Esempio n. 1
0
    def authenticate(self, request, auth_id, password):
        try:
            login_type = request.data['loginType'].upper()
            if login_type == LoginType.EMAIL:
                login_id = request.data['email']
                users = BlogsAuth.objects.filter(email=request.data['email'])
            else:
                login_id = request.data['phone']
                users = BlogsAuth.objects.filter(phone=request.data['phone'])

            if users.count() == 0:
                logger.error(
                    "user with login {} does not exists ".format(login_id))
                return HttpResponse(
                    http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
                    data="EMAIL_PHONE_DOES_NOT_EXIST")
            elif users.count() == 1:
                user = users[0]
                if user.check_password(password):
                    return user
                else:
                    return HttpResponse(
                        http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
                        data="PASSWORD_INCORRECT")
            else:
                logger.error("More than one user with login {} exists ".format(
                    login_id))
                return HttpResponse(
                    http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
                    data="MORE_THAN_ONE_USER_EXIST")
        except Exception as ex:
            logger.exception(ex)
            return None
Esempio n. 2
0
    def update_credentials(self, auth_id, type, updated_data):
        auth_obj = AuthServices.get_auth_obj(auth_id)
        if isinstance(auth_obj, HttpResponse):
            return auth_obj
        else:
            serializer = BlogsAuthSerializer(auth_obj,
                                             data={type: updated_data},
                                             partial=True)
            if serializer.is_valid():
                serializer.save()
                return HttpResponse(http_status=HttpStatus.HTTP_200_OK)
            else:
                logger.error("serialization error {}".format(
                    serializer.errors))
                return HttpResponse(
                    http_status=HttpStatus.HTTP_400_BAD_REQUEST,
                    data={'serialization_error': serializer.errors})


# unable to use function views because csrf error was raised.
# Class views set the csrf
# def update_email(request):
#     pass

# def update_phone(request):
#     pass

# def update_password(request):
#     pass
Esempio n. 3
0
 def post(self, request):
     try:
         logout(request)
         return HttpResponse(http_status=HttpStatus.HTTP_200_OK)
     except Exception as ex:
         logger.exception(ex)
         return HttpResponse(
             http_status=HttpStatus.HTTP_500_INTERNAL_SERVER_ERROR)
Esempio n. 4
0
    def process_request(self, request):
        if request.path not in URIS_TO_IGNORE_FOR_TOKEN_AUTH:
            auth_token = request.META.get('HTTP_AUTHORIZATION')
            if auth_token is None:
                return HttpResponse(http_status=HttpStatus.HTTP_403_FORBIDDEN,
                                    data="AUTH_TOKEN_REQUIRED")

            auth_header_type, auth_token = auth_token.split()
            if auth_header_type in SIMPLE_JWT['AUTH_HEADER_TYPES']:
                request.token = auth_token
            else:
                return HttpResponse(http_status=HttpStatus.HTTP_403_FORBIDDEN,
                                    data="AUTH_HEADER_TYPE_INVALID")
Esempio n. 5
0
 def _decode_token(token):
     try:
         return jwt.decode(
             token, 
             SIMPLE_JWT['SIGNING_KEY'], 
             leeway=SIMPLE_JWT['LEEWAY_TIME'], 
             algorithms=SIMPLE_JWT['ALGORITHM']
         )
     except (InvalidSignatureError, DecodeError):
         return HttpResponse(http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
             data="TOKEN_INVALID")
     except ExpiredSignatureError:
         return HttpResponse(http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
             data="TOKEN_EXPIRED")
Esempio n. 6
0
    def login_response(self, auth_obj):
        data = {
            'auth_token':
            Token.get_token(payload=self.create_jwt_payload(auth_obj))
        }

        return HttpResponse(http_status=HttpStatus.HTTP_200_OK, data=data)
 def get_auth_obj(auth_id):
     try:
         auth_obj = BlogsAuth.objects.get(auth_id=auth_id)
     except BlogsAuth.DoesNotExist:
         return HttpResponse(http_status=HttpStatus.HTTP_403_FORBIDDEN,
                             data='AUTH_ID_DOES_NOT_EXIST')
     return auth_obj
Esempio n. 8
0
    def post(self, request):
        data = request.data
        if len(data) != 1:
            return HttpResponse(http_status=HttpStatus.HTTP_400_BAD_REQUEST,
                                data="MORE_THAN_ONE_UPDATE_DATA")

        for key, val in data.items():
            credential_type = key
            updated_data = val

        if credential_type.upper() not in dir(UpdateCredentialsType):
            return HttpResponse(http_status=HttpStatus.HTTP_400_BAD_REQUEST,
                                data="INVALID_DATA_TO_UPDATE")

        if credential_type.upper() == UpdateCredentialsType.PASSWORD:
            updated_data = BlogsAuthSerializer.make_password(updated_data)

        return self.update_credentials(request.auth_id,
                                       credential_type.lower(), updated_data)
Esempio n. 9
0
 def get_user(self, auth_id):
     try:
         user = BlogsAuth.objects.get(auth_id=auth_id)
         if user.status == "ACTIVE":
             return user
         return HttpResponse(http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
                             data="USER_INACTIVE")
     except BlogsAuth.DoesNotExist:
         logger.error("user with auth_id {} not found".format(auth_id))
         return None
Esempio n. 10
0
 def refresh_token(access_token, refresh_token):
     response = JWTToken._decode_token(refresh_token)
     if isinstance(response, HttpResponse):
         return response
     
     if response['access_token'] == access_token:
         return Token.get_token({'auth_id':response['auth_id']})
     else:
         return HttpResponse(http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
             data="TOKEN_INVALID")
Esempio n. 11
0
 def post(self, request):
     self.sanitize_request_data(request.data)
     auth_obj = authenticate(request,
                             auth_id="",
                             password=request.data['password'])
     if isinstance(auth_obj, HttpResponse):
         return auth_obj
     elif auth_obj is not None:
         # login(request, auth_obj)
         # method is invoked to get same method invoked while register
         return self.login_response(auth_obj)
     else:
         return HttpResponse(
             http_status=HttpStatus.HTTP_500_INTERNAL_SERVER_ERROR,
             data="ERROR_OCCURRED")
Esempio n. 12
0
 def get(self, request):
     return HttpResponse(http_status=HttpStatus.HTTP_200_OK,
                         data="Kept only for testing using drf view")
Esempio n. 13
0
    def get(self, request):
        res = HttpResponse(http_status=HttpStatus.HTTP_200_OK,
                           data="hello world from blogs")

        return res
Esempio n. 14
0
 def get(self, request):
     print(request.auth_id)
     print(request.auth)
     return HttpResponse(http_status=HttpStatus.HTTP_200_OK,
                         data="hello world from auth")