.email), "settings": {"display_name": request.amo_user.display_name, "email": request.user.email}, } bundle.data.update(PermissionResource().dehydrate(Bundle(request=request)).data) return bundle
def create(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) serializer.save() try: email = request.data['email'].lower().strip() user = User.objects.get(email=email) payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) obj_setting = Setting.objects.get(user_id=user) user_details = { 'user_id': user.id, 'name': user.name, 'lang': str(obj_setting.lang), } user_details['token'] = token user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details) except KeyError: res = {'detail': 'error in the data entry process'} return Response(res, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): try: email = request.data['email'] password = request.data['password'] user = User.objects.get(email=email, password=password) if user: try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) user_logged_in.send(sender=user.__class__, request=request, user=user) response = { 'name':"%s %s" % (user.first_name, user.last_name), 'token':token, 'status':status.HTTP_200_OK } return Response(response) except Exception as e: raise e else: response = { 'error': 'invalid email or password or the account has been deactivated', 'status':status.HTTP_403_FORBIDDEN } return Response(response) except KeyError: response = { 'error': 'please provide a email and a password', 'status':status.HTTP_403_FORBIDDEN } return Response(response)
def authenticate_user(request): try: email = request.data['email'] password = request.data['password'] user = User.objects.filter(email=email, password=password) if user: user = user.first() if user.verified == False: res = {'error': 'User is not verified yet.'} return Response(res, status=status.HTTP_403_FORBIDDEN) try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) user_details = {} user_details['name'] = "%s %s" % (user.first_name, user.last_name) user_details['token'] = token user_details['email'] = user.email user_logged_in.send(sender=user.__class__, request=request, user=user) print(user_details) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e else: res = {'error': 'User with given credentials does not exists.'} return Response(res, status=status.HTTP_403_FORBIDDEN) except KeyError: res = {'error': 'please provide a email and a password'} return Response(res)
def post(self, request, format=None): token_limit_per_user = self.get_token_limit_per_user() if token_limit_per_user is not None: now = timezone.now() token = request.user.auth_token_set.filter(expires__gt=now) if token.count() >= token_limit_per_user: return Response( { "error": "Maximum amount of tokens allowed per user exceeded." }, status=status.HTTP_403_FORBIDDEN) token_ttl = self.get_token_ttl() token = AuthToken.objects.create(request.user, token_ttl) user_logged_in.send(sender=request.user.__class__, request=request, user=request.user) UserSerializer = self.get_user_serializer_class() if UserSerializer is None: return Response({'token': token}) context = self.get_context() return Response({ 'user': UserSerializer(request.user, context=context).data, 'token': token, })
def test_swap_customer_on_login(self): """ Test that when logging in as a User with an existing Customer, that one is set on the request while the anonymous interim customer object is deleted. """ request = self.factory.post('/shop/auth/login/', follow=True) request.user = self.bart old_customer = Customer() old_customer.save() request.session = { 'session_key': 'bart_swap', SESSION_KEY: old_customer.pk, } request.customer = self.bart.customer user_logged_in.send(sender=self.bart.__class__, request=request, user=self.bart) try: Customer.objects.get_customer(request, force_unauth=True) except Customer.DoesNotExist: pass else: self.fail("""Unauthenticated customer should be deleted on login by a User with existing Customer""") self.assertEqual(request.customer, self.bart.customer)
def create_or_update_user(user_id, attr): """ Currently, attr must be one of ("douban", "twitter") """ if not user_id or not attr: return if attr not in ("douban", "twitter"): return username = attr + "_" + user_id if User.objects.filter(username=username).exists(): user = User.objects.get(username=username) else: user = User.objects.create_user(username=username) try: profile = user.get_profile() except UserProfile.DoesNotExist: profile = UserProfile.objects.create(user=user) attr_name = attr + '_id' if getattr(profile, attr_name) != user_id: setattr(profile, attr_name, user_id) profile.save() if attr == 'twitter': try: api = get_twitter_private_api() api.CreateFriendship(user_id) except: pass user_logged_in.send(sender=user.__class__, user=user) return user
def post(self, request, format=None): token = AuthToken.objects.create(request.user) user_logged_in.send(sender=request.user.__class__, request=request, user=request.user) return Response({ "user": UserSerializer(request.user).data, "token": token, })
def obj_create(self, bundle, request, **kwargs): with statsd.timer('auth.browserid.verify'): profile, msg = browserid_authenticate( request, bundle.data['assertion'], browserid_audience=bundle.data['audience'], is_native=bundle.data.get('is_native', False)) if profile is None: log.info('No profile') raise http_error(http.HttpUnauthorized, 'No profile.') request.user, request.amo_user = profile.user, profile request.groups = profile.groups.all() # TODO: move this to the signal. profile.log_login_attempt(True) user_logged_in.send(sender=profile.user.__class__, request=request, user=profile.user) bundle.data = { 'error': None, 'token': self.get_token(request.user.email), 'settings': { 'display_name': request.amo_user.display_name, 'email': request.user.email, } } bundle.data.update(PermissionResource().dehydrate( Bundle(request=request)).data) return bundle
def obj_create(self, bundle, request, **kwargs): with statsd.timer('auth.browserid.verify'): profile, msg = browserid_authenticate( request, bundle.data['assertion'], browserid_audience=bundle.data['audience'], is_native=bundle.data.get('is_native', False) ) if profile is None: log.info('No profile: %s' % (msg or '')) raise http_error(http.HttpUnauthorized, 'No profile.') request.user, request.amo_user = profile.user, profile request.groups = profile.groups.all() # TODO: move this to the signal. profile.log_login_attempt(True) user_logged_in.send(sender=profile.user.__class__, request=request, user=profile.user) bundle.data = { 'error': None, 'token': self.get_token(request.amo_user.email), 'settings': { 'display_name': request.amo_user.display_name, 'email': request.amo_user.email, } } bundle.data.update(PermissionResource() .dehydrate(Bundle(request=request)).data) return bundle
def authenticate_user(request): try: email = request.data['email'] password = request.data['password'] user = User.objects.get(email=email, password=password) if user: try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) user_details = {} user_details['name'] = "%s %s" % (user.first_name, user.last_name) user_details['token'] = token user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e else: res = { 'error': 'can not authenticate with the given credentials or the account has been deactivated' } return Response(res, status=status.HTTP_403_FORBIDDEN) except KeyError: res = {'error': 'please provide an email and a password'} return Response(res)
def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) if serializer.is_valid(): user = serializer.object.get('user') or request.user token = serializer.object.get('token') response_data = jwt_response_payload_handler(token, user, request) try: user_logged_in.send(sender=user.__class__, request=request, user=user) except Exception as e: print(e) response = Response(response_data) # if api_settings.JWT_AUTH_COOKIE: # expiration = (datetime.utcnow() + # api_settings.JWT_EXPIRATION_DELTA) # response.set_cookie(api_settings.JWT_AUTH_COOKIE, # token, # expires=expiration, # httponly=True) return response data_error = { 'success': False, 'detail': "Usuario o contraseña inválido" } return JsonResponse(data_error, status=status.HTTP_400_BAD_REQUEST)
def authenticate_user(request): try: username = request.data['username'] password = request.data['password'] user = User.objects.get(username=username) if user.check_password(password): try: payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) user_details = {} user_details['token'] = token user_details['userID'] = '{}'.format(user.id) user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e else: res = { 'error': 'Can not authenticate with the given credentials. The account might have been deactivated.' } return Response(res, status=status.HTTP_403_FORBIDDEN) except User.DoesNotExist: res = { 'error': 'Can not authenticate with the given credentials. The account might have been deactivated.' } return Response(res, status=status.HTTP_403_FORBIDDEN) except KeyError: res = {'error': 'Please provide a username and a password.'} return Response(res, status=status.HTTP_403_FORBIDDEN)
def create_simple_regester_token(email, password, request): try: user = User.objects.get(email=email) if user and user.check_password(password): try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) user_details = {} user_details['token'] = token user_details['login'] = True user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_201_CREATED) except Exception as e: raise e else: res = { 'error': 'can not authenticate with the given credentials or the account has been deactivated' } return Response(res, status=status.HTTP_403_FORBIDDEN) except ObjectDoesNotExist: res = { 'error': 'can not authenticate with the given credentials or the account has been deactivated', 'login': False } return Response(res, status=status.HTTP_403_FORBIDDEN)
