Perform auth against the Protospace member portal

authserver/authserver/api/views.py

@@ -1,3 +1,5 @@
+import requests
+
 from django.contrib.auth.models import User
 
 from rest_framework import mixins, permissions, status, viewsets
@@ -6,6 +8,7 @@ from rest_framework.decorators import api_view
 from rest_framework.response import Response
 
 from . import models, serializers
+from authserver.settings import PROTOSPACE_LOGIN_PAGE
 
 class IsLockoutAdmin(permissions.BasePermission):
     def has_permission(self, request, view):
@@ -56,12 +59,10 @@ def login(request):
         return Response({'error': 'Please provide both username and password'},
                         status=status.HTTP_400_BAD_REQUEST)
 
-
-    # perform hacky auth...
-    #user = authenticate(username=username, password=password)
-    #if not user:
-    #    return Response({'error': 'Invalid Credentials'}, status=status.HTTP_404_NOT_FOUND)
-
+    post_data = {'user_name': username, 'web_pw': password, 'SubmitButton': 'Login'}
+    res = requests.post(PROTOSPACE_LOGIN_PAGE, post_data, allow_redirects=False)
+    if res.status_code == requests.codes.ok:
+        return Response({'error': 'Invalid Credentials'}, status=status.HTTP_404_NOT_FOUND)
 
     user, created = User.objects.get_or_create(username=username)
     user.set_password(password) # not validated

authserver/authserver/settings.py

@@ -119,3 +119,5 @@ STATIC_URL = '/static/'
 
 MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
 MEDIA_URL = '/media/'
+
+PROTOSPACE_LOGIN_PAGE = 'https://my.protospace.ca/login'

authserver/requirements.txt

@@ -1,4 +1,9 @@
+certifi==2018.8.24
+chardet==3.0.4
 Django==2.1.1
 djangorestframework==3.8.2
+idna==2.7
 Pillow==5.2.0
 pytz==2018.5
+requests==2.19.1
+urllib3==1.23