def login(request):
username = request.data.get("username")
if username:
username = username.lower()
password = request.data.get("password")
disableLogEvent = request.data.get("disableLogEvent")
user = authenticate(username=username, password=password)
if not user:
#maybe email
try:
user2Try = User.objects.get(email__iexact=username)
user = authenticate(username=user2Try.username, password=password)
except Exception as ex:
user2Try = None
user = None
if not user2Try:
return Response({
"success": False,
"error": "login.failed"
},
status=HTTP_401_UNAUTHORIZED)
try:
profile = Profile.objects.get(user=user)
if not profile.mobileVerified:
return Response({
"success": False,
"error": 'mobile.notverified',
'activationKey': profile.activationKey
})
wallet = Wallet.objects.get(profile=profile)
profileSerializer = ProfileSerializer(profile,
context={'request': request})
except Profile.DoesNotExist:
return Response({
"success": False,
"error": "login.failed"
},
status=HTTP_401_UNAUTHORIZED)
token, _ = Token.objects.get_or_create(user=user)
if not disableLogEvent:
Event().createEvent('LOGIN', 'USERACTIVITY', '', profile, request)
return Response({
"success": True,
"token": token.key,
'profile': profileSerializer.data,
})
def post(self, request, format=None):
data = request.data
username = data.get('username', None)
password = data.get('password', None)
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
# print(user)
print(user.id)
login(request, user)
token = Token.objects.get(user_id=user.id)
print(token)
success_user_response = {
"username": user.username,
"token": token.key
}
return Response(success_user_response,
status=status.HTTP_200_OK)
else:
return Response(status=status.HTTP_404_NOT_FOUND)
else:
error_message = {"error": ""}
return Response(status=status.HTTP_404_NOT_FOUND)
def validate(self, attrs):
username = attrs.get('username') or attrs.get('email')
password = attrs.get('password')
if username and password:
user = authenticate(request=self.context.get('request'),
username=username,
password=password)
if not user:
if User.objects.filter(email=username).exists():
if not User.objects.get(email=username).is_active:
raise serializers.ValidationError(
'You cannot login until you have confirmed your email address.',
code='authorization')
raise serializers.ValidationError(
'Unable to login with provided credentials.',
code='authorization')
else:
raise serializers.ValidationError(
'Must include "username" and "password".',
code='authorization')
attrs['user'] = user
return attrs
def validate(self, attrs):
username = attrs.get('username')
password = attrs.get('password')
if username and password:
user = authenticate(request=self.context.get('request'),
username=username,
password=password)
if user:
# From Django 1.10 onwards the `authenticate` call simply
# returns `None` for is_active=False users.
# (Assuming the default `ModelBackend` authentication backend.)
if not user.is_active:
msg = _('User account is disabled.')
raise serializers.ValidationError(msg,
code='authorization')
else:
msg = _('Unable to log in with provided credentials.')
raise serializers.ValidationError(msg, code='authorization')
else:
msg = _('Must include "username" and "password".')
raise serializers.ValidationError(msg, code='authorization')
attrs['user'] = user
return attrs
def validate(self, attrs):
password = attrs.get("password")
user_obj = User.objects.filter(
email=attrs.get("login")).first() or User.objects.filter(
username=attrs.get("login")).first()
if user_obj is not None:
credentials = {'username': user_obj.username, 'password': password}
if all(credentials.values()):
authenticated_user = authenticate(**credentials)
if authenticated_user:
if not authenticated_user.is_active:
msg = 'User account is disabled.'
return {'message': msg}
payload = jwt_payload_handler(authenticated_user)
return {
'token': jwt_encode_handler(payload),
'user': authenticated_user
}
else:
msg = 'Unable to log in with provided credentials.'
return {'message': msg}
else:
msg = 'Must include "{username_field}" and "password".'
msg = msg.format(username_field=self.username_field)
return {'message': msg}
else:
msg = 'Account with this email/username does not exists'
return {'message': msg}
def validate(self, attrs):
username = attrs.get('username')
password = attrs.get('password')
qs = models.User.objects.order_by('pk').filter(is_active=True)
try:
self._email_validator(username)
user = qs.get(email=username)
username = user.username
except (DjangoValidationError, models.User.DoesNotExist):
pass
except MultipleObjectsReturned:
user = qs.last()
qs.filter(email=username, pk__lt=user.pk).update(is_active=False)
username = user.username
if username and password:
user = authenticate(request=self.context.get('request'),
username=username,
password=password)
if not user:
msg = _('토큰을 발행할 유효한 이용자가 없습니다.')
raise serializers.ValidationError(msg, code='authorization')
else:
msg = _('계정과 비밀번호가 필요합니다.')
raise serializers.ValidationError(msg, code='authorization')
attrs['user'] = user
return attrs
def validate(self, attrs):
username = attrs.get('username').strip()
password = attrs.get('password')
if username and password:
user = authenticate(request=self.context.get('request'),
username=username,
password=password)
if not user:
raise serializers.ValidationError(
'Oops! We don\'t recognize that account. Check to make sure you '
'entered your credentials properly.',
code='authorization')
attrs['username'] = username
attrs['user'] = user
if not attrs['user'].is_active:
raise ValidationError(
'Sorry, your account is not active. Check your to see if you received a verification email after '
'registering with us, otherwise <a href="/contact">contact us</a> and we\'ll help you sort '
'this out!')
attrs['token'], created = Token.objects.get_or_create(
user=attrs['user'])
if not created:
attrs['token'].delete()
attrs['token'], created = Token.objects.get_or_create(
user=attrs['user'])
return attrs
def post(self, request, *args, **kwargs):
try:
email = request.data['email']
password = request.data['password']
except:
data = {
'key error': '\'email\'key and \'password\'key must be set'
}
return Response(data, status=status.HTTP_400_BAD_REQUEST)
user = authenticate(
email=email,
password=password,
)
if user:
serializer = UserSerializer(user)
if request.data.__contains__('device-token'):
try:
APNSDevice.objects.update_or_create(
user=user,
defaults={
"registration_id": request.data['device-token']
})
except:
error = {"device-token": "중복된 토큰값"}
return Response(error, status=status.HTTP_400_BAD_REQUEST)
return Response(serializer.data, status=status.HTTP_200_OK)
data = {'message': 'Invalid credentials'}
return Response(data, status=status.HTTP_401_UNAUTHORIZED)
def post(self, request):
username = request.data.get('userName', None)
password = request.data.get('password', None)
if not username or not password:
raise exceptions.AuthenticationFailed()
credentials = {
get_user_model().USERNAME_FIELD: username,
'password': password
}
user = authenticate(**credentials)
if user is None:
raise exceptions.AuthenticationFailed()
if not user.is_active:
raise exceptions.AuthenticationFailed()
login(request, user)
return JsonResponse({
'status':
'ok',
'currentAuthority':
'admin' if user.is_admin else 'user'
})
def validate(self, attrs):
# 'user' 객체를 꺼내는 과정에서 발생하는 Exception을 아래처럼 raise하는 것보다
# 이 전체 과정 자체를 email user의 AuthTokenSerailizing 과정보다 앞에서 두고
# try ~ except 문으로 감싸는 방법을 사용해서 기존의 모든 Exception이 정상
# 작동하도록 함.
# try:
email = attrs.get('username')
user = User.objects.get(email=email)
username = user.username
# except:
# raise CustomException(detail='계정이 존재 하지 않습니다.', status_code=status.HTTP_409_CONFLICT)
password = attrs.get('password')
if username and password:
user = authenticate(request=self.context.get('request'),
username=username,
password=password)
# The authenticate call simply returns None for is_active=False
# users. (Assuming the default ModelBackend authentication
# backend.)
if not user:
msg = _('Unable to log in with provided credentials.')
raise serializers.ValidationError(msg, code='authorization')
else:
msg = _('Must include "username" and "password".')
raise serializers.ValidationError(msg, code='authorization')
attrs['user'] = user
return attrs
def validate(self, attrs):
email = attrs.get('email')
password = attrs.get('password')
if email and password:
try:
user_get = User.objects.get(email=email)
username = user_get.username
user = authenticate(request=self.context.get('request'),
username=username,
password=password)
# The authenticate call simply returns None for is_active=False
# users. (Assuming the default ModelBackend authentication
# backend.)
if not user:
raise serializers.ValidationError(
{'w': 'Contraseña Incorrecta.'})
except User.DoesNotExist:
raise serializers.ValidationError(
{'w': "Correo Electrónico Incorrecto."})
else:
msg = _('Must include "username" and "password".')
raise serializers.ValidationError(msg, code='authorization')
attrs['user'] = user
return attrs
def login_user(request):
authentication_classes = (
SessionAuthentication
) #(TokenAuthentication, SessionAuthentication, BasicAuthentication)
permission_classes = (IsAuthenticated, )
language = 'ar'
translation.activate(language)
username = request.data.get("username")
password = request.data.get("password")
encoded = make_password(password)
check_password(password, encoded)
user = authenticate(username=username, password=password)
print(user)
if user is not None:
login(request, user)
user = User.objects.get(pk=user.id)
query = 'select full_name, address, phone_number from api_userprofile where user_id=user.id'
user1 = UserProfile.objects.get(pk=request.user.pk)
print(user1)
print(user1.phone_number)
rs = {
'id': user.id,
'username': user.username,
'email': user.email,
'full_name': user1.full_name,
'address': user1.address,
'phone_number': user1.phone_number
}
ldata = {
'status': 200,
'response': rs,
'msg': "User Successfully Logged"
}
return Response(ldata)
else:
if user is not None:
if user.is_active:
login(request, user)
rs = {
'id': user.id,
'username': user.username,
'email': user.email,
'full_name': user.userprofile.full_name
}
ldata = {
'status': 200,
'response': rs,
'msg': "User Successfully Login"
}
return Response(ldata)
else:
u1data = {'status': 501, 'msg': "User account is not valid"}
return Response(u1data)
else:
u1data = {'status': 501, 'msg': "Invalid Username or Password"}
return Response(u1data)
l1data = {'status': 501, ' msg': "Invalid Username or Password"}
return Response(l1data)
def validate(self, attrs):
access_token = attrs.get('access_token')
if access_token:
user = authenticate(access_token=access_token)
if not user:
raise serializers.ValidationError('액세스 토큰이 올바르지 않습니다.')
else:
raise serializers.ValidationError('액세스 토큰이 필요합니다.')
attrs['user'] = user
return attrs
def login(request):
if request.method == 'POST':
id = request.data.get("id")
password = request.data.get("password")
user = authenticate(username=id, password=password, request=request)
if not user:
return Response({"detail": "비밀번호나 아이디가 일치 하지 않습니다."},
status=status.HTTP_400_BAD_REQUEST)
return Response(UserSerializer(user, allow_null=True).data,
status=HTTP_200_OK)
def validate(self, data):
# The `validate` method is where we make sure that the current
# instance of `LoginSerializer` has "valid". In the case of logging a
# user in, this means validating that they've provided an email
# and password and that this combination matches one of the users in
# our database.
email = data.get('email', None)
password = data.get('password', None)
# Raise an exception if an
# email is not provided.
if email is None:
raise serializers.ValidationError(
'An email address is required to log in.'
)
# Raise an exception if a
# password is not provided.
if password is None:
raise serializers.ValidationError(
'A password is required to log in.'
)
# The `authenticate` method is provided by Django and handles checking
# for a user that matches this email/password combination. Notice how
# we pass `email` as the `username` value since in our User
# model we set `USERNAME_FIELD` as `email`.
user = authenticate(username=email, password=password)
# If no user was found matching this email/password combination then
# `authenticate` will return `None`. Raise an exception in this case.
if user is None:
raise serializers.ValidationError(
'A user with this email and password was not found.'
)
# Django provides a flag on our `User` model called `is_active`. The
# purpose of this flag is to tell us whether the user has been banned
# or deactivated. This will almost never be the case, but
# it is worth checking. Raise an exception in this case.
if not user.is_active:
raise serializers.ValidationError(
'This user has been deactivated.'