def authenticate_user(request): try: rut = request.data['rut'] password = request.data['password'] if User.objects.filter(rut=rut).exists(): user = User.objects.get(rut=rut) else: res = {'request': False, 'error': 'no puede autenticarse con las credenciales dadas o la cuenta ha sido desactivada'} return Response(res, status=status.HTTP_403_FORBIDDEN) if user.check_password(password): try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) serializer = DespachadorSerializer(user) print(serializer) resp = {} resp['request']= True resp['data']= { 'token': token, 'info': serializer.data } user_logged_in.send(sender=user.__class__, request=request, user=user) # almacenamos el último tiempo de inicio de sesión del usuario con este código. return Response(resp, status=status.HTTP_200_OK) except Exception as e: raise e else: res = {'request': False, 'error': 'no puede autenticarse con las credenciales dadas o la cuenta ha sido desactivada'} return Response(res, status=status.HTTP_403_FORBIDDEN) except KeyError: res = {'request': False, 'error': 'por favor proporcione un rut y una password'} return Response(res, status=status.HTTP_403_FORBIDDEN)
def __call__(self, request): if "HTTP_X_FORWARDED_FOR" in request.META: request.META["HTTP_X_PROXY_REMOTE_ADDR"] = request.META[ "REMOTE_ADDR"] parts = request.META["HTTP_X_FORWARDED_FOR"].split(",", 1) request.META["REMOTE_ADDR"] = parts[0] useragent = request.META.get('HTTP_USER_AGENT', '') if useragent: request.META['HTTP_USER_AGENT'] = useragent.replace( 'FrontendTest', '') is_running_tests = ('FrontendTest' in useragent or getattr(settings, 'TEST', False)) user = getattr(request, 'user', None) if user and user.is_anonymous and not is_running_tests: remoteip = request.META.get('REMOTE_ADDR') if remoteip in AUTOLOGIN_IPS: user = get_internal_user() try: user_logged_in.send(self, user=user, request=request) except DatabaseError as exc: print(exc) request.user = user return self.get_response(request)
def process_request(self, request): useragent = request.META.get('HTTP_USER_AGENT', '') if useragent: request.META['HTTP_USER_AGENT'] = useragent.replace('FrontendTest', '') is_running_tests = ('FrontendTest' in useragent or getattr(settings, 'TEST', False)) user = getattr(request, 'user', None) if user and user.is_anonymous() and not is_running_tests: remoteip = request.META.get('REMOTE_ADDR') remotehost = request.META.get('REMOTE_HOST') is_auto_allowed = ( (remoteip in LOCALHOST or remotehost == 'localhost') or (remoteip and remoteip in (CONVERSION_SERVER_HOST, CAPTURE_SERVER_HOST)) or (remotehost and remotehost in (CONVERSION_SERVER_HOST, CAPTURE_SERVER_HOST)) ) if is_auto_allowed: logger.info("Auto-login for %s/%s" % (remoteip, remotehost)) user = get_internal_user() try: user_logged_in.send(self, user=user, request=request) except DatabaseError: logger.error("Could not update last-login field of internal user") request.user = user return None
def create_action(self, request, serializer): with statsd.timer('auth.browserid.verify'): profile, msg = browserid_authenticate( request, serializer.data['assertion'], browserid_audience=serializer.data['audience'], is_mobile=serializer.data['is_mobile'], ) if profile is None: # Authentication failure. log.info('No profile: %s' % (msg or '')) raise AuthenticationFailed('No profile.') request.user, request.amo_user = profile.user, profile request.groups = profile.groups.all() # TODO: move this to the signal. profile.log_login_attempt(True) user_logged_in.send(sender=profile.user.__class__, request=request, user=profile.user) # We want to return completely custom data, not the serializer's. data = { 'error': None, 'token': self.get_token(request.amo_user.email), 'settings': { 'display_name': request.amo_user.display_name, 'email': request.amo_user.email, } } permissions = PermissionsSerializer(context={'request': request}) data.update(permissions.data) return data
def authenticate_user(request): try: jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER name = request.data['name'] password = request.data['password'] try: user = User.objects.get(name=name) except ObjectDoesNotExist: res = {'error': 'Неверный логин или пароль'} return Response(res, status=status.HTTP_403_FORBIDDEN) if check_password(password, user.password): try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) user_details = {} user_details['name'] = user.name user_details['token'] = token user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e else: res = {'error': 'Неверный логин или пароль'} return Response(res, status=status.HTTP_403_FORBIDDEN) except: res = {'error': 'Проверьте правильность введенных данных.'} return Response(res, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): try: email = request.data['email'] password = request.data['password'] except (KeyError, TypeError): raise ParseError() if not isinstance(email, str) or not isinstance(password, str): raise ParseError() user = authenticate( request=request, email=email, password=password, ) if user is None: raise AuthenticationFailed('Invalid credentials') try: user.profile except models.UserProfile.DoesNotExist: raise AuthenticationFailed('User has no profile') token, _ = Token.objects.get_or_create(user=user) user_logged_in.send( sender=user.__class__, request=request, user=user, ) return Response({ 'token': token.key, })
def log_in(user, request): token = generate_token(user) user_details = {} user_details['id'] = str(user.id) user_details['token'] = token.decode('utf8') user_logged_in.send(sender=user.__class__, request=request, user=user) return user_details
def login(request, user, expiration=True, auth_slug=None, related_objs=None, backend=None, allowed_cookie=True, allowed_header=True): """ Persist token into database. Token is stored inside cookie therefore is not necessary reauthenticate user for every request. """ related_objs = related_objs if related_objs is not None else () if user is None: user = request.user try: backend = backend or user.backend except AttributeError: backends = _get_backends(return_tuples=True) if len(backends) == 1: _, backend = backends[0] else: raise ValueError( 'You have multiple authentication backends configured and ' 'therefore must provide the `backend` argument or set the ' '`backend` attribute on the user.' ) token = Token.objects.create(user=user, user_agent=request.META.get('HTTP_USER_AGENT', '')[:256], expiration=expiration, auth_slug=auth_slug, ip=get_ip(request), backend=backend, allowed_cookie=allowed_cookie, allowed_header=allowed_header) for related_obj in related_objs: token.related_objects.create(content_object=related_obj) if hasattr(request, 'user'): request.user = user request.token = token rotate_token(request) user_logged_in.send(sender=user.__class__, request=request, user=user)
def client_login(self,request,backend=None): SESSION_KEY = 'client_id' BACKEND_SESSION_KEY = 'client_backend' HASH_SESSION_KEY = 'client_hash' REDIRECT_FIELD_NAME = 'next' session_auth_hash = '' if self is None: self = request.user if hasattr(self, 'get_session_auth_hash'): session_auth_hash = self.get_session_auth_hash() if SESSION_KEY in request.session: if self._meta.pk.to_python(request.session[SESSION_KEY]) != self.pk or (session_auth_hash and request.session.get(HASH_SESSION_KEY) != session_auth_hash): request.session.flush() # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. else: request.session.cycle_key() request.session[SESSION_KEY] = self._meta.pk.value_to_string(self) request.session[BACKEND_SESSION_KEY] = backend request.session[HASH_SESSION_KEY] = session_auth_hash if hasattr(request, 'user'): # request.session['user']=self. request.user = self rotate_token(request) user_logged_in.send(sender=self.__class__, request=request, user=self)
def post(self, request, format=None): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) user = serializer.validated_data token_limit_per_user = self.get_token_limit_per_user() if token_limit_per_user is not None: now = timezone.now() token = user.auth_token_set.filter(expiry__gt=now) if token.count() >= token_limit_per_user: return Response( { "error": "Maximum amount of tokens allowed per user exceeded." }, status=status.HTTP_403_FORBIDDEN, ) token_ttl = self.get_token_ttl() instance, token = AuthToken.objects.create(user, token_ttl) user_logged_in.send(sender=user.__class__, request=request, user=user) user_serializer = self.get_user_serializer_class() data = {"expiry": instance.expiry, "token": token} if user_serializer is not None: data["user"] = user_serializer(user, context=self.get_context()).data return Response(data)
def post(self, request, format=None): UserSerializer = knox_settings.USER_SERIALIZER account = authenticate(username=request.data.get('username', None), password=request.data.get('password', None)) if account is not None: if account.is_active: login(request, account) token = AuthToken.objects.create(account) user_logged_in.send(sender=request.user.__class__, request=request, user=request.user) return Response({ 'user': UserSerializer(account).data, 'token': token, }) else: return Response( { 'status': 'Unauthorized', 'message': 'This account has been disabled.' }, status=status.HTTP_401_UNAUTHORIZED) else: return Response( { 'status': 'Unauthorized', 'message': 'Invalid username and/or password.' }, status=status.HTTP_406_NOT_ACCEPTABLE)
def post(self, request): username = request.data.get('login') password = request.data.get('password') try: user = User.objects.get( username=username ) # authenticate(email=email, password=password) if user.check_password(password): if not user.is_active: res = {'login_status': 3, 'message': 'user banned'} return Response(res, status=status.HTTP_403_FORBIDDEN) serializer = self.serializer_class(instance=user) user_logged_in.send(sender=user.__class__, request=request, user=user) token = create_token(user) res = {'login_status': 1, 'message': 'success auth'} res['token'] = token res['user'] = serializer.data return Response(res, status=status.HTTP_200_OK) else: res = {'login_status': 2, 'message': 'wrong password'} return Response(res, status=status.HTTP_403_FORBIDDEN) except User.DoesNotExist: res = {'login_status': 4, 'message': 'user does not exist'} return Response(res, status=status.HTTP_400_BAD_REQUEST)
