Commit 704baa74868c3cfe4ac0c153e0dd23fd756f5744
1 parent
9fe3158f
Exists in
master
and in
2 other branches
Adding function to get function (Updates in requirements were made)
Showing
5 changed files
with
73 additions
and
23 deletions
Show diff stats
amadeus/settings.py
| ... | ... | @@ -273,22 +273,6 @@ EMAIL_HOST_PASSWORD = 'amadeusteste' |
| 273 | 273 | # SMTP CONFIG |
| 274 | 274 | # EMAIL_BACKEND = 'core.smtp.AmadeusEmailBackend' |
| 275 | 275 | |
| 276 | -#API CONFIG STARTS | |
| 277 | -#TELL the rest framework to use a different backend | |
| 278 | -REST_FRAMEWORK = { | |
| 279 | - 'DEFAULT_AUTHENTICATION_CLASSES':( | |
| 280 | - 'oauth2_provider.ext.rest_framework.OAuth2Authentication',), | |
| 281 | - 'DEFAULT_PERMISSION_CLASSES':( | |
| 282 | - 'rest_framework.permissions.IsAuthenticated',), | |
| 283 | - 'PAGE_SIZE': 10, #pagination purposes | |
| 284 | -} | |
| 285 | - | |
| 286 | -OAUTH2_PROVIDER = { | |
| 287 | - 'SCOPES':{'read':'Read scope', 'write': 'Write scope'} | |
| 288 | -} | |
| 289 | -#API CONFIG ENDS | |
| 290 | - | |
| 291 | - | |
| 292 | 276 | #For date purposes |
| 293 | 277 | DATE_INPUT_FORMATS.append('%d/%m/%y') |
| 294 | 278 | DATE_INPUT_FORMATS.append('%m/%d/%y') |
| ... | ... | @@ -314,7 +298,7 @@ S3DIRECT_DESTINATIONS = { |
| 314 | 298 | #TELL the rest framework to use a different backend |
| 315 | 299 | REST_FRAMEWORK = { |
| 316 | 300 | 'DEFAULT_AUTHENTICATION_CLASSES':( |
| 317 | - 'oauth2_provider.ext.rest_framework.OAuth2Authentication',), | |
| 301 | + 'oauth2_provider.contrib.rest_framework.OAuth2Authentication',), | |
| 318 | 302 | 'DEFAULT_PERMISSION_CLASSES':( |
| 319 | 303 | 'rest_framework.permissions.IsAuthenticated',), |
| 320 | 304 | 'PAGE_SIZE': 10, #pagination purposes | ... | ... |
api/urls.py
| ... | ... | @@ -9,11 +9,13 @@ from log.views import LogViewSet |
| 9 | 9 | from . import views |
| 10 | 10 | |
| 11 | 11 | router = routers.DefaultRouter() |
| 12 | + | |
| 12 | 13 | router.register(r'logs', LogViewSet) |
| 13 | 14 | router.register(r'usersapi', UserViewSet) |
| 15 | +router.register(r'users', views.LoginViewset) | |
| 14 | 16 | |
| 15 | 17 | urlpatterns = [ |
| 16 | 18 | #API REST |
| 17 | - | |
| 18 | 19 | url(r'^', include(router.urls)), |
| 20 | + url(r'^token', views.getToken), | |
| 19 | 21 | ] |
| 20 | 22 | \ No newline at end of file | ... | ... |
api/views.py
| 1 | -from django.shortcuts import render | |
| 1 | +import requests | |
| 2 | +from django.shortcuts import get_object_or_404, reverse | |
| 3 | +from django.contrib.auth import authenticate | |
| 4 | +from rest_framework import viewsets | |
| 5 | +from rest_framework.response import Response | |
| 6 | +from rest_framework.decorators import detail_route | |
| 7 | +from rest_framework.permissions import IsAuthenticated, IsAuthenticatedOrReadOnly | |
| 2 | 8 | |
| 9 | +from security.models import Security | |
| 10 | + | |
| 11 | +from users.serializers import UserSerializer | |
| 12 | +from users.models import User | |
| 13 | + | |
| 14 | +from oauth2_provider.views.generic import ProtectedResourceView | |
| 15 | +from oauth2_provider.models import Application | |
| 16 | +from django.http import HttpResponse | |
| 17 | + | |
| 18 | +class LoginViewset(viewsets.ReadOnlyModelViewSet): | |
| 19 | + queryset = User.objects.all() | |
| 20 | + security = Security.objects.get(id = 1) | |
| 21 | + permissions_classes = (IsAuthenticatedOrReadOnly,) | |
| 22 | + | |
| 23 | + @detail_route(methods = ['post']) | |
| 24 | + def login(self, request): | |
| 25 | + username = request.DATA['email'] | |
| 26 | + password = request.DATA['password'] | |
| 27 | + user = authenticate(username = username, password = password) | |
| 28 | + | |
| 29 | + if user is not None: | |
| 30 | + if not security.maintence or user.is_staff: | |
| 31 | + serializer = UserSerializer(user) | |
| 32 | + | |
| 33 | + return Response(serializer.data) | |
| 34 | + | |
| 35 | + return Response() | |
| 36 | + | |
| 37 | +def getToken(request): | |
| 38 | + oauth = Application.objects.filter(name = "amadeus-droid") | |
| 39 | + | |
| 40 | + response = "" | |
| 41 | + | |
| 42 | + if request.POST: | |
| 43 | + username = request.POST['email'] | |
| 44 | + password = request.POST['password'] | |
| 45 | + | |
| 46 | + user = authenticate(username = username, password = password) | |
| 47 | + | |
| 48 | + if user is not None: | |
| 49 | + if not security.maintence or user.is_staff: | |
| 50 | + if oauth.count() > 0: | |
| 51 | + oauth = oauth[0] | |
| 52 | + | |
| 53 | + data = { | |
| 54 | + "grant_type": "password", | |
| 55 | + "username": username, | |
| 56 | + "password": password | |
| 57 | + } | |
| 58 | + | |
| 59 | + auth = (oauth.client_id, oauth.client_secret) | |
| 60 | + | |
| 61 | + response = requests.post(request.build_absolute_uri(reverse('oauth2_provider:token')), data = data, auth = auth) | |
| 62 | + | |
| 63 | + return HttpResponse(response) | |
| 3 | 64 | \ No newline at end of file | ... | ... |
requirements.txt
| ... | ... | @@ -20,7 +20,7 @@ django-crontab==0.7.1 |
| 20 | 20 | django-discover-runner==1.0 |
| 21 | 21 | django-floppyforms==1.7.0 |
| 22 | 22 | django-modalview==0.1.5 |
| 23 | -django-oauth-toolkit==0.10.0 | |
| 23 | +django-oauth-toolkit==1.0.0 | |
| 24 | 24 | django-role-permissions==1.2.1 |
| 25 | 25 | django-s3direct==0.4.2 |
| 26 | 26 | django-session-security==2.4.0 |
| ... | ... | @@ -38,7 +38,7 @@ lxml==3.6.4 |
| 38 | 38 | MarkupSafe==0.23 |
| 39 | 39 | msgpack-python==0.4.8 |
| 40 | 40 | numpy==1.12.1 |
| 41 | -oauthlib==1.0.3 | |
| 41 | +oauthlib==2.0.1 | |
| 42 | 42 | openpyxl==2.4.5 |
| 43 | 43 | pandas==0.19.2 |
| 44 | 44 | Pillow==3.3.1 |
| ... | ... | @@ -47,7 +47,7 @@ pycpfcnpj==1.0.2 |
| 47 | 47 | python-dateutil==2.6.0 |
| 48 | 48 | pytz==2016.10 |
| 49 | 49 | redis==2.10.5 |
| 50 | -requests==2.11.1 | |
| 50 | +requests==2.13.0 | |
| 51 | 51 | six==1.10.0 |
| 52 | 52 | slugify==0.0.1 |
| 53 | 53 | Twisted==16.6.0 | ... | ... |
users/views.py
| ... | ... | @@ -40,6 +40,8 @@ import os |
| 40 | 40 | from rest_framework import viewsets |
| 41 | 41 | from .serializers import UserSerializer |
| 42 | 42 | from rest_framework.permissions import IsAuthenticated, IsAuthenticatedOrReadOnly |
| 43 | +from oauth2_provider.contrib.rest_framework.authentication import OAuth2Authentication | |
| 44 | +from oauth2_provider.contrib.rest_framework.permissions import IsAuthenticatedOrTokenHasScope | |
| 43 | 45 | |
| 44 | 46 | # ================ ADMIN ======================= |
| 45 | 47 | class UsersListView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.ListView): |
| ... | ... | @@ -572,4 +574,5 @@ def logout(request, next_page = None): |
| 572 | 574 | class UserViewSet(viewsets.ModelViewSet): |
| 573 | 575 | queryset = User.objects.all() |
| 574 | 576 | serializer_class = UserSerializer |
| 575 | - permissions_classes = (IsAuthenticatedOrReadOnly,) | |
| 577 | + authentication_classes = [OAuth2Authentication] | |
| 578 | + permissions_classes = (IsAuthenticatedOrTokenHasScope,) | ... | ... |