def dispatch(self, request, *args, **kwargs):
user = self.get_user(request)
# found token en request
if user is not None:
if type(user) == str:
response = Response(
{
'error': user,
'expired': self.user_token_expired
},
status=status.HTTP_400_BAD_REQUEST)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = 'application/json'
response.renderer_context = {}
return response
if not self.user_token_expired:
return super().dispatch(request, *args, **kwargs)
response = Response(
{
'error': 'No se han enviado las credenciales',
'expired': self.user_token_expired
},
status=status.HTTP_400_BAD_REQUEST)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = 'application/json'
response.renderer_context = {}
return response
def dispatch(self, request, *args, **kwargs):
user = self.get_user(request)
# found token in request
if user is not None:
"""
Possible value of variable user:
* User Instance
* Message like: Token Inválido, Usuario no activo o eliminado, Su Token ha expirado
"""
if type(user) == str:
response = Response(
{
'error': user,
'expired': self.user_token_expired
},
status=status.HTTP_400_BAD_REQUEST)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = 'application/json'
response.renderer_context = {}
return response
# only user_token_expired = True, the request can be continue
if not self.user_token_expired:
return super().dispatch(request, *args, **kwargs)
response = Response(
{
'error': 'No se han enviado las credenciales.',
'expired': self.user_token_expired
},
status=status.HTTP_400_BAD_REQUEST)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = 'application/json'
response.renderer_context = {}
return response
def register_user(request):
"""Handles the creation of a new user for authentication
Method arguments:
request -- The full HTTP request object
"""
req_body = json.loads(request.body.decode())
# if User.objects.filter(username=req_body.get("username")).exists():
# raise ValidationError("This username already exists.")
username = req_body.get("username")
email = req_body.get("email")
first_name = req_body.get("first_name") or ""
last_name = req_body.get("last_name") or ""
is_already_exists = User.objects.filter(username=username).exists()
if not is_already_exists:
new_user = User.objects.create_user(
username=username,
email=email,
password=req_body["password"],
first_name=first_name,
last_name=last_name,
is_active=True,
)
token = Token.objects.create(user=new_user)
response = Response(
{"token": token.key},
content_type="application/json",
status=status.HTTP_201_CREATED,
)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
else:
response = Response(
{"error": "Username already exists."},
content_type="application/json",
status=status.HTTP_500_INTERNAL_SERVER_ERROR,
)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
def exception_handler(exc, context):
try:
if 'request' in context:
# Force reading of POST data
context['request'].POST
except Exception as ex:
exc = ex
if isinstance(exc, exceptions.APIException) and getattr(exc, 'field', None):
ret = Response({exc.field: exc.detail},
status=exc.status_code,
headers=getattr(exc, 'headers', {}))
# Handle raw Django Validation error as well
elif isinstance(exc, ValidationError):
if hasattr(exc, 'message_dict'):
content = {key: value if isinstance(value, list) else [value]
for key, value in exc.message_dict.items()}
else:
content = {api_settings.NON_FIELD_ERRORS_KEY: list(exc.messages)}
ret = Response(content, status=status.HTTP_400_BAD_REQUEST)
else:
ret = views.exception_handler(exc, context)
if ret is not None and not getattr(ret, '_is_rendered', True):
ret.accepted_renderer = JSONRenderer()
ret.accepted_media_type = JSONRenderer.media_type
ret.renderer_context = context
ret.render()
return ret
def set_asistencias(request):
response = Response("")
for key, value in request.POST.dict().items():
js = json.loads(value)
asist = Asistencia.objects.filter(
alumno__exact=js['alumno_pk']).filter(
clase_registro__exact=js['clase_registro'])
if not asist: #Si no estaba en la tabla de asistencias
if js["presente"]: # Si no estaba en la tabla de asistencias y le puse presente
print("Tengo que agregarlo como presente")
alumno = Alumno.objects.get(id=js['alumno_pk'])
clase_registro = RegistroClase.objects.get(
id=js['clase_registro'])
Asistencia.objects.create(alumno=alumno,
fecha=js['fecha'],
clase_registro=clase_registro)
response = Response("")
response.status_code = 200
else: #Si no estaba en la tabla de asistencias y le puse ausente
print("No hago nada")
else: #Si estaba en la tabla de asistencias
if js["presente"]: #Si estaba en la tabla de asistencias y le puse presente
print("No hago nada")
else: #Si estaba en la tabla de asistencias y le puse ausente
print("Tengo que borrar un presente")
Asistencia.objects.filter(id__exact=asist.first().id).delete()
response = Response("")
response.status_code = 200
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
#
return response
def response(objects, model, request, many=True):
serializer = SERIALIZER_DICT[model](objects, context={'request': request}, many=many)
response = Response(serializer.data)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
def interactive_content_by_course(request, course_id):
# Tomando información del usuario
user_id = request.user.id
# Verificar que el docente tenga contenido creado
try:
# Recuperar el contenido que creó el profesor
user = request.user
user_with_roll = user.get_real_instance()
if user_with_roll.__class__.__name__ == 'Profesor':
contents_list = ContenidoInteractivo.objects.filter(
curso__profesor=user_id, curso=course_id)
except (KeyError, Curso.DoesNotExist):
# devolver vacio si no existe contenido creado por el usuario
return JsonResponse({})
else:
# Devolver los resultados de la consulta en formato JSON
if not contents_list:
return JsonResponse({})
serializer_class = ContenidoInteractivoSerializer(contents_list,
many=True)
response = Response(serializer_class.data, status=status.HTTP_200_OK)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
def courses_content_view(request, content_id):
# Tomando información del usuario
user_id = request.user.id
# Verificar que el docente tenga contenido creado
try:
# Recuperar el contenido que creó el profesor
contents = ContenidoInteractivo.curso.through.objects.filter(
contenidointeractivo_id=content_id)
user = request.user
user_with_roll = user.get_real_instance()
if user_with_roll.__class__.__name__ == 'Profesor':
if not contents:
contents_list = Curso.objects.filter(profesor_id=user_id)
else:
contents_list = Curso.objects.filter(
profesor_id=user_id).exclude(
pk__in=Subquery(contents.values('curso_id')))
else:
cursos_ids = Grupo.objects.filter(
estudiante=user_with_roll).values_list('curso_id', flat=True)
contents_list = Curso.objects.filter(pk__in=list(cursos_ids))
except (KeyError, Curso.DoesNotExist):
# devolver vacio si no existe contenido creado por el usuario
return JsonResponse({})
else:
# Devolver los resultados de la consulta en formato JSON
serializer_class = CursoSerializer(contents_list, many=True)
response = Response(serializer_class.data, status=status.HTTP_200_OK)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
def get(self, request):
print("is User")
user = request.user
print(user)
context = My_Favourite.objects.values('product_name', 'product_link',
'product_price',
"pk").filter(user=user)
count = My_Favourite.objects.filter(user=user).count()
data = list(context)
if count == 0:
response = Response(
{
"status": 'get MYFavourite success',
"message": "no record"
},
content_type="application/json",
status=status.HTTP_200_OK,
)
else:
response = Response(
{
"status": 'get MYFavourite success',
"message": data
},
content_type="application/json",
status=status.HTTP_200_OK,
)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
def make_rest_response(data, status_code):
""" 构造Rest Response """
resp = Response(data=data, status=status_code)
resp.renderer_context = {}
resp.accepted_renderer = JSONRenderer()
resp.accepted_media_type = JSONRenderer.media_type
resp.render()
return resp
def process_request(self, request):
logger = logging.getLogger(__name__)
logger.info("INSIDE process_request METHOD OF TrackinMiddleware.")
# print("In middleware")
# print(dir(request))
# print(request.META.get('HTTP_AUTHORIZATION'))
if '/signup/' in request.path or '/login/' in request.path: # request.path.startswith('/login/'):
return None
elif 'HTTP_AUTHORIZATION' in request.META and request.META[
'HTTP_AUTHORIZATION'] != '' and request.META[
'HTTP_AUTHORIZATION'] != None:
userinfodict = {}
token = request.META.get('HTTP_AUTHORIZATION', " ").split(' ')[1]
print(" token :LLL ", token)
data = {'token': token}
try:
logger.info('Request Path: %s', request.get_full_path)
valid_data = VerifyJSONWebTokenSerializer().validate(data)
# print(valid_data)
user = valid_data['user']
user_id = User.objects.filter(
username=user).values('id')[0]['id']
all_groups = Group.objects.filter(user=user)
reference_id = self.generate_ref_id()
print("reference_id ::: ", reference_id)
request.userinfo = userinfodict
request.userinfo['username'] = user
request.userinfo['group'] = all_groups
request.userinfo['reference_id'] = reference_id
get_data = dict(request.GET)
post_data = dict(request.POST)
# insert_req = {
# "request_api_url": request.path,
# "request_method": request.method,
# "request_user_info": user,
# "request_get_info": get_data,
# "request_post_info": post_data,
# "reference_id": reference_id,
# "request_date": datetime.datetime.fromtimestamp(time.time()).strftime('%Y-%m-%d %H:%M:%S')
# }
# insert_api_obj = api_call_log(**insert_req)
# insert_api_obj.save()
except ValidationError as e:
status_dict = {}
status_dict["level"] = "Token Validation"
status_dict[
"status_text"] = "Token Validation Failed.Invalid Token."
response = Response(status=status.HTTP_401_UNAUTHORIZED,
data=status_dict)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response["Access-Control-Allow-Origin"] = "*"
response["Access-Control-Allow-Headers"] = "*"
response.renderer_context = {}
return response
except Exception as e:
raise e
def _get_api_response(why):
from rest_framework import status
from rest_framework.response import Response
from rest_framework.renderers import JSONRenderer
response = Response({'detail': why}, status=status.HTTP_400_BAD_REQUEST, content_type='application/json')
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
def forbidden_response(self):
response = Response(
ForbiddenResponse,
content_type='application/json',
status=status.HTTP_403_FORBIDDEN,
)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = 'application/json'
response.renderer_context = {}
return response
def internal_server_response(self):
response = Response(
InternalResponse,
content_type='application/json',
status=status.HTTP_500_INTERNAL_SERVER_ERROR,
)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = 'application/json'
response.renderer_context = {}
return response
def delete_asistencias(request):
Asistencia.objects.all().delete()
response = Response("Deleted!")
response.status_code = 200
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
def unauthorized_response(self, request, message):
response = Response(
{"data": message},
content_type="application/json",
status=401,
)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
def not_found_response(self):
response = NotFoundResponse
response = Response(
NotFoundResponse,
content_type='application/json',
status=status.HTTP_404_NOT_FOUND,
)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = 'application/json'
response.renderer_context = {}
return response
def gone_410_response(self, classname, object_id=None):
response = Response(data={
'classname': classname,
'object_id': object_id
},
content_type="application/json",
status=status.HTTP_410_GONE)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
def project_burp_configuration(request, pk):
response = None
try:
project = Project.objects.get(pk=pk)
if project.is_user_can_view(request.user):
configuration = {"target": {"scope": {"advanced_mode": "true"}}}
targets = []
for target in project.scope.splitlines():
burp_target = {}
burp_target["enabled"] = True
#Manage protocol
protocol = "any"
if target.startswith("https://"):
protocol = "https"
target = target.replace("https://", "")
elif target.startswith("http://"):
protocol = "http"
target = target.replace("http://", "")
burp_target["protocol"] = protocol
#Manage port
if ":" in target:
port = target.split(":")[1]
if "/" in port:
port = port.split("/")[0]
burp_target["port"] = "^" + port + "$"
target = target.replace(":" + port, "")
#Manage file
if "/" in target:
file = target.partition("/")[2]
burp_target["file"] = "^" + file + "$"
target = target.replace("/" + file, "")
#Manage Target
target = target.replace(".", "\.")
target = target.replace("*", ".*")
burp_target["host"] = "^" + target + "$"
targets.append(burp_target)
configuration["target"]["scope"]["include"] = targets
response = Response(configuration)
response.accepted_renderer = JsonRenderer()
response.accepted_media_type = 'application/json'
response.renderer_context = {}
response[
'Content-Disposition'] = 'attachment; filename=' + project.name + "_burp_configuration.json"
else:
response = Response(status=status.HTTP_403_FORBIDDEN)
except Flag.DoesNotExist:
response = Response(status=status.HTTP_404_NOT_FOUND)
return response
def post(self, request):
if request.user.is_authenticated:
print("is User")
price = request.POST.get('price')
name = request.POST.get('name')
link = request.POST.get('link')
My_Favourite.objects.create(user=request.user,
product_name=name,
product_link=link,
product_price=price)
response = Response(
{
"status": 'add success',
"message": {
"price": price,
"name": name,
"link": link
}
},
content_type="application/json",
status=status.HTTP_200_OK,
)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
else:
print("not login")
response = Response(
{
"status": 'add false',
"message": "please login"
},
content_type="application/json",
status=status.HTTP_200_OK,
)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
def dispatch(self, request, *args, **kwargs):
"""
Este método se ejecuta al inicio de una clase en DFRF
:param request:
:param args:
:param kwargs:
:return:
"""
user = self.get_user(request)
if user is not None:
"""
Validamos si user es de tipo str ya que puede retornar dos tipos de
datos, si lo es, se ha enviado un mensaje sino se retorna el usuario propiamente
"""
if type(user) == str:
response = Response(
{
'error': user,
'expired': self.user_token_expired
},
status=status.HTTP_401_UNAUTHORIZED)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = 'application/json'
response.renderer_context = {}
return response
if not self.user_token_expired:
return super().dispatch(request, *args, **kwargs)
response = Response(
{
'error': 'No se han enviado las credenciales',
