def test_make_token_new(self):
"""
Test that create_token creates a token for users that don't have one
"""
user = User.objects.get(pk=2)
Token.objects.filter(user=user).delete()
self.assertEqual(Token.objects.filter(user=user).count(), 0)
create_token(user)
self.assertEqual(Token.objects.filter(user=user).count(), 1)
def post(self, request):
data = request.data
serializer = self.serializer_class(data=data)
serializer.is_valid(raise_exception=True)
username = serializer.data["username"]
password = serializer.data["password"]
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
logger.info(
f"Tried logging via API with unknown user: '******'")
return Response(
{'detail': 'Username or password unknown'},
status=status.HTTP_401_UNAUTHORIZED,
)
if user.check_password(password):
token = create_token(user)
return Response({'token': token.key}, status=status.HTTP_200_OK)
else:
logger.info(
f"User '{username}' tried logging via API with a wrong password"
)
return Response(
{'detail': 'Username or password unknown'},
status=status.HTTP_401_UNAUTHORIZED,
)
def post(self, request):
data = request.data
serializer = self.serializer_class(data=data)
serializer.is_valid(raise_exception=True)
user = serializer.save()
token = create_token(user)
return Response(
{
'message': 'api user successfully registered',
'token': token.key
},
status=status.HTTP_201_CREATED)
def test_make_token_force_new(self):
"""
Test that create_token returns the user's existing token
"""
user = User.objects.get(pk=2)
self.assertEqual(Token.objects.filter(user=user).count(), 1)
token_before = Token.objects.get(user=user).key
token = create_token(user, force_new=True).key
token_after = Token.objects.get(user=user).key
self.assertNotEqual(token_before, token_after)
self.assertEqual(token, token_after)
def api_key(request):
"""
Allows the user to generate an API key for the REST API
"""
context = {}
context.update(csrf(request))
try:
token = Token.objects.get(user=request.user)
except Token.DoesNotExist:
token = None
if request.GET.get('new_key'):
token = create_token(request.user, request.GET.get('new_key'))
# Redirect to get rid of the GET parameter
return HttpResponseRedirect(reverse('core:user:api-key'))
context['token'] = token
return render(request, 'user/api_key.html', context)