def test_settings_consistently_coerced_to_list(self):
settings = APISettings({
'DEFAULT_THROTTLE_CLASSES':
('rest_framework.throttling.BaseThrottle', )
})
self.assertTrue(isinstance(settings.DEFAULT_THROTTLE_CLASSES, list))
settings = APISettings({'DEFAULT_THROTTLE_CLASSES': ()})
self.assertTrue(isinstance(settings.DEFAULT_THROTTLE_CLASSES, list))
class ViewHandleError(APIView):
settings = APISettings(api_settings.user_settings,
api_settings.defaults, api_settings.import_strings)
def get(self, request, status, global_exc):
self.status = int(status)
self.global_exc = global_exc == 'True'
raise Error('omg cats')
def _exception_handler(self, exc, context=None):
if context:
status = int(context['kwargs']['status'])
else:
status = self.status
return Response([{'response': 'exception was handled global'}],
status=status)
def get_exception_handler(self):
return self.settings.EXCEPTION_HANDLER
def handle_exception(self, exc):
self.settings.EXCEPTION_HANDLER = self._exception_handler
if self.global_exc:
return super(ViewHandleError, self).handle_exception(exc)
else:
return Response([{'response': 'exception was handled not global'}],
status=self.status)
def reload_api_settings(*args, **kwargs):
global api_settings
setting, value = kwargs['setting'], kwargs['value']
if setting == 'SIMPLE_JWT':
api_settings = APISettings(value, DEFAULTS)
def test_warning_raised_on_removed_setting(self):
"""
Make sure user is alerted with an error when a removed setting
is set.
"""
with self.assertRaises(RuntimeError):
APISettings({'MAX_PAGINATE_BY': 100})
def reload_api_settings(*args, **kwargs):
global api_settings
setting, value = kwargs['setting'], kwargs['value']
if setting == 'JWT':
api_settings = APISettings(value, DEFAULTS, IMPORT_STRINGS)
def test_non_import_errors(self):
"""Make sure other errors aren't suppressed."""
settings = APISettings(
{
'DEFAULT_MODEL_SERIALIZER_CLASS':
'tests.extras.bad_import.ModelSerializer'
}, DEFAULTS, IMPORT_STRINGS)
with self.assertRaises(ValueError):
settings.DEFAULT_MODEL_SERIALIZER_CLASS
def test_warning_raised_on_removed_setting(self):
"""
Make sure user is alerted with an error when a removed setting
is set.
"""
with warnings.catch_warnings(record=True) as w:
warnings.simplefilter("always")
APISettings({'MAX_PAGINATE_BY': 100})
self.assertEqual(len(w), 1)
self.assertTrue(issubclass(w[-1].category, DeprecationWarning))
def test_import_error_message_maintained(self):
"""Make sure real import errors are captured and raised sensibly."""
settings = APISettings(
{
'DEFAULT_MODEL_SERIALIZER_CLASS':
'tests.extras.not_here.ModelSerializer'
}, DEFAULTS, IMPORT_STRINGS)
with self.assertRaises(ImportError) as cm:
settings.DEFAULT_MODEL_SERIALIZER_CLASS
self.assertTrue('ImportError' in str(cm.exception))
def test_import_error_message_maintained(self):
"""
Make sure import errors are captured and raised sensibly.
