def post(self, request, format=None):
token_limit_per_user = self.get_token_limit_per_user()
if token_limit_per_user is not None:
now = timezone.now()
token = request.user.auth_token_set.filter(expiry__gt=now)
if token.count() >= token_limit_per_user:
return Response(
{"error": "Maximum amount of tokens allowed per user exceeded."},
status=status.HTTP_403_FORBIDDEN
)
token_ttl = self.get_token_ttl()
instance, token = AuthToken.objects.create(request.user, token_ttl)
user_logged_in.send(sender=request.user.__class__,
request=request, user=request.user)
UserSerializer = self.get_user_serializer_class()
data = {
'expiry': instance.expiry,
'token': token
}
if UserSerializer is not None:
data["user"] = UserSerializer(
request.user,
context=self.get_context()
).data
return Response(data)
def process_request(self, request):
if "HTTP_X_FORWARDED_FOR" in request.META:
request.META["HTTP_X_PROXY_REMOTE_ADDR"] = request.META["REMOTE_ADDR"]
parts = request.META["HTTP_X_FORWARDED_FOR"].split(",", 1)
request.META["REMOTE_ADDR"] = parts[0]
useragent = request.META.get('HTTP_USER_AGENT', '')
if useragent:
request.META['HTTP_USER_AGENT'] = useragent.replace('FrontendTest', '')
is_running_tests = ('FrontendTest' in useragent or
getattr(settings, 'TEST', False))
user = getattr(request, 'user', None)
if user and user.is_anonymous() and not is_running_tests:
remoteip = request.META.get('REMOTE_ADDR')
remotehost = request.META.get('REMOTE_HOST')
is_auto_allowed = (
(remoteip in LOCALHOST or remotehost == 'localhost') or
(remoteip and remoteip in (CONVERSION_SERVER_HOST, CAPTURE_SERVER_HOST)) or
(remotehost and remotehost in (CONVERSION_SERVER_HOST, CAPTURE_SERVER_HOST))
)
if is_auto_allowed:
logger.info("Auto-login for %s/%s" % (remoteip, remotehost))
user = get_internal_user()
try:
user_logged_in.send(self, user=user, request=request)
except DatabaseError:
logger.error("Could not update last-login field of internal user")
request.user = user
return None
def obj_create(self, bundle, request, **kwargs):
with statsd.timer("auth.browserid.verify"):
profile, msg = browserid_authenticate(
request,
bundle.data["assertion"],
browserid_audience=bundle.data["audience"],
is_native=bundle.data.get("is_native", False),
)
if profile is None:
log.info("No profile")
raise http_error(http.HttpUnauthorized, "No profile.")
request.user, request.amo_user = profile.user, profile
request.groups = profile.groups.all()
# TODO: move this to the signal.
profile.log_login_attempt(True)
user_logged_in.send(sender=profile.user.__class__, request=request, user=profile.user)
bundle.data = {
"error": None,
"token": self.get_token(request.user.email),
"settings": {"display_name": request.amo_user.display_name, "email": request.user.email},
}
bundle.data.update(PermissionResource().dehydrate(Bundle(request=request)).data)
return bundle
def create(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.save()
try:
email = request.data['email'].lower().strip()
user = User.objects.get(email=email)
payload = jwt_payload_handler(user)
token = jwt.encode(payload, settings.SECRET_KEY)
obj_setting = Setting.objects.get(user_id=user)
user_details = {
'user_id': user.id,
'name': user.name,
'lang': str(obj_setting.lang),
}
user_details['token'] = token
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
return Response(user_details)
except KeyError:
res = {'detail': 'error in the data entry process'}
return Response(res, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
email = request.data['email']
password = request.data['password']
user = User.objects.get(email=email, password=password)
if user:
try:
payload = jwt_payload_handler(user)
token = jwt.encode(payload, settings.SECRET_KEY)
user_logged_in.send(sender=user.__class__,
request=request, user=user)
response = {
'name':"%s %s" % (user.first_name, user.last_name),
'token':token,
'status':status.HTTP_200_OK
}
return Response(response)
except Exception as e:
raise e
else:
response = {
'error': 'invalid email or password or the account has been deactivated',
'status':status.HTTP_403_FORBIDDEN
}
return Response(response)
except KeyError:
response = {
'error': 'please provide a email and a password',
'status':status.HTTP_403_FORBIDDEN
}
return Response(response)
def authenticate_user(request):
try:
email = request.data['email']
password = request.data['password']
user = User.objects.filter(email=email, password=password)
if user:
user = user.first()
if user.verified == False:
res = {'error': 'User is not verified yet.'}
return Response(res, status=status.HTTP_403_FORBIDDEN)
try:
payload = jwt_payload_handler(user)
token = jwt.encode(payload, settings.SECRET_KEY)
user_details = {}
user_details['name'] = "%s %s" % (user.first_name,
user.last_name)
user_details['token'] = token
user_details['email'] = user.email
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
print(user_details)
return Response(user_details, status=status.HTTP_200_OK)
except Exception as e:
raise e
else:
res = {'error': 'User with given credentials does not exists.'}
return Response(res, status=status.HTTP_403_FORBIDDEN)
except KeyError:
res = {'error': 'please provide a email and a password'}
return Response(res)
def post(self, request, format=None):
token_limit_per_user = self.get_token_limit_per_user()
if token_limit_per_user is not None:
now = timezone.now()
token = request.user.auth_token_set.filter(expires__gt=now)
if token.count() >= token_limit_per_user:
return Response(
{
"error":
"Maximum amount of tokens allowed per user exceeded."
},
status=status.HTTP_403_FORBIDDEN)
token_ttl = self.get_token_ttl()
token = AuthToken.objects.create(request.user, token_ttl)
user_logged_in.send(sender=request.user.__class__,
request=request,
user=request.user)
UserSerializer = self.get_user_serializer_class()
if UserSerializer is None:
return Response({'token': token})
context = self.get_context()
return Response({
'user': UserSerializer(request.user, context=context).data,
'token': token,
})
def test_swap_customer_on_login(self):
"""
Test that when logging in as a User with an existing Customer, that one
is set on the request while the anonymous interim customer object is
deleted.
"""
request = self.factory.post('/shop/auth/login/', follow=True)
request.user = self.bart
old_customer = Customer()
old_customer.save()
request.session = {
'session_key': 'bart_swap',
SESSION_KEY: old_customer.pk,
}
request.customer = self.bart.customer
user_logged_in.send(sender=self.bart.__class__,
request=request,
user=self.bart)
try:
Customer.objects.get_customer(request, force_unauth=True)
except Customer.DoesNotExist:
pass
else:
self.fail("""Unauthenticated customer should be deleted on login
by a User with existing Customer""")
self.assertEqual(request.customer, self.bart.customer)
def create_or_update_user(user_id, attr):
"""
Currently, attr must be one of ("douban", "twitter")
"""
if not user_id or not attr:
return
if attr not in ("douban", "twitter"):
return
username = attr + "_" + user_id
if User.objects.filter(username=username).exists():
user = User.objects.get(username=username)
else:
user = User.objects.create_user(username=username)
try:
profile = user.get_profile()
except UserProfile.DoesNotExist:
profile = UserProfile.objects.create(user=user)
attr_name = attr + '_id'
if getattr(profile, attr_name) != user_id:
setattr(profile, attr_name, user_id)
profile.save()
if attr == 'twitter':
try:
api = get_twitter_private_api()
api.CreateFriendship(user_id)
except:
pass
user_logged_in.send(sender=user.__class__, user=user)
return user
def post(self, request, format=None):
token = AuthToken.objects.create(request.user)
user_logged_in.send(sender=request.user.__class__, request=request, user=request.user)
return Response({
"user": UserSerializer(request.user).data,
"token": token,
})
def obj_create(self, bundle, request, **kwargs):
with statsd.timer('auth.browserid.verify'):
profile, msg = browserid_authenticate(
request,
bundle.data['assertion'],
browserid_audience=bundle.data['audience'],
is_native=bundle.data.get('is_native', False))
if profile is None:
log.info('No profile')
raise http_error(http.HttpUnauthorized, 'No profile.')
request.user, request.amo_user = profile.user, profile
request.groups = profile.groups.all()
# TODO: move this to the signal.
profile.log_login_attempt(True)
user_logged_in.send(sender=profile.user.__class__,
request=request,
user=profile.user)
bundle.data = {
'error': None,
'token': self.get_token(request.user.email),
'settings': {
'display_name': request.amo_user.display_name,
'email': request.user.email,
}
}
bundle.data.update(PermissionResource().dehydrate(
Bundle(request=request)).data)
return bundle
def obj_create(self, bundle, request, **kwargs):
with statsd.timer('auth.browserid.verify'):
profile, msg = browserid_authenticate(
request, bundle.data['assertion'],
browserid_audience=bundle.data['audience'],
is_native=bundle.data.get('is_native', False)
)
if profile is None:
log.info('No profile: %s' % (msg or ''))
raise http_error(http.HttpUnauthorized,
'No profile.')
request.user, request.amo_user = profile.user, profile
request.groups = profile.groups.all()
# TODO: move this to the signal.
profile.log_login_attempt(True)
user_logged_in.send(sender=profile.user.__class__, request=request,
user=profile.user)
bundle.data = {
'error': None,
'token': self.get_token(request.amo_user.email),
'settings': {
'display_name': request.amo_user.display_name,
'email': request.amo_user.email,
}
}
bundle.data.update(PermissionResource()
.dehydrate(Bundle(request=request)).data)
return bundle
def authenticate_user(request):
try:
email = request.data['email']
password = request.data['password']
user = User.objects.get(email=email, password=password)
if user:
try:
payload = jwt_payload_handler(user)
token = jwt.encode(payload, settings.SECRET_KEY)
user_details = {}
user_details['name'] = "%s %s" % (user.first_name,
user.last_name)
user_details['token'] = token
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
return Response(user_details, status=status.HTTP_200_OK)
except Exception as e:
raise e
else:
res = {
'error':
'can not authenticate with the given credentials or the account has been deactivated'
}
return Response(res, status=status.HTTP_403_FORBIDDEN)
except KeyError:
res = {'error': 'please provide an email and a password'}
return Response(res)
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
if serializer.is_valid():
user = serializer.object.get('user') or request.user
token = serializer.object.get('token')
response_data = jwt_response_payload_handler(token, user, request)
try:
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
except Exception as e:
print(e)
response = Response(response_data)
# if api_settings.JWT_AUTH_COOKIE:
# expiration = (datetime.utcnow() +
# api_settings.JWT_EXPIRATION_DELTA)
# response.set_cookie(api_settings.JWT_AUTH_COOKIE,
# token,
# expires=expiration,
# httponly=True)
return response
data_error = {
'success': False,
'detail': "Usuario o contraseña inválido"
}
return JsonResponse(data_error, status=status.HTTP_400_BAD_REQUEST)
def authenticate_user(request):
try:
username = request.data['username']
password = request.data['password']
user = User.objects.get(username=username)
if user.check_password(password):
try:
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
user_details = {}
user_details['token'] = token
user_details['userID'] = '{}'.format(user.id)
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
return Response(user_details, status=status.HTTP_200_OK)
except Exception as e:
raise e
else:
res = {
'error':
'Can not authenticate with the given credentials. The account might have been deactivated.'
