def authenticate(self, request, auth_id, password):
try:
login_type = request.data['loginType'].upper()
if login_type == LoginType.EMAIL:
login_id = request.data['email']
users = BlogsAuth.objects.filter(email=request.data['email'])
else:
login_id = request.data['phone']
users = BlogsAuth.objects.filter(phone=request.data['phone'])
if users.count() == 0:
logger.error(
"user with login {} does not exists ".format(login_id))
return HttpResponse(
http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
data="EMAIL_PHONE_DOES_NOT_EXIST")
elif users.count() == 1:
user = users[0]
if user.check_password(password):
return user
else:
return HttpResponse(
http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
data="PASSWORD_INCORRECT")
else:
logger.error("More than one user with login {} exists ".format(
login_id))
return HttpResponse(
http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
data="MORE_THAN_ONE_USER_EXIST")
except Exception as ex:
logger.exception(ex)
return None
def update_credentials(self, auth_id, type, updated_data):
auth_obj = AuthServices.get_auth_obj(auth_id)
if isinstance(auth_obj, HttpResponse):
return auth_obj
else:
serializer = BlogsAuthSerializer(auth_obj,
data={type: updated_data},
partial=True)
if serializer.is_valid():
serializer.save()
return HttpResponse(http_status=HttpStatus.HTTP_200_OK)
else:
logger.error("serialization error {}".format(
serializer.errors))
return HttpResponse(
http_status=HttpStatus.HTTP_400_BAD_REQUEST,
data={'serialization_error': serializer.errors})
# unable to use function views because csrf error was raised.
# Class views set the csrf
# def update_email(request):
# pass
# def update_phone(request):
# pass
# def update_password(request):
# pass
def post(self, request):
try:
logout(request)
return HttpResponse(http_status=HttpStatus.HTTP_200_OK)
except Exception as ex:
logger.exception(ex)
return HttpResponse(
http_status=HttpStatus.HTTP_500_INTERNAL_SERVER_ERROR)
def process_request(self, request):
if request.path not in URIS_TO_IGNORE_FOR_TOKEN_AUTH:
auth_token = request.META.get('HTTP_AUTHORIZATION')
if auth_token is None:
return HttpResponse(http_status=HttpStatus.HTTP_403_FORBIDDEN,
data="AUTH_TOKEN_REQUIRED")
auth_header_type, auth_token = auth_token.split()
if auth_header_type in SIMPLE_JWT['AUTH_HEADER_TYPES']:
request.token = auth_token
else:
return HttpResponse(http_status=HttpStatus.HTTP_403_FORBIDDEN,
data="AUTH_HEADER_TYPE_INVALID")
def _decode_token(token):
try:
return jwt.decode(
token,
SIMPLE_JWT['SIGNING_KEY'],
leeway=SIMPLE_JWT['LEEWAY_TIME'],
algorithms=SIMPLE_JWT['ALGORITHM']
)
except (InvalidSignatureError, DecodeError):
return HttpResponse(http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
data="TOKEN_INVALID")
except ExpiredSignatureError:
return HttpResponse(http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
data="TOKEN_EXPIRED")
def login_response(self, auth_obj):
data = {
'auth_token':
Token.get_token(payload=self.create_jwt_payload(auth_obj))
}
return HttpResponse(http_status=HttpStatus.HTTP_200_OK, data=data)
def get_auth_obj(auth_id):
try:
auth_obj = BlogsAuth.objects.get(auth_id=auth_id)
except BlogsAuth.DoesNotExist:
return HttpResponse(http_status=HttpStatus.HTTP_403_FORBIDDEN,
data='AUTH_ID_DOES_NOT_EXIST')
return auth_obj
def post(self, request):
data = request.data
if len(data) != 1:
return HttpResponse(http_status=HttpStatus.HTTP_400_BAD_REQUEST,
data="MORE_THAN_ONE_UPDATE_DATA")
for key, val in data.items():
credential_type = key
updated_data = val
if credential_type.upper() not in dir(UpdateCredentialsType):
return HttpResponse(http_status=HttpStatus.HTTP_400_BAD_REQUEST,
data="INVALID_DATA_TO_UPDATE")
if credential_type.upper() == UpdateCredentialsType.PASSWORD:
updated_data = BlogsAuthSerializer.make_password(updated_data)
return self.update_credentials(request.auth_id,
credential_type.lower(), updated_data)
def get_user(self, auth_id):
try:
user = BlogsAuth.objects.get(auth_id=auth_id)
if user.status == "ACTIVE":
return user
return HttpResponse(http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
data="USER_INACTIVE")
except BlogsAuth.DoesNotExist:
logger.error("user with auth_id {} not found".format(auth_id))
return None
def refresh_token(access_token, refresh_token):
response = JWTToken._decode_token(refresh_token)
if isinstance(response, HttpResponse):
return response
if response['access_token'] == access_token:
return Token.get_token({'auth_id':response['auth_id']})
else:
return HttpResponse(http_status=HttpStatus.HTTP_401_UNAUTHORIZED,
data="TOKEN_INVALID")
def post(self, request):
self.sanitize_request_data(request.data)
auth_obj = authenticate(request,
auth_id="",
password=request.data['password'])
if isinstance(auth_obj, HttpResponse):
return auth_obj
elif auth_obj is not None:
# login(request, auth_obj)
# method is invoked to get same method invoked while register
return self.login_response(auth_obj)
else:
return HttpResponse(
http_status=HttpStatus.HTTP_500_INTERNAL_SERVER_ERROR,
data="ERROR_OCCURRED")
def get(self, request):
return HttpResponse(http_status=HttpStatus.HTTP_200_OK,
data="Kept only for testing using drf view")
def get(self, request):
res = HttpResponse(http_status=HttpStatus.HTTP_200_OK,
data="hello world from blogs")
return res
def get(self, request):
print(request.auth_id)
print(request.auth)
return HttpResponse(http_status=HttpStatus.HTTP_200_OK,
data="hello world from auth")