Skip to content

Instantly share code, notes, and snippets.

@yinzishao

yinzishao/token_pro_auth_token_admin.py

Created May 20, 2016 12:21
Show Gist options
  • Save yinzishao/258766fee449c779fbc4e33251c6a3f2 to your computer and use it in GitHub Desktop.
Save yinzishao/258766fee449c779fbc4e33251c6a3f2 to your computer and use it in GitHub Desktop.
Download ZIP
token-api auth
Raw
token_pro_auth_token_admin.py
from django.contrib import admin
# Register your models here.
Raw
token_pro_auth_token_models.py
from django.db import models
# Create your models here.
Raw
token_pro_auth_token_templates_aut_login.html
{% block content %}
{% if form.errors %}
<p class="error">Sorry, that's not a valid username or password</p>
{% endif %}
<form action="/auth/" method="post">{% csrf_token %}
<label for="username">User name:</label>
<input type="text" name="username" value="" id="username">
<label for="password">Password:</label>
<input type="password" name="password" value="" id="password">
<input type="submit" value="login" />
<input type="hidden" name="next" value="{{ next|escape }}" />
</form>
{% endblock %}
Raw
token_pro_auth_token_templates_login.html
<!DOCTYPE html>
<html>
<head></head>
<body>
{{ user.date_joined }}
<form action="/token/new.json" method="POST">
<div data-role="fieldcontain">
<label for="email">Email:</label><input type="text" name="username" id="email" value="" />
</div>
<div data-role="fieldcontain">
<label for="password">Password:</label><input type="password" name="password" id="password" value="" />
</div>
<button type="submit" name="submit" value="submit-value">Sign in</button>
</form>
<body>
<form action="/signup/" method="POST">
<div data-role="fieldcontain">
<label for="email">Email:</label><input type="text" name="username" id="email" value="" />
</div>
<div data-role="fieldcontain">
<label for="password">Password:</label><input type="password" name="password" id="password" value="" />
</div>
<button type="submit" name="submit" value="submit-value">Sign up</button>
</form>
</body>
</html>
Raw
token_pro_auth_token_templates_secure.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
{{user}}
{% if user.is_authenticated %}
<p>Welcome, {{ user.username }}. Thanks for logging in.</p>
{% else %}
<p>Welcome, new user. Please log in.</p>
{% endif %}
I'm secure.
<a href = "/signout"><button src="signout">Sign out</button></a>
</body>
</html>
Raw
token_pro_auth_token_tests.py
from django.test import TestCase
# Create your tests here.
Raw
token_pro_auth_token_urls.py
#!/usr/bin/env python
# -*- coding:utf-8 -*-
from django.conf.urls import url
__author__ = 'yinzishao'
urlpatterns = [
url(r'^login/','auth_token.views.loginview',name='loginview'),
url(r'^signup/','auth_token.views.signup',name='signup'),
url(r'^auth/','auth_token.views.auth',name='auth')
# url(r'^token/new.json$', token_new, name='api_token_new'),
# url(r'^token/(?P<token>.{24})/(?P<user>\d+).json$', token, name='api_token'),
]
Raw
token_pro_auth_token_views.py
import json
from django.contrib.auth import authenticate
from django.contrib.auth.views import login
from django.shortcuts import render, render_to_response,HttpResponse, redirect
from django.contrib.auth.models import User
# Create your views here.
from django.template.context_processors import csrf
from tokenapi.views import token_new
from tokenapi.decorators import token_required
# @token_required
def loginview(request):
# c = {"yin":"yin"}
# c.update(csrf(request))
basic_auth = request.META.get('HTTP_AUTHORIZATION')
print basic_auth
return render(request,'login.html')
# return render_to_response('login.html', c,)
def auth(request):
result = token_new(request)
return result
def signup(request):
data={}
if request.method == "POST":
username = request.POST.get('username',None)
password = request.POST.get('password',None)
if not (username and password):
print request.body
request_data= json.loads(request.body)
print request_data["username"]
print request_data["password"]
print request_data
return HttpResponse(request.body,content_type="application/json")
# print request_data
print username,password
data['username']=username
data['password']=password
return HttpResponse(json.dumps(data),content_type="application/json")
if request.method == "GET":
print request.read()
return HttpResponse(json.dumps({"name":"yinzishao"}),content_type="application/json")
return HttpResponse("No post")
#
#
# def auth_and_login(request, onsuccess='/secure', onfail='/login/'):
# user = authenticate(username=request.POST['email'], password=request.POST['password'])
# if user is not None and user.is_active:
# login(request, user)
# request.session['name'] = "yin"
# return redirect(onsuccess)
# else:
# return redirect(onfail)
#
# def create_user(username, email, password):
# user = User(username=username, email=email)
# user.set_password(password)
# user.save()
# return user
#
# def user_exists(username):
# user_count = User.objects.filter(username=username).count()
# if user_count == 0:
# return False
# return True
#
# def sign_up_in(request):
# post = request.POST
# if not user_exists(post['email']):
# user = create_user(username=post['email'], email=post['email'], password=post['password'])
# return auth_and_login(request)
# else:
# return redirect("/login/")
Raw
token_pro_db.sqlite3
SQLite format 3@ $*-�� �����" 
���d��I��3
%Asessions0001_initial2016-05-17 13:52:46.006769A IAauth0006_require_contenttypes_00022016-05-17 13:52:45.850737BKAauth0005_alter_user_last_login_null2016-05-17 13:52:45.758856@GAauth0004_alter_user_username_opts2016-05-17 13:52:45.491205CMAauth0003_alter_user_email_max_length2016-05-17 13:52:45.267531HWAauth0002_alter_permission_name_max_length2016-05-17 13:52:45.054917H%GAcontenttypes0002_remove_content_type_name2016-05-17 13:52:44.8308030%Aadmin0001_initial2016-05-17 13:52:44.584276/%Aauth0001_initial2016-05-17 13:52:44.3722067%%Acontenttypes0001_initial2016-05-17 13:52:44.124681
�������3django_content_type+auth_permission auth_user�/django_migrations

