def serve_protected_document(request, file):
try:
user, _ = TokenAuthentication().authenticate(request=request)
except TypeError:
user = request.user
path, file_name = os.path.split(file)
try:
ref = Reference.objects.get(pdf=file)
if get_study_file_permission(user, ref.study):
# Split the elements of the path
response = FileResponse(ref.pdf, )
response[
"Content-Disposition"] = "attachment; filename=" + file_name
return response
else:
return HttpResponseForbidden()
except Reference.DoesNotExist:
datafile = get_object_or_404(DataFile, file=file)
study = datafile.study_set.all()[0]
if get_study_file_permission(user, study):
# Split the elements of the path
response = FileResponse(datafile.file, )
response[
"Content-Disposition"] = "attachment; filename=" + file_name
return response
else:
return HttpResponseForbidden()
def get_trajetos_por_viagem(request, viagem_id):
if not request.user.is_authenticated:
user = TokenAuthentication().authenticate(request)
if user is None:
return HttpResponse(status=401)
try:
val = int(viagem_id)
except ValueError:
raise APIException('Erro de validação: viagem_id')
trips = Trajeto.objects.filter(viagem_id=viagem_id)
res = []
for v in trips:
r = Route.objects.filter(origem=v.origem, destino=v.destino)
dist = None
vm = None
if len(r) > 0:
dist = r[0].dist
if dist is not None:
t = (v.data_final - v.data_inicio).total_seconds()
if t > 0:
vm = round(float(dist) / float(t) * 3.6)
res.append({
"id": v.id,
"inicio": v.origem,
"final": v.destino,
"data_inicio": v.data_inicio,
"data_final": v.data_final,
"velocidade_media": vm,
"distancia": dist
})
return JsonResponse({"result": res, "total": len(res)})
def get(self, request):
rest_request = Request(request)
try:
user_token = TokenAuthentication().authenticate(rest_request)
if user_token is None:
raise AuthenticationFailed
user, token = user_token
except AuthenticationFailed:
try:
user_session = SessionAuthentication().authenticate(
rest_request)
if user_session is None:
raise AuthenticationFailed
user, _ = user_session
if not user.has_perm('base.consume_curriculum'):
raise AuthenticationFailed
token, _ = Token.objects.get_or_create(user=user)
except AuthenticationFailed:
return JsonResponse({
'authenticated': False,
})
socialuser = SocialUser.user_for_django_user(user.id)
return JsonResponse({
'authenticated': True,
'preferencesInitialized': socialuser.has_initialized_preferences,
'token': token.key,
})
def get_contagens(request, data, codigo):
if not request.user.is_authenticated:
user = TokenAuthentication().authenticate(request)
if user is None:
return HttpResponse(status=401)
validate_fields(codigo, data, "1")
radar = Radar.objects.filter(codigo__contains=codigo)
if len(radar) == 0:
return HttpResponse(status=400)
r = radar[0]
dt = datetime.datetime(*[int(item) for item in data.split('-')])
ds = dt + datetime.timedelta(days=1)
contagens = Contagem.objects.filter(localidade=codigo,
data_e_hora__gte=dt,
data_e_hora__lt=ds)
res = [
{
"codigo": c.localidade,
"faixa": c.faixa,
"tipo": c.tipo,
"contagem": c.contagem,
"autuacoes": c.autuacoes,
# "placas":c.placas,
"data_e_hora": c.data_e_hora
} for c in contagens
]
return JsonResponse({"result": res})
def get_detalhes(request, codigo):
if not request.user.is_authenticated:
user = TokenAuthentication().authenticate(request)
if user is None:
return HttpResponse(status=401)
try:
val = int(codigo)
except ValueError:
raise APIException('Erro de validação: Código')
radar = Radar.objects.filter(codigo__contains=codigo)
if len(radar) == 0:
return HttpResponse(status=400)
r = radar[0]
res = {
"codigo": r.codigo,
"lote": r.lote,
"endereco": r.endereco,
"sentido": r.sentido,
"referencia": r.referencia,
"tipo_equip": r.tipo_equip,
"enquadramento": r.enquadrame,
"faixas": r.qtde_fxs_f,
"velocidade": r.velocidade,
"velocidade_cam_oni": r.velocidade_cam_oni,
"velocidade_carro_moto": r.velocidade_carro_moto,
"bairro": r.bairro,
"data_publicacao": r.data_publicacao,
"latitude": r.geom.y,
"longitude": r.geom.x
}
return JsonResponse(res)
