def api_key(request):
'''
Allows the user to generate an API key for the REST API
'''
context = {}
context.update(csrf(request))
try:
key = ApiKey.objects.get(user=request.user)
except ApiKey.DoesNotExist:
key = False
if request.GET.get('new_key'):
if key:
key.delete()
key = ApiKey()
key.user = request.user
key.save()
# Redirect to get rid of the GET parameter
return HttpResponseRedirect(reverse('core:api-key'))
context['key'] = key
return render(request, 'user/api_key.html', context)
def generate_new_api_key(self):
key, created = ApiKey.objects.get_or_create(user=self)
if not created:
#DON'T TRY AND CHANGE THE KEY VALUE. DELETE INSTEAD
key.delete()
key = ApiKey(user=self)
key.save()
return key.key
def create_profiles(sender, **kw):
user = kw["instance"]
if kw["created"]:
Token.objects.get_or_create(user=user)
UserProfile.objects.get_or_create(user=user)
UserBmiProfile.objects.get_or_create(user=user, )
apiKey = ApiKey(user=user, key="1")
apiKey.save()
def login(self, request, **kwargs):
# Allows POST request
self.method_check(request, allowed=['post'])
# Deserialize the JSon response
data = self.deserialize(request,
request.raw_post_data,
format=request.META.get(
'CONTENT_TYPE', 'application/json'))
# Get the needed datas
username = data.get('username', '')
password = data.get('password', '')
# Try to authenticate the user
user = authenticate(username=username, password=password)
# If user exist and is active
if user:
if user.is_active:
# Get the associated member
member = Member.objects.get(user_id=user.id)
memberDict = member.__dict__
preferedCategoryIDs = member.preferedCategoryIDs.all()
memberDict['preferedCategories'] = [
cat.name for cat in preferedCategoryIDs
]
del memberDict["_state"]
del memberDict["user_id"]
# Log the user
login(request, user)
api_key = ApiKey.objects.filter(user=user)
if len(api_key) == 0:
api_key = ApiKey(user=user)
api_key.save()
else:
api_key = api_key[0]
# Add the ApiKey
memberDict["api_key"] = api_key.key
# Return success=True and the member object
return self.create_response(request, {
'success': True,
'member': memberDict,
})
else:
# If user not active, return success = False and disabled
return self.create_response(request, {
'success': False,
'reason': 'disabled',
}, HttpForbidden)
else:
# If user does not exist, return success=False and incorrect
return self.create_response(request, {
'success': False,
'reason': 'incorrect',
}, HttpUnauthorized)
def handle(self, *args, **options):
from tastypie.models import ApiKey
users = User.objects.all()
for user in users:
try:
key = user.api_key
except ApiKey.DoesNotExist:
print('Creating API key for {}'.format(user.username))
k = ApiKey()
k.user = user
k.save()
def test_not_authorized(self):
"""
Test if a user can gain access without an API key
"""
user, created = User.objects.create_user(email='*****@*****.**',
password='******')
self.username = self.user.email
user.save()
resp = self.client.get("api/v1/jobsearch/?format=xml")
self.assertEqual(resp.status_code, 404)
resp = self.client.get("api/v1/seosite/?format=xml")
self.assertEqual(resp.status_code, 404)
key = ApiKey(user=self.user)
def setUp(self):
super(ApiTestCase, self).setUp()
# Create a test user and an API key for that user.
self.user, created = User.objects.create_user(email='*****@*****.**',
password='******')
self.username = self.user.email
self.user.save()
self.key = ApiKey(user=self.user)
self.key.save()
self.api_key = self.key.key
self.auth_qs = '?&username=%s&api_key=%s' % (self.username,
self.api_key)
self.entry_1 = SeoSite.objects.get(group=1)
self.detail_url = '/api/v1/seosite/{0}/'.format(self.entry_1.pk)
self.serializer = Serializer()
def userEdit(request):
userId = request.GET.get('id')
user = get_object_or_404(myUser, id=userId)
data = userForm(instance=user)
chkApiAuth = ApiKey.objects.filter(user=user)
if request.method == 'POST':
post = request.POST
data = userForm(post, instance=user)
if post.get('apiAuth') and not chkApiAuth:
ApiKey(user=user).save()
sendApiPswMail(user)
elif not post.get('apiAuth') and chkApiAuth:
chkApiAuth.delete()
if data.is_valid():
data.save()
return HttpResponseRedirect('/accounts/userList')
return render_to_response('accounts/userEdit.html',locals(),context_instance=RequestContext(request))
def setUp(self):
super(ApiResourceTests, self).setUp()
self.user = User.objects.create_superuser('test user',
'*****@*****.**', 'password')
self.api_key = ApiKey(user=self.user)
self.api_key.save()
try:
obj = self.model(name='test')
obj.save()
self.list_uri = '/api/sku_service/%s/' % self.uri_spec
self.detail_uri = self.list_uri + '1/'
except Exception:
pass
self.payload = json.dumps({'name': 'test'})
def userAdd(request):
listOrAddTag = ['user','accounts', 'userAdd']
data = userForm()
if request.method == 'POST':
post = request.POST
data = userForm(post)
username = post.get('username')
if data.is_valid():
data.save()
if post.get('apiAuth'):
user = myUser.objects.get(username=username,availabity__lte=1)
ApiKey(user=user).save()
if not sendApiPswMail(user):
emg = u'api密码发送失败。'
if post.get('EMAIL_PUSH'):
user = myUser.objects.get(username=username,availabity=1)
sendInitMail(request.get_host(),user)
smg = u'用户%s添加成功!' % username
return render_to_response('accounts/userAdd.html',locals(),context_instance=RequestContext(request))
def vw_login_page(request):
mesage = None
error = None
#redirect_to = request.REQUEST.get('next', '')
redirect_to = ""
if not redirect_to:
redirect_to = 'homepage'
if request.user.is_authenticated():
print("is_authenticated")
print(request.user)
return HttpResponseRedirect(reverse('homepage'))
else:
if request.method == 'POST':
print("NOT is_authenticated - POST")
form = login_form(request.POST)
if form.is_valid():
f = form.cleaned_data
try:
user = auth.authenticate(username=f['user'],
password=f['password'])
print("user - POST ")
except:
user = None
pass
if user is not None and user.is_active:
print("log login")
#log
try:
lo = mdlLog()
lo.user = user
lo.content_type = ContentType.objects.get(model='user')
lo.object_id = user.id
lo.action = 'login'
lo.save()
except Exception as e:
logging.error(e)
#request.session.set_expiry(timedelta(days=settings.KEEP_LOGGED_DURATION))
try:
from tastypie.models import ApiKey
#we create an api key
api = ApiKey()
api.user = user
api.save()
except Exception as e:
logging.error(e)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
print("auth login")
auth.login(request, user)
request.session['welcome_msg'] = _(
'Welcome ') + user.username + '.'
return HttpResponseRedirect(reverse('homepage'))
else:
error = _('User or password not in our systems')
return render(
request, 'login/login.html', {
'form': form,
'mesage': mesage,
'error': error,
'redirect_to': redirect_to,
})
else:
error = _('User or password not in our systems')
return render(
request, 'login/login.html', {
'form': form,
'mesage': mesage,
'error': error,
'redirect_to': redirect_to,
})
else:
print("NOT is_authenticated - NOT POST")
form = login_form()
return render(
request, 'login/login.html', {
'form': form,
'mesage': mesage,
'error': error,
'redirect_to': redirect_to,
})