�������������������
  
   
�������sessionssession%#contenttypescontenttype authuser
authgroup!authpermissionadminlogentry
�������sessionssession%#contenttypescontenttype
authuserauthgroup!authpermission adminlogentry

qCC�Cx���Y//�atabledjango_migrationsdjango_migrationsCREATE TABLE "django_migrations" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "app" varchar(255) NOT NULL, "name" varchar(255) NOT NULL, "applied" datetime NOT NULL)P++Ytablesqlite_sequencesqlite_sequenceCREATE TABLE sqlite_sequence(name,seq)?�!!�ktableauth_groupauth_group
CREATE TABLE "auth_group" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "name" varchar(80) NOT NULL UNIQUE)3 G!indexsqlite_autoindex_auth_group_1auth_group �8
99� tableauth_group_permissionsauth_group_permissions CREATE TABLE "auth_group_permissions" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "group_id" integer NOT NULL REFERENCES "auth_group" ("id"), "permission_id" integer NOT NULL REFERENCES "auth_permission" ("id"), UNIQUE ("group_id", "permission_id"))K _9indexsqlite_autoindex_auth_group_permissions_1auth_group_permissions
������3�--�[tableauth_user_groupsauth_user_groupsCREATE TABLE "auth_user_groups" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "user_id" integer NOT NULL REFERENCES "auth_user" ("id"), "group_id" integer NOT NULL REFERENCES "auth_group" ("id"), UNIQUE ("user_id", "group_id"))?S-indexsqlite_autoindex_auth_user_groups_1auth_user_groups






##g�X�|�AAA�
tableauth_user_user_permissionsauth_user_user_permissionsCREATE TABLE "auth_user_user_permissions" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "user_id" integer NOT NULL REFERENCES "auth_user" ("id"), "permission_id" integer NOT NULL REFERENCES "auth_permission" ("id"), UNIQUE ("user_id", "permission_id"))SgAindexsqlite_autoindex_auth_user_user_permissions_1auth_user_user_permissions�K9�;indexauth_group_permissions_0e939a4fauth_group_permissionsCREATE INDEX "auth_group_permissions_0e939a4f" ON "auth_group_permissions" ("group_id")�K9�Eindexauth_group_permissions_8373b171auth_group_permissionsCREATE INDEX "auth_group_permissions_8373b171" ON "auth_group_permissions" ("permission_id")�?-�!indexauth_user_groups_e8701ad4auth_user_groupsCREATE INDEX "auth_user_groups_e8701ad4" ON "auth_user_groups" ("user_id")�?-�#indexauth_user_groups_0e939a4fauth_user_groupsCREATE INDEX "auth_user_groups_0e939a4f" ON "auth_user_groups" ("group_id")




oo�u�(SA�Iindexauth_user_user_permissions_e8701ad4auth_user_user_permissionsCREATE INDEX "auth_user_user_permissions_e8701ad4" ON "auth_user_user_permissions" ("user_id")�.SA�Uindexauth_user_user_permissions_8373b171auth_user_user_permissionsCREATE INDEX "auth_user_user_permissions_8373b171" ON "auth_user_user_permissions" ("permission_id")�'--�tabledjango_admin_logdjango_admin_logCREATE TABLE "django_admin_log" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "action_time" datetime NOT NULL, "object_id" text NULL, "object_repr" varchar(200) NOT NULL, "action_flag" smallint unsigned NOT NULL, "change_message" text NOT NULL, "content_type_id" integer NULL REFERENCES "django_content_type" ("id"), "user_id" integer NOT NULL REFERENCES "auth_user" ("id"))�?-�1indexdjango_admin_log_417f1b1cdjango_admin_logCREATE INDEX "django_admin_log_417f1b1c" ON "django_admin_log" ("content_type_id")





SS��:y�?-�!indexdjango_admin_log_e8701ad4django_admin_log!CREATE INDEX "django_admin_log_e8701ad4" ON "django_admin_log" ("user_id")�h33�wtabledjango_content_typedjango_content_typeCREATE TABLE "django_content_type" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "app_label" varchar(100) NOT NULL, "model" varchar(100) NOT NULL, UNIQUE ("app_label", "model"))EY3indexsqlite_autoindex_django_content_type_1django_content_type�/ ++�tableauth_permissionauth_permission"CREATE TABLE "auth_permission" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "content_type_id" integer NOT NULL REFERENCES "django_content_type" ("id"), "codename" varchar(100) NOT NULL, "name" varchar(255) NOT NULL, UNIQUE ("content_type_id", "codename"))=!Q+indexsqlite_autoindex_auth_permission_1auth_permission#�"=+�-indexauth_permission_417f1b1cauth_permissionCREATE INDEX "auth_permission_417f1b1c" ON "auth_permission" ("content_type_id")




�V#)���|+;)�!indexdjango_session_de54fa62django_session$CREATE INDEX "django_session_de54fa62" ON "django_session" ("expire_date")�6)))�'tabledjango_sessiondjango_sessionCREATE TABLE "django_session" ("session_key" varchar(40) NOT NULL PRIMARY KEY, "session_data" text NOT NULL, "expire_date" datetime NOT NULL);*O)indexsqlite_autoindex_django_session_1django_session1(Eindexsqlite_autoindex_auth_user_1auth_user�''�tableauth_userauth_userCREATE TABLE "auth_user" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "password" varchar(128) NOT NULL, "is_superuser" bool NOT NULL, "username" varchar(30) NOT NULL UNIQUE, "first_name" varchar(30) NOT NULL, "last_name" varchar(30) NOT NULL, "email" varchar(254) NOT NULL, "is_staff" bool NOT NULL, "is_active" bool NOT NULL, "date_joined" datetime NOT NULL, "last_login" datetime NULL)

?���`2����`>���g?&)1delete_sessionCan delete session&)1change_sessionCan change session #+add_sessionCan add session/1;delete_contenttypeCan delete content type/1;change_contenttypeCan change content type)
+5add_contenttypeCan add content type #+delete_userCan delete user #+change_userCan change user
%add_userCan add user" %-delete_groupCan delete group"%-change_groupCan change group'add_groupCan add group,/7delete_permissionCan delete permission,/7change_permissionCan change permission&)1add_permissionCan add permission( +5delete_logentryCan delete log entry( +5change_logentryCan change log entry" %/add_logentryCan add log entry
�������p]J;)�����)delete_session)change_session#add_session1delete_contenttype1change_contenttype+add_contenttype
#delete_user #change_user add_user
%delete_group %change_groupadd_group/delete_permission/change_permission)add_permission +delete_logentry +change_logentry % add_logentry

Raw
token_pro_manage.py
#!/usr/bin/env python
import os
import sys
if __name__ == "__main__":
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "token_pro.settings")
from django.core.management import execute_from_command_line
execute_from_command_line(sys.argv)
Raw
token_pro_token_pro_settings.py
"""
Django settings for token_pro project.
Generated by 'django-admin startproject' using Django 1.8.2.
For more information on this file, see
https://docs.djangoproject.com/en/1.8/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/1.8/ref/settings/
"""
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = ')bju3a8s@^u6r(48g8#q(@o8!l0@nns$cb3tmj9t2l3#8xr1uc'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
ALLOWED_HOSTS = []
# Application definition
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'auth_token',
'tokenapi',
)
AUTHENTICATION_BACKENDS=(
'django.contrib.auth.backends.ModelBackend',
'tokenapi.backends.TokenBackend',
)
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
# 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
# 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
)
ROOT_URLCONF = 'token_pro.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
WSGI_APPLICATION = 'token_pro.wsgi.application'
# Database
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql', # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
'NAME': 'auth_token', # Or path to database file if using sqlite3.
# The following settings are not used with sqlite3:
'USER': 'root',
'PASSWORD': 'yinzishao',
'HOST': '127.0.0.1', # Empty for localhost through domain sockets or '127.0.0.1' for localhost through TCP.
'PORT': '3306', # Set to empty string for default.
}
}
# Internationalization
# https://docs.djangoproject.com/en/1.8/topics/i18n/
LANGUAGE_CODE = 'en-us'
USE_I18N = True
USE_L10N = True
# TIME_ZONE = 'UTC'
# USE_TZ = True
TIME_ZONE = 'Asia/Shanghai'
USE_TZ = False
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.8/howto/static-files/
STATIC_URL = '/static/'
Raw
token_pro_token_pro_urls.py
"""token_pro URL Configuration
The `urlpatterns` list routes URLs to views. For more information please see:
https://docs.djangoproject.com/en/1.8/topics/http/urls/
Examples:
Function views
1. Add an import: from my_app import views
2. Add a URL to urlpatterns: url(r'^$', views.home, name='home')
Class-based views
1. Add an import: from other_app.views import Home
2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home')
Including another URLconf
1. Add an import: from blog import urls as blog_urls
2. Add a URL to urlpatterns: url(r'^blog/', include(blog_urls))
"""
from django.conf.urls import include, url
from django.contrib import admin
urlpatterns = [
url(r'^admin/', include(admin.site.urls)),
url(r'',include('auth_token.urls')),
url(r'', include('tokenapi.urls')),
]
Raw
token_pro_token_pro_wsgi.py
"""
WSGI config for token_pro project.
It exposes the WSGI callable as a module-level variable named ``application``.
For more information on this file, see
https://docs.djangoproject.com/en/1.8/howto/deployment/wsgi/
"""
import os
from django.core.wsgi import get_wsgi_application
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "token_pro.settings")
application = get_wsgi_application()
Raw
token_pro_tokenapi_backends.py
from django.contrib.auth.backends import ModelBackend
from tokenapi.tokens import token_generator
from django.conf import settings
try:
from django.contrib.auth import get_user_model
except ImportError: # Django < 1.5
from django.contrib.auth.models import User
else:
User = get_user_model()
class TokenBackend(ModelBackend):
def authenticate(self, pk, token):
try:
user = User.objects.get(pk=pk)
except User.DoesNotExist:
return None
TOKEN_CHECK_ACTIVE_USER = getattr(settings, "TOKEN_CHECK_ACTIVE_USER", False)
if TOKEN_CHECK_ACTIVE_USER and not user.is_active:
return None
if token_generator.check_token(user,
token):
return user
return None
Raw
token_pro_tokenapi_decorators.py
from django.http import HttpResponseForbidden
from django.contrib.auth import authenticate
from django.views.decorators.csrf import csrf_exempt
