def post(self, request):
email = request.POST.get('email')
try:
if email is None:
raise User.DoesNotExist
except Exception as e:
print e
return Response(data={'error': e.message}, status=400)
try:
user = User.objects.get(email=email)
user_details = User.objects.filter(email=email)
userSerializer = UserSerializer(user_details, many=True)
if user.is_active == False:
return Response(status=404,
data={'error': 'user not verified'})
if not user.check_password("batman25"):
return Response(status=401,
data={'error': 'incorrect password'})
userToken = AccessToken.objects.filter(user=user)
print timezone.now()
if not user.qrhash == request.POST.get('qrcode'):
return Response(status=404,
data={'error': 'Qrcode is not valid'})
# if not timezone.now() >= user.qrhash_expiration:
# print user.qrhash
# print timezone.now()
# print
# return Response(status=404, data={'error': 'Qrcode is expired'})
# if user.ismobile_loggedin and timezone.now() <= userToken[0].expires:
# return Response(status=404, data={'error': 'You are already logged in any device'})
if userToken:
if timezone.now() <= userToken[0].expires:
user.ismobile_loggedin = True
user.save()
return Response(data={
'access_token': userToken[0].token,
'token_type': 'Bearer',
"email": userSerializer.data[0]['email'],
"name": userSerializer.data[0]['user_name'],
'avatar': userSerializer.data[0]['avatar'],
"scope": userToken[0].scope,
"role": {
'admin': userSerializer.data[0]['is_admin'],
'active': userSerializer.data[0]['is_active'],
},
"status": '200'
},
status=200)
else:
AccessToken.delete(userToken[0])
return self.issue_new_token(request, user, email)
else:
return self.issue_new_token(request, user, email)
except Exception as e:
print e.message
return Response(status=404, data={'error': e.message})
def post(self, request):
email = request.POST.get('email')
try:
if email is None:
raise User.DoesNotExist
except Exception as e:
return Response(data={'error': e.message}, status=400)
try:
user = User.objects.get(email=email)
if user.is_active == False:
return Response(status=404, data={'error': 'user deactivated'})
if user:
if not user.check_password(request.POST.get('password')):
return Response(status=401,
data={'error': 'incorrect password'})
userToken = AccessToken.objects.filter(user=user)
if userToken:
if timezone.now() <= userToken[0].expires:
return Response(data={
'access_token': userToken[0].token,
'token_type': 'Bearer',
"email": userToken[0].user.email,
"scope": userToken[0].scope
},
status=200)
else:
AccessToken.delete(userToken[0])
return self.issue_new_token(request, user, email)
else:
return self.issue_new_token(request, user, email)
except Exception as e:
return Response(status=404, data={'error': e.message})
class RoleEndpointTest(TestCase):
def setUp(self):
self.client = APIClient()
self.user = User.objects.create_user("Foo", "Bar", "*****@*****.**", "123456")
self.dev_user = User.objects.create_user("Foo", "Bar1", "*****@*****.**", "123456")
self.application = Application(
name="Test Application",
user=self.dev_user,
client_type=Application.CLIENT_PUBLIC,
authorization_grant_type=Application.GRANT_PASSWORD,
)
self.application.save()
self.token = AccessToken(
token="ABC123",
user=self.user,
expires=datetime.datetime.now() + datetime.timedelta(days=1),
scope='read write',
application=self.application
)
self.token.save()
self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + self.token.token)
def tearDown(self):
self.application.delete()
self.token.delete()
self.user.delete()
self.dev_user.delete()
def post(self, request):
email = request.POST.get('email')
try:
if email is None:
raise User.DoesNotExist
except Exception as e:
print e
return Response(data={'error': e.message}, status=400)
try:
user = User.objects.get(email=email)
user_details = User.objects.filter(email=email)
userSerializer = UserSerializer(user_details, many=True)
if user.is_active == False:
return Response(status=404,
data={'error': 'user not verified'})
if not user.check_password(request.POST.get('password')):
return Response(status=401,
data={'error': 'incorrect password'})
userToken = AccessToken.objects.filter(user=user)
if userToken:
if timezone.now() <= userToken[0].expires:
# print timezone.now() - timezone.timedelta(days=365)
# print timezone.now() + timezone.timedelta(minutes=598)
# print userToken[0].expires
# print timezone.now() + timezone.timedelta(minutes=598) <= userToken[0].expires
return Response(data={
'access_token': userToken[0].token,
'token_type': 'Bearer',
'avatar': userSerializer.data[0]['avatar'],
"email": userSerializer.data[0]['email'],
"name": userSerializer.data[0]['user_name'],
"scope": userToken[0].scope,
"role": {
'admin': userSerializer.data[0]['is_admin'],
'active': userSerializer.data[0]['is_active']
},
"status": '200'
},
status=200)
else:
AccessToken.delete(userToken[0])
return self.issue_new_token(request, user, email)
else:
return self.issue_new_token(request, user, email)
except Exception as e:
print e.message
return Response(status=404, data={'error': e.message})
def test_access_token_signal_update(self):
""" Create AccessToken check for update to user/app consent """
usr = self.user
app = self._create_application('ThePHR', user=usr)
# xwalk = Crosswalk.objects.get(user=usr)
this_moment = timezone.now()
future_time = this_moment + relativedelta(years=1)
a_tkn = AccessToken()
a_tkn.user = usr
a_tkn.application = app
a_tkn.token = "1234567890"
a_tkn.expires = future_time
a_tkn.scope = [
"patient/Patient.read", "patient/ExplanationOfBenefit.read"
]
a_tkn.save()
f_c = fhir_Consent.objects.get(user=usr, application=app)
# print("\nConsent:%s" % f_c)
# print("\nJSON Consent:\n%s\n" % pretty_json(f_c.consent))
self.assertEqual(f_c.consent['meta']['versionId'], "1")
a_tkn.delete()
a_tkn = AccessToken()
a_tkn.user = usr
a_tkn.application = app
a_tkn.token = "1234567890"
a_tkn.expires = future_time
a_tkn.scope = [
"patient/Patient.read", "patient/ExplanationOfBenefit.read"
]
a_tkn.save()
f_c = fhir_Consent.objects.get(user=usr, application=app)
# print("\nUpdated Consent:%s" % f_c)
# print("\nUpdated JSON Consent:\n%s\n" % pretty_json(f_c.consent))
self.assertEqual(f_c.consent['meta']['versionId'], "2")
def test_access_token_signal_update(self):
""" Create AccessToken check for update to user/app consent """
usr = self.user
app = self._create_application('ThePHR', user=usr)
# xwalk = Crosswalk.objects.get(user=usr)
this_moment = timezone.now()
future_time = this_moment + relativedelta(years=1)
a_tkn = AccessToken()
a_tkn.user = usr
a_tkn.application = app
a_tkn.token = "1234567890"
a_tkn.expires = future_time
a_tkn.scope = ["patient/Patient.read",
"patient/ExplanationOfBenefit.read"]
a_tkn.save()
f_c = fhir_Consent.objects.get(user=usr, application=app)
print("\nConsent:%s" % f_c)
print("\nJSON Consent:\n%s\n" % pretty_json(f_c.consent))
self.assertEqual(f_c.consent['meta']['versionId'], "1")
a_tkn.delete()
a_tkn = AccessToken()
a_tkn.user = usr
a_tkn.application = app
a_tkn.token = "1234567890"
a_tkn.expires = future_time
a_tkn.scope = ["patient/Patient.read",
"patient/ExplanationOfBenefit.read"]
a_tkn.save()
f_c = fhir_Consent.objects.get(user=usr, application=app)
print("\nUpdated Consent:%s" % f_c)
print("\nUpdated JSON Consent:\n%s\n" % pretty_json(f_c.consent))
self.assertEqual(f_c.consent['meta']['versionId'], "2")
def post(self, request):
token = AccessToken.objects.get(user=request.user)
AccessToken.delete(token)
return Response(status=200)