"""
settings = APISettings({
'DEFAULT_RENDERER_CLASSES':
['tests.invalid_module.InvalidClassName']
})
with self.assertRaises(ImportError):
settings.DEFAULT_RENDERER_CLASSES
def get_swagger_settings():
from django.test.signals import setting_changed
from rest_framework.settings import APISettings
DEFAULTS = {
'USE_SESSION_AUTH': True,
'SECURITY_DEFINITIONS': {
'basic': {
'type': 'basic'
}
},
'LOGIN_URL': 'rest_framework:login',
'LOGOUT_URL': 'rest_framework:logout',
'DOC_EXPANSION': None,
'APIS_SORTER': None,
'OPERATIONS_SORTER': None,
'JSON_EDITOR': False,
'SHOW_REQUEST_HEADERS': False,
'SUPPORTED_SUBMIT_METHODS': ['get', 'post', 'put', 'delete', 'patch'],
'VALIDATOR_URL': '',
'ACCEPT_HEADER_VERSION': None, # e.g. '1.0'
'CUSTOM_HEADERS': {} # A dictionary of key/vals to override headers
}
IMPORT_STRINGS = []
swagger_settings = APISettings(user_settings=getattr(
settings, 'SWAGGER_SETTINGS', {}),
defaults=DEFAULTS,
import_strings=IMPORT_STRINGS)
def reload_settings(*args, **kwargs): # pragma: no cover
"""
Reloads settings during unit tests if override_settings decorator
is used. (Taken from DRF)
"""
# pylint: disable=W0603
global swagger_settings
if kwargs['setting'] == 'LOGIN_URL':
swagger_settings.LOGIN_URL = kwargs['value']
if kwargs['setting'] == 'LOGOUT_URL':
swagger_settings.LOGOUT_URL = kwargs['value']
if kwargs['setting'] != 'SWAGGER_SETTINGS':
return
swagger_settings = APISettings(kwargs['value'], DEFAULTS,
IMPORT_STRINGS)
setting_changed.connect(reload_settings)
return swagger_settings
def __init__(self, user_settings=None, defaults=None,
import_strings=None, namespace=None):
"""
Initialize the settings.
:param user_settings: The pre-set user settings.
:type user_settings: dict | None
:param defaults: The default settings to use
:type defaults: dict | None
:param import_strings: The names of the importable settings
:type import_strings: iterable of str | None
:param namespace: The namespace of the settings or "CUSTOM"
:type namespace: str | None
"""
APISettings.__init__(self, user_settings, defaults, import_strings)
self.namespace = namespace or "CUSTOM"
setting_changed.connect(self.reload_settings)
def reload_settings(*args, **kwargs): # pragma: no cover
"""
Reloads settings during unit tests if override_settings decorator
is used. (Taken from DRF)
"""
# pylint: disable=W0603
global swagger_settings
if kwargs['setting'] == 'LOGIN_URL':
swagger_settings.LOGIN_URL = kwargs['value']
if kwargs['setting'] == 'LOGOUT_URL':
swagger_settings.LOGOUT_URL = kwargs['value']
if kwargs['setting'] != 'SWAGGER_SETTINGS':
return
swagger_settings = APISettings(kwargs['value'], DEFAULTS, IMPORT_STRINGS)
def reload_api_settings(*args, **kwargs):
global api_settings
setting, value = kwargs["setting"], kwargs["value"]
if setting == "REST_FRAMEWORK_SSO":
api_settings = APISettings(value, DEFAULTS, IMPORT_STRINGS)
'get',
'post',
'put',
'delete',
'patch'
],
'VALIDATOR_URL': '',
'ACCEPT_HEADER_VERSION': None, # e.g. '1.0'
'CUSTOM_HEADERS': {} # A dictionary of key/vals to override headers
}
IMPORT_STRINGS = []
swagger_settings = APISettings(
user_settings=getattr(settings, 'SWAGGER_SETTINGS', {}),
defaults=DEFAULTS,
import_strings=IMPORT_STRINGS
)
def reload_settings(*args, **kwargs): # pragma: no cover
"""
Reloads settings during unit tests if override_settings decorator
is used. (Taken from DRF)
"""
# pylint: disable=W0603
global swagger_settings
if kwargs['setting'] == 'LOGIN_URL':
swagger_settings.LOGIN_URL = kwargs['value']
if kwargs['setting'] == 'LOGOUT_URL':
def reload_api_settings(*args, **kwargs):
global knox_settings
setting, value = kwargs['setting'], kwargs['value']
