From 704baa74868c3cfe4ac0c153e0dd23fd756f5744 Mon Sep 17 00:00:00 2001 From: Zambom Date: Fri, 16 Jun 2017 20:47:57 -0300 Subject: [PATCH] Adding function to get function (Updates in requirements were made) --- amadeus/settings.py | 18 +----------------- api/urls.py | 4 +++- api/views.py | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- requirements.txt | 6 +++--- users/views.py | 5 ++++- 5 files changed, 73 insertions(+), 23 deletions(-) diff --git a/amadeus/settings.py b/amadeus/settings.py index f7406b9..8329890 100644 --- a/amadeus/settings.py +++ b/amadeus/settings.py @@ -273,22 +273,6 @@ EMAIL_HOST_PASSWORD = 'amadeusteste' # SMTP CONFIG # EMAIL_BACKEND = 'core.smtp.AmadeusEmailBackend' -#API CONFIG STARTS -#TELL the rest framework to use a different backend -REST_FRAMEWORK = { - 'DEFAULT_AUTHENTICATION_CLASSES':( - 'oauth2_provider.ext.rest_framework.OAuth2Authentication',), - 'DEFAULT_PERMISSION_CLASSES':( - 'rest_framework.permissions.IsAuthenticated',), - 'PAGE_SIZE': 10, #pagination purposes -} - -OAUTH2_PROVIDER = { - 'SCOPES':{'read':'Read scope', 'write': 'Write scope'} -} -#API CONFIG ENDS - - #For date purposes DATE_INPUT_FORMATS.append('%d/%m/%y') DATE_INPUT_FORMATS.append('%m/%d/%y') @@ -314,7 +298,7 @@ S3DIRECT_DESTINATIONS = { #TELL the rest framework to use a different backend REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES':( - 'oauth2_provider.ext.rest_framework.OAuth2Authentication',), + 'oauth2_provider.contrib.rest_framework.OAuth2Authentication',), 'DEFAULT_PERMISSION_CLASSES':( 'rest_framework.permissions.IsAuthenticated',), 'PAGE_SIZE': 10, #pagination purposes diff --git a/api/urls.py b/api/urls.py index 2dcf277..4f2a1ca 100644 --- a/api/urls.py +++ b/api/urls.py @@ -9,11 +9,13 @@ from log.views import LogViewSet from . import views router = routers.DefaultRouter() + router.register(r'logs', LogViewSet) router.register(r'usersapi', UserViewSet) +router.register(r'users', views.LoginViewset) urlpatterns = [ #API REST - url(r'^', include(router.urls)), + url(r'^token', views.getToken), ] \ No newline at end of file diff --git a/api/views.py b/api/views.py index 2800278..f4e8b65 100644 --- a/api/views.py +++ b/api/views.py @@ -1,2 +1,63 @@ -from django.shortcuts import render +import requests +from django.shortcuts import get_object_or_404, reverse +from django.contrib.auth import authenticate +from rest_framework import viewsets +from rest_framework.response import Response +from rest_framework.decorators import detail_route +from rest_framework.permissions import IsAuthenticated, IsAuthenticatedOrReadOnly +from security.models import Security + +from users.serializers import UserSerializer +from users.models import User + +from oauth2_provider.views.generic import ProtectedResourceView +from oauth2_provider.models import Application +from django.http import HttpResponse + +class LoginViewset(viewsets.ReadOnlyModelViewSet): + queryset = User.objects.all() + security = Security.objects.get(id = 1) + permissions_classes = (IsAuthenticatedOrReadOnly,) + + @detail_route(methods = ['post']) + def login(self, request): + username = request.DATA['email'] + password = request.DATA['password'] + user = authenticate(username = username, password = password) + + if user is not None: + if not security.maintence or user.is_staff: + serializer = UserSerializer(user) + + return Response(serializer.data) + + return Response() + +def getToken(request): + oauth = Application.objects.filter(name = "amadeus-droid") + + response = "" + + if request.POST: + username = request.POST['email'] + password = request.POST['password'] + + user = authenticate(username = username, password = password) + + if user is not None: + if not security.maintence or user.is_staff: + if oauth.count() > 0: + oauth = oauth[0] + + data = { + "grant_type": "password", + "username": username, + "password": password + } + + auth = (oauth.client_id, oauth.client_secret) + + response = requests.post(request.build_absolute_uri(reverse('oauth2_provider:token')), data = data, auth = auth) + + return HttpResponse(response) \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index 411f20d..d9264a3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20,7 +20,7 @@ django-crontab==0.7.1 django-discover-runner==1.0 django-floppyforms==1.7.0 django-modalview==0.1.5 -django-oauth-toolkit==0.10.0 +django-oauth-toolkit==1.0.0 django-role-permissions==1.2.1 django-s3direct==0.4.2 django-session-security==2.4.0 @@ -38,7 +38,7 @@ lxml==3.6.4 MarkupSafe==0.23 msgpack-python==0.4.8 numpy==1.12.1 -oauthlib==1.0.3 +oauthlib==2.0.1 openpyxl==2.4.5 pandas==0.19.2 Pillow==3.3.1 @@ -47,7 +47,7 @@ pycpfcnpj==1.0.2 python-dateutil==2.6.0 pytz==2016.10 redis==2.10.5 -requests==2.11.1 +requests==2.13.0 six==1.10.0 slugify==0.0.1 Twisted==16.6.0 diff --git a/users/views.py b/users/views.py index c27cd6d..966b48c 100644 --- a/users/views.py +++ b/users/views.py @@ -40,6 +40,8 @@ import os from rest_framework import viewsets from .serializers import UserSerializer from rest_framework.permissions import IsAuthenticated, IsAuthenticatedOrReadOnly +from oauth2_provider.contrib.rest_framework.authentication import OAuth2Authentication +from oauth2_provider.contrib.rest_framework.permissions import IsAuthenticatedOrTokenHasScope # ================ ADMIN ======================= class UsersListView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.ListView): @@ -572,4 +574,5 @@ def logout(request, next_page = None): class UserViewSet(viewsets.ModelViewSet): queryset = User.objects.all() serializer_class = UserSerializer - permissions_classes = (IsAuthenticatedOrReadOnly,) + authentication_classes = [OAuth2Authentication] + permissions_classes = (IsAuthenticatedOrTokenHasScope,) -- libgit2 0.21.2