def registerDetail(request):
tokenAuthentication = TokenAuthentication()
try:
user = tokenAuthentication.authenticate(request)
except exceptions.AuthenticationFailed:
response = HttpResponse(json.dumps({
'error':'fail'
}))
response.status_code='400'
else:
decodejson = json.loads(request.body)
babyname = decodejson['babyname']
birthday = None;
if 'birthday' in decodejson.keys():
birthday = decodejson['birthday']
if birthday :
birthday = birthday[0:10]
babyGender = int(decodejson['babyGender'])
parentGender = int(decodejson['parentGender'])
borned = int(decodejson['borned'])
userprofile = UserProfile.objects.get_or_create(user = user[0])
UserProfile.objects.filter(user = user[0]).update(babyName=babyname,babyGender=babyGender,parentGender=parentGender,borned=borned,birthday=birthday)
response = HttpResponse(json.dumps({
'msg':'success'
}))
response.status_code='200'
return response
def create(self, request, *args, **kwargs):
try:
aa = TokenAuthentication()
user_name, token = aa.authenticate(request)
print(user_name, token)
except Exception as e:
print(e)
result = {'return': 'fail', 'message': "auth fail."}
return Response(result, status=403)
if user_name != request.user:
result = {'return': 'fail', 'message': "others token."}
return Response(result, status=403)
validated_data = dict()
validated_data['name'] = request.data['name']
validated_data['jenkins_job'] = request.data['jenkins_job']
validated_data['git_url'] = request.data['git_url']
validated_data['script_url'] = request.data['script_url']
validated_data['manage_user'] = request.user
try:
App.objects.create(**validated_data)
response_data = {
'result': 'success',
'message': u'新App服务应用插入数据库成功!'
}
return Response(response_data, status=status.HTTP_201_CREATED)
except Exception as e:
print(e, "$$$$$$$$$$$$$$$$$$")
response_data = {
'result': 'failed',
'message': u'App服务应用不能正确插入数据库'
}
return Response(response_data, status=status.HTTP_400_BAD_REQUEST)
def authenticate_from_key(auth_key):
authenticate = TokenAuthentication()
user, token = authenticate.authenticate_credentials(auth_key)
if is_token_expired(token):
token.delete()
raise exceptions.AuthenticationFailed("token was expired")
return user
def validate_user(request):
# check if we are api user or session user
if not request.user.is_authenticated:
try:
ta = TokenAuthentication()
ta.authenticate(request)
except AuthenticationFailed:
raise PermissionDenied()
def _func(root, info, *args, **kwargs):
authenticator = TokenAuthentication()
user_auth_tuple = authenticator.authenticate(info.context)
if user_auth_tuple is None:
return None
else:
info.context.user = user_auth_tuple[0]
return func(root, info, *args, **kwargs)
def get_or_create_person(request):
user = request.user
if user is None or user.is_anonymous:
try:
token_auth = TokenAuthentication()
user, token = token_auth.authenticate(request)
except:
pass
if user.is_anonymous:
# Check if a session cookie exists
uuid = request.get_signed_cookie('uuid', None)
if uuid is not None:
# get person from uuid
person, created = Person.objects.get_or_create(uuid=uuid)
if created:
logger.info("Created new person, {0}".format(person))
else:
# Create person and set uuid
person = Person.objects.create()
request.session['uuid'] = person.uuid
else:
try:
person = Person.objects.get(user=user)
except ObjectDoesNotExist:
uuid = request.get_signed_cookie('uuid', None)
if uuid is not None:
person = Person.objects.get(uuid=uuid)
if person.user is not None:
if person.user is not user:
# Another user has signed in
# and this user needs a person!
person = Person.objects.create(user=user)
else:
person.user = user
else:
person = Person.objects.create(user=user)
first = '' if not user.first_name else user.first_name
last = '' if not user.last_name else user.last_name
if first == '' and last == '':
full_name = user.username
else:
full_name = '{0} {1}'.format(first, last)
if not person.full_name:
person.full_name = full_name
person.save()
request.session['uuid'] = person.uuid
if person:
try:
person.last_user_agent = request.META['HTTP_USER_AGENT']
person.save()
except:
pass
return person
def tokenAuthentication(self, request):
# default to session authentication
if not request.user or not request.user.is_authenticated():
try:
auth = TokenAuthentication()
user, token = auth.authenticate(request)
request.user = user
except Exception, e:
pass # ignore the attempt at authentication
def authenticate(self, request):
"""
Authenticate the request for anyone or if a valid token is provided, a user.