)
# The `validate` method should return a dictionary of validated data.
# This is the data that is passed to the `create` and `update` methods
# that we will see later on.
return {
'email': user.email,
'username': user.username,
'token': user.token
}
def post(self, request):
# request.data에
# access_token
# facebook_user_id
# 데이터가 전달됨
# Debug결과의 NamedTuple
class DebugTokenInfo(NamedTuple):
app_id: str
application: str
expires_at: int
is_valid: bool
# issued_at: int
scopes: list
type: str
user_id: str
# token(access_token)을 받아 해당 토큰을 Debug
def get_debug_token_info(token):
app_id = settings.FACEBOOK_APP_ID
app_secret_code = settings.FACEBOOK_SECRET_CODE
app_access_token = f'{app_id}|{app_secret_code}'
url_debug_token = 'https://graph.facebook.com/debug_token'
params_debug_token = {
'input_token': token,
'access_token': app_access_token,
}
response = requests.get(url_debug_token, params_debug_token)
print(response)
return DebugTokenInfo(**response.json()['data'])
# request.data로 전달된 access_token값을 페이스북API쪽에 debug요청, 결과를 받아옴
debug_token_info = get_debug_token_info(request.data['access_token'])
if debug_token_info.user_id != request.data['facebook_user_id']:
raise APIException('페이스북 토큰의 사용자와 전달받은 facebook_user_id가 일치하지 않음')
if not debug_token_info.is_valid:
raise APIException('페이스북 토큰이 유효하지 않음')
# FacebookBackend를 사용해서 유저 인증
user = authenticate(facebook_user_id=request.data['facebook_user_id'])
# 인증에 실패한 경우 페이스북유저 타입으로 유저를 만들어줌
if not user:
user = User.objects.create_user(
username=f'fb_{request.data["facebook_user_id"]}',
user_type=User.USER_TYPE_FACEBOOK,
)
# 유저 시리얼라이즈 결과를 Response
return Response(UserSerializer(user).data)
def post(self, request):
username = request.data.get('username')
password = request.data.get('password')
user = authenticate(username=username, password=password)
if user:
token, __ = Token.objects.get_or_create(user=user)
data = {
'token': token.key,
}
return Response(data)
raise AuthenticationFailed('인증정보가 올바르지 않습니다')
def login(request):
username = request.data.get("username")
password = request.data.get("password")
if username is None or password is None:
return Response({'error': 'Please provide both username and password'},
status=HTTP_400_BAD_REQUEST)
user = authenticate(username=username, password=password)
if not user:
return Response({'error': 'Invalid Credentials'},
status=HTTP_404_NOT_FOUND)
token, _ = Token.objects.get_or_create(user=user)
return Response({'token': token.key},
status=HTTP_200_OK)
def validate(self, attrs):
access_token = attrs.get('access_token')
if access_token:
user = authenticate(access_token=access_token)
if not user:
raise CustomException(detail='페이스북 액세스 토큰이 올바르지 않습니다.',
status_code=status.HTTP_401_UNAUTHORIZED)
else:
raise CustomException(detail='페이스북 액세스 토큰이 필요합니다.',
status_code=status.HTTP_400_BAD_REQUEST)
attrs['user'] = user
return attrs
def post(self, request, *args, **kwargs):
if request.method == 'POST':
username = request.data.get('username')
password = request.data.get('password')
user = authenticate(username=username, password=password)
if user:
token, token_created = Token.objects.get_or_create(user=user)
serializer = UserSerializer(user)
data = {"token": token.key, "user": serializer.data},
else:
data = {"error": "user is not authenticated"}
return Response(data, status=status.HTTP_200_OK)
def post(self, request, format=None):
data = JSONParser().parse(request)
user = User.objects.filter(email=data['email']).first()
if user is not None:
user = authenticate(username=user.username,
password=data['password'])
if user is not None:
if user.is_active:
token = Token.objects.get_or_create(user=user)
return Response({'token': token[0].key})
else:
return HttpResponse(status=401)
else:
return HttpResponse(status=401)
def post(self, request):
username = request.data.get('username')
password = request.data.get('password')
user = authenticate(username=username, password=password)
if user:
token, _ = Token.objects.get_or_create(user=user)
data = {
'token': token.key,
}
return Response(data, status=status.HTTP_200_OK)
else:
return Response('ID 또는 비밀번호를 확인해 주세요.',
status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
username = request.data.get('username')
password = request.data.get('password')
user = authenticate(username=username, password=password)
if user:
token, _= Token.objects.get_or_create(user=user)
data = {
'token' : token.key,
}
return Response(data, status=status.HTTP_200_OK)
else:
return AuthenticationFailed()
def validate(self, attrs):
username = attrs.get('username')
password = attrs.get('password')
if username and password:
user = authenticate(request=self.context.get('request'),
username=username,
password=password)
if not user:
raise serializers.ValidationError('不能登录', code='authorization')
else:
raise serializers.ValidationError('必须输入同时输入名称和密码',
code='authorization')
attrs['user'] = user
return attrs
def post(self, request):
username = request.data['username']
password = request.data['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
else:
return Response({"error": "用户已被管理员禁止"}, status=404)
else:
return Response({"error": "用户名或密码错误"}, status=404)
return Response({"username": user.username, "user_id": user.id})
def validate(self, data):
email, password = data.values()
if not email or not password:
msg = _('Must include "email" and "password".')
raise serializers.ValidationError(msg, code='authorization')
user = authenticate(request=self.context.get('request'),
email=email,
password=password)
if not user:
msg = _('Unable to log in with provided credentials.')
raise serializers.ValidationError(msg, code='authorization')
self.user = user
return data
def post(self, request):
serializer = ChangePasswordSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
u = authenticate(email=self.request.user.email,
password=serializer.validated_data.get('old'))
if u is not None:
u.set_password(serializer.validated_data.get('new'))
u.save()
else:
return Response(
{
"result": 0,
"error": "La contraseña anterior no coincide"
},
status=status.HTTP_200_OK)
return Response({"result": 1}, status=status.HTTP_200_OK)
def validate(self, attrs):
email = attrs.get('email')
password = attrs.get('password')
if email and password:
user = authenticate(request=self.context.get('request'),
email=email,
password=password)
if not user:
msg = '이메일 혹은 비밀번호가 잘못되었습니다.'
raise serializers.ValidationError(msg, code='authorization')
else:
msg = '이메일과 비밀번호는 필수 항목입니다'
raise serializers.ValidationError(msg, code='authorization')
attrs['user'] = user
return attrs
def validate(self, attrs):
email = attrs.get('email')
password = attrs.get('password')
if email and password:
user = authenticate(request=self.context.get('request'),
email=email, password=password)
if not user:
msg = _('Unable to log in with provided credentials.')
raise serializers.ValidationError(msg, code='authorization')
else:
msg = _('Must include "email" and "password".')
raise serializers.ValidationError(msg, code='authorization')
attrs['user'] = user
return attrs
def authenticate_credentials(self, userid, password, request=None):
"""
Authenticate the userid and password against username and password
with optional request for context.
"""
credentials = {
get_user_model().USERNAME_FIELD: userid,
'password': password
}
user = authenticate(request=request, **credentials)
if user is None:
raise exceptions.AuthenticationFailed(_('Invalid username/password.'))
if not user.is_active:
raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))
return (user, None)
def authenticate_credentials(self, userid, password, request=None):
"""
Authenticate the userid and password against username and password
with optional request for context.
"""
credentials = {
get_user_model().USERNAME_FIELD: userid,
'password': password
}
user = authenticate(request=request, **credentials)
if user is None:
raise exceptions.AuthenticationFailed(_('Invalid username/password.'))
if not user.is_active:
raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))
return (user, None)
def validate(self, attrs):
username = attrs.get('username')
password = attrs.get('password')
if username and password:
user = authenticate(request=self.context.get('request'),
username=username, password=password)
if user:
# From Django 1.10 onwards the `authenticate` call simply
# returns `None` for is_active=False users.
# (Assuming the default `ModelBackend` authentication backend.)
if not user.is_active:
msg = _('User account is disabled.')
raise serializers.ValidationError(msg, code='authorization')
else:
msg = _('Unable to log in with provided credentials.')
raise serializers.ValidationError(msg, code='authorization')
else:
msg = _('Must include "username" and "password".')
raise serializers.ValidationError(msg, code='authorization')
attrs['user'] = user
return attrs
def authenticate(self, request):
user = authenticate(remote_user=request.META.get(self.header))
if user and user.is_active:
return (user, None)