def login(request): """ Endpoint: /users/userlogin/ Method: POST Allowed users: All users Response status code: 200 success Description: Logs in a user """ try: email = request.data['username'] password = request.data['password'] except KeyError: return Response({'error': 'please enter username and password'}, status=status.HTTP_400_BAD_REQUEST) user = authenticate(email=email, password=password) if user: authenticaction_token = create_token(user) user_details = {} user_details['name'] = "%s %s" % (user.first_name, user.last_name) user_details['token'] = authenticaction_token user_details['role'] = user.role # update the last login section user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_200_OK) else: response = {'error': "can not authenticate with the given credentials or account has been deactivated"} return Response(response, status=status.HTTP_403_FORBIDDEN)
def login(self, serializer): token = utils.get_or_create_token(user=serializer.user, serializer_data=serializer.data) user_logged_in.send(sender=serializer.user.__class__, request=self.request, user=serializer.user) return response.Response( data=self.token_serializer_class(token).data, status=status.HTTP_200_OK, )
def post(self, request): email = request.data.get('email_address', None) # Check if eligible if not email or not User.objects.filter(email_address=email).exists(): return Response({'error': 'The email is invalid.'}, status=status.HTTP_405_METHOD_NOT_ALLOWED) user = User.objects.get(email_address=email) if not user.teacher or user.teacher.id != request.user.id: return Response( { 'error': "The user doesn't have permission to access this user." }, status=status.HTTP_405_METHOD_NOT_ALLOWED) try: token = generate_token(user) user_details = {} user_details['name'] = user.username user_details['token'] = token user_logged_in.send(sender=user.__class__, request=request, user=user) return Response({'data': user_details}, status=status.HTTP_200_OK) except Exception as e: return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST) return Response({'error': 'Bad Request'}, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): try: email = request.data['email'] password = request.data['password'] try: user = User.objects.get(email=email, password=password) except User.DoesNotExist: user = None if user: try: payload = jwt_payload_handler(user) token = encode(payload, settings.SECRET_KEY) user_details = { 'name': f"{user.first_name} {user.last_name}", 'token': token } user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e else: res = { 'Error': 'Can not authenticate with the given credentials ' 'or the account has been deactivated' } return Response(res, status=status.HTTP_403_FORBIDDEN) except KeyError: res = {'Error': 'please provide a email and a password'} return Response(res)
def post(self, request, *args, **kwargs): if request.user.is_authenticated: return Response({'error': 'You are already authenticated'}, status=status.HTTP_400_BAD_REQUEST) data = request.data if not request.data: return Response({'error': "Please provide email/password"}, status=status.HTTP_400_BAD_REQUEST) email = data.get('email') # email address password = data.get('password') qs = User.objects.filter(Q(email__iexact=email)).distinct() if qs: user_obj = qs.first() if user_obj.check_password(password): user = user_obj if not user.is_active: return Response({"error": "Inactive Account"}, status=status.HTTP_400_BAD_REQUEST) response = { 'email': user_obj.email, 'first_name': user_obj.first_name, 'last_name': user_obj.last_name, 'last_login': user_obj.last_login, 'token': get_tokens_for_user(user) } print('here') user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(response, status=status.HTTP_200_OK) return Response({"error": "Invalid credentials"}, status=status.HTTP_400_BAD_REQUEST)
def authenticate_user(request): try: phone_number = request.data['phone_number'] password = request.data['password'] try: user = CustomUser.objects.get(phone_number=phone_number) user.check_password(password) except CustomUser.DoesNotExist: user = None if user: try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) user_details = {} # user_details['name'] = "%s %s" % (user.nickname) user_details['token'] = token user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e else: res = { 'error': 'can not authenticate with the given credentials or the account has been deactivated' } return Response(res, status=status.HTTP_403_FORBIDDEN) except KeyError: res = {'error': 'please provide a phone_number and a password'} return Response(res)
def post(self, request): email = request.data.get('email_address', None) password = request.data.get('password', None) if not email or not password: res = {'error': 'please provide a email and a password'} return Response({'error': res}, status=status.HTTP_405_METHOD_NOT_ALLOWED) isAuthenticate = authenticate(email_address=email, password=password) if not isAuthenticate: res = {'error': ' Wrong email/password'} return Response({'error': res}, status=status.HTTP_403_FORBIDDEN) user = User.objects.get(email_address=email) try: token = generate_token(user) user_details = {} user_details['id'] = str(user.id) user_details['token'] = token user_logged_in.send(sender=user.__class__, request=request, user=user) return Response({'data': user_details}, status=status.HTTP_200_OK) except Exception as e: return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST) res = { 'error': 'can not authenticate with the given credentials or the account has been deactivated' } return Response({'error': res}, status=status.HTTP_400_BAD_REQUEST)
def login(request, user): """ Persist the facebook user_id and the backend in the request. This way a user doesn't have to reauthenticate on every request. """ if user is None: user = request.user if SESSION_KEY in request.session: if request.session[SESSION_KEY] != user.get_username(): # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. request.session.flush() else: request.session.cycle_key() # save the username (is facebook id) as user id request.session[SESSION_KEY] = user.get_username() request.session[BACKEND_SESSION_KEY] = user.backend if hasattr(request, "user"): request.user = user if hasattr(request, "facebook"): request.facebook.user_id = user.get_username() log.debug("Facebook user %s logged in" % user.get_username()) user_logged_in.send(sender=user.__class__, request=request, user=user)
def authenticate(self, request): """ Returns a two-tuple of `User` and token if a valid signature has been supplied using JWT-based authentication. Otherwise returns `None`. """ jwt_value = self.get_jwt_value(request) if jwt_value is None: return None try: payload = jwt_decode_handler(jwt_value) except jwt.ExpiredSignature: msg = _('Signature has expired.') raise exceptions.AuthenticationFailed(msg) except jwt.DecodeError: msg = _('Error decoding signature.') raise exceptions.AuthenticationFailed(msg) except jwt.InvalidTokenError: raise exceptions.AuthenticationFailed() user = self.authenticate_credentials(payload) user_logged_in.send(sender=user.__class__, request=request, user=user) user_agent_data = request.META['HTTP_USER_AGENT'] if 'Mobile' in user_agent_data or 'Android' in user_agent_data or 'iPhone' in user_agent_data: if payload['app_token'] != user.app_token: raise exceptions.NotAuthenticated('Signed from other device') else: if payload['web_token'] != user.web_token: raise exceptions.NotAuthenticated('Signed from other browser') return (user, jwt_value)
def login(request, user): """ Persist a user id and a backend in the request. This way a user doesn't have to reauthenticate on every request. Note that data set during the anonymous session is retained when the user logs in. """ session_auth_hash = '' if user is None: user = request.user if hasattr(user, 'get_session_auth_hash'): session_auth_hash = user.get_session_auth_hash() if SESSION_KEY in request.session: session_key = request.session[SESSION_KEY] if session_key != user.pk or (session_auth_hash and request.session.get(HASH_SESSION_KEY) != session_auth_hash): # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. request.session.flush() else: request.session.cycle_key() request.session[SESSION_KEY] = user.pk request.session[BACKEND_SESSION_KEY] = user.backend request.session[USER_DATA_SESSION_KEY] = user.user_data request.session[HASH_SESSION_KEY] = session_auth_hash update_token_in_session(request.session, user.token) if hasattr(request, 'user'): request.user = user rotate_token(request) user_logged_in.send(sender=user.__class__, request=request, user=user)
def login(request, user): """ Persist a user id and a backend in the request. This way a user doesn't have to reauthenticate on every request. Note that data set during the anonymous session is retained when the user logs in. """ session_auth_hash = "" if user is None: user = request.user if hasattr(user, "get_session_auth_hash"): session_auth_hash = user.get_session_auth_hash() if SESSION_KEY in request.session: session_key = request.session[SESSION_KEY] if session_key != user.pk or (session_auth_hash and request.session.get(HASH_SESSION_KEY) != session_auth_hash): # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. request.session.flush() else: request.session.cycle_key() request.session[SESSION_KEY] = user.pk request.session[BACKEND_SESSION_KEY] = user.backend request.session[USER_DATA_SESSION_KEY] = user.user_data request.session[HASH_SESSION_KEY] = session_auth_hash update_token_in_session(request, user.token) if hasattr(request, "user"): request.user = user rotate_token(request) user_logged_in.send(sender=user.__class__, request=request, user=user)
def post(self, request, backend): serializer = self.serializer_class(data=request.data) if serializer.is_valid(): user = serializer.instance rotate_token(request) user_logged_in.send(sender=user.__class__, request=request, user=user) token, created = Token.objects.get_or_create(user=user) template_name = "afterlogin" redirect_url = reverse('generic_view', kwargs={"template_name": template_name}) response = Response({ 'token': token.key, 'profileid': user.profile.id, 'redirect_url': redirect_url, }) response.set_cookie('authorization', token.key, max_age=MAX_AGE, expires=EXPIRES) response.set_cookie('authenticate', token.key, max_age=MAX_AGE, expires=EXPIRES) else: response = Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) return response
def get(self, request): myshopify_domain = request.GET.get("shop") if not myshopify_domain: return HttpResponse("Shop parameter missing.") try: shop = get_user_model().objects.get( myshopify_domain=myshopify_domain) except get_user_model().DoesNotExist: return get_scope_permission(request, myshopify_domain) with shop.session: try: shopify_shop = shopify.Shop.current() except UnauthorizedAccess: shop.uninstall() return get_scope_permission(request, myshopify_domain) user_logged_in.send(sender=shop.__class__, request=request, user=shop) return render( request, self.template_name, { "data": { "shopOrigin": shop.myshopify_domain, "apiKey": getattr(settings, "SHOPIFY_APP_API_KEY"), "loadPath": request.GET.get(REDIRECT_FIELD_NAME) or "/home", } }, )
def test_login_signal_sets_authed_time(self): user = UserFactory() request = HttpRequest() request.session = {} user_logged_in.send(sender=user.__class__, request=request, user=user) self.assertIn(authaction_constants.SESSION_LAST_AUTH, request.session)
def post(self, request, format=None): token = AuthToken.objects.create(request.user) user_logged_in.send(sender=request.user.__class__, request=request, user=request.user) UserSerializer = knox_settings.USER_SERIALIZER return Response({ 'user': UserSerializer(request.user).data, 'token': token, })
def do_login(self, user): """Login a user.""" this.user_id = user.pk this.user_ddp_id = get_meteor_id(user) # silent subscription (sans sub/nosub msg) to LoggedInUser pub this.user_sub_id = meteor_random_id() API.do_sub(this.user_sub_id, 'LoggedInUser', silent=True) self.update_subs(user.pk) user_logged_in.send( sender=user.__class__, request=this.request, user=user, )
def login(request, user, expiration=True): """ Persist token into database. Token is stored inside cookie therefore is not necessary reauthenticate user for every request. """ if user is None: user = request.user token = Token.objects.create(user=user, user_agent=request.META.get('HTTP_USER_AGENT'), expiration=expiration) if hasattr(request, 'user'): request.user = user request.token = token rotate_token(request) user_logged_in.send(sender=user.__class__, request=request, user=user)
def test_keep_cart_on_login(self): """ Test that when logging in, an existing cart's Customer reference is set to the new logged-in User's Customer """ request = self.factory.post('/shop/auth/login', follow=True) request.customer = Customer() request.customer.save() request.session = {'session_key': 'keep_cart'} request.user = self.bart old_cart = Cart.objects.get_from_request(request) user_logged_in.send(sender=self.bart.__class__, request=request, user=self.bart) new_cart = Cart.objects.get_from_request(request) self.assertEqual(new_cart.customer, request.customer) self.assertEqual(new_cart, old_cart)
def test_associate_customer_on_login(self): """ Test that when logging in as a user without existing customer account, the anonymous interim customer object is associated with the logged-in user. """ request = self.factory.post('/shop/auth/login/', follow=True) request.user = self.lisa customer = Customer() customer.save() request.session = { 'session_key': 'lisa_swap', SESSION_KEY: customer.pk, } request.customer = Customer.objects.get_customer(request) user_logged_in.send(sender=self.lisa.__class__, request=request, user=self.lisa) self.assertEqual(request.customer, customer) self.assertEqual(request.customer.user, self.lisa)
def create_action(self, request, serializer): with statsd.timer('auth.browserid.verify'): profile, msg = browserid_authenticate( request, serializer.data['assertion'], browserid_audience=serializer.data['audience'] or get_audience(request), is_mobile=serializer.data['is_mobile'], ) if profile is None: # Authentication failure. log.info('No profile: %s' % (msg or '')) raise AuthenticationFailed('No profile.') request.user = profile request.groups = profile.groups.all() auth.login(request, profile) profile.log_login_attempt(True) # TODO: move this to the signal. user_logged_in.send(sender=profile.__class__, request=request, user=profile) # We want to return completely custom data, not the serializer's. data = { 'error': None, 'token': commonplace_token(request.user.email), 'settings': { 'display_name': request.user.display_name, 'email': request.user.email, 'enable_recommendations': request.user.enable_recommendations, } } # Serializers give up if they aren't passed an instance, so we # do that here despite PermissionsSerializer not needing one # really. permissions = PermissionsSerializer(context={'request': request}, instance=True) data.update(permissions.data) # Add ids of installed/purchased/developed apps. data['apps'] = user_relevant_apps(profile) return data