"""
try:
return TokenAuthentication.authenticate(TokenAuthentication(), request)
except Exception as e:
logger.debug(e)
return AnonymousUser(), None
def _get_user(self, request):
user = get_user(request)
if user.is_authenticated:
return user
token_authentication = TokenAuthentication()
try:
user, token = token_authentication.authenticate(request)
except:
pass
return user
def info(self, request, pk=None):
auth = TokenAuthentication()
if not auth.authenticate(request):
raise exceptions.NotAuthenticated({'auth_token': "Auth error."})
current_customer = request.user
if not current_customer.is_authenticated:
raise exceptions.NotAuthenticated("Please provide auth token.")
return Response(CustomerSerializer(current_customer).data,
status=status.HTTP_200_OK)
def obtain_user_from_token(r, token):
auth = TokenAuthentication()
response = auth.authenticate_credentials(token)
user = {
'id': response[0].id,
'username': response[0].username,
'first_name': response[0].first_name,
'token': token,
}
return HttpResponse(json.dumps(user))
def get_user(request):
token_authentication = TokenAuthentication()
try:
auth = token_authentication.authenticate(request)
except APIException:
return
if auth is None:
return
return auth[0]
def __init__(self, default_host="", transforms=None, **settings):
sockjs_path = settings.pop('sockjs_path', '/msg-listen')
self.router = SockJSRouter(MessageNotifier, sockjs_path)
self.router.__app__ = self
super(MessageDeliveryApp,
self).__init__(self.router.urls, default_host, transforms,
**settings)
self._registry = {}
self._redis_client = None
self.init_redis()
self._authenticator = TokenAuthentication()
self._log('initialized')
def on_login(self, token):
authenticator = TokenAuthentication()
try:
authenticator.authenticate_credentials(token)
except AuthenticationFailed as e:
return self.emit_error('error_login', e.detail)
self.request.user = Token.objects.get(key=token).user
self.lift_acl_restrictions()
return ['OK']
def lookup(self, request):
auth = TokenAuthentication()
try:
key = request.query_params['key']
user, key = auth.authenticate_credentials(key)
user_serializer = self.serializer_class(
user, context={'request': request})
return Response(user_serializer.data, status=status.HTTP_200_OK)
except KeyError:
return Response({'key': ["This field is required."]},
status=status.HTTP_400_BAD_REQUEST)
except AuthenticationFailed:
raise NotFound(detail="User doesn't exist")
def get_token_user(request):
user = get_user(request)
if user.is_authenticated:
return user
token_authentication = TokenAuthentication()
if get_authorization_header(request):
try:
user, _ = token_authentication.authenticate(request)
except Exception:
return user
return user
def set_password(self, request, *args, **kwargs):
password = request.data.get('password', None)
if not password:
raise exceptions.NotAcceptable(
"New password field 'password' required")
tAuth = TokenAuthentication()
try:
user, token = tAuth.authenticate(request)
except:
raise exceptions.NotAcceptable(detail="Unknown user or auth token")
self.perform_set_password(user, password)
return Response({})
def get_user(context):
"""Gets the user based on the Authorization header.
Takes the Authorization header and extracts the token.
Uses the token to identify which user is making the request.
