def serve_protected_document(request, file): try: user, _ = TokenAuthentication().authenticate(request=request) except TypeError: user = request.user path, file_name = os.path.split(file) try: ref = Reference.objects.get(pdf=file) if get_study_file_permission(user, ref.study): # Split the elements of the path response = FileResponse(ref.pdf, ) response[ "Content-Disposition"] = "attachment; filename=" + file_name return response else: return HttpResponseForbidden() except Reference.DoesNotExist: datafile = get_object_or_404(DataFile, file=file) study = datafile.study_set.all()[0] if get_study_file_permission(user, study): # Split the elements of the path response = FileResponse(datafile.file, ) response[ "Content-Disposition"] = "attachment; filename=" + file_name return response else: return HttpResponseForbidden()
def get_trajetos_por_viagem(request, viagem_id): if not request.user.is_authenticated: user = TokenAuthentication().authenticate(request) if user is None: return HttpResponse(status=401) try: val = int(viagem_id) except ValueError: raise APIException('Erro de validação: viagem_id') trips = Trajeto.objects.filter(viagem_id=viagem_id) res = [] for v in trips: r = Route.objects.filter(origem=v.origem, destino=v.destino) dist = None vm = None if len(r) > 0: dist = r[0].dist if dist is not None: t = (v.data_final - v.data_inicio).total_seconds() if t > 0: vm = round(float(dist) / float(t) * 3.6) res.append({ "id": v.id, "inicio": v.origem, "final": v.destino, "data_inicio": v.data_inicio, "data_final": v.data_final, "velocidade_media": vm, "distancia": dist }) return JsonResponse({"result": res, "total": len(res)})
def get(self, request): rest_request = Request(request) try: user_token = TokenAuthentication().authenticate(rest_request) if user_token is None: raise AuthenticationFailed user, token = user_token except AuthenticationFailed: try: user_session = SessionAuthentication().authenticate( rest_request) if user_session is None: raise AuthenticationFailed user, _ = user_session if not user.has_perm('base.consume_curriculum'): raise AuthenticationFailed token, _ = Token.objects.get_or_create(user=user) except AuthenticationFailed: return JsonResponse({ 'authenticated': False, }) socialuser = SocialUser.user_for_django_user(user.id) return JsonResponse({ 'authenticated': True, 'preferencesInitialized': socialuser.has_initialized_preferences, 'token': token.key, })
def get_contagens(request, data, codigo): if not request.user.is_authenticated: user = TokenAuthentication().authenticate(request) if user is None: return HttpResponse(status=401) validate_fields(codigo, data, "1") radar = Radar.objects.filter(codigo__contains=codigo) if len(radar) == 0: return HttpResponse(status=400) r = radar[0] dt = datetime.datetime(*[int(item) for item in data.split('-')]) ds = dt + datetime.timedelta(days=1) contagens = Contagem.objects.filter(localidade=codigo, data_e_hora__gte=dt, data_e_hora__lt=ds) res = [ { "codigo": c.localidade, "faixa": c.faixa, "tipo": c.tipo, "contagem": c.contagem, "autuacoes": c.autuacoes, # "placas":c.placas, "data_e_hora": c.data_e_hora } for c in contagens ] return JsonResponse({"result": res})
def get_detalhes(request, codigo): if not request.user.is_authenticated: user = TokenAuthentication().authenticate(request) if user is None: return HttpResponse(status=401) try: val = int(codigo) except ValueError: raise APIException('Erro de validação: Código') radar = Radar.objects.filter(codigo__contains=codigo) if len(radar) == 0: return HttpResponse(status=400) r = radar[0] res = { "codigo": r.codigo, "lote": r.lote, "endereco": r.endereco, "sentido": r.sentido, "referencia": r.referencia, "tipo_equip": r.tipo_equip, "enquadramento": r.enquadrame, "faixas": r.qtde_fxs_f, "velocidade": r.velocidade, "velocidade_cam_oni": r.velocidade_cam_oni, "velocidade_carro_moto": r.velocidade_carro_moto, "bairro": r.bairro, "data_publicacao": r.data_publicacao, "latitude": r.geom.y, "longitude": r.geom.x } return JsonResponse(res)
