def _get_data(self, cleaned, *args, **kwargs):
cleaned = cleaned['data']['attributes']
cleaned['email'] = cleaned['email'].lower()
try:
user = User.objects.get(email=cleaned['email'],
is_removed=False,
is_permanently_removed=False)
except User.DoesNotExist:
raise falcon.HTTPUnauthorized(
title='401 Unauthorized',
description=_('Invalid email or password'),
code='account_not_exist')
if user.state != 'active':
if user.state not in settings.USER_STATE_LIST or user.state == 'deleted':
raise falcon.HTTPUnauthorized(
title='401 Unauthorized',
description=_('Account is not available'),
code='account_unavailable')
if user.state in ('draft', 'blocked'):
raise falcon.HTTPUnauthorized(
title='401 Unauthorized',
description=_('Account is blocked'),
code='account_unavailable')
if user.state == 'pending':
raise falcon.HTTPForbidden(
title='403 Forbidden',
description=_('Email address not confirmed'),
code='account_inactive')
user = authenticate(request=self.request, **cleaned)
if user is None:
raise falcon.HTTPUnauthorized(
title='401 Unauthorized',
description=_('Invalid email or password'),
code='authorization_error')
if not hasattr(self.request, 'session'):
self.request.session = session_store()
self.request.META = {}
login(self.request, user)
self.request.session.save()
user.token = get_auth_token(user, self.request.session.session_key)
return user
def context():
_context = Context()
_context.obj = {}
_context.api = Context()
_context.api.headers = {
'Accept-Language': 'pl',
'Content-Type': 'application/vnd.api+json'
}
_context.api.cookies = {}
_context.api.method = 'GET'
_context.api.path = '/'
_context.api.params = {}
_context.api.body = {}
_context.user = None
_context.session = session_store()
return _context
def _data(self, request, cleaned, *args, **kwargs):
try:
user = User.objects.get(email=cleaned['email'])
except User.DoesNotExist:
raise falcon.HTTPUnauthorized(
title='401 Unauthorized',
description=_('Invalid email or password'),
code='account_not_exist')
if user.state is not 'active':
if user.state not in settings.USER_STATE_LIST or user.state == 'deleted':
raise falcon.HTTPUnauthorized(
title='401 Unauthorized',
description=_('Account is not available'),
code='account_unavailable')
if user.state in ('draft', 'blocked'):
raise falcon.HTTPUnauthorized(
title='401 Unauthorized',
description=_('Account is blocked'),
code='account_unavailable')
if user.state == 'pending':
raise falcon.HTTPForbidden(
title='403 Forbidden',
description=_('Email addres not confirmed'),
code='account_inactive')
user = authenticate(request=request, **cleaned)
if user is None:
raise falcon.HTTPUnauthorized(
title='401 Unauthorized',
description=_('Invalid email or password'),
code='authorization_error')
if not hasattr(request, 'session'):
request.session = session_store()
request.META = {}
login(request, user)
request.session.save()
user.token = get_auth_token(user.email, user.system_role,
request.session.session_key)
return user
def admin_context(admin):
_context = Context()
_context.obj = {}
_context.admin = Context()
_context.admin.headers = {
'Accept-Language': 'pl',
}
_context.admin.method = 'GET'
_context.admin.path = '/'
_context.admin.user = admin
_context.admin.params = {}
_context.admin.body = {}
_context.user = None
_context.session = session_store()
_context.form_class = None
_context.form_data = {}
_context.form_instance = None
_context.form = None
return _context