From 75ee9e9f6a2da2c39e65385cc6db8f9707a3bf86 Mon Sep 17 00:00:00 2001 From: Tanner Collin Date: Fri, 14 Sep 2018 18:53:27 -0600 Subject: [PATCH] Add token auth and POST /login/ route --- authserver/authserver/api/views.py | 31 +++++++++++++++++++++++++++++- authserver/authserver/settings.py | 24 ++++++++++------------- authserver/authserver/urls.py | 3 ++- 3 files changed, 42 insertions(+), 16 deletions(-) diff --git a/authserver/authserver/api/views.py b/authserver/authserver/api/views.py index 15eb586..5d0aca6 100644 --- a/authserver/authserver/api/views.py +++ b/authserver/authserver/api/views.py @@ -1,6 +1,8 @@ from django.contrib.auth.models import User -from rest_framework import mixins, permissions, viewsets +from rest_framework import mixins, permissions, status, viewsets +from rest_framework.authtoken.models import Token +from rest_framework.decorators import api_view from rest_framework.response import Response from . import models, serializers @@ -41,6 +43,33 @@ class ProfileViewSet( class UserViewSet(viewsets.ReadOnlyModelViewSet): serializer_class = serializers.UserSerializer + permission_classes = (permissions.IsAuthenticated,) def get_queryset(self): return User.objects.filter(username=self.request.user) + +@api_view(["POST"]) +def login(request): + username = request.data.get("username") + password = request.data.get("password") + if username is None or password is None: + return Response({'error': 'Please provide both username and password'}, + status=status.HTTP_400_BAD_REQUEST) + + + # perform hacky auth... + #user = authenticate(username=username, password=password) + #if not user: + # return Response({'error': 'Invalid Credentials'}, status=status.HTTP_404_NOT_FOUND) + + + user, created = User.objects.get_or_create(username=username) + user.set_password(password) # not validated + user.save() + + if created: + models.Profile.objects.create(user=user) + + token, _ = Token.objects.get_or_create(user=user) + + return Response({'token': token.key}, status=status.HTTP_200_OK) diff --git a/authserver/authserver/settings.py b/authserver/authserver/settings.py index f93ff83..e2b575f 100644 --- a/authserver/authserver/settings.py +++ b/authserver/authserver/settings.py @@ -38,9 +38,18 @@ INSTALLED_APPS = [ 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', + 'rest_framework.authtoken', 'authserver.api', ] +REST_FRAMEWORK = { + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework.authentication.SessionAuthentication', + 'rest_framework.authentication.TokenAuthentication', + ), +} + + MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', @@ -86,20 +95,7 @@ DATABASES = { # Password validation # https://docs.djangoproject.com/en/2.1/ref/settings/#auth-password-validators -AUTH_PASSWORD_VALIDATORS = [ - { - 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', - }, - { - 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', - }, - { - 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', - }, - { - 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', - }, -] +AUTH_PASSWORD_VALIDATORS = [] # Internationalization diff --git a/authserver/authserver/urls.py b/authserver/authserver/urls.py index 948e89f..57ad2ab 100644 --- a/authserver/authserver/urls.py +++ b/authserver/authserver/urls.py @@ -32,7 +32,8 @@ router.register(r'user', views.UserViewSet, 'user') urlpatterns = [ url(r'^', include(router.urls)), url(r'^admin/', admin.site.urls), - url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')) + url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')), + url(r'^login/', views.login) ] if settings.DEBUG is True: