def validate(self, attrs): callback_token = attrs.get('token', None) token = CallbackToken.objects.get(key=callback_token, is_active=True) if token: # Check the token type for our uni-auth method. # authenticates and checks the expiry of the callback token. user = authenticate_by_token(token) if user: if not user.is_active: msg = _('User account is disabled.') raise serializers.ValidationError(msg) if api_settings.PASSWORDLESS_USER_MARK_EMAIL_VERIFIED \ or api_settings.PASSWORDLESS_USER_MARK_MOBILE_VERIFIED: # Mark this alias as verified user = User.objects.get(pk=token.user.pk) success = verify_user_alias(user, token) if success is False: msg = _('Error validating user alias.') raise serializers.ValidationError(msg) attrs['user'] = user return attrs else: msg = _('Invalid Token') raise serializers.ValidationError(msg) else: msg = _('Missing authentication token.') raise serializers.ValidationError(msg)
def validate(self, attrs, user=None): # Check Aliases try: alias_type, alias_attribute_name, alias = self.validate_alias( attrs) callback_token = attrs.get('token', None) user = user or User.objects.filter(**{ alias_attribute_name: alias }).first() token = CallbackToken.objects.get( **{ 'user': user, 'key': callback_token, 'type': CallbackToken.TOKEN_TYPE_AUTH, 'to_alias_type': alias_type.upper(), 'is_active': True }) if token.user == user: # Check the token type for our uni-auth method. # authenticates and checks the expiry of the callback token. if not user.is_active: msg = _('User account is disabled.') raise serializers.ValidationError(msg) if api_settings.PASSWORDLESS_USER_MARK_EMAIL_VERIFIED \ or api_settings.PASSWORDLESS_USER_MARK_MOBILE_VERIFIED: # Mark this alias as verified user = User.objects.get(pk=token.user.pk) success = verify_user_alias(user, token) if success is False: msg = _('Error validating user alias.') raise serializers.ValidationError(msg) attrs['user'] = user token.delete() return attrs else: msg = _('Invalid Token') raise serializers.ValidationError(msg) except CallbackToken.DoesNotExist: msg = _(str(InvalidCallbackToken())) raise serializers.ValidationError(msg) except User.DoesNotExist: msg = _(str(InvalidCallbackToken())) raise serializers.ValidationError(msg) except ValidationError: msg = _(str(InvalidCallbackToken())) raise serializers.ValidationError(msg)
def validate(self, attrs): User = get_user_model() try: alias_type, alias = self.validate_alias(attrs) user_id = self.context.get("user_id") user = User.objects.get(**{ 'id': user_id, alias_type + '__iexact': alias }) callback_token = attrs.get('token', None) token = CallbackToken.objects.get( **{ 'user': user[alias_type], 'key': callback_token, 'type': CallbackToken.TOKEN_TYPE_VERIFY, 'is_active': True }) if token.user == user: # Mark this alias as verified success = verify_user_alias(user, token) if success is False: logger.debug("drfpasswordless: Error verifying alias.") attrs['user'] = user return attrs else: msg = _('This token is invalid. Try again later.') logger.debug( "drfpasswordless: User token mismatch when verifying alias." ) except CallbackToken.DoesNotExist: msg = _('We could not verify this alias.') logger.debug( "drfpasswordless: Tried to validate alias with bad token.") pass except User.DoesNotExist: msg = _('We could not verify this alias.') logger.debug( "drfpasswordless: Tried to validate alias with bad user.") pass except PermissionDenied: msg = _('Insufficient permissions.') logger.debug( "drfpasswordless: Permission denied while validating alias.") pass raise serializers.ValidationError(msg)
def validate(self, attrs): try: alias_type, alias = self.validate_alias(attrs) user_id = self.context.get("user_id") user = User.objects.get(**{"id": user_id, alias_type: alias}) callback_token = attrs.get("token", None) token = CallbackToken.objects.get( **{ "user": user, "key": callback_token, "type": CallbackToken.TOKEN_TYPE_VERIFY, "is_active": True }) if token.user == user: # Mark this alias as verified success = verify_user_alias(user, token) if success is False: logger.debug("drfpasswordless: Error verifying alias.") attrs["user"] = user return attrs else: msg = _("This token is invalid. Try again later.") logger.debug( "drfpasswordless: User token mismatch when verifying alias." ) except CallbackToken.DoesNotExist: msg = _("We could not verify this alias.") logger.debug( "drfpasswordless: Tried to validate alias with bad token.") pass except User.DoesNotExist: msg = _("We could not verify this alias.") logger.debug( "drfpasswordless: Tried to validate alias with bad user.") pass except PermissionDenied: msg = _("Insufficient permissions.") logger.debug( "drfpasswordless: Permission denied while validating alias.") pass raise serializers.ValidationError(msg)