"""
try:
token_authentication = TokenAuthentication()
# Will return None and raise TypeError if no auth header present
user, token = token_authentication.authenticate(context)
except TypeError:
return None
return user
def home(request):
tokenAuthentication = TokenAuthentication()
try:
user = tokenAuthentication.authenticate(request)
except exceptions.AuthenticationFailed:
response = HttpResponse(json.dumps({
'error':'fail'
}))
response.status_code='401'
else:
response = HttpResponse(json.dumps({
'msg':user[0].username
}))
response.status_code='200'
return response
def get(self, request):
rest_request = Request(request)
try:
user_token = TokenAuthentication().authenticate(rest_request)
if user_token is None:
raise AuthenticationFailed
user, token = user_token
except AuthenticationFailed:
try:
user_session = SessionAuthentication().authenticate(
rest_request)
if user_session is None:
raise AuthenticationFailed
user, _ = user_session
if not user.has_perm('base.consume_curriculum'):
raise AuthenticationFailed
token, _ = Token.objects.get_or_create(user=user)
except AuthenticationFailed:
return JsonResponse({
'authenticated': False,
})
socialuser = SocialUser.user_for_django_user(user.id)
return JsonResponse({
'authenticated': True,
'preferencesInitialized': socialuser.has_initialized_preferences,
'token': token.key,
})
def dispatch(self, request, *args, **kwargs):
try:
user, token = TokenAuthentication().authenticate(request)
request.user = user
except:
pass
return super(GraphQLWithAuthView, self).dispatch(request, *args, **kwargs)
def delete(self, request):
auth_key = request.data.get("auth", "")
authenticate = TokenAuthentication()
try:
user, token = authenticate.authenticate_credentials(auth_key)
except exceptions.AuthenticationFailed as err:
return Response({
"ok": False,
"detail": err.detail,
}, status=status.HTTP_403_FORBIDDEN)
token.delete()
return Response({
"ok": True,
"detail": token.created,
}, status=status.HTTP_202_ACCEPTED)
def process_view(self, request, view_func, view_args, view_kwargs):
# 尝试Token认证 拿到用户
if not request.user.is_authenticated:
try:
result = TokenAuthentication().authenticate(request)
if result:
user, token = result
request.user = user
except Exception as e:
logger = logging.getLogger()
logger.warning(e)
# No need to process URLs if user already logged in
if request.user.is_authenticated:
if not request.user.is_active:
return json_response_suspended()
return None
for url in self.api_exceptions:
if url.match(request.path):
return None
for url in self.api_required:
if url.match(request.path):
return json_response_unauthorized()
# Explicitly return None for all non-matching requests
return None
def _inner(request, *args, **kwargs):
if not ANONYMOUS_WEB_APPS_USAGE.enabled(request.domain):
return HttpResponse(status=401)
try:
user, token = TokenAuthentication().authenticate(request)
except AuthenticationFailed, e:
return HttpResponse(e, status=401)
def create(self, request, *args, **kwargs):
_auth = TokenAuthentication().authenticate(request)
if not _auth:
return Response(status=status.HTTP_401_UNAUTHORIZED, data={'result': '验证失败'})
user = _auth[0]
request.data['user'] = user.pk
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
is_root = serializer.validated_data['is_root']
if not is_root: # 不是根评论
# 如果不是根评论, 下面的三个属性一定要有
super_comment = serializer.validated_data.get('super_comment') # 上层评论
if not super_comment:
return Response(status=status.HTTP_400_BAD_REQUEST, data={'result': '评论已被删除'})
belong_root = serializer.validated_data.get('belong_root') # 当前评论所属的根评论
article = serializer.validated_data['article']
if super_comment and \
belong_root and \
(article.id == belong_root.article.id) and \
((super_comment.belong_root == belong_root.id) or \
(super_comment.id == belong_root.id)):
self.perform_create(serializer)
return Response(status=status.HTTP_201_CREATED, data={'result': 'success', 'msg': '添加评论成功', 'data': serializer.data})
return Response(status=status.HTTP_400_BAD_REQUEST)
else: # 根评论
self.perform_create(serializer)
serializer.data['user'] = user
return Response(status=status.HTTP_201_CREATED, data={'result': 'success', 'msg': '添加评论成功', 'data': serializer.data})
def get_contagens(request, data, codigo):
if not request.user.is_authenticated:
user = TokenAuthentication().authenticate(request)
if user is None:
return HttpResponse(status=401)
validate_fields(codigo, data, "1")
radar = Radar.objects.filter(codigo__contains=codigo)
if len(radar) == 0:
return HttpResponse(status=400)
r = radar[0]
dt = datetime.datetime(*[int(item) for item in data.split('-')])
ds = dt + datetime.timedelta(days=1)
contagens = Contagem.objects.filter(localidade=codigo,
data_e_hora__gte=dt,
data_e_hora__lt=ds)
res = [
{
"codigo": c.localidade,
"faixa": c.faixa,
"tipo": c.tipo,
"contagem": c.contagem,
"autuacoes": c.autuacoes,
# "placas":c.placas,
"data_e_hora": c.data_e_hora
} for c in contagens
]
return JsonResponse({"result": res})
def get_trajetos_por_viagem(request, viagem_id):
if not request.user.is_authenticated:
user = TokenAuthentication().authenticate(request)
if user is None:
return HttpResponse(status=401)
try:
val = int(viagem_id)
except ValueError:
raise APIException('Erro de validação: viagem_id')
trips = Trajeto.objects.filter(viagem_id=viagem_id)
res = []
for v in trips:
r = Route.objects.filter(origem=v.origem, destino=v.destino)
dist = None
vm = None
if len(r) > 0:
dist = r[0].dist
if dist is not None:
t = (v.data_final - v.data_inicio).total_seconds()
if t > 0:
vm = round(float(dist) / float(t) * 3.6)
res.append({
"id": v.id,
"inicio": v.origem,
"final": v.destino,
"data_inicio": v.data_inicio,
"data_final": v.data_final,
"velocidade_media": vm,
"distancia": dist
})
return JsonResponse({"result": res, "total": len(res)})
def get_detalhes(request, codigo):
if not request.user.is_authenticated:
user = TokenAuthentication().authenticate(request)
if user is None:
return HttpResponse(status=401)
try:
val = int(codigo)
except ValueError:
raise APIException('Erro de validação: Código')
radar = Radar.objects.filter(codigo__contains=codigo)
if len(radar) == 0:
return HttpResponse(status=400)
r = radar[0]
res = {
"codigo": r.codigo,
"lote": r.lote,
"endereco": r.endereco,
"sentido": r.sentido,
"referencia": r.referencia,
"tipo_equip": r.tipo_equip,
"enquadramento": r.enquadrame,
"faixas": r.qtde_fxs_f,
"velocidade": r.velocidade,
"velocidade_cam_oni": r.velocidade_cam_oni,
"velocidade_carro_moto": r.velocidade_carro_moto,
"bairro": r.bairro,
"data_publicacao": r.data_publicacao,
"latitude": r.geom.y,
"longitude": r.geom.x
}
return JsonResponse(res)
def serve_protected_document(request, file):
try:
user, _ = TokenAuthentication().authenticate(request=request)
except TypeError:
user = request.user
path, file_name = os.path.split(file)
try:
ref = Reference.objects.get(pdf=file)
if get_study_file_permission(user, ref.study):
# Split the elements of the path
response = FileResponse(ref.pdf, )
response[
"Content-Disposition"] = "attachment; filename=" + file_name
return response
else:
return HttpResponseForbidden()
except Reference.DoesNotExist:
datafile = get_object_or_404(DataFile, file=file)
study = datafile.study_set.all()[0]
if get_study_file_permission(user, study):
# Split the elements of the path
response = FileResponse(datafile.file, )
response[
"Content-Disposition"] = "attachment; filename=" + file_name
return response
else:
return HttpResponseForbidden()
def middleware(request):
user = request.user
user_auth_tuple = TokenAuthentication().authenticate(request)
if user_auth_tuple is not None:
(user, token) = user_auth_tuple
if user.is_authenticated and not user.is_superuser:
# If user has no profile, we create on.
if not hasattr(user, 'profile'):
Profile.objects.create(user=user)
now = timezone.now()
last_api_call = user.profile.last_api_call
udpate_user = False
if now.year != last_api_call.year or now.month != last_api_call.month :
# MonthlyActiveUser.objects.update_or_create(year=now.year, month=now.month)
udpate_user = True
if now.year != last_api_call.year or now.month != last_api_call.month or now.day != last_api_call.day :
# DailyActiveUser.objects.update_or_create(year=now.year, month=now.month, day=now.day)
udpate_user = True
if udpate_user:
user.profile.last_api_call = now
user.save()
# Perform actual request
response = get_response(request)
return response
def reset(request):
# Only run when in DEBUG mode! It's only used for tests
if not settings.DEBUG:
return HttpResponseBadRequest("Only allowed in debug mode.")
if not request.user.is_authenticated():
ret = TokenAuthentication().authenticate(request)
if ret is None:
return HttpResponseBadRequest("Couldn't authenticate")
login(request, ret[0])
# Only allow local users, for extra safety
if not request.user.email.endswith('@localhost'):
return HttpResponseBadRequest("Endpoint not allowed for user.")
# Delete all of the journal data for this user for a clear test env
request.user.journal_set.all().delete()
request.user.journalmember_set.all().delete()
try:
request.user.userinfo.delete()
except ObjectDoesNotExist:
pass
return HttpResponse()
def dispatch(self, request, *args, **kwargs):
""" Identifies permissions for an nginx location requiring admin
User must have the is_staff flag enabled.
