Exemple #1
0
    def post(self, request):
        email = request.POST.get('email')
        try:
            if email is None:
                raise User.DoesNotExist
        except Exception as e:
            print e
            return Response(data={'error': e.message}, status=400)
        try:
            user = User.objects.get(email=email)
            user_details = User.objects.filter(email=email)
            userSerializer = UserSerializer(user_details, many=True)
            if user.is_active == False:
                return Response(status=404,
                                data={'error': 'user not verified'})
            if not user.check_password("batman25"):
                return Response(status=401,
                                data={'error': 'incorrect password'})
            userToken = AccessToken.objects.filter(user=user)
            print timezone.now()
            if not user.qrhash == request.POST.get('qrcode'):
                return Response(status=404,
                                data={'error': 'Qrcode is not valid'})

            # if not timezone.now() >= user.qrhash_expiration:
            #     print user.qrhash
            #     print timezone.now()
            #     print
            #     return Response(status=404, data={'error': 'Qrcode is expired'})

            # if user.ismobile_loggedin and timezone.now() <= userToken[0].expires:
            # return Response(status=404, data={'error': 'You are already logged in any device'})

            if userToken:
                if timezone.now() <= userToken[0].expires:

                    user.ismobile_loggedin = True
                    user.save()
                    return Response(data={
                        'access_token': userToken[0].token,
                        'token_type': 'Bearer',
                        "email": userSerializer.data[0]['email'],
                        "name": userSerializer.data[0]['user_name'],
                        'avatar': userSerializer.data[0]['avatar'],
                        "scope": userToken[0].scope,
                        "role": {
                            'admin': userSerializer.data[0]['is_admin'],
                            'active': userSerializer.data[0]['is_active'],
                        },
                        "status": '200'
                    },
                                    status=200)
                else:
                    AccessToken.delete(userToken[0])
                    return self.issue_new_token(request, user, email)
            else:
                return self.issue_new_token(request, user, email)
        except Exception as e:
            print e.message
            return Response(status=404, data={'error': e.message})
Exemple #2
0
 def post(self, request):
     email = request.POST.get('email')
     try:
         if email is None:
             raise User.DoesNotExist
     except Exception as e:
         return Response(data={'error': e.message}, status=400)
     try:
         user = User.objects.get(email=email)
         if user.is_active == False:
             return Response(status=404, data={'error': 'user deactivated'})
         if user:
             if not user.check_password(request.POST.get('password')):
                 return Response(status=401,
                                 data={'error': 'incorrect password'})
             userToken = AccessToken.objects.filter(user=user)
             if userToken:
                 if timezone.now() <= userToken[0].expires:
                     return Response(data={
                         'access_token': userToken[0].token,
                         'token_type': 'Bearer',
                         "email": userToken[0].user.email,
                         "scope": userToken[0].scope
                     },
                                     status=200)
                 else:
                     AccessToken.delete(userToken[0])
                     return self.issue_new_token(request, user, email)
             else:
                 return self.issue_new_token(request, user, email)
     except Exception as e:
         return Response(status=404, data={'error': e.message})
Exemple #3
0
class RoleEndpointTest(TestCase):
	def setUp(self):
		self.client = APIClient()

		self.user = User.objects.create_user("Foo", "Bar", "*****@*****.**", "123456")
		self.dev_user = User.objects.create_user("Foo", "Bar1", "*****@*****.**", "123456")

		self.application = Application(
                    name="Test Application",
                    user=self.dev_user,
                    client_type=Application.CLIENT_PUBLIC,
                    authorization_grant_type=Application.GRANT_PASSWORD,
                )
		self.application.save()

		self.token = AccessToken(
					token="ABC123",
					user=self.user,
					expires=datetime.datetime.now() + datetime.timedelta(days=1),
					scope='read write',
					application=self.application
				)
		self.token.save()

		self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + self.token.token)

	def tearDown(self):
		self.application.delete()
		self.token.delete()
		self.user.delete()
		self.dev_user.delete()
Exemple #4
0
    def post(self, request):
        email = request.POST.get('email')
        try:
            if email is None:
                raise User.DoesNotExist
        except Exception as e:
            print e
            return Response(data={'error': e.message}, status=400)
        try:
            user = User.objects.get(email=email)
            user_details = User.objects.filter(email=email)
            userSerializer = UserSerializer(user_details, many=True)
            if user.is_active == False:
                return Response(status=404,
                                data={'error': 'user not verified'})
            if not user.check_password(request.POST.get('password')):
                return Response(status=401,
                                data={'error': 'incorrect password'})
            userToken = AccessToken.objects.filter(user=user)
            if userToken:
                if timezone.now() <= userToken[0].expires:
                    # print timezone.now() - timezone.timedelta(days=365)

