def login(request): form = AuthenticationForm(data=request.POST) if form.is_valid(): auth_login(request, form.get_user()) if request.session.test_cookie_worked(): request.session.delete_test_cookie() return RESULT_OK else: raise kbapi.PermissionDeniedError('Login failed.')
def login(request): if request.POST: form = AuthenticationForm(data=request.POST) if form.is_valid(): auth_login(request, form.get_user()) if request.session.test_cookie_worked(): request.session.delete_test_cookie() return {'result': 'ok'} else: raise kbapi.PermissionDeniedError('Login failed.') raise kbapi.BadRequestError('POST required.')
def check_api_key(request): """Check a request for an API key.""" keystr = request.META.get("HTTP_X_KEGBOT_API_KEY") if not keystr: keystr = request.POST.get("api_key", request.GET.get("api_key", None)) if not keystr: raise kbapi.NoAuthTokenError('The parameter "api_key" is required') try: api_key = models.ApiKey.objects.get(key=keystr) except models.ApiKey.DoesNotExist: raise kbapi.BadApiKeyError("API key does not exist") if not api_key.is_active(): raise kbapi.BadApiKeyError("Key and/or user is inactive") # TODO: remove me. if api_key.user and (not api_key.user.is_staff and not api_key.user.is_superuser): raise kbapi.PermissionDeniedError("User is not staff/superuser")
try: key = apikey.ApiKey.FromString(keystr) except ValueError, e: raise kbapi.BadApiKeyError('Error parsing API key: %s' % e) try: user = models.User.objects.get(pk=key.uid()) except models.User.DoesNotExist: raise kbapi.BadApiKeyError('API user %s does not exist' % key.uid()) if not user.is_active: raise kbapi.BadApiKeyError('User is inactive') if not user.is_staff and not user.is_superuser: raise kbapi.PermissionDeniedError('User is not staff/superuser') user_secret = user.get_profile().api_secret if not user_secret or user_secret != key.secret(): raise kbapi.BadApiKeyError('User secret does not match') setattr(request, ATTR_API_AUTHENTICATED, True) def to_json_error(e, exc_info): """Converts an exception to an API error response.""" # Wrap some common exception types into kbapi types if isinstance(e, Http404): e = kbapi.NotFoundError(e.message) elif isinstance(e, ValueError): e = kbapi.BadRequestError(str(e))