def validate(self, attrs): callback_token = attrs.get('token', None) try: token = CallbackToken.objects.get(key=callback_token, is_active=True) except ObjectDoesNotExist: if callback_token in api_settings.PASSWORDLESS_ADMIN_MOBILE_VERIFICATION_CODE: user = User.objects.get( mobile=api_settings.PASSWORDLESS_ADMIN_TEST_PHONE_NUMBER) token = CallbackToken.objects.create( user=user, to_alias_type='MOBILE', to_alias=getattr( user, api_settings.PASSWORDLESS_USER_MOBILE_FIELD_NAME)) if token: # Check the token type for our uni-auth method. # authenticates and checks the expiry of the callback token. user = authenticate_by_token(token) if user: if not user.is_active: msg = _('User account is disabled.') raise serializers.ValidationError(msg) if api_settings.PASSWORDLESS_USER_MARK_EMAIL_VERIFIED \ or api_settings.PASSWORDLESS_USER_MARK_MOBILE_VERIFIED: # Mark this alias as verified user = User.objects.get(pk=token.user.pk) success = verify_user_alias(user, token) if success is False: msg = _('Error validating user alias.') raise serializers.ValidationError(msg) attrs['user'] = user return attrs else: msg = _('Invalid Token') raise serializers.ValidationError(msg) else: msg = _('Missing authentication token.') raise serializers.ValidationError(msg)
def validate(self, attrs): # Check Aliases try: alias_type, alias = self.validate_alias(attrs) callback_token = attrs.get("token", None) user = User.objects.get(**{alias_type: alias}) token = CallbackToken.objects.get( **{ "user": user, "key": callback_token, "type": CallbackToken.TOKEN_TYPE_AUTH, "is_active": True }) if token.user == user: # Check the token type for our uni-auth method. # authenticates and checks the expiry of the callback token. if not user.is_active: msg = _("User account is disabled.") raise serializers.ValidationError(msg) if (api_settings.PASSWORDLESS_USER_MARK_EMAIL_VERIFIED or api_settings.PASSWORDLESS_USER_MARK_MOBILE_VERIFIED): # Mark this alias as verified user = User.objects.get(pk=token.user.pk) success = verify_user_alias(user, token) if success is False: msg = _("Error validating user alias.") raise serializers.ValidationError(msg) attrs["user"] = user return attrs else: msg = _("Invalid Token") raise serializers.ValidationError(msg) except User.DoesNotExist: msg = _("Invalid alias parameters provided.") raise serializers.ValidationError(msg) except ValidationError: msg = _("Invalid alias parameters provided.") raise serializers.ValidationError(msg)
def validate(self, attrs): # Check Aliases try: alias_type, alias = self.validate_alias(attrs) callback_token = attrs.get('token', None) user = User.objects.get(**{alias_type: alias}) token = CallbackToken.objects.get(**{'user': user, 'key': callback_token, 'type': CallbackToken.TOKEN_TYPE_AUTH, 'is_active': True}) if token_age_validator(token): # Check the token type for our uni-auth method. # authenticates and checks the expiry of the callback token. if not user.is_active: msg = _('User account is disabled.') raise serializers.ValidationError(msg) if api_settings.PASSWORDLESS_USER_MARK_EMAIL_VERIFIED \ or api_settings.PASSWORDLESS_USER_MARK_MOBILE_VERIFIED: # Mark this alias as verified success = verify_user_alias(user, token) if success is False: msg = _('Error validating user alias.') raise serializers.ValidationError(msg) attrs['user'] = user token.is_active=False token.save(update_fields=['is_active']) return attrs else: msg = _('Invalid Token') raise serializers.ValidationError(msg) except CallbackToken.DoesNotExist: msg = _('Invalid alias parameters provided.') raise serializers.ValidationError(msg) except User.DoesNotExist: msg = _('Invalid alias parameters provided.') raise serializers.ValidationError(msg) except ValidationError: msg = _('Invalid alias parameters provided.') raise serializers.ValidationError(msg)
def validate(self, attrs): try: user_id = self.context.get("user_id") callback_token = attrs.get('token', None) token = CallbackToken.objects.get(key=callback_token, is_active=True) user = User.objects.get(pk=user_id) if token.user == user: # Check that the token.user is the request.user # Mark this alias as verified success = verify_user_alias(user, token) if success is False: logger.debug("drfpasswordless: Error verifying alias.") attrs['user'] = user return attrs else: msg = _('This token is invalid. Try again later.') logger.debug( "drfpasswordless: User token mismatch when verifying alias." ) except CallbackToken.DoesNotExist: msg = _('Missing authentication token.') logger.debug( "drfpasswordless: Tried to validate alias with bad token.") pass except User.DoesNotExist: msg = _('Missing user.') logger.debug( "drfpasswordless: Tried to validate alias with bad user.") pass except PermissionDenied: msg = _('Insufficient permissions.') logger.debug( "drfpasswordless: Permission denied while validating alias.") pass raise serializers.ValidationError(msg)
