def post(self, request): headers = request.META email_ = request.data.get('email') username_ = request.data.get('username') pass_ = request.data.get('password') new_user = User(email=email_, username=username_) new_user.set_password(pass_) new_user.save() if new_user: access_token = generate_access_token(new_user) if access_token: response = redirect(headers.get('HTTP_REFERER', '/')) response.set_cookie(key='access_token', value=access_token) response.data = {'access_token': 'created'} return response else: response = redirect(headers.get('HTTP_REFERER', '/')) response.data = {'access_token': 'was not created'} return response else: response = redirect(headers.get('HTTP_REFERER', '/')) response.data = {'user': '******'} return response
def post(self, request, format=None): u_name = request.data.get('username') p_word = request.data.get('password') headers = request.META user = authenticate(username=u_name, password=p_word) if user: messages.success(request, 'logged in') user_access_token = generate_access_token(user) if user_access_token: response = redirect(headers.get('HTTP_REFERER', '/')) response.set_cookie(key='access_token', value=user_access_token, httponly=True) return response response = redirect(headers.get('HTTP_REFERER'), '/') messages.add_message(request, messages.INFO, 'cannot be created a token for the user') return response else: messages.error(request, 'not a user to log in') response = redirect(headers.get('HTTP_REFERER', '/'), status=status.HTTP_400_BAD_REQUEST) return response
def refresh_token(request): ''' To obtain a new access_token this view expects 2 important things: 1. a cookie that contains a valid refresh_token 2. a header 'X-CSRFTOKEN' with a valid csrf token, client app can get it from cookies "csrftoken" ''' User = get_user_model() refresh_token = request.COOKIES.get('refresh_token') response = Response() if refresh_token is None: raise exceptions.AuthenticationFailed( 'Authentication credentials were not provided. Cookie missing') try: payload = jwt.decode( refresh_token, settings.REFRESH_TOKEN_SECRET, algorithms=['HS256']) except jwt.ExpiredSignatureError: raise exceptions.AuthenticationFailed( 'expired refresh token, please login again.') except jwt.DecodeError: raise exceptions.AuthenticationFailed( 'Invalid token.') user = User.objects.filter(id=payload.get('user_id')).first() if user is None: raise exceptions.AuthenticationFailed('User not found') if not user.is_active: raise exceptions.AuthenticationFailed('Inactive account') if payload['token_version'] != user.token_version: raise exceptions.AuthenticationFailed('Invalid Token') access_token, access_token_lifetime = generate_access_token(user) response.data = { 'access_token': access_token, 'user': UserSerializer(user).data, 'access_token_lifetime': access_token_lifetime, } if settings.DEBUG: set_refresh_token(user, user.token_version, response) refresh_token = generate_refresh_token(user, user.token_version) response.data['refresh_token'] = refresh_token else: set_refresh_token(user, user.token_version, response) return response
def login(request): User = get_user_model() email = request.data.get('email') password = request.data.get('password') response = Response() if (email is None) or (password is None): raise exceptions.AuthenticationFailed( 'email and password required') user = User.objects.filter(email=email).first() if(user is None): raise exceptions.AuthenticationFailed('Wrong username/password') #Change to invalid credentials if (not user.check_password(password)): raise exceptions.AuthenticationFailed('Wrong username/password') serialized_user = UserSerializer(user).data user.token_version = user.token_version + 1 user.save() access_token, access_token_lifetime = generate_access_token(user) response.data = { 'access_token': access_token, 'user': serialized_user, 'access_token_lifetime': access_token_lifetime } if settings.DEBUG: set_refresh_token(user, user.token_version, response) refresh_token = generate_refresh_token(user, user.token_version) response.data['refresh_token'] = refresh_token else: set_refresh_token(user, user.token_version, response) return response