def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
if serializer.is_valid():
serializer.save()
return responses.data_response(serializer.data, status.HTTP_201_CREATED)
return responses.error_response(serializer.errors)
def retrieve(self, request, *args, **kwargs):
token = self.get_object()
try:
self._replace_expired_token(token)
serializer = self.get_serializer(token)
return responses.data_response(serializer.data)
except ValueError as e:
token.delete()
return responses.error_response(str(e))
def create(self, request, *args, **kwargs):
"""
Create a token using the given code and associates it with the given oauth_client and user
:param request:
:param args:
:param kwargs:
:return:
"""
user = request.user
try:
code = request.data.get('code')
oauth_client = request.data.get('oauth_client')
# actually get the oauth_client object
# Can take either name or id
try:
oauth_client = OauthClient.objects.get(id=int(oauth_client))
except ValueError:
oauth_client = OauthClient.objects.get(name=oauth_client)
if None in (code, oauth_client):
raise ValueError(request.data)
payload = {
'grant_type': 'authorization_code', # OAuth 2.0 specification
'code': code,
'redirect_uri': oauth_client.redirect_uri
}
auth = None
if oauth_client.authorize_using_header:
auth = (oauth_client.client_id, oauth_client.client_secret)
else:
payload['client_id'] = oauth_client.client_id
payload['client_secret'] = oauth_client.client_secret
r = requests.post(oauth_client.token_url, payload, auth=auth, headers=self.HEADERS)
if r.status_code == 200:
# Painful debugging note: Yea... it returns a tuple.
token, created = Token.objects.update_or_create(user=user, oauth_client=oauth_client,
defaults=r.json())
serializer = TokenSerializer(token)
return responses.data_response(serializer.data)
else:
raise ValueError('failed get token request')
except OauthClient.DoesNotExist:
return responses.error_response('Invalid oauth_client_id.')
except ValueError:
return responses.INVALID_DATA_RESPONSE
def post(request, *args, **kwargs):
username = request.data.get('username')
password = request.data.get('password')
user = authenticate(username=username, password=password)
if user is not None:
login(request, user)
serializer = UserSerializer(user)
return responses.data_response(serializer.data)
else:
return responses.error_response('Invalid credentials.')
def destroy(self, request, *args, **kwargs):
token = self.get_object()
oauth_client = token.oauth_client
access_token = token.access_token
token.delete()
# Process is not uniform across different companies
if oauth_client.name == 'reddit':
auth = (oauth_client.client_id, oauth_client.client_secret)
data = {'token': access_token}
r = requests.post(oauth_client.revoke_url, data, auth=auth, headers=self.HEADERS)
if r.status_code < 300:
return responses.success_response('Token deleted.')
else:
return responses.error_response('Revoke token error.')