def api_key(request): ''' Allows the user to generate an API key for the REST API ''' context = {} context.update(csrf(request)) try: key = ApiKey.objects.get(user=request.user) except ApiKey.DoesNotExist: key = False if request.GET.get('new_key'): if key: key.delete() key = ApiKey() key.user = request.user key.save() # Redirect to get rid of the GET parameter return HttpResponseRedirect(reverse('core:api-key')) context['key'] = key return render(request, 'user/api_key.html', context)
def generate_new_api_key(self): key, created = ApiKey.objects.get_or_create(user=self) if not created: #DON'T TRY AND CHANGE THE KEY VALUE. DELETE INSTEAD key.delete() key = ApiKey(user=self) key.save() return key.key
def create_profiles(sender, **kw): user = kw["instance"] if kw["created"]: Token.objects.get_or_create(user=user) UserProfile.objects.get_or_create(user=user) UserBmiProfile.objects.get_or_create(user=user, ) apiKey = ApiKey(user=user, key="1") apiKey.save()
def login(self, request, **kwargs): # Allows POST request self.method_check(request, allowed=['post']) # Deserialize the JSon response data = self.deserialize(request, request.raw_post_data, format=request.META.get( 'CONTENT_TYPE', 'application/json')) # Get the needed datas username = data.get('username', '') password = data.get('password', '') # Try to authenticate the user user = authenticate(username=username, password=password) # If user exist and is active if user: if user.is_active: # Get the associated member member = Member.objects.get(user_id=user.id) memberDict = member.__dict__ preferedCategoryIDs = member.preferedCategoryIDs.all() memberDict['preferedCategories'] = [ cat.name for cat in preferedCategoryIDs ] del memberDict["_state"] del memberDict["user_id"] # Log the user login(request, user) api_key = ApiKey.objects.filter(user=user) if len(api_key) == 0: api_key = ApiKey(user=user) api_key.save() else: api_key = api_key[0] # Add the ApiKey memberDict["api_key"] = api_key.key # Return success=True and the member object return self.create_response(request, { 'success': True, 'member': memberDict, }) else: # If user not active, return success = False and disabled return self.create_response(request, { 'success': False, 'reason': 'disabled', }, HttpForbidden) else: # If user does not exist, return success=False and incorrect return self.create_response(request, { 'success': False, 'reason': 'incorrect', }, HttpUnauthorized)
def handle(self, *args, **options): from tastypie.models import ApiKey users = User.objects.all() for user in users: try: key = user.api_key except ApiKey.DoesNotExist: print('Creating API key for {}'.format(user.username)) k = ApiKey() k.user = user k.save()
def test_not_authorized(self): """ Test if a user can gain access without an API key """ user, created = User.objects.create_user(email='*****@*****.**', password='******') self.username = self.user.email user.save() resp = self.client.get("api/v1/jobsearch/?format=xml") self.assertEqual(resp.status_code, 404) resp = self.client.get("api/v1/seosite/?format=xml") self.assertEqual(resp.status_code, 404) key = ApiKey(user=self.user)
def setUp(self): super(ApiTestCase, self).setUp() # Create a test user and an API key for that user. self.user, created = User.objects.create_user(email='*****@*****.**', password='******') self.username = self.user.email self.user.save() self.key = ApiKey(user=self.user) self.key.save() self.api_key = self.key.key self.auth_qs = '?&username=%s&api_key=%s' % (self.username, self.api_key) self.entry_1 = SeoSite.objects.get(group=1) self.detail_url = '/api/v1/seosite/{0}/'.format(self.entry_1.pk) self.serializer = Serializer()
def userEdit(request): userId = request.GET.get('id') user = get_object_or_404(myUser, id=userId) data = userForm(instance=user) chkApiAuth = ApiKey.objects.filter(user=user) if request.method == 'POST': post = request.POST data = userForm(post, instance=user) if post.get('apiAuth') and not chkApiAuth: ApiKey(user=user).save() sendApiPswMail(user) elif not post.get('apiAuth') and chkApiAuth: chkApiAuth.delete() if data.is_valid(): data.save() return HttpResponseRedirect('/accounts/userList') return render_to_response('accounts/userEdit.html',locals(),context_instance=RequestContext(request))
def setUp(self): super(ApiResourceTests, self).setUp() self.user = User.objects.create_superuser('test user', '*****@*****.**', 'password') self.api_key = ApiKey(user=self.user) self.api_key.save() try: obj = self.model(name='test') obj.save() self.list_uri = '/api/sku_service/%s/' % self.uri_spec self.detail_uri = self.list_uri + '1/' except Exception: pass self.payload = json.dumps({'name': 'test'})
def userAdd(request): listOrAddTag = ['user','accounts', 'userAdd'] data = userForm() if request.method == 'POST': post = request.POST data = userForm(post) username = post.get('username') if data.is_valid(): data.save() if post.get('apiAuth'): user = myUser.objects.get(username=username,availabity__lte=1) ApiKey(user=user).save() if not sendApiPswMail(user): emg = u'api密码发送失败。' if post.get('EMAIL_PUSH'): user = myUser.objects.get(username=username,availabity=1) sendInitMail(request.get_host(),user) smg = u'用户%s添加成功!' % username return render_to_response('accounts/userAdd.html',locals(),context_instance=RequestContext(request))
def vw_login_page(request): mesage = None error = None #redirect_to = request.REQUEST.get('next', '') redirect_to = "" if not redirect_to: redirect_to = 'homepage' if request.user.is_authenticated(): print("is_authenticated") print(request.user) return HttpResponseRedirect(reverse('homepage')) else: if request.method == 'POST': print("NOT is_authenticated - POST") form = login_form(request.POST) if form.is_valid(): f = form.cleaned_data try: user = auth.authenticate(username=f['user'], password=f['password']) print("user - POST ") except: user = None pass if user is not None and user.is_active: print("log login") #log try: lo = mdlLog() lo.user = user lo.content_type = ContentType.objects.get(model='user') lo.object_id = user.id lo.action = 'login' lo.save() except Exception as e: logging.error(e) #request.session.set_expiry(timedelta(days=settings.KEEP_LOGGED_DURATION)) try: from tastypie.models import ApiKey #we create an api key api = ApiKey() api.user = user api.save() except Exception as e: logging.error(e) if request.session.test_cookie_worked(): request.session.delete_test_cookie() print("auth login") auth.login(request, user) request.session['welcome_msg'] = _( 'Welcome ') + user.username + '.' return HttpResponseRedirect(reverse('homepage')) else: error = _('User or password not in our systems') return render( request, 'login/login.html', { 'form': form, 'mesage': mesage, 'error': error, 'redirect_to': redirect_to, }) else: error = _('User or password not in our systems') return render( request, 'login/login.html', { 'form': form, 'mesage': mesage, 'error': error, 'redirect_to': redirect_to, }) else: print("NOT is_authenticated - NOT POST") form = login_form() return render( request, 'login/login.html', { 'form': form, 'mesage': mesage, 'error': error, 'redirect_to': redirect_to, })