}
return Response(res, status=status.HTTP_403_FORBIDDEN)
except User.DoesNotExist:
res = {
'error':
'Can not authenticate with the given credentials. The account might have been deactivated.'
}
return Response(res, status=status.HTTP_403_FORBIDDEN)
except KeyError:
res = {'error': 'Please provide a username and a password.'}
return Response(res, status=status.HTTP_403_FORBIDDEN)
def create_simple_regester_token(email, password, request):
try:
user = User.objects.get(email=email)
if user and user.check_password(password):
try:
payload = jwt_payload_handler(user)
token = jwt.encode(payload, settings.SECRET_KEY)
user_details = {}
user_details['token'] = token
user_details['login'] = True
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
return Response(user_details, status=status.HTTP_201_CREATED)
except Exception as e:
raise e
else:
res = {
'error':
'can not authenticate with the given credentials or the account has been deactivated'
}
return Response(res, status=status.HTTP_403_FORBIDDEN)
except ObjectDoesNotExist:
res = {
'error':
'can not authenticate with the given credentials or the account has been deactivated',
'login': False
}
return Response(res, status=status.HTTP_403_FORBIDDEN)
def authenticate_user(request):
try:
rut = request.data['rut']
password = request.data['password']
if User.objects.filter(rut=rut).exists():
user = User.objects.get(rut=rut)
else:
res = {'request': False, 'error': 'no puede autenticarse con las credenciales dadas o la cuenta ha sido desactivada'}
return Response(res, status=status.HTTP_403_FORBIDDEN)
if user.check_password(password):
try:
payload = jwt_payload_handler(user)
token = jwt.encode(payload, settings.SECRET_KEY)
serializer = DespachadorSerializer(user)
print(serializer)
resp = {}
resp['request']= True
resp['data']= {
'token': token,
'info': serializer.data
}
user_logged_in.send(sender=user.__class__, request=request, user=user) # almacenamos el último tiempo de inicio de sesión del usuario con este código.
return Response(resp, status=status.HTTP_200_OK)
except Exception as e:
raise e
else:
res = {'request': False, 'error': 'no puede autenticarse con las credenciales dadas o la cuenta ha sido desactivada'}
return Response(res, status=status.HTTP_403_FORBIDDEN)
except KeyError:
res = {'request': False, 'error': 'por favor proporcione un rut y una password'}
return Response(res, status=status.HTTP_403_FORBIDDEN)
def __call__(self, request):
if "HTTP_X_FORWARDED_FOR" in request.META:
request.META["HTTP_X_PROXY_REMOTE_ADDR"] = request.META[
"REMOTE_ADDR"]
parts = request.META["HTTP_X_FORWARDED_FOR"].split(",", 1)
request.META["REMOTE_ADDR"] = parts[0]
useragent = request.META.get('HTTP_USER_AGENT', '')
if useragent:
request.META['HTTP_USER_AGENT'] = useragent.replace(
'FrontendTest', '')
is_running_tests = ('FrontendTest' in useragent
or getattr(settings, 'TEST', False))
user = getattr(request, 'user', None)
if user and user.is_anonymous and not is_running_tests:
remoteip = request.META.get('REMOTE_ADDR')
if remoteip in AUTOLOGIN_IPS:
user = get_internal_user()
try:
user_logged_in.send(self, user=user, request=request)
except DatabaseError as exc:
print(exc)
request.user = user
return self.get_response(request)
def process_request(self, request):
useragent = request.META.get('HTTP_USER_AGENT', '')
if useragent:
request.META['HTTP_USER_AGENT'] = useragent.replace('FrontendTest', '')
is_running_tests = ('FrontendTest' in useragent or
getattr(settings, 'TEST', False))
user = getattr(request, 'user', None)
if user and user.is_anonymous() and not is_running_tests:
remoteip = request.META.get('REMOTE_ADDR')
remotehost = request.META.get('REMOTE_HOST')
is_auto_allowed = (
(remoteip in LOCALHOST or remotehost == 'localhost') or
(remoteip and remoteip in (CONVERSION_SERVER_HOST, CAPTURE_SERVER_HOST)) or
(remotehost and remotehost in (CONVERSION_SERVER_HOST, CAPTURE_SERVER_HOST))
)
if is_auto_allowed:
logger.info("Auto-login for %s/%s" % (remoteip, remotehost))
user = get_internal_user()
try:
user_logged_in.send(self, user=user, request=request)
except DatabaseError:
logger.error("Could not update last-login field of internal user")
request.user = user
return None
def create_action(self, request, serializer):
with statsd.timer('auth.browserid.verify'):
profile, msg = browserid_authenticate(
request, serializer.data['assertion'],
browserid_audience=serializer.data['audience'],
is_mobile=serializer.data['is_mobile'],
)
if profile is None:
# Authentication failure.
log.info('No profile: %s' % (msg or ''))
raise AuthenticationFailed('No profile.')
