def token_obtain_pair_handler(username, password):
"""
Takes a set of user credentials and returns an access and refresh JSON web
token pair to prove the authentication of those credentials.
"""
ser = TokenObtainPairSerializer(data={
get_username_field(): username,
'password': password
})
ser.is_valid(raise_exception=True)
update_last_login(None, ser.user)
res = dict(refresh=ser.validated_data.get('refresh'),
access=ser.validated_data.get('access'),
user=UserSerializer(ser.user).data)
return res
def func(prof_id=None,
prof=None,
expire_date=settings.ACCESS_TOKEN_LIFETIME):
if prof is None:
assert prof_id is not None, 'Must include a prof_id if you do not provide a profile'
prof = create_test_prof(prof_id)
access_token = str(
TokenObtainPairSerializer.get_token(prof).access_token)
cookies = SimpleCookie()
signature_cookie = 'JWT-SIGNATURE'
cookies[SIGNATURE_COOKIE_NAME] = access_token.split('.')[-1]
cookies[SIGNATURE_COOKIE_NAME]['HttpOnly'] = True
cookies[SIGNATURE_COOKIE_NAME]['SameSite'] = "Strict"
# FIXME make secure = to TRUE in production
cookies[SIGNATURE_COOKIE_NAME]['Secure'] = False
cookies[SIGNATURE_COOKIE_NAME]['Path'] = '/'
# This joins together the header and payload list items into a string
cookies[PAYLOAD_COOKIE_NAME] = '.'.join(access_token.split('.')[:2])
# FIXME make secure = to TRUE in production
cookies[PAYLOAD_COOKIE_NAME]['Secure'] = False
cookies[PAYLOAD_COOKIE_NAME]['SameSite'] = "Strict"
expire_time = (datetime.now(tz=timezone.utc) +
settings.ACCESS_TOKEN_LIFETIME)
cookies[PAYLOAD_COOKIE_NAME]['expires'] = expire_time.strftime(
"%a, %d %b %Y %H:%M:%S GMT")
cookies[PAYLOAD_COOKIE_NAME]['Max-Age'] = int(
settings.ACCESS_TOKEN_LIFETIME.total_seconds())
cookies[PAYLOAD_COOKIE_NAME]['Path'] = '/'
return prof, cookies
def post(self, request):
# seri data
seri = serializers.UserSerializer(data=request.data)
if seri.is_valid():
seri.validated_data['password'] = make_password(
seri.validated_data['password'])
new_user = seri.save()
Doctor.objects.create(user=new_user)
# Gui ve Token
refresh = TokenObtainPairSerializer.get_token(new_user)
data = {
'refresh_token':
str(refresh),
'access_token':
str(refresh.access_token),
'access_expires':
int(settings.SIMPLE_JWT['ACCESS_TOKEN_LIFETIME'].total_seconds(
)),
'refresh_expires':
int(settings.SIMPLE_JWT['REFRESH_TOKEN_LIFETIME'].
total_seconds())
}
return Response(data, status=status.HTTP_201_CREATED)
else:
print(seri.errors)
return JsonResponse(
{
'error_message': 'Error Serialize User',
'errors_code': 400,
},
status=status.HTTP_400_BAD_REQUEST)
def process_register_form(request, auth_method='session'):
form = NewUserForm(
request.POST) if auth_method == 'session' else NewUserFormAPI(
request.POST)
token_dict = None
if form.is_valid():
try:
with transaction.atomic():
new_user = form.save()
user = authenticate(email=form.cleaned_data['email'],
password=form.cleaned_data['password1'])
p = UserProfile(id=user.id)
p.assign_slug()
p.join_invited_groups()
if PARTNER_GROUP_EMAIL_PATTERN_LOOKUP_FILE:
p.add_partner_group_by_email()
if hasattr(request, "interfaceLang"):
p.settings["interface_language"] = request.interfaceLang
p.save()
except Exception:
return {"error": "something went wrong"}
if auth_method == 'session':
auth_login(request, user)
elif auth_method == 'jwt':
token_dict = TokenObtainPairSerializer().validate({
"username":
form.cleaned_data['email'],
"password":
form.cleaned_data['password1']
})
return {
k: v[0] if len(v) > 0 else unicode(v)
for k, v in form.errors.items()
}, token_dict, form
class UserWriteSerializer(serializers.ModelSerializer):
username = serializers.CharField(
required=True,
validators=[UniqueValidator(queryset=get_user_model().objects.all(), message="Username already exists.")],
label="username",
)
password = serializers.CharField(required=True, write_only=True, min_length=9, label="password")
registration_token = serializers.CharField(label="registration_token", read_only=True)
token = TokenObtainPairSerializer(read_only=True, label="token")
class Meta:
model = get_user_model()
fields = ["username", "registration_token", "password", "token"]
def create(self, validated_data):
password = validated_data.pop("password")
user = super().create(validated_data)
user.set_password(password)
user.save()
return user
def validate_registration_token(self, token):
if token is None or token == "":
raise serializers.ValidationError("registration token is required.")
if token == settings.REGISTER_TOKEN:
return token
raise serializers.ValidationError("Invalid registration token.")
def post(self, request):
serializer = AccountSerializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['username']
user = CustomBackend.authenticate(
self,
request,
username=serializer.validated_data['username'],
password=serializer.validated_data['password'],
)
if user == None:
#Password not correct but we set this message to secure
return Response("Username or Password is incorrect !", status=status.HTTP_401_UNAUTHORIZED)
else :
# data = TokenSerializer(user).data
refresh = TokenObtainPairSerializer.get_token(user)
data = {
'username':user.username,
'is_admin':user.is_admin,
'refresh_token': str(refresh),
'access_token': str(refresh.access_token),
'access_expires': int(settings.SIMPLE_JWT['ACCESS_TOKEN_LIFETIME'].total_seconds()),
'refresh_expires': int(settings.SIMPLE_JWT['REFRESH_TOKEN_LIFETIME'].total_seconds()),
}
return Response(data, status=status.HTTP_200_OK)
except serializers.ValidationError:
return Response(serializer.errors, status=status.HTTP_401_UNAUTHORIZED)
def post(self, request, *args, **kwargs):
try:
serializer = RegistrationSerializer(data=request.data)
if serializer.is_valid():
validated_data = serializer.validated_data
created, profile_id, message = serializer.create(
validated_data=validated_data)
if created:
tokenr = TokenObtainPairSerializer().\
get_token(request.user)
tokena = AccessToken().for_user(request.user)
logged_in_user = User.objects.get(id=profile_id)
return Response({
'created': True,
'user_id': profile_id
},
status=status.HTTP_200_OK)
else:
print(logger)
logger.debug('Error')
return Response({'message': message},
status=status.HTTP_400_BAD_REQUEST)
return Response(serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
except Exception as e:
print(e)
logger.errors(e)
return Response({'message': 'Issue'},
status=status.HTTP_409_CONFLICT)
def post(self, request):
serializer = UserLoginSerializer(data=request.data)
if serializer.is_valid():
user = authenticate(request,
username=serializer.validated_data['email'],
password=serializer.validated_data['password'])
if user:
refresh = TokenObtainPairSerializer.get_token(user)
data = {
'refresh_token':
str(refresh),
'access_token':
str(refresh.access_token),
'access_expires':
int(settings.SIMPLE_JWT['ACCESS_TOKEN_LIFETIME'].
total_seconds()),
'refresh_expires':
int(settings.SIMPLE_JWT['REFRESH_TOKEN_LIFETIME'].
total_seconds())
}
return Response(data, status=status.HTTP_200_OK)
return Response(
{
'error_message': 'Email or password is incorrect!',
'error_code': 400
},
status=status.HTTP_400_BAD_REQUEST)
return Response(
{
'error_messages': serializer.errors,
'error_code': 400
},
status=status.HTTP_400_BAD_REQUEST)
def test_it_should_produce_a_json_web_token_when_valid(self):
s = TokenObtainPairSerializer(
data={
TokenObtainPairSerializer.username_field: self.username,
'password': self.password,
})
self.assertTrue(s.is_valid())
self.assertIn('access', s.validated_data)
self.assertIn('refresh', s.validated_data)
