def post(self, request):
headers = request.META
email_ = request.data.get('email')
username_ = request.data.get('username')
pass_ = request.data.get('password')
new_user = User(email=email_, username=username_)
new_user.set_password(pass_)
new_user.save()
if new_user:
access_token = generate_access_token(new_user)
if access_token:
response = redirect(headers.get('HTTP_REFERER', '/'))
response.set_cookie(key='access_token', value=access_token)
response.data = {'access_token': 'created'}
return response
else:
response = redirect(headers.get('HTTP_REFERER', '/'))
response.data = {'access_token': 'was not created'}
return response
else:
response = redirect(headers.get('HTTP_REFERER', '/'))
response.data = {'user': '******'}
return response
def post(self, request, format=None):
u_name = request.data.get('username')
p_word = request.data.get('password')
headers = request.META
user = authenticate(username=u_name, password=p_word)
if user:
messages.success(request, 'logged in')
user_access_token = generate_access_token(user)
if user_access_token:
response = redirect(headers.get('HTTP_REFERER', '/'))
response.set_cookie(key='access_token',
value=user_access_token,
httponly=True)
return response
response = redirect(headers.get('HTTP_REFERER'), '/')
messages.add_message(request, messages.INFO,
'cannot be created a token for the user')
return response
else:
messages.error(request, 'not a user to log in')
response = redirect(headers.get('HTTP_REFERER', '/'),
status=status.HTTP_400_BAD_REQUEST)
return response
def refresh_token(request):
'''
To obtain a new access_token this view expects 2 important things:
1. a cookie that contains a valid refresh_token
2. a header 'X-CSRFTOKEN' with a valid csrf token, client app can get it from cookies "csrftoken"
'''
User = get_user_model()
refresh_token = request.COOKIES.get('refresh_token')
response = Response()
if refresh_token is None:
raise exceptions.AuthenticationFailed(
'Authentication credentials were not provided. Cookie missing')
try:
payload = jwt.decode(
refresh_token, settings.REFRESH_TOKEN_SECRET, algorithms=['HS256'])
except jwt.ExpiredSignatureError:
raise exceptions.AuthenticationFailed(
'expired refresh token, please login again.')
except jwt.DecodeError:
raise exceptions.AuthenticationFailed(
'Invalid token.')
user = User.objects.filter(id=payload.get('user_id')).first()
if user is None:
raise exceptions.AuthenticationFailed('User not found')
if not user.is_active:
raise exceptions.AuthenticationFailed('Inactive account')
if payload['token_version'] != user.token_version:
raise exceptions.AuthenticationFailed('Invalid Token')
access_token, access_token_lifetime = generate_access_token(user)
response.data = {
'access_token': access_token,
'user': UserSerializer(user).data,
'access_token_lifetime': access_token_lifetime,
}
if settings.DEBUG:
set_refresh_token(user, user.token_version, response)
refresh_token = generate_refresh_token(user, user.token_version)
response.data['refresh_token'] = refresh_token
else:
set_refresh_token(user, user.token_version, response)
return response
def login(request):
User = get_user_model()
email = request.data.get('email')
password = request.data.get('password')
response = Response()
if (email is None) or (password is None):
raise exceptions.AuthenticationFailed(
'email and password required')
user = User.objects.filter(email=email).first()
if(user is None):
raise exceptions.AuthenticationFailed('Wrong username/password') #Change to invalid credentials
if (not user.check_password(password)):
raise exceptions.AuthenticationFailed('Wrong username/password')
serialized_user = UserSerializer(user).data
user.token_version = user.token_version + 1
user.save()
access_token, access_token_lifetime = generate_access_token(user)
response.data = {
'access_token': access_token,
'user': serialized_user,
'access_token_lifetime': access_token_lifetime
}
if settings.DEBUG:
set_refresh_token(user, user.token_version, response)
refresh_token = generate_refresh_token(user, user.token_version)
response.data['refresh_token'] = refresh_token
else:
set_refresh_token(user, user.token_version, response)
return response