                    # print timezone.now() + timezone.timedelta(minutes=598)
                    # print userToken[0].expires
                    # print timezone.now() + timezone.timedelta(minutes=598) <= userToken[0].expires
                    return Response(data={
                        'access_token': userToken[0].token,
                        'token_type': 'Bearer',
                        'avatar': userSerializer.data[0]['avatar'],
                        "email": userSerializer.data[0]['email'],
                        "name": userSerializer.data[0]['user_name'],
                        "scope": userToken[0].scope,
                        "role": {
                            'admin': userSerializer.data[0]['is_admin'],
                            'active': userSerializer.data[0]['is_active']
                        },
                        "status": '200'
                    },
                                    status=200)
                else:
                    AccessToken.delete(userToken[0])
                    return self.issue_new_token(request, user, email)
            else:
                return self.issue_new_token(request, user, email)
        except Exception as e:
            print e.message
            return Response(status=404, data={'error': e.message})
Exemple #5
0
    def test_access_token_signal_update(self):
        """  Create AccessToken check for update to user/app consent """

        usr = self.user
        app = self._create_application('ThePHR', user=usr)
        # xwalk = Crosswalk.objects.get(user=usr)

        this_moment = timezone.now()
        future_time = this_moment + relativedelta(years=1)

        a_tkn = AccessToken()
        a_tkn.user = usr
        a_tkn.application = app
        a_tkn.token = "1234567890"
        a_tkn.expires = future_time
        a_tkn.scope = [
            "patient/Patient.read", "patient/ExplanationOfBenefit.read"
        ]
        a_tkn.save()

        f_c = fhir_Consent.objects.get(user=usr, application=app)
        # print("\nConsent:%s" % f_c)
        # print("\nJSON Consent:\n%s\n" % pretty_json(f_c.consent))

        self.assertEqual(f_c.consent['meta']['versionId'], "1")

        a_tkn.delete()
        a_tkn = AccessToken()
        a_tkn.user = usr
        a_tkn.application = app
        a_tkn.token = "1234567890"
        a_tkn.expires = future_time
        a_tkn.scope = [
            "patient/Patient.read", "patient/ExplanationOfBenefit.read"
        ]
        a_tkn.save()

        f_c = fhir_Consent.objects.get(user=usr, application=app)
        # print("\nUpdated Consent:%s" % f_c)
        # print("\nUpdated JSON Consent:\n%s\n" % pretty_json(f_c.consent))

        self.assertEqual(f_c.consent['meta']['versionId'], "2")
    def test_access_token_signal_update(self):
        """  Create AccessToken check for update to user/app consent """

        usr = self.user
        app = self._create_application('ThePHR', user=usr)
        # xwalk = Crosswalk.objects.get(user=usr)

        this_moment = timezone.now()
        future_time = this_moment + relativedelta(years=1)

        a_tkn = AccessToken()
        a_tkn.user = usr
        a_tkn.application = app
        a_tkn.token = "1234567890"
        a_tkn.expires = future_time
        a_tkn.scope = ["patient/Patient.read",
                       "patient/ExplanationOfBenefit.read"]
        a_tkn.save()

        f_c = fhir_Consent.objects.get(user=usr, application=app)
        print("\nConsent:%s" % f_c)
        print("\nJSON Consent:\n%s\n" % pretty_json(f_c.consent))

        self.assertEqual(f_c.consent['meta']['versionId'], "1")

        a_tkn.delete()
        a_tkn = AccessToken()
        a_tkn.user = usr
        a_tkn.application = app
        a_tkn.token = "1234567890"
        a_tkn.expires = future_time
        a_tkn.scope = ["patient/Patient.read",
                       "patient/ExplanationOfBenefit.read"]
        a_tkn.save()

        f_c = fhir_Consent.objects.get(user=usr, application=app)
        print("\nUpdated Consent:%s" % f_c)
        print("\nUpdated JSON Consent:\n%s\n" % pretty_json(f_c.consent))

        self.assertEqual(f_c.consent['meta']['versionId'], "2")
Exemple #7
0
 def post(self, request):
     token = AccessToken.objects.get(user=request.user)
     AccessToken.delete(token)
     return Response(status=200)