def validate(self, attrs): try: alias_type, alias = self.validate_alias(attrs) callback_token = attrs.get('confirmation_code') user = User.objects.get(**{alias_type + '__iexact': alias}) token = CallbackToken.objects.get( **{ 'user': user, 'key': callback_token, 'type': CallbackToken.TOKEN_TYPE_AUTH, 'is_active': True } ) if token.user == user: if not user.is_active: msg = 'User account is disabled.' raise serializers.ValidationError(msg) if api_settings.PASSWORDLESS_USER_MARK_EMAIL_VERIFIED: user = User.objects.get(pk=token.user.pk) success = verify_user_alias(user, token) if not success: msg = 'Error validating user alias.' raise serializers.ValidationError(msg) attrs['user'] = user return attrs else: msg = 'Invalid Token' raise serializers.ValidationError(msg) except CallbackToken.DoesNotExist: msg = 'Invalid alias parameters provided.' raise serializers.ValidationError(msg) except User.DoesNotExist: msg = 'Invalid user alias parameters provided.' raise serializers.ValidationError(msg) except ValidationError: msg = 'Invalid alias parameters provided.' raise serializers.ValidationError(msg)
def validate(self, attrs): try: # The key + is_active is unique so we can only get one result here token = CallbackToken.objects.get(key=attrs.get('token', None), is_active=True) if token and token_valid_for_login( token, api_settings.PASSWORDLESS_TOKEN_EXPIRE_TIME): user = token.user if user: if not user.is_active: msg = _('User account is disabled.') raise serializers.ValidationError(msg) if api_settings.PASSWORDLESS_USER_MARK_EMAIL_VERIFIED \ or api_settings.PASSWORDLESS_USER_MARK_MOBILE_VERIFIED: # Mark this alias as verified #user = UserModel.objects.get(pk=token.user.pk) success = verify_user_alias(user, token) if success is False: msg = _('Error validating user alias.') raise serializers.ValidationError(msg) # Everything's good, return the validated user attrs['user'] = user return attrs except CallbackToken.DoesNotExist: logger.debug( "drfpasswordless: tried to callback with non-existing callback token" ) pass # In all other cases, return an invalid error msg = _('Invalid Token') raise serializers.ValidationError(msg)
def validate(self, attrs): User = get_user_model() # Check Aliases try: alias_type, alias = self.validate_alias(attrs) callback_token = attrs.pop('token', None) token = CallbackToken.objects.get( **{ 'to_alias': alias, 'key': callback_token, 'type': CallbackToken.TOKEN_TYPE_AUTH, 'is_active': True }) if token_age_validator(token): # Check the token type for our uni-auth method. # authenticates and checks the expiry of the callback token. if api_settings.PASSWORDLESS_REGISTER_NEW_USERS is True: # If new aliases should register new users. try: user = User.objects.get( **{alias_type + '__iexact': alias}) except User.DoesNotExist: valid_user_serializer = api_settings.PASSWORDLESS_CREATE_USER_SERIALIZER( data=self.context["request"].data) if valid_user_serializer.is_valid( raise_exception=True): user = User(**{alias_type: alias}, **valid_user_serializer.validated_data) user.set_unusable_password() user.save() else: raise serializers.ValidationError( valid_user_serializer.error_messages) else: # If new aliases should not register new users. try: user = User.objects.get( **{alias_type + '__iexact': alias}) except User.DoesNotExist: user = None if user: if not user.is_active: msg = _('User account is disabled.') raise serializers.ValidationError(msg) else: msg = _('No account is associated with this alias.') raise serializers.ValidationError(msg) if api_settings.PASSWORDLESS_USER_MARK_EMAIL_VERIFIED \ or api_settings.PASSWORDLESS_USER_MARK_MOBILE_VERIFIED: # Mark this alias as verified success = verify_user_alias(user, token) if success is False: msg = _('Error validating user alias.') raise serializers.ValidationError(msg) attrs['user'] = user token.delete() return attrs else: msg = _('Invalid Token') raise serializers.ValidationError(msg) except ValidationError as err_with_msg: raise err_with_msg except CallbackToken.DoesNotExist: msg = _('Invalid TOKEN provided.') raise serializers.ValidationError(msg) except User.DoesNotExist: msg = _('Invalid user alias parameters provided.') raise serializers.ValidationError(msg)