from base64 import b64decode
from functools import wraps
def token_required(view_func):
"""Decorator which ensures the user has provided a correct user and token pair."""
@csrf_exempt
@wraps(view_func)
def _wrapped_view(request, *args, **kwargs):
user = None
token = None
basic_auth = request.META.get('HTTP_AUTHORIZATION')
user = request.POST.get('user', request.GET.get('user'))
token = request.POST.get('token', request.GET.get('token'))
if not (user and token) and basic_auth:
auth_method, auth_string = basic_auth.split(' ', 1)
if auth_method.lower() == 'basic':
auth_string = b64decode(auth_string.strip())
user, token = auth_string.decode().split(':', 1)
if not (user and token):
return HttpResponseForbidden("Must include 'user' and 'token' parameters with request.")
user = authenticate(pk=user, token=token)
if user:
request.user = user
return view_func(request, *args, **kwargs)
return HttpResponseForbidden()
return _wrapped_view
Raw
token_pro_tokenapi_http.py
"""JSON helper functions"""
try:
import simplejson as json
except ImportError:
import json
from django.http import HttpResponse
def JsonResponse(data, dump=True, status=200):
try:
data['errors']
except KeyError:
data['success'] = True
except TypeError:
pass
return HttpResponse(
json.dumps(data) if dump else data,
content_type='application/json',
status=status,
)
def JsonError(error_string, status=200):
data = {
'success': False,
'errors': error_string,
}
return JSONResponse(data)
def JsonResponseBadRequest(error_string):
return JsonError(error_string, status=400)
def JsonResponseUnauthorized(error_string):
return JsonError(error_string, status=401)
def JsonResponseForbidden(error_string):
return JsonError(error_string, status=403)
def JsonResponseNotFound(error_string):
return JsonError(error_string, status=404)
def JsonResponseNotAllowed(error_string):
return JsonError(error_string, status=405)
def JsonResponseNotAcceptable(error_string):
return JsonError(error_string, status=406)
# For backwards compatability purposes
JSONResponse = JsonResponse
JSONError = JsonError
Raw
token_pro_tokenapi_tests.py
import json
from django.test import TestCase
from django.core.urlresolvers import reverse
try:
from django.contrib.auth import get_user_model
except ImportError: # Django < 1.5
from django.contrib.auth.models import User
else:
User = get_user_model()
from tokenapi.tokens import token_generator
class TokenManagementTestCase(TestCase):
username = "jpulgarin"
email = "jp@julianpulgarin.com"
password = "GGGGGG"
def setUp(self):
self.user = User.objects.create_user(self.username, self.email, self.password)
self.user.save()
self.token = token_generator.make_token(self.user)
def test_token_new_correct(self):
response = self.client.post(reverse('api_token_new'), {
'username': self.username,
'password': self.password,
})
data = json.loads(response.content)
self.assertEqual(response.status_code, 200)
self.assertTrue(data['success'])
self.assertEqual(data['user'], self.user.pk)
self.assertEqual(data['token'], self.token)
def test_token_new_incorrect(self):
credentials = ((
self.username,
"AAAAAA",
), (
"j",
self.password,
), (
"j",
"AAAAAA",
))
for username, password in credentials:
response = self.client.post(reverse('api_token_new'), {
'username': username,
'password': password,
})
data = json.loads(response.content)
self.assertEqual(response.status_code, 200)
self.assertFalse(data['success'])
self.assertTrue(data['errors'])
self.assertNotEqual(data.get('user'), self.user.pk)
self.assertNotEqual(data.get('token'), self.token)
def test_token_correct(self):
response = self.client.post(reverse('api_token', kwargs={'token': self.token, 'user': self.user.pk}))
data = json.loads(response.content)
self.assertEqual(response.status_code, 200)
self.assertTrue(data['success'])
def test_token_incorrect(self):
incorrect_token = self.token[::-1]
response = self.client.post(reverse('api_token', kwargs={'token': incorrect_token, 'user': self.user.pk}))
data = json.loads(response.content)
self.assertEqual(response.status_code, 200)
self.assertFalse(data['success'])