def _inner(request, *args, **kwargs):
if not ANONYMOUS_WEB_APPS_USAGE.enabled(request.domain):
return HttpResponse(status=401)
try:
user, token = TokenAuthentication().authenticate(request)
except AuthenticationFailed, e:
return HttpResponse(e, status=401)
def dispatch(self, request, *args, **kwargs):
try:
user, token = TokenAuthentication().authenticate(request)
request.user = user
except:
pass
return super(GraphQLWithAuthView, self).dispatch(request, *args, **kwargs)
def create(self, request, *args, **kwargs):
_auth = TokenAuthentication().authenticate(request)
if not _auth:
return Response(status=status.HTTP_401_UNAUTHORIZED, data={'result': '验证失败'})
user = _auth[0]
request.data['user'] = user.pk
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
is_root = serializer.validated_data['is_root']
if not is_root: # 不是根评论
# 如果不是根评论, 下面的三个属性一定要有
super_comment = serializer.validated_data.get('super_comment') # 上层评论
if not super_comment:
return Response(status=status.HTTP_400_BAD_REQUEST, data={'result': '评论已被删除'})
belong_root = serializer.validated_data.get('belong_root') # 当前评论所属的根评论
article = serializer.validated_data['article']
if super_comment and \
belong_root and \
(article.id == belong_root.article.id) and \
((super_comment.belong_root == belong_root.id) or \
(super_comment.id == belong_root.id)):
self.perform_create(serializer)
return Response(status=status.HTTP_201_CREATED, data={'result': 'success', 'msg': '添加评论成功', 'data': serializer.data})
return Response(status=status.HTTP_400_BAD_REQUEST)
else: # 根评论
self.perform_create(serializer)
serializer.data['user'] = user
return Response(status=status.HTTP_201_CREATED, data={'result': 'success', 'msg': '添加评论成功', 'data': serializer.data})
def process_view(self, request, view_func, view_args, view_kwargs):
# 尝试Token认证 拿到用户
if not request.user.is_authenticated:
try:
result = TokenAuthentication().authenticate(request)
if result:
user, token = result
request.user = user
except Exception as e:
logger = logging.getLogger()
logger.warning(e)
# No need to process URLs if user already logged in
if request.user.is_authenticated:
if not request.user.is_active:
return json_response_suspended()
return None
for url in self.api_exceptions:
if url.match(request.path):
return None
for url in self.api_required:
if url.match(request.path):
return json_response_unauthorized()
# Explicitly return None for all non-matching requests
return None
def dispatch(self, request, *args, **kwargs):
""" Identifies permissions for an nginx location requiring admin
User must have the is_staff flag enabled.
Returns 200 on OK, returns 403 on Forbidden
"""
original_url = request.headers['X-Original-URI']
# For some reason, TokenAuthentication doesn't work by default
# So if the session authentication didn't trigger, manually check
# to see if a token was provided. Bail out if the user is anonymous
# before we get too far
user = request.user
if isinstance(user, AnonymousUser):
try:
(user, token) = TokenAuthentication().authenticate(request)
except Exception as e:
msg = "*Security Alert:* "
msg += f"Bad credentials presented for '{original_url}'"
Notify.notify_admin_msg(msg)
return HttpResponse(status=403)
if user.is_staff:
return HttpResponse(status=200)
else:
# Files that aren't in the whitelist or database are forbidden
msg = f"({user}/{user.id}): "
msg += f"Attempted to access unauthorized URL '{original_url}'"
msg += f"."
Notify.notify_admin_msg(msg)
return HttpResponse(status=403)
return HttpResponse(status=403)
def reset(request):
# Only run when in DEBUG mode! It's only used for tests
if not settings.DEBUG:
return HttpResponseBadRequest("Only allowed in debug mode.")
if not request.user.is_authenticated():
ret = TokenAuthentication().authenticate(request)
if ret is None:
return HttpResponseBadRequest("Couldn't authenticate")
login(request, ret[0])
# Only allow local users, for extra safety
if not request.user.email.endswith('@localhost'):
return HttpResponseBadRequest("Endpoint not allowed for user.")
