def get(self, request, template_name, url_suffix, form_data_url_suffix=None, **kwargs): super(ObjectUpdate, self).get(request, template_name, url_suffix, **kwargs) if form_data_url_suffix: self.url = self.url + form_data_url_suffix results = csrf_request(request=request, url=self.url, request_type='GET', is_authenticated=True) if results.status_code is 200: try: objects = results.json() self.context['form_data'] = objects['form_data'] except Exception as e: return handle_error(request=request, error_message=str(e), status_code=results.status_code) else: return handle_error(request=request, error_message=results.text, status_code=results.status_code) return render(request, self.template_name, context=self.context)
def csrf_request(request, url, request_type='POST', api_data={}, headers={}, is_authenticated=False): # add authorization header to existing headers if is_authenticated == True if is_authenticated is True: if 'token' in request.session: headers['Authorization'] = 'JWT ' + request.session['token'] else: return handle_error(request=request, error_message='No token found in session', status_code=ErrorStatus.NOT_AUTHENTICATED) # add csrf header to existing headers if request: headers['HTTP_X_CSRFTOKEN'] = request.COOKIES['csrftoken'] try: if request_type is 'POST': return requests.post(url, data=api_data, headers=headers) elif request_type is 'GET': return requests.get(url, headers=headers) elif request_type is 'DELETE': return requests.delete(url, headers=headers) elif request_type is 'PUT': return requests.put(url, data=api_data, headers=headers) except ConnectionError as e: return handle_error(request=request, error_message='Connection Error' + str(e), status_code=ErrorStatus.SERVER_ERROR)
def password_change(request): template_name = 'accounts/password-change.html' url = settings.API_BASE_URL + '/accounts/password/change/' if request.POST: log.debug("POST dictionary contains :: " + str(request.POST)) password1 = request.POST.get('password1') password2 = request.POST.get('password2') api_data = { 'new_password1': password1, 'new_password2': password2, } results = csrf_request(request=request, request_type='POST', url=url, api_data=api_data, is_authenticated=True) log.debug("password change returned :: " + str(results)) if results is not None: if results.status_code == 200: return redirect('password-change-done') else: return handle_error(request, results.status_code) else: # TODO is this the right template to send this to? return handle_error(request, results.status_code) else: return render(request, template_name)
def get(self, request, template_name, url_suffix, form_data_url_suffix, **kwargs): super(ObjectUpdateRelated, self).get(request) url = self.url + url_suffix + '{}/' pk = self.kwargs.get('pk') url = url.format(pk) results = csrf_request(request=request, url=url, request_type='GET', is_authenticated=True) if results.status_code is 200: objects = results.json() self.context['object'] = objects url = self.url + form_data_url_suffix results = csrf_request(request=request, url=url, request_type='GET', is_authenticated=True) if results.status_code is 200: try: objects = results.json() self.context['form_data'] = objects['form_data'] except Exception as e: return handle_error(request=request, error_message=results.text, status_code=results.status_code) else: return handle_error(request=request, error_message=results.text, status_code=results.status_code) return render(request, self.template_name, context=self.context)
def login_ui(request): if request.POST: username = request.POST.get('username') password = request.POST.get('password') # log.debug("Attempting to authenticate :: " + username) try: user = authenticate(username=username, password=password, request=request) if user: if user.is_active: try: login(request, user) # log.debug("Request :: " + str(request.user)) # log.debug("Is authenticated :: " + str(user.is_authenticated())) return redirect('user-index') except Exception as e: return handle_error( request=request, status_code=ErrorStatus.NOT_AUTHENTICATED, error_message="Unable to authenticate " + str(e)) else: return handle_error(request=request, status_code=ErrorStatus.NOT_AUTHENTICATED, error_message="Authentication failure") except Exception as e: return handle_error(request=request, status_code=ErrorStatus.NOT_AUTHENTICATED, error_message="Unable to authenticate " + str(e)) else: return render(request, 'accounts/login.html')
def register(request): template_name = 'accounts/register.html' url = settings.API_BASE_URL + '/accounts/register/' if request.POST: log.debug("POST dictionary contains :: " + str(request.POST)) email = request.POST.get('email') password = request.POST.get('password') api_data = {'username': email, 'email': email, 'password': password} results = csrf_request(request=request, request_type='POST', url=url, api_data=api_data, is_authenticated=False) log.debug("register returned :: " + str(results)) if results is not None: if results.status_code == 200: return redirect('login') else: return handle_error(request, results.status_code) else: # TODO is this the right template to send this to? return handle_error(request, results.status_code) else: return render(request, template_name)
def verify_email(request): template_name = 'accounts/verify.html' url = settings.API_BASE_URL + '/accounts/verify-email/' if request.GET: key = request.GET.get('key') api_data = { 'key': key, } results = csrf_request(request=request, request_type='POST', url=url, api_data=api_data) if results is not None: if results.status_code == 200: return render(request, template_name) else: return handle_error(request, results.status_code) else: # TODO is this the right template to send this to? return handle_error(request, results.status_code) else: return redirect('login')
def login_ui(request): if request.POST: username = request.POST.get('username') password = request.POST.get('password') # log.debug("Attempting to authenticate :: " + username) try: user = authenticate(username=username, password=password, request=request) if user: if user.is_active: try: login(request, user) # log.debug("Request :: " + str(request.user)) # log.debug("Is authenticated :: " + str(user.is_authenticated())) return redirect('user-index') except Exception as e: return handle_error(request=request, status_code=ErrorStatus.NOT_AUTHENTICATED, error_message="Unable to authenticate " + str(e)) else: return handle_error(request=request, status_code=ErrorStatus.NOT_AUTHENTICATED, error_message="Authentication failure") except Exception as e: return handle_error(request=request, status_code=ErrorStatus.NOT_AUTHENTICATED, error_message="Unable to authenticate " + str(e)) else: return render(request, 'accounts/login.html')
def post(self, request, template_name, url_suffix, expected_fields, related_fields, redirect_url, multiple_fields=[], **kwargs): super(ObjectCreateRelated, self).post(request, **kwargs) self.url = self.url + url_suffix api_data = {} for field in expected_fields: # TODO explore validation here if field in related_fields: if field in request.POST: api_data[field] = int(request.POST.get(field)) else: api_data[field] = None else: if field in request.POST: api_data[field] = request.POST.get(field) else: api_data[field] = None # log.debug(" POST data " + str(request.POST)) for field in multiple_fields: if field in request.POST: string_values = request.POST.getlist(field) int_values = [] for value in string_values: int_values.append(int(value)) api_data[field] = int_values api_data = json.dumps(api_data) headers = {'Content-Type': 'application/json'} results = csrf_request(request=request, url=self.url, request_type='POST', api_data=api_data, headers=headers, is_authenticated=True) if results.status_code is 201: objects = results.json() self.context['object'] = objects return redirect(redirect_url) else: return handle_error(request=request, error_message=results.text, status_code=results.status_code)
def post(self, request, template_name, url_suffix, expected_fields, redirect_url, **kwargs): super(ObjectCreate, self).post(request, **kwargs) self.url = self.url + url_suffix api_data = {} for field in expected_fields: # TODO explore validation here api_data[field] = request.POST.get(field) api_data = json.dumps(api_data) headers = {'Content-Type': 'application/json'} results = csrf_request(request=request, url=self.url, request_type='POST', api_data=api_data, headers=headers, is_authenticated=True) if results.status_code is 201: objects = results.json() self.context['object'] = objects return redirect(redirect_url) else: return handle_error(request=request, error_message=results.text, status_code=results.status_code)
def post(self, request, template_name, url_suffix, expected_fields, redirect_url, **kwargs): super(ObjectUpdate, self).post(request, **kwargs) self.url = self.url + url_suffix + '{}/' pk = self.kwargs.get('pk') self.url = self.url.format(pk) api_data = {} for field in expected_fields: # TODO explore validation here api_data[field] = request.POST.get(field) api_data = json.dumps(api_data) headers = {'Content-Type': 'application/json'} results = csrf_request(request=request, url=self.url, request_type='PUT', api_data=api_data, headers=headers, is_authenticated=True) if results.status_code is 200: # TODO might actually want to redirect to the details page here instead of the index return redirect(redirect_url) else: return handle_error(request=request, error_message=results.text, status_code=results.status_code)
def password_reset_token(request): reset_template_name = 'accounts/password-reset.html' url = settings.API_BASE_URL + '/accounts/password/reset/confirm/' if request.GET: token = request.GET.get('token') uid = request.GET.get('uid') api_data = { 'token': token, 'uid': uid, } results = csrf_request(request=request, request_type='POST', url=url, api_data=api_data) if results is not None: if results.status_code == 200: return redirect('password-reset-confirm') else: return handle_error(request, results.status_code) else: # TODO is this the right template to send this to? return render(request, reset_template_name) else: return redirect('password-reset')
def password_reset_confirm(request): template_name = 'accounts/password-reset-confirm.html' reset_template_name = 'accounts/password-reset.html' url = settings.API_BASE_URL + '/accounts/password/reset/confirm/' if request.POST: password1 = request.POST.get('password1') password2 = request.POST.get('password2') api_data = { 'new_password1': password1, 'new_password2': password2, } results = csrf_request(request=request, request_type='POST', url=url, api_data=api_data) if results is not None: if results.status_code == 200: return redirect('password-reset-done') else: return handle_error(request, results.status_code) else: # TODO is this the right template to send this to? return render(request, reset_template_name) else: return render(request, template_name)
def verify_email(request): template_name = 'accounts/verify.html' url = settings.API_BASE_URL + '/accounts/verify-email/' if request.GET: key = request.GET.get('key') api_data = {'key': key, } results = csrf_request(request=request, request_type='POST', url=url, api_data=api_data) if results is not None: if results.status_code == 200: return render(request, template_name) else: return handle_error(request, results.status_code) else: # TODO is this the right template to send this to? return handle_error(request, results.status_code) else: return redirect('login')
def password_change(request): template_name = 'accounts/password-change.html' url = settings.API_BASE_URL + '/accounts/password/change/' if request.POST: log.debug("POST dictionary contains :: " + str(request.POST)) password1 = request.POST.get('password1') password2 = request.POST.get('password2') api_data = {'new_password1': password1, 'new_password2': password2, } results = csrf_request(request=request, request_type='POST', url=url, api_data=api_data, is_authenticated=True) log.debug("password change returned :: " + str(results)) if results is not None: if results.status_code == 200: return redirect('password-change-done') else: return handle_error(request, results.status_code) else: # TODO is this the right template to send this to? return handle_error(request, results.status_code) else: return render(request, template_name)
def get(self, request, template_name, url_suffix, **kwargs): super(ObjectAuthorizeCallback, self).get(request) self.url = self.url + url_suffix + '{}/' code = request.GET.get('code') self.url = self.url.format(code) results = csrf_request(request=request, url=self.url, request_type='GET', is_authenticated=True) if results.status_code is 200: return render(request, self.template_name, context=self.context) else: return handle_error(request=request, error_message=results.text, status_code=results.status_code)
def get(self, request, redirect_url, url_suffix, **kwargs): super(ObjectDelete, self).get(request) self.url = self.url + url_suffix + '{}/' pk = self.kwargs.get('pk') self.url = self.url.format(pk) results = csrf_request(request=request, url=self.url, request_type='DELETE', is_authenticated=True) if results.status_code is 204: return redirect(to=redirect_url) else: return handle_error(request=request, error_message=results.text, status_code=results.status_code)
def get(self, request, template_name, url_suffix): super(ObjectIndex, self).get(request) self.url = self.url + url_suffix results = csrf_request(request=request, url=self.url, request_type='GET', is_authenticated=True) if results.status_code is 200: objects = results.json() self.context['object_list'] = objects['results'] return render(request, self.template_name, context=self.context) else: return handle_error(request=request, error_message=results.text, status_code=results.status_code)
def password_reset(request): template_name = 'accounts/password-reset.html' url = settings.API_BASE_URL + '/accounts/password/reset/' if request.POST: email = request.POST.get('email') api_data = {'email': email} results = csrf_request(request=request, request_type='POST', url=url, api_data=api_data) if results is not None: if results.status_code == 200: return redirect(settings.LOGIN_REDIRECT_URL) else: return handle_error(request, results.status_code) else: return HttpResponseRedirect('login') else: return render(request, template_name)
def get(self, request, template_name, url_suffix, **kwargs): super(ObjectAuthorize, self).get(request) self.url = self.url + url_suffix + '{}/' pk = self.kwargs.get('pk') self.url = self.url.format(pk) results = csrf_request(request=request, url=self.url, request_type='GET', is_authenticated=True) if results.status_code is 200: authorize_url = results.json()['authorize_url'] return redirect(authorize_url) else: return handle_error(request=request, error_message=results.text, status_code=results.status_code)
def get(self, request, template_name, url_suffix, **kwargs): super(ObjectDetail, self).get(request) self.url = self.url + url_suffix + '{}/' pk = self.kwargs.get('pk') self.url = self.url.format(pk) results = csrf_request(request=request, url=self.url, request_type='GET', is_authenticated=True) if results.status_code is 200: objects = results.json() self.context['object'] = objects return render(request, self.template_name, context=self.context) else: return handle_error(request=request, error_message=results.text, status_code=results.status_code)
def password_reset_token(request): reset_template_name = 'accounts/password-reset.html' url = settings.API_BASE_URL + '/accounts/password/reset/confirm/' if request.GET: token = request.GET.get('token') uid = request.GET.get('uid') api_data = {'token': token, 'uid': uid, } results = csrf_request(request=request, request_type='POST', url=url, api_data=api_data) if results is not None: if results.status_code == 200: return redirect('password-reset-confirm') else: return handle_error(request, results.status_code) else: # TODO is this the right template to send this to? return render(request, reset_template_name) else: return redirect('password-reset')
def password_reset_confirm(request): template_name = 'accounts/password-reset-confirm.html' reset_template_name = 'accounts/password-reset.html' url = settings.API_BASE_URL + '/accounts/password/reset/confirm/' if request.POST: password1 = request.POST.get('password1') password2 = request.POST.get('password2') api_data = {'new_password1': password1, 'new_password2': password2, } results = csrf_request(request=request, request_type='POST', url=url, api_data=api_data) if results is not None: if results.status_code == 200: return redirect('password-reset-done') else: return handle_error(request, results.status_code) else: # TODO is this the right template to send this to? return render(request, reset_template_name) else: return render(request, template_name)
def refresh_jwt_token(request): url = settings.API_BASE_URL + '/api-token-refresh/' headers = {'Content-Type': 'application/json'} if 'token' in request.session: data = {'token': request.session['token']} data = json.dumps(data) try: results = requests.post(url, data=data, headers=headers) if results.status_code is 200: objects = results.json() request.session['token'] = objects['token'] else: log.debug("refresh_jwt_token :: Failed to refresh token :: " + str(results.status_code) + "(" + str( results.content) + ")") except ConnectionError as e: return handle_error(request=request, error_message='Connection Error' + str(e), status_code=ErrorStatus.SERVER_ERROR) else: return redirect('login')