コード例 #1
0
    def is_authenticated(self, request, **kwargs):
        """
        Finds the user and checks their API key.

        Should return either ``True`` if allowed, ``False`` if not or an
        ``HttpResponse`` if you need something custom.
        """

        try:
            username, api_key = self.extract_credentials(request)
        except ValueError:
            return self._unauthorized()

        if not username or not api_key:
            return True

        username_field = get_username_field()
        User = get_user_model()

        try:
            lookup_kwargs = {username_field: username}
            user = User.objects.get(**lookup_kwargs)
        except (User.DoesNotExist, User.MultipleObjectsReturned):
            return self._unauthorized()

        if not self.check_active(user):
            return False

        key_auth_check = self.get_key(user, api_key)
        if key_auth_check and not isinstance(key_auth_check, HttpUnauthorized):
            request.user = user

        return key_auth_check
コード例 #2
0
    def is_authenticated(self, request, **kwargs):
        """
        Finds the user and checks their API key.

        Should return either ``True`` if allowed, ``False`` if not or an
        ``HttpResponse`` if you need something custom.
        """

        try:
            username, api_key = self.extract_credentials(request)
        except ValueError:
            return self._unauthorized()

        if not username or not api_key:
            return self._unauthorized()

        username_field = get_username_field()
        User = get_user_model()

        lookup_kwargs = {username_field: username}
        try:
            user = User.objects.select_related('api_key').get(**lookup_kwargs)
        except (User.DoesNotExist, User.MultipleObjectsReturned):
            return self._unauthorized()

        if not self.check_active(user):
            return False

        key_auth_check = self.get_key(user, api_key)
        if key_auth_check and not isinstance(key_auth_check, HttpUnauthorized):
            request.user = user

        return key_auth_check
コード例 #3
0
    def get_identifier(self, request):
        """
        Provides a unique string identifier for the requestor.

        This implementation returns the user's username.
        """

        return getattr(request.user, get_username_field())
コード例 #4
0
    def get_identifier(self, request):
        """
        Provides a unique string identifier for the requestor.

        This implementation returns the user's username.
        """

        return getattr(request.user, get_username_field())
コード例 #5
0
    def get_identifier(self, request):
        """
        Provides a unique string identifier for the requestor.

        This implementation returns the user's username.
        """
        from tastypie.compat import get_username_field
        username_field = get_username_field()
        return getattr(request.user, username_field)
コード例 #6
0
    def get_user(self, username):
        username_field = get_username_field()
        User = get_user_model()

        try:
            lookup_kwargs = {username_field: username}
            user = User.objects.get(**lookup_kwargs)
        except (User.DoesNotExist, User.MultipleObjectsReturned):
            return False

        return user
コード例 #7
0
    def get_user(self, username):
        from tastypie.compat import get_user_model, get_username_field
        User = get_user_model()
        username_field = get_username_field()
        try:
            lookup_kwargs = {username_field: username}
            user = User.objects.get(**lookup_kwargs)
        except (User.DoesNotExist, User.MultipleObjectsReturned):
            return False

        return user
コード例 #8
0
    def get_user(self, username):
        username_field = get_username_field()
        User = get_user_model()

        try:
            lookup_kwargs = {username_field: username}
            user = User.objects.get(**lookup_kwargs)
        except (User.DoesNotExist, User.MultipleObjectsReturned):
            return False

        return user
コード例 #9
0
    def get_user(self, username):
        # Determine which user object to use and what its user-name field is
        User = get_user_model()
        username_field = get_username_field()

        try:
            lookup_kwargs = {username_field: username}
            user = User.objects.get(**lookup_kwargs)
        except (User.DoesNotExist, User.MultipleObjectsReturned):
            return False

        return user
コード例 #10
0
    def is_authenticated(self, request, **kwargs):
        """
        Finds the user and checks their API key.

        Should return either ``True`` if allowed, ``False`` if not or an
        ``HttpResponse`` if you need something custom.
        """

        try:
            x_identity, x_signature = self.extract_credentials(request)
        except ValueError:
            return self._unauthorized()

        if not x_identity or not x_signature:
            return self._unauthorized()

        print "tried with id , sig"
        print x_identity
        print x_signature
        #verify signature against identity
        #done below self.get_verification(x_identity, x_signature)

        #get the sin so we can lookup the user
        thesin = self.get_sin(x_identity)
        print "SIN YO"
        print thesin

        print x_identity
        #lookup the username related to this identity
        username_lookup = self.get_user(thesin)

        if username_lookup and not isinstance(username_lookup,
                                              HttpUnauthorized):
            username = username_lookup
        else:
            return self._unauthorized()

        print "user"
        print username
        #this shit below seems nessecary for tastypie ... need to investigate
        username_field = get_username_field()
        User = get_user_model()

        try:
            lookup_kwargs = {username_field: username}
            user = User.objects.get(**lookup_kwargs)
        except (User.DoesNotExist, User.MultipleObjectsReturned):
            return self._unauthorized()

        #no unactive users here pls
        if not self.check_active(user):
            return False

        #validate the signature against public key in our db and authorize the request against
        key_auth_check = self.verify_signature(
            "http://localhost:8000/api/v1/user/", x_identity, x_signature)
        if key_auth_check and not isinstance(key_auth_check, HttpUnauthorized):
            request.user = user
            print request.user

        return key_auth_check
コード例 #11
0
    def is_authenticated(self, request, **kwargs):
        """
        Finds the user and checks their API key.

        Should return either ``True`` if allowed, ``False`` if not or an
        ``HttpResponse`` if you need something custom.
        """

        try:
            x_identity, x_signature = self.extract_credentials(request)
        except ValueError:
            return self._unauthorized()

        if not x_identity or not x_signature:
            return self._unauthorized()

        print "tried with id , sig"
        print x_identity
        print x_signature
        #verify signature against identity
        #done below self.get_verification(x_identity, x_signature)

        #get the sin so we can lookup the user
        thesin = self.get_sin(x_identity)
        print "SIN YO"
        print thesin

        print x_identity
        #lookup the username related to this identity
        username_lookup = self.get_user(thesin)

        if username_lookup and not isinstance(username_lookup, HttpUnauthorized):
            username = username_lookup
        else:
            return self._unauthorized()
        
        print "user"
        print username
        #this shit below seems nessecary for tastypie ... need to investigate
        username_field = get_username_field()
        User = get_user_model()


        
        try:
            lookup_kwargs = {username_field: username}
            user = User.objects.get(**lookup_kwargs)
        except (User.DoesNotExist, User.MultipleObjectsReturned):
            return self._unauthorized()

        #no unactive users here pls
        if not self.check_active(user):
            return False
        

        #validate the signature against public key in our db and authorize the request against 
        key_auth_check = self.verify_signature("http://localhost:8000/api/v1/user/", x_identity, x_signature)
        if key_auth_check and not isinstance(key_auth_check, HttpUnauthorized):
            request.user = user
            print request.user

        return key_auth_check