def auth(request):
key = None
date = None
message = None
try:
api_key = ApiKey.objects.get(user=request.user)
except ApiKey.DoesNotExist:
api_key = None
if request.method == 'POST':
try:
action = request.POST['action']
if action == 'delete' and api_key:
api_key.delete()
api_key = None
message = 'The API key was successfully deleted.'
elif action == 'generate':
if not api_key:
api_key = ApiKey.objects.create(user=request.user)
else:
api_key.key = ApiKey.generate_key(api_key)
message = 'The API key was successfully generated.'
except MultiValueDictKeyError:
pass
if api_key:
key = api_key.key
date = api_key.created
return render_to_response('server/auth.html',{'logged': True, 'key': key, 'date': date,
'message': message},
context_instance=RequestContext(request))
def handle(self, *args, **options):
self.options = options
if len(args) < 1 or len(args) > 1:
print >>sys.stderr, "takes one argument: %s" % self.args
return
user = args[0]
u = None
try:
u = User.objects.get(username=user)
print 'User {0} exists'.format(user)
except User.DoesNotExist:
print 'User {0} does not exist - creating'.format(user)
u = User(username=user, is_staff=True)
u.save()
try:
key = ApiKey.objects.get(user=u)
print 'User {0} already has api key, skipping creation'.format(user)
except ApiKey.DoesNotExist:
print 'User {0} does not have an api key - creating'.format(user)
u_apikey = ApiKey(user=u)
u_apikey.key = u_apikey.generate_key()
u_apikey.save()
u.save()
key = ApiKey.objects.get(user=u)
print 'Key: {0}'.format(key)
def twitter_login_callback(self, request=None, **kwargs):
'''
when we have the oauth verifier then send it through this api
'''
#get the params twitter need
post = simplejson.loads(request.body)
twitter_key = settings.TWITTER_KEY
twitter_secret = settings.TWITTER_SECRET
oauth_token = request.session.get('OAUTH_TOKEN', '')
oauth_token_secret = request.session.get('OAUTH_TOKEN_SECRET', '')
oauth_verifier = post.get('oauth_verifier', '')
#get the params from the login
twitter = Twython(twitter_key, twitter_secret,oauth_token, oauth_token_secret)
final_step = twitter.get_authorized_tokens(oauth_verifier)
user_oauth_token = final_step['oauth_token']
user_oauth_token_secret = final_step['oauth_token_secret']
#find existing user or create a new one
try:
userprofile = UserProfile.objects.get(twitter_oauth_token=user_oauth_token, twitter_oauth_token_secret=user_oauth_token_secret)
user = userprofile.user
except:
#create a user and user profile
api_key = ApiKey()
username = api_key.generate_key()[0:30]
password = api_key.generate_key()[0:30]
user = User()
user.username = username
user.is_active = True
user.password = password
user.save()
userprofile = user.profile
userprofile.twitter_oauth_token = user_oauth_token
userprofile.twitter_oauth_token_secret = user_oauth_token_secret
userprofile.save()
#delete all the old api keys
api_keys = ApiKey.objects.filter(user=user)
api_keys.delete()
#create a new api key
api_key, created = ApiKey.objects.get_or_create(user=user)
api_key.save()
#store the keys in the session
request.session['api_key'] = api_key.key
request.session['username'] = user.username
ur = UserProfileResource()
ur_bundle = ur.build_bundle(obj=user.profile, request=request)
return self.create_response(request, {
'is_logged_in': True,
'message': 'The user is logged in',
'username': user.username,
'api_key': api_key.key,
'user_profile': json.loads(ur.serialize(None, ur.full_dehydrate(ur_bundle), 'application/json'))
})
class PSAPIBaseTest(ResourceTestCase):
fixtures = ['perfsonar_api_metadata.json']
def setUp(self):
super(PSAPIBaseTest, self).setUp()
#create user credentials
self.noperms_user = User(username="******", is_staff=True)
self.noperms_user.save()
self.noperms_apikey = ApiKey(user=self.noperms_user)
self.noperms_apikey.key = self.noperms_apikey.generate_key()
self.noperms_apikey.save()
self.admin_user = User(username="******", is_staff=True)
self.admin_user.save()
for model_name in ['psmetadata', 'pspointtopointsubject', 'pseventtypes', 'psmetadataparameters']:
for perm_name in ['add', 'change', 'delete']:
perm = Permission.objects.get(codename='{0}_{1}'.format(perm_name, model_name))
self.admin_user.user_permissions.add(perm)
#Add timeseries permissions
for perm_name in ['add', 'change', 'delete']:
perm = Permission.objects.get(codename='esmond_api.{0}_timeseries'.format(perm_name))
self.admin_user.user_permissions.add(perm)
self.admin_user.save()
self.admin_apikey = ApiKey(user=self.admin_user)
self.admin_apikey.key = self.admin_apikey.generate_key()
self.admin_apikey.save()
def create_noperms_credentials(self):
return self.create_apikey(self.noperms_user.username, self.noperms_apikey.key)
def create_admin_credentials(self):
return self.create_apikey(self.admin_user.username, self.admin_apikey.key)
def assertExpectedResponse(self, expected, url, get_params={}):
response = self.client.get(url, get_params)
self.assertHttpOK(response)
data = json.loads(response.content)
self.assertEquals(expected, data)
def fb_login(self, request=None, **kwargs):
'''
will login the user using facebook
'''
#get the params
post = simplejson.loads(request.body)
access_token = post.get('access_token')
signed_request = post.get('signed_request')
#get the email of the user
fb_decode = fb_request_decode(signed_request)
fb_user_id = fb_decode['fb_data']['user_id']
facebook=fb.graph.api(access_token)
object=facebook.get_object(cat="single", id=fb_user_id, fields=[ ] )
email = object['email']
#find the user
try:
user = User.objects.get(email=email)
except:
#create the user object
api_key = ApiKey()
username = api_key.generate_key()[0:30]
password = api_key.generate_key()[0:30]
user = User()
user.username = username
user.email = email
user.is_active = True
user.password = password
user.save()
#delete all the old api keys
api_keys = ApiKey.objects.filter(user=user)
api_keys.delete()
#create a new api key
api_key, created = ApiKey.objects.get_or_create(user=user)
api_key.save()
ur = UserProfileResource()
ur_bundle = ur.build_bundle(obj=user.profile, request=request)
return self.create_response(request, {
'is_logged_in': True,
'message': 'The user is logged in',
'api_key': api_key.key,
'username': user.username,
'user_profile': json.loads(ur.serialize(None, ur.full_dehydrate(ur_bundle), 'application/json'))
})
def handle(self, *args, **options):
self.options = options
if len(args) < 1 or len(args) > 1:
print >>sys.stderr, "takes one argument: %s" % self.args
return
user = args[0]
u = None
try:
u = User.objects.get(username=user)
print 'User {0} exists'.format(user)
except User.DoesNotExist:
print 'User {0} does not exist - creating'.format(user)
u = User(username=user, is_staff=True)
u.save()
print 'Setting metadata POST permissions.'
for model_name in ['psmetadata', 'pspointtopointsubject', 'pseventtypes', 'psmetadataparameters']:
for perm_name in ['add', 'change', 'delete']:
perm = Permission.objects.get(codename='{0}_{1}'.format(perm_name, model_name))
print perm
u.user_permissions.add(perm)
u.save()
try:
key = ApiKey.objects.get(user=u)
print 'User {0} already has api key, skipping creation'.format(user)
except ApiKey.DoesNotExist:
print 'User {0} does not have an api key - creating'.format(user)
u_apikey = ApiKey(user=u)
u_apikey.key = u_apikey.generate_key()
u_apikey.save()
u.save()
key = ApiKey.objects.get(user=u)
print 'Key: {0}'.format(key)
def handle(self, *args, **options):
self.options = options
if len(args) < 1 or len(args) > 1:
print >>sys.stderr, "takes one argument: %s" % self.args
return
user = args[0]
u = None
try:
u = User.objects.get(username=user)
print 'User {0} exists'.format(user)
except User.DoesNotExist:
print 'User {0} does not exist - creating'.format(user)
u = User(username=user, is_staff=True)
u.save()
print 'Setting timeseries permissions.'
for resource in ['timeseries']:
for perm_name in ['view', 'add', 'change', 'delete']:
perm = Permission.objects.get(
codename="esmond_api.{0}_{1}".format(perm_name, resource))
u.user_permissions.add(perm)
u.save()
try:
key = ApiKey.objects.get(user=u)
print 'User {0} already has api key, skipping creation'.format(user)
except ApiKey.DoesNotExist:
print 'User {0} does not have an api key - creating'.format(user)
u_apikey = ApiKey(user=u)
u_apikey.key = u_apikey.generate_key()
u_apikey.save()
u.save()
key = ApiKey.objects.get(user=u)
print 'Key: {0}'.format(key)
def register(self, request=None, **kwargs):
'''
will try and register the user
we expect here an email and a password sent as post params
@return: 201 if user is created
500 failed to send emails
409 conflict with existing account
'''
#get params
post = simplejson.loads(request.body)
password = post.get('password')
email = post.get('email')
#create the username
api_key = ApiKey()
username = api_key.generate_key()[0:30]
#set the request post to contain email password and username
post_values = {}
post_values['username'] = username
post_values['password1'] = password
post_values['password2'] = password
post_values['email'] = email
#is the email already exists?
try:
user = User.objects.get(email=email)
return self.create_response(request, {
'success': False,
'message': 'User with this mail address already exists',
}, HttpConflict )
except:
pass
#validation success
user_form = UserCreateForm(post_values)
if user_form.is_valid():
#create the user
username = user_form.clean_username()
password = user_form.clean_password2()
user_form.save()
user = authenticate(username=username,
password=password)
login(request, user)
#creathe the email hash
email_hash = api_key.generate_key()
user_profile = user.profile
user_profile.email_hash = email_hash
user_profile.save()
#send the verification mail
if is_send_grid():
user.is_active = False
user.save()
t = get_template('emails/verify_email_mail.html')
html = t.render(Context({'hash': user_profile.email_hash, 'url': os.environ['CLIENT_SITE_URL'] + '#/verify-email/', 'email': email}))
text_content = strip_tags(html)
msg = EmailMultiAlternatives('Nerdeez account activation', text_content, settings.FROM_EMAIL_ADDRESS, [email])
msg.attach_alternative(html, "text/html")
try:
msg.send()
except SMTPSenderRefused, e:
return self.create_response(request, {
'success': False,
'message': 'Failed to send activation mail',
}, HttpApplicationError )
#return the status code
return self.create_response(request, {
'success': True,
'message': 'Successfully created the account, Verification mail was sent to your mail address',
}, HttpCreated )