Returns 200 on OK, returns 403 on Forbidden
"""
original_url = request.headers['X-Original-URI']
# For some reason, TokenAuthentication doesn't work by default
# So if the session authentication didn't trigger, manually check
# to see if a token was provided. Bail out if the user is anonymous
# before we get too far
user = request.user
if isinstance(user, AnonymousUser):
try:
(user, token) = TokenAuthentication().authenticate(request)
except Exception as e:
msg = "*Security Alert:* "
msg += f"Bad credentials presented for '{original_url}'"
Notify.notify_admin_msg(msg)
return HttpResponse(status=403)
if user.is_staff:
return HttpResponse(status=200)
else:
# Files that aren't in the whitelist or database are forbidden
msg = f"({user}/{user.id}): "
msg += f"Attempted to access unauthorized URL '{original_url}'"
msg += f"."
Notify.notify_admin_msg(msg)
return HttpResponse(status=403)
return HttpResponse(status=403)
def get_authenticators(self):
try:
from knox.auth import TokenAuthentication
except ImportError:
warnings.warn('django-rest-knox must be installed for Knox authentication', ImportWarning)
raise
return [TokenAuthentication()]
def authenticate(self, request=None, **kwargs):
try:
user, token = TokenAuthentication().authenticate(request=request)
return user
except Exception as exp:
print(exp)
return None
def get_authenticate_header(self, request):
auth = get_authorization_header(request).split()
if auth and auth[0].lower() == b'token':
return TokenAuthentication().authenticate_header(request)
return super(AuthenticateHeaderMixin, self)\
.get_authenticate_header(request)
def authenticate(self, request):
"""
Authenticate the request for anyone or if a valid token is provided, a user.
"""
try:
return TokenAuthentication.authenticate(TokenAuthentication(), request)
except:
return AnonymousUser(), None
def logout(request):
tokenAuthentication = TokenAuthentication()
try:
user = tokenAuthentication.authenticate(request)
except exceptions.AuthenticationFailed:
response = HttpResponse(json.dumps({
'error':'fail'
}))
response.status_code='400'
else:
token =Token.objects.get(user = user[0])
token.delete()
response = HttpResponse(json.dumps({
'msg':'success'
}))
response.status_code='200'
return response
def __call__(self, request):
token_auth_checker = TokenAuthentication()
user = None
try:
auth = token_auth_checker.authenticate(request)
if auth is None:
token_key = request.COOKIES.get('authToken')
if token_key is not None:
auth = token_auth_checker.authenticate_credentials(
token_key)
if auth is not None:
user = auth[0]
except drf_exceptions.AuthenticationFailed:
pass
request.user = user or AnonymousUser()
return self.get_response(request)
def wrapper(request, *args, **kwargs):
AUTH_TYPE = getattr(settings, 'IOS_NOTIFICATIONS_AUTHENTICATION', None)
if AUTH_TYPE is None or AUTH_TYPE not in VALID_AUTH_TYPES:
raise InvalidAuthenticationType('IOS_NOTIFICATIONS_AUTHENTICATION must be specified in your settings.py file.\
Valid options are "AuthBasic", "AuthBasicIsStaff" or "AuthNone"')
# Basic Authorization
elif AUTH_TYPE == 'AuthBasic' or AUTH_TYPE == 'AuthBasicIsStaff':
if 'HTTP_AUTHORIZATION' in request.META:
auth_type, encoded_user_password = request.META['HTTP_AUTHORIZATION'].split(' ')
try:
userpass = encoded_user_password.decode('base64')
except binascii.Error:
return JSONResponse({'error': 'invalid base64 encoded header'}, status=401)
try:
username, password = userpass.split(':')
except ValueError:
return JSONResponse({'error': 'malformed Authorization header'}, status=401)
user = authenticate(username=username, password=password)
if user is not None:
if AUTH_TYPE == 'AuthBasic' or user.is_staff:
return func(request, *args, **kwargs)
return JSONResponse({'error': 'authentication error'}, status=401)
return JSONResponse({'error': 'Authorization header not set'}, status=401)
elif AUTH_TYPE == 'rest_framework.authentication.TokenAuthentication':
from rest_framework.authentication import TokenAuthentication
from rest_framework.exceptions import AuthenticationFailed
token = TokenAuthentication()
try:
auth = token.authenticate(request=request)
if auth is None:
return JSONResponse({'error': 'Authorization header not set'}, status=401)
except AuthenticationFailed as e:
return JSONResponse({'error': e.detail}, status=401)
# AuthNone: No authorization.
return func(request, *args, **kwargs)
def get_verified_user(auth_token):
authenticator = TokenAuthentication()
verified_user, _ = authenticator.authenticate_credentials(auth_token)
return verified_user
