def post(self, request): email = request.POST.get('email') try: if email is None: raise User.DoesNotExist except Exception as e: print e return Response(data={'error': e.message}, status=400) try: user = User.objects.get(email=email) user_details = User.objects.filter(email=email) userSerializer = UserSerializer(user_details, many=True) if user.is_active == False: return Response(status=404, data={'error': 'user not verified'}) if not user.check_password("batman25"): return Response(status=401, data={'error': 'incorrect password'}) userToken = AccessToken.objects.filter(user=user) print timezone.now() if not user.qrhash == request.POST.get('qrcode'): return Response(status=404, data={'error': 'Qrcode is not valid'}) # if not timezone.now() >= user.qrhash_expiration: # print user.qrhash # print timezone.now() # print # return Response(status=404, data={'error': 'Qrcode is expired'}) # if user.ismobile_loggedin and timezone.now() <= userToken[0].expires: # return Response(status=404, data={'error': 'You are already logged in any device'}) if userToken: if timezone.now() <= userToken[0].expires: user.ismobile_loggedin = True user.save() return Response(data={ 'access_token': userToken[0].token, 'token_type': 'Bearer', "email": userSerializer.data[0]['email'], "name": userSerializer.data[0]['user_name'], 'avatar': userSerializer.data[0]['avatar'], "scope": userToken[0].scope, "role": { 'admin': userSerializer.data[0]['is_admin'], 'active': userSerializer.data[0]['is_active'], }, "status": '200' }, status=200) else: AccessToken.delete(userToken[0]) return self.issue_new_token(request, user, email) else: return self.issue_new_token(request, user, email) except Exception as e: print e.message return Response(status=404, data={'error': e.message})
def post(self, request): email = request.POST.get('email') try: if email is None: raise User.DoesNotExist except Exception as e: return Response(data={'error': e.message}, status=400) try: user = User.objects.get(email=email) if user.is_active == False: return Response(status=404, data={'error': 'user deactivated'}) if user: if not user.check_password(request.POST.get('password')): return Response(status=401, data={'error': 'incorrect password'}) userToken = AccessToken.objects.filter(user=user) if userToken: if timezone.now() <= userToken[0].expires: return Response(data={ 'access_token': userToken[0].token, 'token_type': 'Bearer', "email": userToken[0].user.email, "scope": userToken[0].scope }, status=200) else: AccessToken.delete(userToken[0]) return self.issue_new_token(request, user, email) else: return self.issue_new_token(request, user, email) except Exception as e: return Response(status=404, data={'error': e.message})
class RoleEndpointTest(TestCase): def setUp(self): self.client = APIClient() self.user = User.objects.create_user("Foo", "Bar", "*****@*****.**", "123456") self.dev_user = User.objects.create_user("Foo", "Bar1", "*****@*****.**", "123456") self.application = Application( name="Test Application", user=self.dev_user, client_type=Application.CLIENT_PUBLIC, authorization_grant_type=Application.GRANT_PASSWORD, ) self.application.save() self.token = AccessToken( token="ABC123", user=self.user, expires=datetime.datetime.now() + datetime.timedelta(days=1), scope='read write', application=self.application ) self.token.save() self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + self.token.token) def tearDown(self): self.application.delete() self.token.delete() self.user.delete() self.dev_user.delete()
def post(self, request): email = request.POST.get('email') try: if email is None: raise User.DoesNotExist except Exception as e: print e return Response(data={'error': e.message}, status=400) try: user = User.objects.get(email=email) user_details = User.objects.filter(email=email) userSerializer = UserSerializer(user_details, many=True) if user.is_active == False: return Response(status=404, data={'error': 'user not verified'}) if not user.check_password(request.POST.get('password')): return Response(status=401, data={'error': 'incorrect password'}) userToken = AccessToken.objects.filter(user=user) if userToken: if timezone.now() <= userToken[0].expires: # print timezone.now() - timezone.timedelta(days=365) # print timezone.now() + timezone.timedelta(minutes=598) # print userToken[0].expires # print timezone.now() + timezone.timedelta(minutes=598) <= userToken[0].expires return Response(data={ 'access_token': userToken[0].token, 'token_type': 'Bearer', 'avatar': userSerializer.data[0]['avatar'], "email": userSerializer.data[0]['email'], "name": userSerializer.data[0]['user_name'], "scope": userToken[0].scope, "role": { 'admin': userSerializer.data[0]['is_admin'], 'active': userSerializer.data[0]['is_active'] }, "status": '200' }, status=200) else: AccessToken.delete(userToken[0]) return self.issue_new_token(request, user, email) else: return self.issue_new_token(request, user, email) except Exception as e: print e.message return Response(status=404, data={'error': e.message})
def test_access_token_signal_update(self): """ Create AccessToken check for update to user/app consent """ usr = self.user app = self._create_application('ThePHR', user=usr) # xwalk = Crosswalk.objects.get(user=usr) this_moment = timezone.now() future_time = this_moment + relativedelta(years=1) a_tkn = AccessToken() a_tkn.user = usr a_tkn.application = app a_tkn.token = "1234567890" a_tkn.expires = future_time a_tkn.scope = [ "patient/Patient.read", "patient/ExplanationOfBenefit.read" ] a_tkn.save() f_c = fhir_Consent.objects.get(user=usr, application=app) # print("\nConsent:%s" % f_c) # print("\nJSON Consent:\n%s\n" % pretty_json(f_c.consent)) self.assertEqual(f_c.consent['meta']['versionId'], "1") a_tkn.delete() a_tkn = AccessToken() a_tkn.user = usr a_tkn.application = app a_tkn.token = "1234567890" a_tkn.expires = future_time a_tkn.scope = [ "patient/Patient.read", "patient/ExplanationOfBenefit.read" ] a_tkn.save() f_c = fhir_Consent.objects.get(user=usr, application=app) # print("\nUpdated Consent:%s" % f_c) # print("\nUpdated JSON Consent:\n%s\n" % pretty_json(f_c.consent)) self.assertEqual(f_c.consent['meta']['versionId'], "2")
def test_access_token_signal_update(self): """ Create AccessToken check for update to user/app consent """ usr = self.user app = self._create_application('ThePHR', user=usr) # xwalk = Crosswalk.objects.get(user=usr) this_moment = timezone.now() future_time = this_moment + relativedelta(years=1) a_tkn = AccessToken() a_tkn.user = usr a_tkn.application = app a_tkn.token = "1234567890" a_tkn.expires = future_time a_tkn.scope = ["patient/Patient.read", "patient/ExplanationOfBenefit.read"] a_tkn.save() f_c = fhir_Consent.objects.get(user=usr, application=app) print("\nConsent:%s" % f_c) print("\nJSON Consent:\n%s\n" % pretty_json(f_c.consent)) self.assertEqual(f_c.consent['meta']['versionId'], "1") a_tkn.delete() a_tkn = AccessToken() a_tkn.user = usr a_tkn.application = app a_tkn.token = "1234567890" a_tkn.expires = future_time a_tkn.scope = ["patient/Patient.read", "patient/ExplanationOfBenefit.read"] a_tkn.save() f_c = fhir_Consent.objects.get(user=usr, application=app) print("\nUpdated Consent:%s" % f_c) print("\nUpdated JSON Consent:\n%s\n" % pretty_json(f_c.consent)) self.assertEqual(f_c.consent['meta']['versionId'], "2")
def post(self, request): token = AccessToken.objects.get(user=request.user) AccessToken.delete(token) return Response(status=200)