def _inner(request, *args, **kwargs): if not ANONYMOUS_WEB_APPS_USAGE.enabled(request.domain): return HttpResponse(status=401) try: user, token = TokenAuthentication().authenticate(request) except AuthenticationFailed, e: return HttpResponse(e, status=401)
def dispatch(self, request, *args, **kwargs): try: user, token = TokenAuthentication().authenticate(request) request.user = user except: pass return super(GraphQLWithAuthView, self).dispatch(request, *args, **kwargs)
def create(self, request, *args, **kwargs): _auth = TokenAuthentication().authenticate(request) if not _auth: return Response(status=status.HTTP_401_UNAUTHORIZED, data={'result': '验证失败'}) user = _auth[0] request.data['user'] = user.pk serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) is_root = serializer.validated_data['is_root'] if not is_root: # 不是根评论 # 如果不是根评论, 下面的三个属性一定要有 super_comment = serializer.validated_data.get('super_comment') # 上层评论 if not super_comment: return Response(status=status.HTTP_400_BAD_REQUEST, data={'result': '评论已被删除'}) belong_root = serializer.validated_data.get('belong_root') # 当前评论所属的根评论 article = serializer.validated_data['article'] if super_comment and \ belong_root and \ (article.id == belong_root.article.id) and \ ((super_comment.belong_root == belong_root.id) or \ (super_comment.id == belong_root.id)): self.perform_create(serializer) return Response(status=status.HTTP_201_CREATED, data={'result': 'success', 'msg': '添加评论成功', 'data': serializer.data}) return Response(status=status.HTTP_400_BAD_REQUEST) else: # 根评论 self.perform_create(serializer) serializer.data['user'] = user return Response(status=status.HTTP_201_CREATED, data={'result': 'success', 'msg': '添加评论成功', 'data': serializer.data})
def process_view(self, request, view_func, view_args, view_kwargs): # 尝试Token认证 拿到用户 if not request.user.is_authenticated: try: result = TokenAuthentication().authenticate(request) if result: user, token = result request.user = user except Exception as e: logger = logging.getLogger() logger.warning(e) # No need to process URLs if user already logged in if request.user.is_authenticated: if not request.user.is_active: return json_response_suspended() return None for url in self.api_exceptions: if url.match(request.path): return None for url in self.api_required: if url.match(request.path): return json_response_unauthorized() # Explicitly return None for all non-matching requests return None
def dispatch(self, request, *args, **kwargs): """ Identifies permissions for an nginx location requiring admin User must have the is_staff flag enabled. Returns 200 on OK, returns 403 on Forbidden """ original_url = request.headers['X-Original-URI'] # For some reason, TokenAuthentication doesn't work by default # So if the session authentication didn't trigger, manually check # to see if a token was provided. Bail out if the user is anonymous # before we get too far user = request.user if isinstance(user, AnonymousUser): try: (user, token) = TokenAuthentication().authenticate(request) except Exception as e: msg = "*Security Alert:* " msg += f"Bad credentials presented for '{original_url}'" Notify.notify_admin_msg(msg) return HttpResponse(status=403) if user.is_staff: return HttpResponse(status=200) else: # Files that aren't in the whitelist or database are forbidden msg = f"({user}/{user.id}): " msg += f"Attempted to access unauthorized URL '{original_url}'" msg += f"." Notify.notify_admin_msg(msg) return HttpResponse(status=403) return HttpResponse(status=403)
def reset(request): # Only run when in DEBUG mode! It's only used for tests if not settings.DEBUG: return HttpResponseBadRequest("Only allowed in debug mode.") if not request.user.is_authenticated(): ret = TokenAuthentication().authenticate(request) if ret is None: return HttpResponseBadRequest("Couldn't authenticate") login(request, ret[0]) # Only allow local users, for extra safety if not request.user.email.endswith('@localhost'): return HttpResponseBadRequest("Endpoint not allowed for user.") # Delete all of the journal data for this user for a clear test env request.user.journal_set.all().delete() request.user.journalmember_set.all().delete() try: request.user.userinfo.delete() except ObjectDoesNotExist: pass return HttpResponse()
def middleware(request): user = request.user user_auth_tuple = TokenAuthentication().authenticate(request) if user_auth_tuple is not None: (user, token) = user_auth_tuple if user.is_authenticated and not user.is_superuser: # If user has no profile, we create on. if not hasattr(user, 'profile'): Profile.objects.create(user=user) now = timezone.now() last_api_call = user.profile.last_api_call udpate_user = False if now.year != last_api_call.year or now.month != last_api_call.month : # MonthlyActiveUser.objects.update_or_create(year=now.year, month=now.month) udpate_user = True if now.year != last_api_call.year or now.month != last_api_call.month or now.day != last_api_call.day : # DailyActiveUser.objects.update_or_create(year=now.year, month=now.month, day=now.day) udpate_user = True if udpate_user: user.profile.last_api_call = now user.save() # Perform actual request response = get_response(request) return response
def create(self, request, *args, **kwargs): try: aa = TokenAuthentication() user_name, token = aa.authenticate(request) print(user_name, token) except Exception as e: print(e) result = {'return': 'fail', 'message': "auth fail."} return Response(result, status=403) if user_name != request.user: result = {'return': 'fail', 'message': "others token."} return Response(result, status=403) validated_data = dict() validated_data['name'] = request.data['name'] validated_data['jenkins_job'] = request.data['jenkins_job'] validated_data['git_url'] = request.data['git_url'] validated_data['script_url'] = request.data['script_url'] validated_data['manage_user'] = request.user try: App.objects.create(**validated_data) response_data = { 'result': 'success', 'message': u'新App服务应用插入数据库成功!' } return Response(response_data, status=status.HTTP_201_CREATED) except Exception as e: print(e, "$$$$$$$$$$$$$$$$$$") response_data = { 'result': 'failed', 'message': u'App服务应用不能正确插入数据库' } return Response(response_data, status=status.HTTP_400_BAD_REQUEST)
def validate_user(request): # check if we are api user or session user if not request.user.is_authenticated: try: ta = TokenAuthentication() ta.authenticate(request) except AuthenticationFailed: raise PermissionDenied()
def authenticate(self, request=None, **kwargs): try: user, token = TokenAuthentication().authenticate(request=request) return user except Exception as exp: print(exp) return None
def get_authenticate_header(self, request): auth = get_authorization_header(request).split() if auth and auth[0].lower() == b'token': return TokenAuthentication().authenticate_header(request) return super(AuthenticateHeaderMixin, self)\ .get_authenticate_header(request)
def _func(root, info, *args, **kwargs): authenticator = TokenAuthentication() user_auth_tuple = authenticator.authenticate(info.context) if user_auth_tuple is None: return None else: info.context.user = user_auth_tuple[0] return func(root, info, *args, **kwargs)
def get_authenticators(self): try: from knox.auth import TokenAuthentication except ImportError: warnings.warn('django-rest-knox must be installed for Knox authentication', ImportWarning) raise return [TokenAuthentication()]
def get_or_create_person(request): user = request.user if user is None or user.is_anonymous: try: token_auth = TokenAuthentication() user, token = token_auth.authenticate(request) except: pass if user.is_anonymous: # Check if a session cookie exists uuid = request.get_signed_cookie('uuid', None) if uuid is not None: # get person from uuid person, created = Person.objects.get_or_create(uuid=uuid) if created: logger.info("Created new person, {0}".format(person)) else: # Create person and set uuid person = Person.objects.create() request.session['uuid'] = person.uuid else: try: person = Person.objects.get(user=user) except ObjectDoesNotExist: uuid = request.get_signed_cookie('uuid', None) if uuid is not None: person = Person.objects.get(uuid=uuid) if person.user is not None: if person.user is not user: # Another user has signed in # and this user needs a person! person = Person.objects.create(user=user) else: person.user = user else: person = Person.objects.create(user=user) first = '' if not user.first_name else user.first_name last = '' if not user.last_name else user.last_name if first == '' and last == '': full_name = user.username else: full_name = '{0} {1}'.format(first, last) if not person.full_name: person.full_name = full_name person.save() request.session['uuid'] = person.uuid if person: try: person.last_user_agent = request.META['HTTP_USER_AGENT'] person.save() except: pass return person
def dispatch(self, request, *args, **kwargs): try: user, token = TokenAuthentication().authenticate(request) self.valid_user = user except: return JsonResponse( {"status": "Authentication credentials were not provided."}, status=status.HTTP_401_UNAUTHORIZED) return super().dispatch(request, *args, **kwargs)
def process_request(self, request): try: token_auth = TokenAuthentication().authenticate(request) if token_auth: request.user = token_auth[0] request.auth = token_auth[1] request._dont_enforce_csrf_checks = True except: pass
class TokenAuthenticationMiddleware(object): auth = TokenAuthentication() def resolve(self, next, root, info, **kwargs): if info.context.user.is_anonymous and request_authorization_matches_pattern( info.context, token_pattern): (info.context.user, _) = self.auth.authenticate(info.context) return next(root, info, **kwargs)
def get_token_user(request): user = None try: token_user = TokenAuthentication().authenticate(Request(request)) if token_user: user = token_user[0] except AuthenticationFailed: pass return user or AnonymousUser()
def __call__(self, scope): key = scope['cookies'].get(AUTH_TOKEN_COOKIE_KEY) try: user, _ = TokenAuthentication().authenticate_credentials(key) except AuthenticationFailed: user = AnonymousUser() close_old_connections() # Return the inner application directly and let it run everything else return self.inner(dict(scope, user=user))
def authenticate(self, request): """ Authenticate the request for anyone or if a valid token is provided, a user. """ try: return TokenAuthentication.authenticate(TokenAuthentication(), request) except Exception as e: logger.debug(e) return AnonymousUser(), None
def verify_access(self, request, hook_args): if hook_args.insecure: return # unit tests may force authentication if len(request.authenticators) == 0: request.authenticators = [TokenAuthentication()] request._authenticate() perm = HookTokenPermission() if not perm.has_permission(request, self): self.permission_denied(request, message=getattr(perm, "message", None))
def info(self, request, pk=None): auth = TokenAuthentication() if not auth.authenticate(request): raise exceptions.NotAuthenticated({'auth_token': "Auth error."}) current_customer = request.user if not current_customer.is_authenticated: raise exceptions.NotAuthenticated("Please provide auth token.") return Response(CustomerSerializer(current_customer).data, status=status.HTTP_200_OK)
def dispatch(self, request, *args, **kwargs): try: result = TokenAuthentication().authenticate(request) if not result: return JsonResponse({}, status=401) request.user, _ = result except AuthenticationFailed: return JsonResponse({}, status=403) return super(RestHookHandler, self).dispatch(request, *args, **kwargs)
def logout(self, request, *args, **kwargs): """ Logout a user with access token """ result = TokenAuthentication().authenticate(request) if not result or len(result) != 2: return Response({}, status=204) user, token = result self.perform_logout(user, token) return Response({}, status=204)
def _get_user(self, request): user = get_user(request) if user.is_authenticated: return user token_authentication = TokenAuthentication() try: user, token = token_authentication.authenticate(request) except: pass return user