def save_instant_account(request) -> HttpResponse: request = get_json_body(request) username = request['username'] password = request['password'] if User.objects.all().filter(username=username).exists(): return JsonResponse(operation_response(error=True, message=f"User with username '{username}' already exists.")) if Account.objects.all().filter(name=username).exists(): return JsonResponse(operation_response(error=True, message=f"Account with username {username}' already exists.")) # Extremely arbitrary password requirements. Just to make sure a password has been filled in. if len(password) < 5: return JsonResponse(operation_response(error=True, message=f"Password not filled in or not long enough.")) # all seems fine, let's add the user user = User(**{'username': username}) user.set_password(password) user.is_active = True user.save() account = Account(**{ 'name': username, 'internet_nl_api_username': username, 'internet_nl_api_password': Account.encrypt_password(password), 'can_connect_to_internet_nl_api': Account.connect_to_internet_nl_api(username, password) }) account.save() dashboarduser = DashboardUser(**{'user': user, 'account': account}) dashboarduser.save() return JsonResponse(operation_response(success=True, message=f"Account and user with name '{username}' created!"))
def set_account(request) -> HttpResponse: request_data = get_json_body(request) selected_account_id: int = request_data['id'] if not selected_account_id: return JsonResponse( operation_response(error=True, message="No account supplied.")) dashboard_user = DashboardUser.objects.all().filter( user=request.user).first() # very new users don't have the dashboarduser fields filled in, and are thus not connected to an account. if not dashboard_user: dashboard_user = DashboardUser(**{ 'account': Account.objects.all().first(), 'user': request.user }) dashboard_user.account = Account.objects.get(id=selected_account_id) dashboard_user.save() return JsonResponse( operation_response(success=True, message="switched_account", data={'account_name': dashboard_user.account.name}))
def remove_tag_(request): data = get_json_body(request) remove_tag(account=get_account(request), urllist_id=data.get('urllist_id', []), url_ids=data.get('url_ids', []), tag=data.get('tag', "")) return JsonResponse(operation_response(success=True), safe=False)
def get_shared_report_(request, report_code: str) -> HttpResponse: # Explicitly NOT use jsonresponse as this loads the json data into an encoder which is extremely slow on large files data = get_json_body(request) return HttpResponse( # pylint: disable=http-response-with-content-type-json get_shared_report(report_code, data.get('share_code', '')), content_type="application/json")
def delete_url_from_urllist_(request): account = get_account(request) request = get_json_body(request) items_deleted, item_details = delete_url_from_urllist( account, request.get('list_id'), request.get('url_id')) return JsonResponse({ 'items_deleted': items_deleted, 'success': items_deleted })
def save_ad_hoc_tagged_report_(request, report_id: int): data = get_json_body(request) tags = data.get('tags', []) try: at_when: Optional[datetime] = datetime.fromisoformat( f"{data.get('custom_date')} {data.get('custom_time')}") except ValueError: at_when = None return JsonResponse( save_ad_hoc_tagged_report(get_account(request), report_id, tags, at_when))
def get_ad_hoc_tagged_report_(request, report_id: int): data = get_json_body(request) tags = data.get('tags', []) try: at_when: Optional[datetime] = datetime.fromisoformat( f"{data.get('custom_date')} {data.get('custom_time')}") except ValueError: at_when = None return HttpResponse( # pylint: disable=http-response-with-content-type-json ad_hoc_tagged_report(get_account(request), report_id, tags, at_when), content_type="application/json")
def session_login_(request): """ Note that login is not possible, as the session cookie must be set correctly. The CSRF is tied to the session cookie, so you cannot retrieve that in a different fashion. There are frameworks that allow you to login such as djoser, but they DO NOT do second factor authentication and there is nothing equivalent to django_second_factor_auth. So all logins and session management must be done, until we drop second factor auth or when there is a json api available for the latter. :param request: :return: """ # taken from: https://stackoverflow.com/questions/11891322/setting-up-a-user-login-in-python-django-using-json-and- if request.method != 'POST': sleep(2) return operation_response(error=True, message="post_only") # get the json data: parameters = get_json_body(request) username = parameters.get('username', '').strip() password = parameters.get('password', '').strip() if not username or not password: sleep(2) return operation_response(error=True, message="no_credentials_supplied") user = authenticate(username=username, password=password) if user is None: sleep(2) return operation_response(error=True, message="invalid_credentials") if not user.is_active: sleep(2) return operation_response(error=True, message="user_not_active") # todo: implement generate_challenge and verify_token, so we can do login from new site. devices = TOTPDevice.objects.all().filter(user=user, confirmed=True) if devices: sleep(2) return operation_response(error=True, message="second_factor_login_required") login(request, user) return operation_response(success=True, message="logged_in")
def scan_now_(request): return JsonResponse(scan_now(get_account(request), get_json_body(request)))
def add_urls_to_urllist(request): return JsonResponse( save_urllist_content(get_account(request), get_json_body(request)))
def alter_url_in_urllist_(request): return JsonResponse( alter_url_in_urllist(get_account(request), get_json_body(request)))
def delete_list_(request): return JsonResponse( delete_list(get_account(request), get_json_body(request)))
def update_list_settings_(request): return JsonResponse( update_list_settings(get_account(request), get_json_body(request)))
def x_share(request): data = get_json_body(request) account = get_account(request) return JsonResponse(share(account, data.get('report_id', -1), data.get('public_share_code', '')), safe=False)
def cancel_scan_(request): account = get_account(request) request = get_json_body(request) response = cancel_scan(account, request.get('id')) return JsonResponse(response)
def x_update_report_code(request): data = get_json_body(request) account = get_account(request) return JsonResponse(update_report_code(account, data.get('report_id', -1)), safe=False)
def save_report_settings_(request) -> JsonResponse: return JsonResponse(save_report_settings(get_account(request), get_json_body(request)))
def save_user_settings_(request) -> JsonResponse: return JsonResponse( save_user_settings(get_dashboarduser(request), get_json_body(request)))