'expired': self.user_token_expired
},
status=status.HTTP_400_BAD_REQUEST)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = 'application/json'
response.renderer_context = {}
return response
def get(self, request, *args, **kwargs):
# The django.auth.contrib login form doesn't perform the content
# negotiation we've come to expect from DRF; add in code to catch
# situations where Accept != text/html (or */*) and reply with
# an HTTP 406
try:
DefaultContentNegotiation().select_renderer(request, [StaticHTMLRenderer], 'html')
except NotAcceptable:
resp = Response(status=status.HTTP_406_NOT_ACCEPTABLE)
resp.accepted_renderer = StaticHTMLRenderer()
resp.accepted_media_type = 'text/plain'
resp.renderer_context = {}
return resp
return super(LoggedLoginView, self).get(request, *args, **kwargs)
def Searching_results(request):
request.encoding = 'utf-8'
#if request.GET:
# keyword = request.GET.get('keyword', None)
keyword = request.GET.get('keyword', "")
seach_type = request.GET.get('seach_type', "")
minarea = request.GET.get('minarea', "")
maxarea = request.GET.get('maxarea', "")
page = request.GET.get('page', "0")
page = int(page) + 1
print('seach_type', seach_type)
links, url, name, money, date, tag, next_page = Search_start(
keyword, minarea, maxarea, seach_type, page)
index = [i for i in range(0, len(links))]
contexts = []
print(tag)
for i in range(0, len(url)):
if url[i] == '/images/s.gif':
url[i] = 'https://www.dcfever.com/images/s.gif'
context = {
"url": url[i],
"name": name[i],
"product_links": links[i],
"product_price": money[i],
"date": date[i],
"tag": tag[i]
}
contexts.append(context)
data = zip(contexts)
response = Response(
{
"status": 'search success',
"next_page": next_page,
"length": len(contexts),
"search_keyword": keyword,
"message": {
"search_keyword": keyword,
"result": data
}
},
content_type="application/json",
status=status.HTTP_200_OK,
)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
print(len(tag))
return response
def validate(self, serializer):
if not serializer.is_valid(raise_exception=True):
response = ValidateResponse
response["fields"] = serializer.errors
response = Response(
response,
content_type='application/json',
status=status.HTTP_400_BAD_REQUEST,
)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = 'application/json'
response.renderer_context = {}
return response
else:
return None
def screenshot_raw(request, pk) :
response = None
try:
item = Screenshot.objects.get(pk=pk)
if item.is_user_can_view(request.user) :
response = Response(item.get_raw_data())
else :
response = Response(status=status.HTTP_403_FORBIDDEN)
except Screenshot.DoesNotExist:
response = Response(status=status.HTTP_404_NOT_FOUND)
response.accepted_renderer = ImageRenderer()
response.accepted_media_type = 'image/png'
response.renderer_context = {}
return response
def url_resp(request):
try:
request_data = dict(request.GET)
url_to_crawl = request_data.get('url')[0]
depth = request_data.get('depth')[0]
data = get_webpage_data(url_to_crawl)
response = Response(data, status=status.HTTP_200_OK)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
except Exception as e:
print(e)
return HttpResponse("Please provide url and depth in request param")
def __create_response_object(self, status_code: int, message: dict = None) -> Response:
"""
create response object to return
:param message: permission name for response
:return: response object
"""
response = Response(status=status_code)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
response.data = message
return response
def unauthorized_response(self, request):
response = Response(
{"detail": "This action is not authorized"},
content_type="application/json",
status=status.HTTP_401_UNAUTHORIZED,
)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
# Render the response
response._is_rendered = False
response.render()
return response
def get_contents(user_id):
# Verificar que el docente tenga contenido creado
try:
# Recuperar el contenido que creó el profesor
contents_list = Contenido.objects.filter(profesor_id=user_id)
except (KeyError, Contenido.DoesNotExist):
# devolver vacio si no existe contenido creado por el usuario
return JsonResponse({})
else:
# Devolver los resultados de la consulta en formato JSON
serializer_class = ContenidoSerializer(contents_list, many=True)
response = Response(serializer_class.data, status=status.HTTP_200_OK)
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = "application/json"
response.renderer_context = {}
return response
def attachment_raw(request, pk) :
response = None
try:
item = Attachment.objects.get(pk=pk)
if item.is_user_can_view(request.user) :
response = Response(item.get_raw_data())
response.content_type = "application/octet-stream"
response['Content-Disposition'] = 'attachment; filename=' + item.attachment_name
else :
response = Response(status=status.HTTP_403_FORBIDDEN)
except Attachment.DoesNotExist:
response = Response(status=status.HTTP_404_NOT_FOUND)
response.accepted_renderer = BinaryRenderer()
response.accepted_media_type = 'application/octet-stream'
response.renderer_context = {}
return response