request.user, request.amo_user = profile.user, profile
request.groups = profile.groups.all()
# TODO: move this to the signal.
profile.log_login_attempt(True)
user_logged_in.send(sender=profile.user.__class__, request=request,
user=profile.user)
# We want to return completely custom data, not the serializer's.
data = {
'error': None,
'token': self.get_token(request.amo_user.email),
'settings': {
'display_name': request.amo_user.display_name,
'email': request.amo_user.email,
}
}
permissions = PermissionsSerializer(context={'request': request})
data.update(permissions.data)
return data
def authenticate_user(request):
try:
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
name = request.data['name']
password = request.data['password']
try:
user = User.objects.get(name=name)
except ObjectDoesNotExist:
res = {'error': 'Неверный логин или пароль'}
return Response(res, status=status.HTTP_403_FORBIDDEN)
if check_password(password, user.password):
try:
payload = jwt_payload_handler(user)
token = jwt.encode(payload, settings.SECRET_KEY)
user_details = {}
user_details['name'] = user.name
user_details['token'] = token
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
return Response(user_details, status=status.HTTP_200_OK)
except Exception as e:
raise e
else:
res = {'error': 'Неверный логин или пароль'}
return Response(res, status=status.HTTP_403_FORBIDDEN)
except:
res = {'error': 'Проверьте правильность введенных данных.'}
return Response(res, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
email = request.data['email']
password = request.data['password']
except (KeyError, TypeError):
raise ParseError()
if not isinstance(email, str) or not isinstance(password, str):
raise ParseError()
user = authenticate(
request=request,
email=email,
password=password,
)
if user is None:
raise AuthenticationFailed('Invalid credentials')
try:
user.profile
except models.UserProfile.DoesNotExist:
raise AuthenticationFailed('User has no profile')
token, _ = Token.objects.get_or_create(user=user)
user_logged_in.send(
sender=user.__class__,
request=request,
user=user,
)
return Response({
'token': token.key,
})
def log_in(user, request):
token = generate_token(user)
user_details = {}
user_details['id'] = str(user.id)
user_details['token'] = token.decode('utf8')
user_logged_in.send(sender=user.__class__, request=request, user=user)
return user_details
def login(request, user, expiration=True, auth_slug=None, related_objs=None, backend=None, allowed_cookie=True,
allowed_header=True):
"""
Persist token into database. Token is stored inside cookie therefore is not necessary
reauthenticate user for every request.
"""
related_objs = related_objs if related_objs is not None else ()
if user is None:
user = request.user
try:
backend = backend or user.backend
except AttributeError:
backends = _get_backends(return_tuples=True)
if len(backends) == 1:
_, backend = backends[0]
else:
raise ValueError(
'You have multiple authentication backends configured and '
'therefore must provide the `backend` argument or set the '
'`backend` attribute on the user.'
)
token = Token.objects.create(user=user, user_agent=request.META.get('HTTP_USER_AGENT', '')[:256],
expiration=expiration, auth_slug=auth_slug, ip=get_ip(request),
backend=backend, allowed_cookie=allowed_cookie, allowed_header=allowed_header)
for related_obj in related_objs:
token.related_objects.create(content_object=related_obj)
if hasattr(request, 'user'):
request.user = user
request.token = token
rotate_token(request)
user_logged_in.send(sender=user.__class__, request=request, user=user)
def client_login(self,request,backend=None): SESSION_KEY = 'client_id' BACKEND_SESSION_KEY = 'client_backend' HASH_SESSION_KEY = 'client_hash' REDIRECT_FIELD_NAME = 'next' session_auth_hash = '' if self is None: self = request.user if hasattr(self, 'get_session_auth_hash'): session_auth_hash = self.get_session_auth_hash() if SESSION_KEY in request.session: if self._meta.pk.to_python(request.session[SESSION_KEY]) != self.pk or (session_auth_hash and request.session.get(HASH_SESSION_KEY) != session_auth_hash): request.session.flush() # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. else: request.session.cycle_key() request.session[SESSION_KEY] = self._meta.pk.value_to_string(self) request.session[BACKEND_SESSION_KEY] = backend request.session[HASH_SESSION_KEY] = session_auth_hash if hasattr(request, 'user'): # request.session['user']=self. request.user = self rotate_token(request) user_logged_in.send(sender=self.__class__, request=request, user=self)
def post(self, request, format=None):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data
token_limit_per_user = self.get_token_limit_per_user()
if token_limit_per_user is not None:
now = timezone.now()
token = user.auth_token_set.filter(expiry__gt=now)
if token.count() >= token_limit_per_user:
return Response(
{
"error":
"Maximum amount of tokens allowed per user exceeded."
},
status=status.HTTP_403_FORBIDDEN,
)
token_ttl = self.get_token_ttl()
instance, token = AuthToken.objects.create(user, token_ttl)
user_logged_in.send(sender=user.__class__, request=request, user=user)
user_serializer = self.get_user_serializer_class()
data = {"expiry": instance.expiry, "token": token}
if user_serializer is not None:
data["user"] = user_serializer(user,
context=self.get_context()).data
return Response(data)
def post(self, request, format=None):
UserSerializer = knox_settings.USER_SERIALIZER
account = authenticate(username=request.data.get('username', None),
password=request.data.get('password', None))
if account is not None:
if account.is_active:
login(request, account)
token = AuthToken.objects.create(account)
user_logged_in.send(sender=request.user.__class__,
request=request,
user=request.user)
return Response({
'user': UserSerializer(account).data,
'token': token,
})
else:
return Response(
{
'status': 'Unauthorized',
'message': 'This account has been disabled.'
},
status=status.HTTP_401_UNAUTHORIZED)
else:
return Response(
{
'status': 'Unauthorized',
'message': 'Invalid username and/or password.'
},
status=status.HTTP_406_NOT_ACCEPTABLE)
def post(self, request):
username = request.data.get('login')
password = request.data.get('password')
try:
user = User.objects.get(
username=username
) # authenticate(email=email, password=password)
if user.check_password(password):
if not user.is_active:
res = {'login_status': 3, 'message': 'user banned'}
return Response(res, status=status.HTTP_403_FORBIDDEN)
serializer = self.serializer_class(instance=user)
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
token = create_token(user)
res = {'login_status': 1, 'message': 'success auth'}
res['token'] = token
res['user'] = serializer.data
return Response(res, status=status.HTTP_200_OK)
else:
res = {'login_status': 2, 'message': 'wrong password'}
return Response(res, status=status.HTTP_403_FORBIDDEN)
except User.DoesNotExist:
res = {'login_status': 4, 'message': 'user does not exist'}
return Response(res, status=status.HTTP_400_BAD_REQUEST)
def login(request):
"""
Endpoint: /users/userlogin/
Method: POST
Allowed users: All users
Response status code: 200 success
Description: Logs in a user
"""
try:
email = request.data['username']
password = request.data['password']
except KeyError:
return Response({'error': 'please enter username and password'}, status=status.HTTP_400_BAD_REQUEST)
user = authenticate(email=email, password=password)
if user:
authenticaction_token = create_token(user)
user_details = {}
user_details['name'] = "%s %s" % (user.first_name, user.last_name)
user_details['token'] = authenticaction_token
user_details['role'] = user.role
# update the last login section
user_logged_in.send(sender=user.__class__, request=request, user=user)
return Response(user_details, status=status.HTTP_200_OK)
else:
response = {'error': "can not authenticate with the given credentials or account has been deactivated"}
return Response(response, status=status.HTTP_403_FORBIDDEN)
def login(self, serializer):
token = utils.get_or_create_token(user=serializer.user, serializer_data=serializer.data)
user_logged_in.send(sender=serializer.user.__class__, request=self.request, user=serializer.user)
return response.Response(
data=self.token_serializer_class(token).data,
status=status.HTTP_200_OK,
)
def post(self, request):
email = request.data.get('email_address', None)
# Check if eligible
if not email or not User.objects.filter(email_address=email).exists():
return Response({'error': 'The email is invalid.'},
status=status.HTTP_405_METHOD_NOT_ALLOWED)
user = User.objects.get(email_address=email)
if not user.teacher or user.teacher.id != request.user.id:
return Response(
{
'error':
"The user doesn't have permission to access this user."
},
status=status.HTTP_405_METHOD_NOT_ALLOWED)
try:
token = generate_token(user)
user_details = {}
user_details['name'] = user.username
user_details['token'] = token
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
return Response({'data': user_details}, status=status.HTTP_200_OK)
except Exception as e:
return Response({'error': str(e)},
status=status.HTTP_400_BAD_REQUEST)
return Response({'error': 'Bad Request'},
status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
email = request.data['email']
password = request.data['password']
try:
user = User.objects.get(email=email, password=password)
except User.DoesNotExist:
user = None
if user:
try:
payload = jwt_payload_handler(user)
token = encode(payload, settings.SECRET_KEY)
user_details = {
'name': f"{user.first_name} {user.last_name}",
'token': token
}
user_logged_in.send(sender=user.__class__,
request=request, user=user)
return Response(user_details, status=status.HTTP_200_OK)
except Exception as e:
raise e
else:
res = {
'Error': 'Can not authenticate with the given credentials '
'or the account has been deactivated'
}
return Response(res, status=status.HTTP_403_FORBIDDEN)
except KeyError:
res = {'Error': 'please provide a email and a password'}
return Response(res)
def post(self, request, *args, **kwargs):
if request.user.is_authenticated:
return Response({'error': 'You are already authenticated'},
status=status.HTTP_400_BAD_REQUEST)
data = request.data
if not request.data:
return Response({'error': "Please provide email/password"},
status=status.HTTP_400_BAD_REQUEST)
email = data.get('email') # email address
password = data.get('password')
qs = User.objects.filter(Q(email__iexact=email)).distinct()
if qs:
user_obj = qs.first()
if user_obj.check_password(password):
user = user_obj
if not user.is_active:
return Response({"error": "Inactive Account"},
status=status.HTTP_400_BAD_REQUEST)
response = {
'email': user_obj.email,
'first_name': user_obj.first_name,
'last_name': user_obj.last_name,
'last_login': user_obj.last_login,
'token': get_tokens_for_user(user)
}
print('here')
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
return Response(response, status=status.HTTP_200_OK)
return Response({"error": "Invalid credentials"},
status=status.HTTP_400_BAD_REQUEST)
def authenticate_user(request):
try:
phone_number = request.data['phone_number']
password = request.data['password']
try:
user = CustomUser.objects.get(phone_number=phone_number)
user.check_password(password)
except CustomUser.DoesNotExist:
user = None
if user:
try:
payload = jwt_payload_handler(user)
token = jwt.encode(payload, settings.SECRET_KEY)
user_details = {}
# user_details['name'] = "%s %s" % (user.nickname)
user_details['token'] = token
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
return Response(user_details, status=status.HTTP_200_OK)
except Exception as e:
raise e
else:
res = {
'error':
'can not authenticate with the given credentials or the account has been deactivated'
}
return Response(res, status=status.HTTP_403_FORBIDDEN)
except KeyError:
res = {'error': 'please provide a phone_number and a password'}
return Response(res)
def post(self, request):
email = request.data.get('email_address', None)
password = request.data.get('password', None)
if not email or not password:
res = {'error': 'please provide a email and a password'}
return Response({'error': res},
status=status.HTTP_405_METHOD_NOT_ALLOWED)
isAuthenticate = authenticate(email_address=email, password=password)
if not isAuthenticate:
res = {'error': ' Wrong email/password'}
return Response({'error': res}, status=status.HTTP_403_FORBIDDEN)
user = User.objects.get(email_address=email)
try:
token = generate_token(user)
user_details = {}
user_details['id'] = str(user.id)
user_details['token'] = token
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
return Response({'data': user_details}, status=status.HTTP_200_OK)
except Exception as e:
return Response({'error': str(e)},
status=status.HTTP_400_BAD_REQUEST)
res = {
'error':
'can not authenticate with the given credentials or the account has been deactivated'
}
return Response({'error': res}, status=status.HTTP_400_BAD_REQUEST)
def login(request, user):
"""
Persist the facebook user_id and the backend in the request. This way a
user doesn't have to reauthenticate on every request.
"""
if user is None:
user = request.user
if SESSION_KEY in request.session:
if request.session[SESSION_KEY] != user.get_username():
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
request.session.flush()
else:
request.session.cycle_key()
# save the username (is facebook id) as user id
request.session[SESSION_KEY] = user.get_username()
request.session[BACKEND_SESSION_KEY] = user.backend
if hasattr(request, "user"):
request.user = user
if hasattr(request, "facebook"):
request.facebook.user_id = user.get_username()
log.debug("Facebook user %s logged in" % user.get_username())
user_logged_in.send(sender=user.__class__, request=request, user=user)
def authenticate(self, request):
"""
Returns a two-tuple of `User` and token if a valid signature has been
supplied using JWT-based authentication. Otherwise returns `None`.
"""
jwt_value = self.get_jwt_value(request)
if jwt_value is None:
return None
try:
payload = jwt_decode_handler(jwt_value)
except jwt.ExpiredSignature:
msg = _('Signature has expired.')
raise exceptions.AuthenticationFailed(msg)
except jwt.DecodeError:
msg = _('Error decoding signature.')
raise exceptions.AuthenticationFailed(msg)
except jwt.InvalidTokenError:
raise exceptions.AuthenticationFailed()
user = self.authenticate_credentials(payload)
user_logged_in.send(sender=user.__class__, request=request, user=user)
user_agent_data = request.META['HTTP_USER_AGENT']
if 'Mobile' in user_agent_data or 'Android' in user_agent_data or 'iPhone' in user_agent_data:
if payload['app_token'] != user.app_token:
raise exceptions.NotAuthenticated('Signed from other device')
else:
if payload['web_token'] != user.web_token:
raise exceptions.NotAuthenticated('Signed from other browser')
return (user, jwt_value)
def login(request, user):
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request. Note that data set during
the anonymous session is retained when the user logs in.
"""
session_auth_hash = ''
if user is None:
user = request.user
if hasattr(user, 'get_session_auth_hash'):
session_auth_hash = user.get_session_auth_hash()
if SESSION_KEY in request.session:
session_key = request.session[SESSION_KEY]
if session_key != user.pk or (session_auth_hash
and request.session.get(HASH_SESSION_KEY)
!= session_auth_hash):
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
request.session.flush()
else:
request.session.cycle_key()
request.session[SESSION_KEY] = user.pk
request.session[BACKEND_SESSION_KEY] = user.backend
request.session[USER_DATA_SESSION_KEY] = user.user_data
request.session[HASH_SESSION_KEY] = session_auth_hash
update_token_in_session(request.session, user.token)
if hasattr(request, 'user'):
request.user = user
rotate_token(request)
user_logged_in.send(sender=user.__class__, request=request, user=user)
def login(request, user):
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request. Note that data set during
the anonymous session is retained when the user logs in.
"""
session_auth_hash = ""
if user is None:
user = request.user
if hasattr(user, "get_session_auth_hash"):
session_auth_hash = user.get_session_auth_hash()
if SESSION_KEY in request.session:
session_key = request.session[SESSION_KEY]
if session_key != user.pk or (session_auth_hash and request.session.get(HASH_SESSION_KEY) != session_auth_hash):
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
request.session.flush()
else:
request.session.cycle_key()
request.session[SESSION_KEY] = user.pk
request.session[BACKEND_SESSION_KEY] = user.backend
request.session[USER_DATA_SESSION_KEY] = user.user_data
request.session[HASH_SESSION_KEY] = session_auth_hash
update_token_in_session(request, user.token)
if hasattr(request, "user"):
request.user = user
rotate_token(request)
user_logged_in.send(sender=user.__class__, request=request, user=user)
def post(self, request, backend):
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
user = serializer.instance
rotate_token(request)
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
token, created = Token.objects.get_or_create(user=user)
template_name = "afterlogin"
redirect_url = reverse('generic_view',
kwargs={"template_name": template_name})
response = Response({
'token': token.key,
'profileid': user.profile.id,
'redirect_url': redirect_url,
})
response.set_cookie('authorization',
token.key,
max_age=MAX_AGE,
expires=EXPIRES)
response.set_cookie('authenticate',
token.key,
max_age=MAX_AGE,
expires=EXPIRES)
else:
response = Response(serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
return response
def get(self, request):
myshopify_domain = request.GET.get("shop")
if not myshopify_domain:
return HttpResponse("Shop parameter missing.")
try:
shop = get_user_model().objects.get(
myshopify_domain=myshopify_domain)
except get_user_model().DoesNotExist:
return get_scope_permission(request, myshopify_domain)
with shop.session:
try:
shopify_shop = shopify.Shop.current()
except UnauthorizedAccess:
shop.uninstall()
return get_scope_permission(request, myshopify_domain)
user_logged_in.send(sender=shop.__class__, request=request, user=shop)
return render(
request,
self.template_name,
{
"data": {
"shopOrigin": shop.myshopify_domain,
"apiKey": getattr(settings, "SHOPIFY_APP_API_KEY"),
"loadPath": request.GET.get(REDIRECT_FIELD_NAME)
or "/home",
}
},
)
def test_login_signal_sets_authed_time(self):
user = UserFactory()
request = HttpRequest()
request.session = {}
user_logged_in.send(sender=user.__class__, request=request, user=user)
self.assertIn(authaction_constants.SESSION_LAST_AUTH, request.session)
def post(self, request, format=None):
token = AuthToken.objects.create(request.user)
user_logged_in.send(sender=request.user.__class__, request=request, user=request.user)
UserSerializer = knox_settings.USER_SERIALIZER
return Response({
'user': UserSerializer(request.user).data,
'token': token,
})
def do_login(self, user):
"""Login a user."""
this.user_id = user.pk
this.user_ddp_id = get_meteor_id(user)
# silent subscription (sans sub/nosub msg) to LoggedInUser pub
this.user_sub_id = meteor_random_id()
API.do_sub(this.user_sub_id, 'LoggedInUser', silent=True)
self.update_subs(user.pk)
user_logged_in.send(
sender=user.__class__, request=this.request, user=user,
)
def login(request, user, expiration=True):
"""
Persist token into database. Token is stored inside cookie therefore is not necessary
reauthenticate user for every request.
"""
if user is None:
user = request.user
token = Token.objects.create(user=user, user_agent=request.META.get('HTTP_USER_AGENT'), expiration=expiration)
if hasattr(request, 'user'):
request.user = user
request.token = token
rotate_token(request)
user_logged_in.send(sender=user.__class__, request=request, user=user)
def test_keep_cart_on_login(self):
"""
Test that when logging in, an existing cart's Customer reference is set
to the new logged-in User's Customer
"""
request = self.factory.post('/shop/auth/login', follow=True)
request.customer = Customer()
request.customer.save()
request.session = {'session_key': 'keep_cart'}
request.user = self.bart
old_cart = Cart.objects.get_from_request(request)
user_logged_in.send(sender=self.bart.__class__, request=request, user=self.bart)
new_cart = Cart.objects.get_from_request(request)
self.assertEqual(new_cart.customer, request.customer)
self.assertEqual(new_cart, old_cart)
def test_associate_customer_on_login(self):
"""
Test that when logging in as a user without existing customer account,
the anonymous interim customer object is associated with the logged-in
user.
"""
request = self.factory.post('/shop/auth/login/', follow=True)
request.user = self.lisa
customer = Customer()
customer.save()
request.session = {
'session_key': 'lisa_swap',
SESSION_KEY: customer.pk,
}
request.customer = Customer.objects.get_customer(request)
user_logged_in.send(sender=self.lisa.__class__, request=request, user=self.lisa)
self.assertEqual(request.customer, customer)
self.assertEqual(request.customer.user, self.lisa)
def create_action(self, request, serializer):
with statsd.timer('auth.browserid.verify'):
profile, msg = browserid_authenticate(
request, serializer.data['assertion'],
browserid_audience=serializer.data['audience'] or
get_audience(request),
is_mobile=serializer.data['is_mobile'],
)
if profile is None:
# Authentication failure.
log.info('No profile: %s' % (msg or ''))
raise AuthenticationFailed('No profile.')
request.user = profile
request.groups = profile.groups.all()
auth.login(request, profile)
profile.log_login_attempt(True) # TODO: move this to the signal.
user_logged_in.send(sender=profile.__class__, request=request,
user=profile)
# We want to return completely custom data, not the serializer's.
data = {
'error': None,
'token': commonplace_token(request.user.email),
'settings': {
'display_name': request.user.display_name,
'email': request.user.email,
'enable_recommendations': request.user.enable_recommendations,
}
}
# Serializers give up if they aren't passed an instance, so we
# do that here despite PermissionsSerializer not needing one
# really.
permissions = PermissionsSerializer(context={'request': request},
instance=True)
data.update(permissions.data)
# Add ids of installed/purchased/developed apps.
data['apps'] = user_relevant_apps(profile)
return data
def login(request, user):
if user is None:
user = request.user
# TODO: It would be nice to support different login methods, like signed cookies.
if auth.SESSION_KEY in request.session:
if request.session[auth.SESSION_KEY] != user.id:
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
request.session.flush()
else:
request.session.cycle_key()
request.session[auth.SESSION_KEY] = user.id
request.session[auth.BACKEND_SESSION_KEY] = user.backend
set_session_from_user(request, user)
if hasattr(request, 'user'):
request.user = user
user_logged_in.send(sender=user.__class__, request=request, user=user)
def login(request, user):
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request.
