Add card numbers and updating to auth server

2018-11-10 19:33:41 -07:00 · 2018-11-10 19:33:41 -07:00 · 790725c29e
commit 790725c29e
parent 6ec97db073
6 changed files with 81 additions and 5 deletions
--- a/authserver/README.md
+++ b/authserver/README.md
@ -54,6 +54,13 @@ In subsequent requests, the token key should be included in the `Authorization`
 Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b
 ```

+Example authenticated request:
+
+```
+curl -H "Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b" http://tools-auth.protospace.ca/user/
+```
+
+
 ### For anonymous users

 #### GET `/tooldata/`
@ -128,10 +135,11 @@ Example response:
 ```
 [
    {
-        "username": "admin",
+        "username": "tanner.collin",
        "profile": {
-            "url": "http://tools-auth.protospace.ca/profile/1/",
-            "user": "admin",
+            "url": "http://tools-auth.protospace.ca/profile/2/",
+            "user": "tanner.collin",
+            "card": "00000A4123",
            "authorized_tools": [
                "table-saw",
                "jointer"
@ -173,3 +181,33 @@ Get a list of all profiles.
 Get a specific profile, or modify an existing one.

 Here you can authorize users on tools or make them another lockout admin.
+
+#### PUT `/update-cards/`
+
+Send a dictionary of username=card_number pairs to update any profiles already in the system. Users not already registered will be ignored.
+
+Responds with the number of profiles updated.
+
+Operation is idempotent.
+
+Example PUT data:
+
+```
+{
+    "tanner.collin": "00000A4123",
+    "matthew.mulrooney": "00000B8567",
+    "not-a-member": "539830843A"
+}
+```
+
+Example response:
+
+```
+{"updated":2}
+```
+
+Example request:
+
+```
+curl -X PUT -H "Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b" -d tanner.collin=00000A4123 -d matthew.mulrooney=00000B8567 http://tools-auth.protospace.ca/update-cards/
+```
--- a/authserver/authserver/api/admin.py
+++ b/authserver/authserver/api/admin.py
@ -5,3 +5,4 @@ from . import models
 admin.site.register(models.Category)
 admin.site.register(models.Tool)
 admin.site.register(models.Profile)
+admin.site.register(models.Card)
--- a/authserver/authserver/api/models.py
+++ b/authserver/authserver/api/models.py
@ -29,3 +29,10 @@ class Profile(models.Model):

    def __str__(self):
        return self.user.username
+
+class Card(models.Model):
+    profile = models.OneToOneField(Profile, on_delete=models.CASCADE, editable=False)
+    number = models.CharField(max_length=10)
+
+    def __str__(self):
+        return self.number
--- a/authserver/authserver/api/serializers.py
+++ b/authserver/authserver/api/serializers.py
@ -32,6 +32,11 @@ class ToolDataSerializer(serializers.HyperlinkedModelSerializer):

 class ProfileSerializer(serializers.HyperlinkedModelSerializer):
    user = serializers.StringRelatedField()
+    card = serializers.SlugRelatedField(
+            allow_null=True,
+            slug_field='number',
+            queryset=models.Card.objects.all()
+        )
    authorized_tools = serializers.SlugRelatedField(
            many=True,
            slug_field='slug',
--- a/authserver/authserver/api/views.py
+++ b/authserver/authserver/api/views.py
@ -1,10 +1,11 @@
 import requests
+import json

 from django.contrib.auth.models import User

 from rest_framework import mixins, permissions, status, viewsets
 from rest_framework.authtoken.models import Token
-from rest_framework.decorators import api_view
+from rest_framework.decorators import api_view, permission_classes
 from rest_framework.response import Response

 from . import models, serializers
@ -74,3 +75,26 @@ def login(request):
    token, _ = Token.objects.get_or_create(user=user)

    return Response({'token': token.key}, status=status.HTTP_200_OK)
+
+@api_view(["PUT"])
+@permission_classes((IsLockoutAdmin,))
+def update_cards(request):
+    data = request.data
+    updated_count = 0
+
+    if not data:
+        return Response({'error': 'Please provide card data in the form username=cardnumber'},
+                        status=status.HTTP_400_BAD_REQUEST)
+
+    for username, card_number in data.items():
+        try:
+            profile = models.Profile.objects.get(user__username=username)
+            card, _ = models.Card.objects.update_or_create(
+                    profile=profile,
+                    defaults={'number': card_number}
+                )
+            if card: updated_count += 1
+        except:
+            continue
+
+    return Response({'updated': updated_count}, status=status.HTTP_200_OK)
--- a/authserver/authserver/urls.py
+++ b/authserver/authserver/urls.py
@ -33,7 +33,8 @@ urlpatterns = [
    url(r'^', include(router.urls)),
    url(r'^admin/', admin.site.urls),
    url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
-    url(r'^login/', views.login)
+    url(r'^login/', views.login),
+    url(r'^update-cards/', views.update_cards)
 ]

 if settings.DEBUG is True: