def post(self, request, *args, **kwargs): if self.alias_type.upper() not in api_settings.PASSWORDLESS_AUTH_TYPES: # Only allow auth types allowed in settings. return Response(status=status.HTTP_404_NOT_FOUND) serializer = self.serializer_class(data=request.data, context={'request': request}) if serializer.is_valid(raise_exception=True): # Validate - user = serializer.validated_data['user'] # Create and send callback token success = TokenService.send_token(user, self.alias_type, self.token_type, **self.message_payload) # Respond With Success Or Failure of Sent if success: status_code = status.HTTP_200_OK response_detail = self.success_response else: status_code = status.HTTP_400_BAD_REQUEST response_detail = self.failure_response return Response({'detail': response_detail}, status=status_code) else: return Response(serializer.error_messages, status=status.HTTP_400_BAD_REQUEST)
def post(self, request, *args, **kwargs): if self.alias_type.upper() not in api_settings.PASSWORDLESS_AUTH_TYPES: # Only allow auth types allowed in settings. return Response(status=status.HTTP_404_NOT_FOUND) serializer = self.serializer_class(data=request.data, context={'request': request}) if serializer.is_valid(raise_exception=True): # Validate user = serializer.validated_data['user'] if self.alias_type == 'whatsapp' and not user.has_whatsapp_enabled: # Prevents sending tokens to contributor unless WhatsApp is enabled logger.debug( f"Skipped sending notification to {user} having WhatsApp {user.has_whatsapp_enabled}" ) message = 'WhatsApp communications must be enabled to receive tokens from CARPA via WhatsApp.' return Response({'detail': message}, status=status.HTTP_409_CONFLICT) # Create and send callback token success = TokenService.send_token(user, self.alias_type, **self.message_payload) # Respond With Success Or Failure of Sent if success: status_code = status.HTTP_200_OK response_detail = self.success_response else: status_code = status.HTTP_400_BAD_REQUEST response_detail = self.failure_response return Response({'detail': response_detail}, status=status_code) else: return Response(serializer.error_messages, status=status.HTTP_400_BAD_REQUEST)
def post(self, request, *args, **kwargs): if self.alias_type.upper() not in api_settings.PASSWORDLESS_AUTH_TYPES: # Only allow auth types allowed in settings. return Response(status=status.HTTP_404_NOT_FOUND) try: user = Peoples.objects.get(mobile=self.request.data.get('mobile')) except Peoples.DoesNotExist: user = None # serializer = self.serializer_class(data=request.data, context={'request': request}) # if serializer.is_valid(raise_exception=True): # # Validate - # if user is None: # Peoples.objects.get(mobile=self.request.data.get('mobile')).delete() # Create and send callback token if user is not None: success = TokenService.send_token(user, self.alias_type, **self.message_payload) # Respond With Success Or Failure of Sent if success: status_code = status.HTTP_200_OK response_detail = self.success_response else: status_code = status.HTTP_400_BAD_REQUEST response_detail = self.failure_response return Response({'detail': response_detail}, status=status_code) else: return Response('شما در سیستم ثبت نشده اید.', status=status.HTTP_400_BAD_REQUEST)
def post(self, request, *args, **kwargs): if self.alias_type.upper() not in api_settings.PASSWORDLESS_AUTH_TYPES: # Only allow auth types allowed in settings. return Response(status=status.HTTP_404_NOT_FOUND) serializer = self.serializer_class(data=request.data, context={'request': request}) if serializer.is_valid(raise_exception=True): # Validate - user = serializer.validated_data['user'] template_name = None if api_settings.PASSWORDLESS_TEMPLATE_CHOICES: # Differing from original lib: we allow optional template and pass this to send_token template_idx = serializer.validated_data.get( 'template') # default 1 template_name = [ choice for choice in api_settings.PASSWORDLESS_TEMPLATE_CHOICES if choice[0] == template_idx ][0][1] # Create and send callback token success = TokenService.send_token(user, self.alias_type, template=template_name, **self.message_payload) # Respond With Success Or Failure of Sent if success: status_code = status.HTTP_200_OK response_detail = self.success_response else: status_code = status.HTTP_400_BAD_REQUEST response_detail = self.failure_response return Response({'detail': response_detail}, status=status_code) else: return Response(serializer.error_messages, status=status.HTTP_400_BAD_REQUEST)
def update_alias_verification(sender, instance, **kwargs): """ Flags a user's email as unverified if they change it. Optionally sends a verification token to the new endpoint. """ if isinstance(instance, User): if instance.id: if api_settings.PASSWORDLESS_USER_MARK_EMAIL_VERIFIED is True: """ For marking email aliases as not verified when a user changes it. """ email_field = api_settings.PASSWORDLESS_USER_EMAIL_FIELD_NAME email_verified_field = api_settings.PASSWORDLESS_USER_EMAIL_VERIFIED_FIELD_NAME # Verify that this is an existing instance and not a new one. try: user_old = User.objects.get( id=instance.id) # Pre-save object instance_email = getattr(instance, email_field) # Incoming Email old_email = getattr(user_old, email_field) # Pre-save object email if instance_email != old_email and instance_email != "" and instance_email is not None: # Email changed, verification should be flagged setattr(instance, email_verified_field, False) if api_settings.PASSWORDLESS_AUTO_SEND_VERIFICATION_TOKEN is True: email_subject = api_settings.PASSWORDLESS_EMAIL_VERIFICATION_SUBJECT email_plaintext = api_settings.PASSWORDLESS_EMAIL_VERIFICATION_PLAINTEXT_MESSAGE email_html = api_settings.PASSWORDLESS_EMAIL_VERIFICATION_TOKEN_HTML_TEMPLATE_NAME message_payload = { 'email_subject': email_subject, 'email_plaintext': email_plaintext, 'email_html': email_html } success = TokenService.send_token( instance, 'email', **message_payload) if success: logger.info( 'drfpasswordless: Successfully sent email on updated address: %s' % instance_email) else: logger.info( 'drfpasswordless: Failed to send email to updated address: %s' % instance_email) except User.DoesNotExist: # User probably is just initially being created return if api_settings.PASSWORDLESS_USER_MARK_MOBILE_VERIFIED is True: """ For marking mobile aliases as not verified when a user changes it. """ mobile_field = api_settings.PASSWORDLESS_USER_MOBILE_FIELD_NAME mobile_verified_field = api_settings.PASSWORDLESS_USER_MOBILE_VERIFIED_FIELD_NAME # Verify that this is an existing instance and not a new one. try: user_old = User.objects.get( id=instance.id) # Pre-save object instance_mobile = getattr(instance, mobile_field) # Incoming mobile old_mobile = getattr( user_old, mobile_field) # Pre-save object mobile if instance_mobile != old_mobile and instance_mobile != "" and instance_mobile is not None: # Mobile changed, verification should be flagged setattr(instance, mobile_verified_field, False) if api_settings.PASSWORDLESS_AUTO_SEND_VERIFICATION_TOKEN is True: mobile_message = api_settings.PASSWORDLESS_MOBILE_MESSAGE message_payload = { 'mobile_message': mobile_message } success = TokenService.send_token( instance, 'mobile', **message_payload) if success: logger.info( 'drfpasswordless: Successfully sent SMS on updated mobile: %s' % instance_mobile) else: logger.info( 'drfpasswordless: Failed to send SMS to updated mobile: %s' % instance_mobile) except User.DoesNotExist: # User probably is just initially being created pass
def post(self, request, *args, **kwargs): # Only allow auth types allowed in settings. if self.alias_type.upper() not in api_settings.PASSWORDLESS_AUTH_TYPES: return Response(status=status.HTTP_404_NOT_FOUND) serializer = self.serializer_class(data=request.data, context={'request': request}) # NOTE: this potentially CREATES a User with the given alias (email/phone) and other user-data (depending on the settings), # if create=true was given and the User doesn't exist already if serializer.is_valid(raise_exception=True): user = serializer.validated_data['user'] # Create and send callback token if serializer.validated_data.get( "country", "") == "fi" and self.message_payload_fi != {}: payload = self.message_payload_fi.copy( ) # copy or we'll change the class-global dict... else: payload = self.message_payload.copy( ) # copy or we'll change the class-global dict... # If desktop=true is provided, we format the callback as a normal text and not a link (for use in desktop logins) # Set linkbase to an empty string in that case, as the placeholder for it is in the SMS template anyway. if serializer.validated_data.get('desktop', False): payload['desktop'] = True payload['linkbase'] = '' else: # If devlink=true is provided during the request, we use a different link base for the callback link, to support dev-apps if serializer.validated_data.get("country", "") == "fi": payload[ "linkbase"] = api_settings.PASSWORDLESS_FI_LINK_BASE elif serializer.validated_data.get("devlink", False): payload[ "linkbase"] = api_settings.PASSWORDLESS_DEV_LINK_BASE else: payload[ 'linkbase'] = api_settings.PASSWORDLESS_PROD_LINK_BASE if not user.is_active: # in this case, mimic the user not being found at all (used for soft-deletion) return Response(status=status.HTTP_404_NOT_FOUND) if not user.is_demo: # This can fail for various reasons: an SMS can fail to reach a valid mobile number, an email can have # an incorrect domain. We get False back in those cases. send_success = TokenService.send_token(user, self.alias_type, **payload) else: send_success = False if send_success: status_code = status.HTTP_200_OK response_detail = self.success_response response_code = None else: status_code = status.HTTP_400_BAD_REQUEST response_detail = self.failure_response response_code = 'sending_error' return Response({ 'detail': response_detail, 'code': response_code }, status=status_code) else: return Response(serializer.error_messages, status=status.HTTP_400_BAD_REQUEST)