if setting == 'REST_KNOX':
knox_settings = APISettings(value, DEFAULTS, IMPORT_STRINGS)
from django.conf import settings
from rest_framework.settings import APISettings
FIREBASE_AUTH_SETTINGS = "FIREBASE_AUTH"
USER_SETTINGS = getattr(settings, FIREBASE_AUTH_SETTINGS)
DEFAULTS = {"SERVICE_ACCOUNT_KEY_FILE": "", "EMAIL_VERIFICATION": False}
IMPORT_STRINGS = ()
firebase_auth_settings = APISettings(USER_SETTINGS, DEFAULTS, IMPORT_STRINGS)
from datetime import datetime, timedelta
from calendar import timegm
# 第三方库
from rest_framework import exceptions
from rest_framework.authentication import BaseAuthentication
from rest_framework.settings import APISettings
import jwt
# 项目库
from trade import settings
from framework.exception import GlobalException
jwt_settings = APISettings(user_settings=settings.JWT_AUTH, defaults=settings.JWT_AUTH)
# 收到请求时, 先验证 Token, 再验证 Users
class JWTAuthentication(BaseAuthentication):
def authenticate(self, request):
authorization = request.META.get('HTTP_AUTHORIZATION')
if not authorization:
raise exceptions.NotAuthenticated()
user = self.authenticate_credentials(authorization)
return user, authorization
@staticmethod
def authenticate_credentials(jwt_token, verify_exp=True):
"""
:param jwt_token: 解密后的字典
:param verify_exp: 是否校验失效时间
:return: user_dict: Users Model Serializer's data.
from django.conf import settings
from rest_framework.settings import APISettings
FOREIGN_USER_SETTINGS = getattr(settings, 'FOREIGN_USER_SETTINGS', {})
DEFAULTS = {
'USER_SERIALIZER': 'foreign_user.serializers.DefaultSerializer'
}
IMPORT_STRINGS = {
'USER_SERIALIZER'
}
foreign_user_settings = APISettings(FOREIGN_USER_SETTINGS, DEFAULTS, IMPORT_STRINGS)
# -*- coding: utf-8 -*-
from django.conf import settings
from rest_framework.settings import APISettings
_rest_framework_settings = getattr(settings, 'REST_FRAMEWORK', None)
# List of settings that may be in string import notation.
IMPORT_STRINGS = ('RENDERER_CLASS', 'PARSER_CLASS')
DEFAULTS = {
'RENDERER_CLASS': 'rest_framework.renderers.JSONRenderer',
'PARSER_CLASS': 'rest_framework.parsers.JSONParser'
}
VALID_SETTINGS = {
'RENDERER_CLASS': ('rest_framework.renderers.JSONRenderer', ),
'PARSER_CLASS': ('rest_framework.parsers.JSONParser', )
}
rest_framework_settings = APISettings(_rest_framework_settings, DEFAULTS,
IMPORT_STRINGS)
from django.utils.translation import ugettext_lazy as _
from rest_framework import status
from rest_framework.exceptions import ParseError
from rest_framework.permissions import IsAuthenticated
from rest_framework.request import Request
from rest_framework.response import Response
from rest_framework.settings import APISettings
from rest_framework.viewsets import GenericViewSet, ViewSet
from rest_framework.views import APIView
from .models import AuthToken
from .serializers import UserRegistrationSerializer
authtoken_settings = APISettings(
{
'USER_SERIALIZER': getattr(settings, 'USER_SERIALIZER', None),
}, {
'USER_SERIALIZER': None,
}, {'USER_SERIALIZER'})
class LoginViewSet(ViewSet):
def create(self, request: Request) -> Response:
user = authenticate(username=request.data.get('username'),
password=request.data.get('password'))
if not user:
return Response(_('invalid credentials.'),
status=status.HTTP_401_UNAUTHORIZED)
token = AuthToken.create_token_for_user(user)
data = {
from django.conf import settings
from rest_framework.settings import APISettings
DEFAULTS = {
'DEFAULT_PAGE_SIZE': 25,
'DEFAULT_PERMISSION_CLASSES': ('channels_api.permissions.AllowAny', )
}
IMPORT_STRINGS = ('DEFAULT_PERMISSION_CLASSES', )
api_settings = APISettings(getattr(settings, 'CHANNELS_API', None), DEFAULTS,
IMPORT_STRINGS)
'SECURITY': None,
# Tags defined in the global scope
'TAGS': [],
# Optional: MUST contain 'url', may contain "description"
'EXTERNAL_DOCS': {},
# Oauth2 related settings. used for example by django-oauth2-toolkit.
# https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.3.md#oauth-flows-object
'OAUTH2_FLOWS': [],
'OAUTH2_AUTHORIZATION_URL': None,
'OAUTH2_TOKEN_URL': None,
'OAUTH2_REFRESH_URL': None,
'OAUTH2_SCOPES': None,
}
IMPORT_STRINGS = [
'SCHEMA_AUTHENTICATION_CLASSES',
'DEFAULT_GENERATOR_CLASS',
'SERVE_PERMISSIONS',
'POSTPROCESSING_HOOKS',
'PREPROCESSING_HOOKS',
'GET_LIB_DOC_EXCLUDES',
'GET_MOCK_REQUEST',
]
spectacular_settings = APISettings(
user_settings=getattr(settings, 'SPECTACULAR_SETTINGS', {}),
defaults=SPECTACULAR_DEFAULTS,
import_strings=IMPORT_STRINGS,
)
#!/usr/bin/env python
# coding: utf-8
from __future__ import unicode_literals
from django.conf import settings
from rest_framework.settings import APISettings
USER_SETTINGS = getattr(settings, 'URL_PERMISSION', [])
DEFAULTS = {
'ALL_ALLOW_URL': ['docs', 'admin', 'api-auth'] # 不用检查url权限认证的url开头命名
}
url_permisson_settings = APISettings(USER_SETTINGS, DEFAULTS, None)
'JWT_AUTH_HEADER_PREFIX': 'JWT',
'JWT_AUTH_COOKIE': None,
}
# List of settings that may be in string import notation.
IMPORT_STRINGS = (
'JWT_ENCODE_HANDLER',
'JWT_DECODE_HANDLER',
'JWT_PAYLOAD_HANDLER',
'JWT_PAYLOAD_GET_USER_ID_HANDLER',
'JWT_PAYLOAD_GET_USERNAME_HANDLER',
'JWT_RESPONSE_PAYLOAD_HANDLER',
'JWT_GET_USER_SECRET_KEY',
)
api_settings = APISettings(DEFAULTS, IMPORT_STRINGS)
# Internationalization
# https://docs.djangoproject.com/en/1.11/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
MEDIA_URL = '/media/'
"RENDERER_CLASS": "rest_framework.renderers.JSONRenderer",
"PARSER_CLASS": "rest_framework.parsers.JSONParser",
"JSON_UNDERSCOREIZE": {
"no_underscore_before_number": False,
"ignore_fields": None
},
}
# List of settings that may be in string import notation.
IMPORT_STRINGS = ("RENDERER_CLASS", "PARSER_CLASS")
VALID_SETTINGS = {
"RENDERER_CLASS": (
"rest_framework.renderers.JSONRenderer",
"rest_framework.renderers.UnicodeJSONRenderer",
),
"PARSER_CLASS": ("rest_framework.parsers.JSONParser", ),
}
def validate_settings(input_settings, valid_settings):
for setting_name, valid_values in valid_settings.items():
input_setting = input_settings.get(setting_name)
if input_setting and input_setting not in valid_values:
raise ImproperlyConfigured(setting_name)
validate_settings(USER_SETTINGS, VALID_SETTINGS)
api_settings = APISettings(USER_SETTINGS, DEFAULTS, IMPORT_STRINGS)
class OverridenSettingsView(APIView):
settings = APISettings({'EXCEPTION_HANDLER': custom_handler})
def get(self, request, *args, **kwargs):
raise SyntaxError('request is invalid syntax')
from django.conf import settings
from rest_framework.settings import APISettings
DEFAULTS = {
'DEFAULT_PAGE_SIZE': 25,
'DEFAULT_PERMISSION_CLASSES': (
'djangochannelsrestframework.permissions.AllowAny',
)
}
IMPORT_STRINGS = (
'DEFAULT_PERMISSION_CLASSES',
)
api_settings = APISettings(getattr(settings, 'DJANGO_CHANNELS_REST_API', None), DEFAULTS, IMPORT_STRINGS)
_default = copy.deepcopy(DEFAULTS)
_default.update(
**{
'PAY_CALLBACK_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication',
),
'PAY_CALLBACK_PERMISSION_CLASSES': (
'rest_framework.permissions.AllowAny', )
})
_import_strings = list(copy.deepcopy(IMPORT_STRINGS))
_import_strings.extend(
['PAY_CALLBACK_AUTHENTICATION_CLASSES', 'PAY_CALLBACK_PERMISSION_CLASSES'])
api_settings = APISettings(None, _default, _import_strings)
WXPAY_REQUEST_DATA = ('appid', 'mch_id', 'nonce_str', 'sign', 'result_code',
'openid', 'trade_type', 'bank_type', 'total_fee',
'cash_fee', 'transaction_id', 'out_trade_no', 'time_end')
class JsApiCallback(APIView):
"""
微信支付JSAPI模式回调
"""
authentication_classes = api_settings.PAY_CALLBACK_AUTHENTICATION_CLASSES
permission_classes = api_settings.PAY_CALLBACK_PERMISSION_CLASSES
def __init__(self, **kwargs):
self._orders_id = None
USER_SETTINGS = getattr(settings, 'JWT_AUTH', None)
DEFAULTS = {
'JWT_PRIVATE_KEY': None,
'JWT_PUBLIC_KEY': None,
'JWT_SECRET_KEY': settings.SECRET_KEY,
'JWT_ALGORITHM': 'HS256',
'JWT_VERIFY': True,
'JWT_VERIFY_EXPIRATION': True,
'JWT_LEEWAY': 0,
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=14),
'JWT_AUDIENCE': None,
'JWT_ISSUER': None,
'JWT_ALLOW_REFRESH': False,
'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(days=14),
'JWT_AUTH_HEADER_PREFIX': 'Bearer',
'PAGE_SIZE': 20,
# 'ORDER_PAGE_SIZE':5,
# 'MAX_FILE_UPLOAD_SIZE': 12 * 1000 * 1000,
# 'GOOGLE_AUTH_ADMIN': "ME4WGNBWGI4GMNLC",
# 'ZOOM_API_KEY': 'rhfF2x-qRj2QbWNWC5s75w',
# 'ZOOM_API_SECRET': 'SA7qSdBAwu4MgxEKcYxDrPtdBeoQMtNwWTwN',
# 'YP_APIKEY': '7be50ac81074413e4d7f6b08fd19eb7e',
# 'GOOGLE_AUTH_MEMBER': "ME4WGNBWGI4GMNLC",
# 'GOOGLE_AUTH_MERCHANT': "HAZTMZJRHFSDKODE",
# 'GOOGLE_AUTH_DAIMAI':"XSBB2PZPRUXINTVA",
# 'GOOGLE_AUTH_RIDER': "HE2DMNJZMNTDINZX",
}
api_settings = APISettings(USER_SETTINGS, DEFAULTS)
# scopes field doesn't contain the API_SCOPE_PREFIX or any value that
# starts with API_SCOPE_PREFIX and a dot.
#
# E.g. if API_SCOPE_PREFIX='xyz' and this is set to true, then the
# authentication will fail if the API scopes doesn't contain either
# 'xyz' or an item that starts with 'xyz.' (like 'xyz.readonly' or
# 'xyz.view').
REQUIRE_API_SCOPE_FOR_AUTHENTICATION=False,
# Field name containing the API scopes authorized by the user
API_AUTHORIZATION_FIELD='https://api.hel.fi/auth',
# URL of the OpenID Provider
ISSUER='https://tunnistamo.hel.fi',
# Auth scheme used in the Authorization header
AUTH_SCHEME='Bearer',
# Function for resolving users
USER_RESOLVER='helusers.oidc.resolve_user',
# OIDC config expiration time
OIDC_CONFIG_EXPIRATION_TIME=24 * 60 * 60)
_import_strings = [
'USER_RESOLVER',
]
api_token_auth_settings = APISettings(_user_settings, _defaults,
_import_strings)