def login(request, user): if user is None: user = request.user # TODO: It would be nice to support different login methods, like signed cookies. if auth.SESSION_KEY in request.session: if request.session[auth.SESSION_KEY] != user.id: # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. request.session.flush() else: request.session.cycle_key() request.session[auth.SESSION_KEY] = user.id request.session[auth.BACKEND_SESSION_KEY] = user.backend set_session_from_user(request, user) if hasattr(request, 'user'): request.user = user user_logged_in.send(sender=user.__class__, request=request, user=user)
def login(request, user): """ Persist a user id and a backend in the request. This way a user doesn't have to reauthenticate on every request. """ if user is None: user = request.user # TODO: It would be nice to support different login methods, like signed cookies. if SESSION_KEY in request.session: if request.session[SESSION_KEY] != user.id: # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. request.session.flush() else: request.session.cycle_key() request.session[SESSION_KEY] = user.id request.session[BACKEND_SESSION_KEY] = user.backend if hasattr(request, 'user'): request.user = user user_logged_in.send(sender=user.__class__, request=request, user=user)
def authenticate(self, request): """ Returns a two-tuple of `User` and token if a valid signature has been supplied using JWT-based authentication. Otherwise returns `None`. Copied from rest_framework_jwt BaseJSONWebTokenAuthentication, with the decode_handler changed to our own - because we don't want that decoder to be the default one in settings - and logging added. """ jwt_value = self.get_jwt_value(request) if jwt_value is None: return None try: payload = jwt_auth.jwt_decode_handler(jwt_value) except Exception as exc: try: # Log all exceptions log.info('JWTKeyAuthentication failed; ' 'it raised %s (%s)', exc.__class__.__name__, exc) # Re-raise to deal with them properly. raise exc except jwt.ExpiredSignature: msg = ugettext('Signature has expired.') raise exceptions.AuthenticationFailed(msg) except jwt.DecodeError: msg = ugettext('Error decoding signature.') raise exceptions.AuthenticationFailed(msg) except jwt.InvalidTokenError: msg = ugettext('Invalid JWT Token.') raise exceptions.AuthenticationFailed(msg) # Note: AuthenticationFailed can also be raised directly from our # jwt_decode_handler. user = self.authenticate_credentials(payload) # Send user_logged_in signal when JWT is used to authenticate an user. # Otherwise, we'd never update the last_login information for users # who never visit the site but do use the API to upload new add-ons. user_logged_in.send(sender=self.__class__, request=request, user=user) return (user, jwt_value)
def authenticate(self, request): """ Returns a two-tuple of `User` and token if a valid signature has been supplied using JWT-based authentication. Otherwise returns `None`. """ jwt_value = self.get_jwt_value(request) if jwt_value is None: return None try: payload = jwt_decode_handler(jwt_value) except jwt.ExpiredSignature: msg = _('Signature has expired.') raise exceptions.AuthenticationFailed(msg) except jwt.DecodeError: msg = _('Error decoding signature.') raise exceptions.AuthenticationFailed(msg) except jwt.InvalidTokenError: raise exceptions.AuthenticationFailed() user = self.authenticate_credentials(payload) user_logged_in.send(sender=user.__class__, request=request, user=user) return (user, jwt_value)
def create_action(self, request, serializer): with statsd.timer("auth.browserid.verify"): profile, msg = browserid_authenticate( request, serializer.data["assertion"], browserid_audience=serializer.data["audience"] or get_audience(request), is_mobile=serializer.data["is_mobile"], ) if profile is None: # Authentication failure. log.info("No profile: %s" % (msg or "")) raise AuthenticationFailed("No profile.") request.user, request.amo_user = profile, profile request.groups = profile.groups.all() auth.login(request, profile) profile.log_login_attempt(True) # TODO: move this to the signal. user_logged_in.send(sender=profile.__class__, request=request, user=profile) # We want to return completely custom data, not the serializer's. data = { "error": None, "token": commonplace_token(request.amo_user.email), "settings": {"display_name": request.amo_user.display_name, "email": request.amo_user.email}, } # Serializers give up if they aren't passed an instance, so we # do that here despite PermissionsSerializer not needing one # really. permissions = PermissionsSerializer(context={"request": request}, instance=True) data.update(permissions.data) # Add ids of installed/purchased/developed apps. data["apps"] = user_relevant_apps(profile) return data
def login_user(sender, request, user, identity): update_user(user, identity) log.info('Logging in user {} from FxA'.format(user)) user_logged_in.send(sender=sender, request=request, user=user) login(request, user)