# Expecting token type claim to be correct for both tokens. If this is
# the case, instantiating appropriate token subclass instances with
# encoded tokens should not raise an exception.
AccessToken(s.validated_data['access'])
RefreshToken(s.validated_data['refresh'])
def post(self, request, format=None):
"""
include validations here later
"""
email = request.data.get('email')
new_password = request.data.get('password')
confirm_password = request.data.get('confirm_password')
if str(new_password) != str(confirm_password):
message = {"message": "Both passwords must match."}
return Response(message, status=status.HTTP_406_NOT_ACCEPTABLE)
user = MyUser.objects.get(email__iexact=email)
user.set_password(new_password)
user.save()
#getting token
r_token = TokenObtainPairSerializer().get_token(request.user)
a_token = AccessToken().for_user(request.user)
tokens = {
'refresh': str(r_token),
'access': str(a_token),
'my_pk': user.pk
}
message = {"message": "Password Changed."}
return Response(tokens, status=status.HTTP_202_ACCEPTED)
def generate_user_with_token(email, password, user=None):
client = APIClient()
user = user if user else generate_user(email, password)
token = TokenObtainPairSerializer.get_token(user)
client.credentials(
HTTP_AUTHORIZATION='Bearer {}'.format(token.access_token))
return client
def process_register_form(request, auth_method='session'):
form = SefariaNewUserForm(
request.POST) if auth_method == 'session' else SefariaNewUserFormAPI(
request.POST)
token_dict = None
if form.is_valid():
with transaction.atomic():
new_user = form.save()
user = authenticate(email=form.cleaned_data['email'],
password=form.cleaned_data['password1'])
p = UserProfile(id=user.id)
p.assign_slug()
p.join_invited_collections()
if hasattr(request, "interfaceLang"):
p.settings["interface_language"] = request.interfaceLang
p.save()
if auth_method == 'session':
auth_login(request, user)
elif auth_method == 'jwt':
token_dict = TokenObtainPairSerializer().validate({
"username":
form.cleaned_data['email'],
"password":
form.cleaned_data['password1']
})
return {
k: v[0] if len(v) > 0 else str(v)
for k, v in list(form.errors.items())
}, token_dict, form
def post(self, request):
serializer = UserLoginSerializer(data=request.data)
if serializer.is_valid():
user = authenticate(request,
username=serializer.validated_data['email'],
password=serializer.validated_data['password'])
if user:
refresh = TokenObtainPairSerializer.get_token(user)
data = {
'refresh_token': str(refresh),
'access_token': str(refresh.access_token)
}
return Response(data, status=status.HTTP_200_OK)
return Response(
{
'error_message': 'Email or password is incorrect!',
'error_code': 400,
},
status=status.HTTP_400_BAD_REQUEST)
return Response({
'error_message': serializer.errors,
'error_code': 400
},
status=status.HTTP_400_BAD_REQUEST)
def jwt_encode(user):
try:
from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
except ImportError:
raise ImportError("rest-framework-simplejwt needs to be installed")
refresh = TokenObtainPairSerializer.get_token(user)
return refresh.access_token, refresh
def post(self, request, format=None):
token_pair = TokenObtainPairSerializer.get_token(request.user)
result = {}
result["refresh"] = str(token_pair)
result["access"] = str(token_pair.access_token)
create_action(request.user, LOGIN, request.user)
return Response(result, status=status.HTTP_200_OK)
def post(self, request, *args, **kwargs):
try:
info = list(
User.objects.filter(email=request.data.get("email")).values(
'uuid', 'email', 'username'))
info = info[0]
except:
return Response(responsedata(False, "No User found"),
status=status.HTTP_404_NOT_FOUND)
if not request.data.get('email'):
return Response(responsedata(False, "Email Id is required"),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
if not request.data.get("password"):
return Response(responsedata(False, "Password is required"),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
if not User.objects.filter(email=request.data.get("email")).exists():
return Response(responsedata(False,
"No user found with this Email Id"),
status=status.HTTP_404_NOT_FOUND)
if User.objects.filter(email=request.data.get("email")).exists():
user = list(
User.objects.filter(
email=request.data.get("email")).values())[0]
if not User.objects.get(
email=request.data.get("email")).check_password(
request.data.get("password")):
print(
User.objects.get(
email=request.data.get("email")).get_password())
return Response(responsedata(False, "Incorrect Password"),
status=status.HTTP_404_NOT_FOUND)
serializer = TokenObtainPairSerializer(data=request.data)
if serializer.is_valid(raise_exception=True):
data = serializer.validate(request.data)
data.update({"Access-Control-Expose-Headers": "access"})
data.update(info)
if serializer.User.is_active:
return Response(responsedata(True, "Login Successfull", data),
status=200)
else:
return Response(responsedata(False,
"Please Validate Your Email Id"),
status=400)
def login(request):
auth = {
"username": request.data["username"],
"password": request.data["password"]
}
tokens = TokenObtainPairSerializer(auth).validate(auth)
return Response(data=tokens)
def token(self, request, *args, **kwargs):
"""
Token
Takes a set of user credentials and returns an access and
refresh JSON web token pair to prove the authentication
of those credentials.
"""
serializer = TokenObtainPairSerializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
return response.Response(serializer.validated_data,
status=status.HTTP_200_OK)
def get_token(name, password):
"""Возвращает jwt-токен для пользователя с логином name и паролем password
Возвращает None, если такого пользователя не существует"""
user = authenticate(username=name, password=password)
if user:
token = TokenObtainPairSerializer().get_token(user)
return token
else:
return None
def create_access_token_for_user(user):
"""
Create an access token for user.
:param user:
:return Encoded token
"""
refresh = TokenObtainPairSerializer.get_token(user)
encoded_token = token_backend.encode(refresh.access_token.payload)
return encoded_token
def post(self, request):
errors = []
if not request.data.get('username'):
errors.append('username cannot be empty')
if not request.data.get('email'):
errors.append('email cannot be empty')
if not request.data.get('password'):
errors.append('password cannot be empty')
elif len(request.data['password']) < 8:
errors.append('password must be at least 8 characters long')
if errors:
return Response(
{'info': errors},
status=status.HTTP_400_BAD_REQUEST,
)
# create the user
user_serializer = UserSerializer(data=request.data)
try:
user_serializer.is_valid(raise_exception=True)
except Exception as e:
return Response(
{'info': list(e.detail.values())},
status=status.HTTP_400_BAD_REQUEST,
)
new_user = user_serializer.save()
# create the profile
profile_data = {'user': new_user.pk}
profile_serializer = ProfileSerializer(data=profile_data)
profile_serializer.is_valid(raise_exception=True)
new_profile = profile_serializer.save()
# create and return the jwts
jwt_serializer = TokenObtainPairSerializer(data=request.data)
try:
jwt_serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
jwtResponse = Response(jwt_serializer.validated_data, status=status.HTTP_200_OK)
jwtResponse.data['username'] = new_user.username
return jwtResponse
def post(self, request):
password = CustomUser.objects.make_random_password()
data = request.data
data.update({'password': password})
serializer = UserCreateSerializer(data=request.data)
if serializer.is_valid():
user = serializer.save()
token = TokenObtainPairSerializer.get_token(user)
return JsonResponse({'access': str(token.access_token)})
else:
return JsonResponse(serializer.errors, status=400)
def generate_random_client_with_token():
client = APIClient()
try:
user = User.objects.create_user(email=TEST_USER_EMAIL,
password=TEST_USER_PASSWORD)
except IntegrityError:
user = User.objects.get(email=TEST_USER_EMAIL)
token = TokenObtainPairSerializer.get_token(user)
client.credentials(
HTTP_AUTHORIZATION='Bearer {}'.format(token.access_token))
return client
def test_normal_auth_request(self, create_test_prof):
factory = APIRequestFactory()
view = AuthRequiredViewStub.as_view()
prof = create_test_prof(1)
access_token = str(
TokenObtainPairSerializer.get_token(prof).access_token)
request = factory.get(
'', **{'HTTP_AUTHORIZATION': f"Bearer {access_token}"})
response = view(request)
assert response.status_code == status.HTTP_200_OK
def post(self, request, *args, **kwargs):
if request.data:
request.POST._mutable = True
data = request.data
data['Pass'] = data.get('password')
if User.objects.filter(email=data.get('email')).values().exists():
Response(responsedata(False, "User already present"),
status=status.HTTP_409_CONFLICT)
data['is_active'] = True
serializer = UserSerializer(data=data)
if serializer.is_valid(raise_exception=True):
serializer.save()
tokenserializer = TokenObtainPairSerializer(
data={
"email": request.data.get("email"),
"password": request.data.get("password")
})
if tokenserializer.is_valid(raise_exception=True):
data = tokenserializer.validate({
"email":
request.data.get("email"),
"password":
request.data.get("password")
})
tempid = serializer.data.get("uuid")
else:
return Response(responsedata(False, "Can't insert data"),
status=400)
respdata = {
'uuid': tempid,
'data': data,
'username': serializer.data['username'],
'email': serializer.data['email'],
}
return Response(responsedata(True, "Data Inserted", respdata),
status=200)
else:
return Response(responsedata(False, "No data provided"),
status=412)
def lti_launch(request):
"""Django view for the lti post request.
Verifies the given LTI parameters based on our secret, if a user can be found based on the verified parameters
a redirection link is send with corresponding JW access and refresh token to allow for a user login. If no user
can be found on our end, but the LTI parameters were verified nonetheless, we are dealing with a new user and
redirect with additional parameters that will allow for the creation of a new user.
If the parameters are not validated a redirection is send with the parameter state set to BAD_AUTH.
"""
secret = settings.LTI_SECRET
key = settings.LTI_KEY
try:
lti.OAuthRequestValidater.check_signature(key, secret, request)
except (oauth2.Error, ValueError):
return redirect(
lti.create_lti_query_link(
QueryDict.fromkeys(['state'], LTI_STATES.BAD_AUTH.value)))
params = request.POST.dict()
user = lti.get_user_lti(params)
user = handle_test_student(user, params)
params['exp'] = datetime.datetime.utcnow() + datetime.timedelta(minutes=15)
lti_params = encode_lti_params(params)
try:
if user is None:
query = QueryDict(mutable=True)
query['state'] = LTI_STATES.NO_USER.value
query['lti_params'] = lti_params
query['username'] = params['custom_username']
query['full_name'] = params.get('custom_user_full_name', None)
else:
refresh = TokenObtainPairSerializer.get_token(user)
query = QueryDict.fromkeys(['lti_params'],
lti_params,
mutable=True)
query['jwt_access'] = str(refresh.access_token)
query['jwt_refresh'] = str(refresh)
query['state'] = LTI_STATES.LOGGED_IN.value
except KeyError as err:
query = QueryDict.fromkeys(['state'],
LTI_STATES.KEY_ERR.value,
mutable=True)
query[
'description'] = 'The request is missing the following parameter: {0}.'.format(
err)
return redirect(lti.create_lti_query_link(query))
def Signin(request):
try:
user = authenticate(username=request.data.get("email"),
password=request.data.get("password"))
if user is not None:
tokenObtainPairObj = TokenObtainPairSerializer()
data_access_refresh_token_dict = tokenObtainPairObj.validate(
request.data)
data_access_refresh_token_dict.update(
{"user": serializers.UserProfileSerializer(user).data})
return Response(data_access_refresh_token_dict)
else:
return Response({"error": "Authentication Failure"},
status=status.HTTP_401_UNAUTHORIZED)
except Exception as e:
logger.exception("Token exception : %s", e)
return Response(
{
"error":
"Internal Server Error. We are extreamly sorry for the inconvenience. We will be back soon."
},
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer)
data = serializer.data
token = TokenObtainPairSerializer().get_token(user)
data.update({'username': user.username})
data.update({'refresh': str(token)})
data.update({'access': str(token.access_token)})
headers = self.get_success_headers(serializer.data)
return Response(data, status=status.HTTP_201_CREATED, headers=headers)
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
phone_number = serializer.validated_data['phone_number']
user = User.objects.filter(phone_number=phone_number).first()
token = TokenObtainPairSerializer().get_token(user)
data = serializer.data
data.update({'username': user.username})
data.update({'refresh': str(token)})
data.update({'access': str(token.access_token)})
return Response(data, status=status.HTTP_200_OK)
def tokens(self, request, *args, **kwargs):
token_obtain_pair_serializer = TokenObtainPairSerializer(
data=request.data)
token_obtain_pair_serializer.is_valid(raise_exception=True)
user = User.objects.get(email=request.data['email'])
is_exist_profile = hasattr(user, 'profile')
response_data = {
**token_obtain_pair_serializer.validated_data,
'user':
user,
'profile':
user.profile if is_exist_profile else None,
'coin_history':
CoinHistory.objects.filter(profile=user.profile).order_by('-id')
if is_exist_profile else [],
}
serializer = self.get_serializer(response_data)
return Response(data=serializer.data, status=status.HTTP_200_OK)