"""
if user is None:
user = request.user
# TODO: It would be nice to support different login methods, like signed cookies.
if SESSION_KEY in request.session:
if request.session[SESSION_KEY] != user.id:
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
request.session.flush()
else:
request.session.cycle_key()
request.session[SESSION_KEY] = user.id
request.session[BACKEND_SESSION_KEY] = user.backend
if hasattr(request, 'user'):
request.user = user
user_logged_in.send(sender=user.__class__, request=request, user=user)
def authenticate(self, request):
"""
Returns a two-tuple of `User` and token if a valid signature has been
supplied using JWT-based authentication. Otherwise returns `None`.
Copied from rest_framework_jwt BaseJSONWebTokenAuthentication, with
the decode_handler changed to our own - because we don't want that
decoder to be the default one in settings - and logging added.
"""
jwt_value = self.get_jwt_value(request)
if jwt_value is None:
return None
try:
payload = jwt_auth.jwt_decode_handler(jwt_value)
except Exception as exc:
try:
# Log all exceptions
log.info('JWTKeyAuthentication failed; '
'it raised %s (%s)', exc.__class__.__name__, exc)
# Re-raise to deal with them properly.
raise exc
except jwt.ExpiredSignature:
msg = ugettext('Signature has expired.')
raise exceptions.AuthenticationFailed(msg)
except jwt.DecodeError:
msg = ugettext('Error decoding signature.')
raise exceptions.AuthenticationFailed(msg)
except jwt.InvalidTokenError:
msg = ugettext('Invalid JWT Token.')
raise exceptions.AuthenticationFailed(msg)
# Note: AuthenticationFailed can also be raised directly from our
# jwt_decode_handler.
user = self.authenticate_credentials(payload)
# Send user_logged_in signal when JWT is used to authenticate an user.
# Otherwise, we'd never update the last_login information for users
# who never visit the site but do use the API to upload new add-ons.
user_logged_in.send(sender=self.__class__, request=request, user=user)
return (user, jwt_value)
def authenticate(self, request):
"""
Returns a two-tuple of `User` and token if a valid signature has been
supplied using JWT-based authentication. Otherwise returns `None`.
"""
jwt_value = self.get_jwt_value(request)
if jwt_value is None:
return None
try:
payload = jwt_decode_handler(jwt_value)
except jwt.ExpiredSignature:
msg = _('Signature has expired.')
raise exceptions.AuthenticationFailed(msg)
except jwt.DecodeError:
msg = _('Error decoding signature.')
raise exceptions.AuthenticationFailed(msg)
except jwt.InvalidTokenError:
raise exceptions.AuthenticationFailed()
user = self.authenticate_credentials(payload)
user_logged_in.send(sender=user.__class__, request=request, user=user)
return (user, jwt_value)
def test_swap_customer_on_login(self):
"""
Test that when logging in as a User with an existing Customer, that one
is set on the request while the anonymous interim customer object is
deleted.
"""
request = self.factory.post('/shop/auth/login/', follow=True)
request.user = self.bart
old_customer = Customer()
old_customer.save()
request.session = {
'session_key': 'bart_swap',
SESSION_KEY: old_customer.pk,
}
request.customer = self.bart.customer
user_logged_in.send(sender=self.bart.__class__, request=request, user=self.bart)
try:
Customer.objects.get_customer(request, force_unauth=True)
except Customer.DoesNotExist:
pass
else:
self.fail("""Unauthenticated customer should be deleted on login
by a User with existing Customer""")
self.assertEqual(request.customer, self.bart.customer)
def create_action(self, request, serializer):
with statsd.timer("auth.browserid.verify"):
profile, msg = browserid_authenticate(
request,
serializer.data["assertion"],
browserid_audience=serializer.data["audience"] or get_audience(request),
is_mobile=serializer.data["is_mobile"],
)
if profile is None:
# Authentication failure.
log.info("No profile: %s" % (msg or ""))
raise AuthenticationFailed("No profile.")
request.user, request.amo_user = profile, profile
request.groups = profile.groups.all()
auth.login(request, profile)
profile.log_login_attempt(True) # TODO: move this to the signal.
user_logged_in.send(sender=profile.__class__, request=request, user=profile)
# We want to return completely custom data, not the serializer's.
data = {
"error": None,
"token": commonplace_token(request.amo_user.email),
"settings": {"display_name": request.amo_user.display_name, "email": request.amo_user.email},
}
# Serializers give up if they aren't passed an instance, so we
# do that here despite PermissionsSerializer not needing one
# really.
permissions = PermissionsSerializer(context={"request": request}, instance=True)
data.update(permissions.data)
# Add ids of installed/purchased/developed apps.
data["apps"] = user_relevant_apps(profile)
return data
def login_user(sender, request, user, identity):
update_user(user, identity)
log.info('Logging in user {} from FxA'.format(user))
user_logged_in.send(sender=sender, request=request, user=user)
login(request, user)