self.assertTrue(data['errors'])
Raw
token_pro_tokenapi_tokens.py
"""django.contrib.auth.tokens, but without using last_login in hash"""
from datetime import date
from django.conf import settings
from django.utils.http import int_to_base36, base36_to_int
from django.utils.crypto import constant_time_compare, salted_hmac
from django.utils import six
class PasswordResetTokenGenerator(object):
"""
Strategy object used to generate and check tokens for the password
reset mechanism.
"""
def make_token(self, user):
"""
Returns a token that can be used once to do a password reset
for the given user.
"""
return self._make_token_with_timestamp(user, self._num_days(self._today()))
def check_token(self, user, token):
"""
Check that a password reset token is correct for a given user.
"""
# Parse the token
try:
ts_b36, hash = token.split("-")
except ValueError:
return False
try:
ts = base36_to_int(ts_b36)
except ValueError:
return False
# Check that the timestamp/uid has not been tampered with
if not constant_time_compare(self._make_token_with_timestamp(user, ts), token):
return False
# Check the timestamp is within limit
if (self._num_days(self._today()) - ts) > getattr(settings, 'TOKEN_TIMEOUT_DAYS', 7):
return False
return True
def _make_token_with_timestamp(self, user, timestamp):
# timestamp is number of days since 2001-1-1. Converted to
# base 36, this gives us a 3 digit string until about 2121
ts_b36 = int_to_base36(timestamp)
key_salt = "tokenapi.tokens.PasswordResetTokenGenerator"
value = (six.text_type(user.pk) + user.password + six.text_type(timestamp))
#hexdigest
hash = salted_hmac(key_salt, value).hexdigest()[::2]
return "%s-%s" % (ts_b36, hash)
def _num_days(self, dt):
return (dt - date(2001, 1, 1)).days
def _today(self):
# Used for mocking in tests
return date.today()
token_generator = PasswordResetTokenGenerator()
Raw
token_pro_tokenapi_urls.py
from django.conf.urls import url
from tokenapi.views import token
from tokenapi.views import token_new
urlpatterns = [
url(r'^token/new.json$', token_new, name='api_token_new'),
url(r'^token/(?P<token>.{24})/(?P<user>\d+).json$', token, name='api_token'),
]
Raw
token_pro_tokenapi_views.py
from django.contrib.auth import authenticate
from django.contrib.auth import login
from django.views.decorators.csrf import csrf_exempt
from django.conf import settings
try:
from django.contrib.auth import get_user_model
except ImportError: # Django < 1.5
from django.contrib.auth.models import User
else:
User = get_user_model()
from tokenapi.tokens import token_generator
from tokenapi.http import JsonResponse, JsonError, JsonResponseForbidden, JsonResponseUnauthorized
# Creates a token if the correct username and password is given
# token/new.json
# Required: username&password
# Returns: success&token&user
@csrf_exempt
def token_new(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
if username and password:
user = authenticate(username=username, password=password)
if user:
TOKEN_CHECK_ACTIVE_USER = getattr(settings, "TOKEN_CHECK_ACTIVE_USER", False)
if TOKEN_CHECK_ACTIVE_USER and not user.is_active:
return JsonResponseForbidden("User account is disabled.")
login(request, user)
data = {
'token': token_generator.make_token(user),
'user': user.pk,
}
return JsonResponse(data)
else:
return JsonResponseUnauthorized("Unable to log you in, please try again.")
else:
return JsonError("Must include 'username' and 'password' as POST parameters.")
else:
return JsonError("Must access via a POST request.")
# Checks if a given token and user pair is valid
# token/:token/:user.json
# Required: user
# Returns: success
def token(request, token, user):
try:
user = User.objects.get(pk=user)
except User.DoesNotExist:
return JsonError("User does not exist.")
TOKEN_CHECK_ACTIVE_USER = getattr(settings, "TOKEN_CHECK_ACTIVE_USER", False)
if TOKEN_CHECK_ACTIVE_USER and not user.is_active:
return JsonError("User account is disabled.")
if token_generator.check_token(user, token):
return JsonResponse({})
else:
return JsonError("Token did not match user.")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment