|
|
|
@ -1,6 +1,8 @@ |
|
|
|
|
from django.contrib.auth.models import User |
|
|
|
|
from rest_framework import mixins, permissions, viewsets |
|
|
|
|
|
|
|
|
|
from rest_framework import mixins, permissions, status, viewsets |
|
|
|
|
from rest_framework.authtoken.models import Token |
|
|
|
|
from rest_framework.decorators import api_view |
|
|
|
|
from rest_framework.response import Response |
|
|
|
|
|
|
|
|
|
from . import models, serializers |
|
|
|
@ -41,6 +43,33 @@ class ProfileViewSet( |
|
|
|
|
|
|
|
|
|
class UserViewSet(viewsets.ReadOnlyModelViewSet): |
|
|
|
|
serializer_class = serializers.UserSerializer |
|
|
|
|
permission_classes = (permissions.IsAuthenticated,) |
|
|
|
|
|
|
|
|
|
def get_queryset(self): |
|
|
|
|
return User.objects.filter(username=self.request.user) |
|
|
|
|
|
|
|
|
|
@api_view(["POST"]) |
|
|
|
|
def login(request): |
|
|
|
|
username = request.data.get("username") |
|
|
|
|
password = request.data.get("password") |
|
|
|
|
if username is None or password is None: |
|
|
|
|
return Response({'error': 'Please provide both username and password'}, |
|
|
|
|
status=status.HTTP_400_BAD_REQUEST) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# perform hacky auth... |
|
|
|
|
#user = authenticate(username=username, password=password) |
|
|
|
|
#if not user: |
|
|
|
|
# return Response({'error': 'Invalid Credentials'}, status=status.HTTP_404_NOT_FOUND) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
user, created = User.objects.get_or_create(username=username) |
|
|
|
|
user.set_password(password) # not validated |
|
|
|
|
user.save() |
|
|
|
|
|
|
|
|
|
if created: |
|
|
|
|
models.Profile.objects.create(user=user) |
|
|
|
|
|
|
|
|
|
token, _ = Token.objects.get_or_create(user=user) |
|
|
|
|
|
|
|
|
|
return Response({'token': token.key}, status=status.HTTP_200_OK) |
|
|
|
|