# Delete all of the journal data for this user for a clear test env
request.user.journal_set.all().delete()
request.user.journalmember_set.all().delete()
try:
request.user.userinfo.delete()
except ObjectDoesNotExist:
pass
return HttpResponse()
def middleware(request):
user = request.user
user_auth_tuple = TokenAuthentication().authenticate(request)
if user_auth_tuple is not None:
(user, token) = user_auth_tuple
if user.is_authenticated and not user.is_superuser:
# If user has no profile, we create on.
if not hasattr(user, 'profile'):
Profile.objects.create(user=user)
now = timezone.now()
last_api_call = user.profile.last_api_call
udpate_user = False
if now.year != last_api_call.year or now.month != last_api_call.month :
# MonthlyActiveUser.objects.update_or_create(year=now.year, month=now.month)
udpate_user = True
if now.year != last_api_call.year or now.month != last_api_call.month or now.day != last_api_call.day :
# DailyActiveUser.objects.update_or_create(year=now.year, month=now.month, day=now.day)
udpate_user = True
if udpate_user:
user.profile.last_api_call = now
user.save()
# Perform actual request
response = get_response(request)
return response
def create(self, request, *args, **kwargs):
try:
aa = TokenAuthentication()
user_name, token = aa.authenticate(request)
print(user_name, token)
except Exception as e:
print(e)
result = {'return': 'fail', 'message': "auth fail."}
return Response(result, status=403)
if user_name != request.user:
result = {'return': 'fail', 'message': "others token."}
return Response(result, status=403)
validated_data = dict()
validated_data['name'] = request.data['name']
validated_data['jenkins_job'] = request.data['jenkins_job']
validated_data['git_url'] = request.data['git_url']
validated_data['script_url'] = request.data['script_url']
validated_data['manage_user'] = request.user
try:
App.objects.create(**validated_data)
response_data = {
'result': 'success',
'message': u'新App服务应用插入数据库成功!'
}
return Response(response_data, status=status.HTTP_201_CREATED)
except Exception as e:
print(e, "$$$$$$$$$$$$$$$$$$")
response_data = {
'result': 'failed',
'message': u'App服务应用不能正确插入数据库'
}
return Response(response_data, status=status.HTTP_400_BAD_REQUEST)
def validate_user(request):
# check if we are api user or session user
if not request.user.is_authenticated:
try:
ta = TokenAuthentication()
ta.authenticate(request)
except AuthenticationFailed:
raise PermissionDenied()
def authenticate(self, request=None, **kwargs):
try:
user, token = TokenAuthentication().authenticate(request=request)
return user
except Exception as exp:
print(exp)
return None
def get_authenticate_header(self, request):
auth = get_authorization_header(request).split()
if auth and auth[0].lower() == b'token':
return TokenAuthentication().authenticate_header(request)
return super(AuthenticateHeaderMixin, self)\
.get_authenticate_header(request)
def _func(root, info, *args, **kwargs):
authenticator = TokenAuthentication()
user_auth_tuple = authenticator.authenticate(info.context)
if user_auth_tuple is None:
return None
else:
info.context.user = user_auth_tuple[0]
return func(root, info, *args, **kwargs)
def get_authenticators(self):
try:
from knox.auth import TokenAuthentication
except ImportError:
warnings.warn('django-rest-knox must be installed for Knox authentication', ImportWarning)
raise
return [TokenAuthentication()]
def get_or_create_person(request):
user = request.user
if user is None or user.is_anonymous:
try:
token_auth = TokenAuthentication()
user, token = token_auth.authenticate(request)
except:
pass
if user.is_anonymous:
# Check if a session cookie exists
uuid = request.get_signed_cookie('uuid', None)
if uuid is not None:
# get person from uuid
person, created = Person.objects.get_or_create(uuid=uuid)
if created:
logger.info("Created new person, {0}".format(person))
else:
# Create person and set uuid
person = Person.objects.create()
request.session['uuid'] = person.uuid
else:
try:
person = Person.objects.get(user=user)
except ObjectDoesNotExist:
uuid = request.get_signed_cookie('uuid', None)
if uuid is not None:
person = Person.objects.get(uuid=uuid)
if person.user is not None:
if person.user is not user:
# Another user has signed in
# and this user needs a person!
person = Person.objects.create(user=user)
else:
person.user = user
else:
person = Person.objects.create(user=user)
first = '' if not user.first_name else user.first_name
last = '' if not user.last_name else user.last_name
if first == '' and last == '':
full_name = user.username
else:
full_name = '{0} {1}'.format(first, last)
if not person.full_name:
person.full_name = full_name
person.save()
request.session['uuid'] = person.uuid
if person:
try:
person.last_user_agent = request.META['HTTP_USER_AGENT']
person.save()
except:
pass
return person
def dispatch(self, request, *args, **kwargs):
try:
user, token = TokenAuthentication().authenticate(request)
self.valid_user = user
except:
return JsonResponse(
{"status": "Authentication credentials were not provided."},
status=status.HTTP_401_UNAUTHORIZED)
return super().dispatch(request, *args, **kwargs)
def process_request(self, request):
try:
token_auth = TokenAuthentication().authenticate(request)
if token_auth:
request.user = token_auth[0]
request.auth = token_auth[1]
request._dont_enforce_csrf_checks = True
except:
pass
class TokenAuthenticationMiddleware(object):
auth = TokenAuthentication()
def resolve(self, next, root, info, **kwargs):
if info.context.user.is_anonymous and request_authorization_matches_pattern(
info.context, token_pattern):
(info.context.user, _) = self.auth.authenticate(info.context)
return next(root, info, **kwargs)
def get_token_user(request):
user = None
try:
token_user = TokenAuthentication().authenticate(Request(request))
if token_user:
user = token_user[0]
except AuthenticationFailed:
pass
return user or AnonymousUser()
def __call__(self, scope):
key = scope['cookies'].get(AUTH_TOKEN_COOKIE_KEY)
try:
user, _ = TokenAuthentication().authenticate_credentials(key)
except AuthenticationFailed:
user = AnonymousUser()
close_old_connections()
# Return the inner application directly and let it run everything else
return self.inner(dict(scope, user=user))
def authenticate(self, request):
"""
Authenticate the request for anyone or if a valid token is provided, a user.
"""
try:
return TokenAuthentication.authenticate(TokenAuthentication(), request)
except Exception as e:
logger.debug(e)
return AnonymousUser(), None
def verify_access(self, request, hook_args):
if hook_args.insecure:
return
# unit tests may force authentication
if len(request.authenticators) == 0:
request.authenticators = [TokenAuthentication()]
request._authenticate()
perm = HookTokenPermission()
if not perm.has_permission(request, self):
self.permission_denied(request, message=getattr(perm, "message", None))
def info(self, request, pk=None):
auth = TokenAuthentication()
if not auth.authenticate(request):
raise exceptions.NotAuthenticated({'auth_token': "Auth error."})
current_customer = request.user
if not current_customer.is_authenticated:
raise exceptions.NotAuthenticated("Please provide auth token.")
return Response(CustomerSerializer(current_customer).data,
status=status.HTTP_200_OK)
def dispatch(self, request, *args, **kwargs):
try:
result = TokenAuthentication().authenticate(request)
if not result:
return JsonResponse({}, status=401)
request.user, _ = result
except AuthenticationFailed:
return JsonResponse({}, status=403)
return super(RestHookHandler, self).dispatch(request, *args, **kwargs)
def logout(self, request, *args, **kwargs):
"""
Logout a user with access token
"""
result = TokenAuthentication().authenticate(request)
if not result or len(result) != 2:
return Response({}, status=204)
user, token = result
self.perform_logout(user, token)
return Response({}, status=204)
def _get_user(self, request):
user = get_user(request)
if user.is_authenticated:
return user
token_authentication = TokenAuthentication()
try:
user, token = token_authentication.authenticate(request)
except:
pass
return user
