def comment_create_view(request, slug): if request.method == 'POST': token_type, token = request.META.get('HTTP_AUTHORIZATION').split() if (token_type != 'JWT'): return Response({'detail': 'No JWT Authentication Token Found'}, status=status.HTTP_400_BAD_REQUEST) token_data = {'token': token} try: valid_data = VerifyJSONWebTokenSerializer().validate(token_data) author = valid_data.get('user') except: return Response({'detail': 'Invalid Token, No Log in user'}, status.HTTP_400_BAD_REQUEST) #data = JSONParser().parse(request.data) data = request.data post = get_object_or_404(Post, slug=slug) data['author'] = author.pk data['post'] = post.pk serializer = CommentCreateSerializer(data=request.data) if serializer.is_valid(): serializer.save() return Response(serializer.data, status=status.HTTP_201_CREATED) else: return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) else: return Response({'comments': 'Something Went Wrong'}, status=status.HTTP_400_BAD_REQUEST)
def post_create_view(request): """View To Create New Post For The Logged In Users""" if request.method == 'POST': token_type, token = request.META.get('HTTP_AUTHORIZATION').split() if (token_type != 'JWT'): return Response({'detail': 'No JWT Authentication Token Found'}, status=status.HTTP_400_BAD_REQUEST) token_data = {'token': token} try: valid_data = VerifyJSONWebTokenSerializer().validate(token_data) user = valid_data.get('user') except: return Response({'detail': 'Invalid Token'}, status.HTTP_400_BAD_REQUEST) data = request.data data['author'] = user.pk # Adding User ID Of The Author serializer = PostCreateSerializer(data=data) if serializer.is_valid(): serializer.save() return Response(serializer.data, status=status.HTTP_201_CREATED) else: return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) else: return Response({'detail': 'Something Went Wrong'}, status=status.HTTP_400_BAD_REQUEST)
def post_delete_view(request): """View To Delete A Post For Logged In Users""" if request.method == 'DELETE': token_type, token = request.META.get('HTTP_AUTHORIZATION').split() if (token_type != 'JWT'): return Response({'detail': 'No JWT Authentication Token Found'}, status=status.HTTP_400_BAD_REQUEST) token_data = {'token': token} try: valid_data = VerifyJSONWebTokenSerializer().validate(token_data) logged_in_user = valid_data.get('user') except: return Response({'detail': 'Invalid Token'}, status.HTTP_400_BAD_REQUEST) instance = Post.objects.get(slug=request.data.get('slug')) admin_user = User.objects.get(pk=1) # PK Of Admin User Is 1 if (instance.author == logged_in_user or logged_in_user == admin_user): instance.delete() return Response({}, status=status.HTTP_200_OK) else: return Response({'detail': 'Something Went Wrong.'}, status=status.HTTP_400_BAD_REQUEST) else: return Response({'detail': 'You Are Not Authorised To Edit This Post'}, status.HTTP_403_FORBIDDEN)
def project_update_view(request): """View To Update A Project For Logged In Users""" if request.method == 'POST': token_type, token = request.META.get('HTTP_AUTHORIZATION').split() if(token_type != 'JWT'): return Response({'detail': 'No JWT Authentication Token Found'}, status=status.HTTP_400_BAD_REQUEST) token_data = {'token': token} try: valid_data = VerifyJSONWebTokenSerializer().validate(token_data) logged_in_user = valid_data.get('user') except: return Response({'detail': 'Invalid Token'}, status.HTTP_400_BAD_REQUEST) updated_data = request.data instance = Project.objects.get(slug=updated_data.get('slug')) admin_user = User.objects.get(pk=1) # PK Of Admin User Is 1 if(instance.author == logged_in_user or logged_in_user == admin_user): updated_data.pop('slug') serializer = ProjectUpdateSerializer(instance, data=updated_data) if serializer.is_valid(): serializer.save() return Response(serializer.data, status=status.HTTP_202_ACCEPTED) else: return Response({'detail': 'Something Went Wrong.'}, status=status.HTTP_400_BAD_REQUEST) else: return Response({'detail': 'You Are Not Authorised To Edit This Project'}, status.HTTP_403_FORBIDDEN) else: return Response({'detail': 'You Are Not Authorised To Edit This Project'}, status.HTTP_403_FORBIDDEN)
def __call__(self, scope): """Call the middleware.""" if scope.get('user') and scope['user'] != AnonymousUser: # We already have an authenticated user return self.inner(scope) if "method" not in scope: scope['method'] = "FAKE" cookies = scope.get("cookies") if not cookies: return self.inner(scope) jwt_cookie = cookies.get("auth_jwt") if not jwt_cookie: return self.inner(scope) data = {'token': jwt_cookie} try: valid_data = VerifyJSONWebTokenSerializer().validate(data) except ValidationError as err: LOGGER.warning("Token present, but couldn't be verified: %s", err) return self.inner(scope) user = valid_data.get("user") if not user: return self.inner(scope) scope['user'] = user return self.inner(scope)
def check_permissions_by_header(request, user_id=None): bearer = request.META['HTTP_AUTHORIZATION'].split()[-1] result = Verifyer().validate({'token': bearer}) if result.get('user') and result['user'].id == int(user_id): return True return False