# HG changeset patch # User rougeronj # Date 1427968659 -7200 # Node ID 032280909e65883e9fa210024c8fc38b233ed080 # Parent c641b33f910fd7b9769642bc3d22ffd0315db42d add authentication module using Token Auth diff -r c641b33f910f -r 032280909e65 server/ammico/admin.py --- a/server/ammico/admin.py Tue Mar 31 15:27:26 2015 +0200 +++ b/server/ammico/admin.py Thu Apr 02 11:57:39 2015 +0200 @@ -1,7 +1,9 @@ from django.contrib import admin -from .models import Slide, AmmicoUser, Book + +from ammico.models import Slide, Book +from django.contrib.auth import get_user_model admin.site.register(Slide) -admin.site.register(AmmicoUser) +admin.site.register(get_user_model()) admin.site.register(Book) \ No newline at end of file diff -r c641b33f910f -r 032280909e65 server/ammico/models.py --- a/server/ammico/models.py Tue Mar 31 15:27:26 2015 +0200 +++ b/server/ammico/models.py Thu Apr 02 11:57:39 2015 +0200 @@ -1,25 +1,18 @@ import datetime -from django.contrib.auth.models import User from django.db import models from taggit.managers import TaggableManager +from authentication.models import AmmicoUser -class AmmicoUser(models.Model): - user = models.OneToOneField(User) - idUser = models.CharField(max_length=512, unique=True) - image = models.URLField(max_length=2048, blank=True) - - def __str__(self): - return self.user.username class Book(models.Model): - user = models.ForeignKey(AmmicoUser) + user = models.ForeignKey(AmmicoUser, related_name = "books") idArticle = models.CharField(max_length=512, unique=True) title = models.CharField(max_length=512, blank=True) description = models.CharField(max_length=512, blank=True, null=True) image = models.URLField(max_length=2048, blank=True) - date = models.DateTimeField(null=True) + date = models.DateTimeField(default=datetime.datetime.now) def __str__(self): return self.title diff -r c641b33f910f -r 032280909e65 server/ammico/urls.py --- a/server/ammico/urls.py Tue Mar 31 15:27:26 2015 +0200 +++ b/server/ammico/urls.py Thu Apr 02 11:57:39 2015 +0200 @@ -11,5 +11,5 @@ url(r'^books/(?P[0-9]+)/slides$', BookSlides.as_view()), url(r'^slides$', ListSlides.as_view()), url(r'^slides/(?P[0-9]+)$', InfoSlide.as_view()), - url(r'^api-auth', include('rest_framework.urls', namespace='rest_framework')), + url(r'^auth/', include('authentication.urls')), ) diff -r c641b33f910f -r 032280909e65 server/ammico/views.py --- a/server/ammico/views.py Tue Mar 31 15:27:26 2015 +0200 +++ b/server/ammico/views.py Thu Apr 02 11:57:39 2015 +0200 @@ -2,23 +2,27 @@ from datetime import datetime import json -#from django.contrib.auth import login, logout -from django.contrib.auth.models import User +from django.contrib.auth import get_user_model from django.http import HttpResponse from django.utils.dateparse import parse_datetime import requests from rest_framework import permissions, status +from rest_framework.authentication import TokenAuthentication +from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.views import APIView -from ammico.models import Book, AmmicoUser, Slide +from ammico.models import Book, Slide from ammico.serializers import BookSerializer, SlideSerializer from settings import URL_JAMESPOT +#from django.contrib.auth import login, logout +User = get_user_model() + def populateUser(request): usermail = request.GET["email"] - user = AmmicoUser.objects.get(user=User.objects.get(email=usermail)) + user = User.objects.get(email=usermail) data = {"user": usermail, "idUser": user.idUser} populateVisite(user) return HttpResponse(content=json.dumps(data), content_type='application/json') @@ -70,9 +74,9 @@ """ Views to list all books. """ - #authentication_classes = (authentication.TokenAuthentication,) - #permission_classes = (permissions.IsAdminUser,) - permission_classes = (permissions.AllowAny,) + + authentication_classes = (TokenAuthentication,) + permission_classes = (IsAuthenticated,) def get(self, request): """ @@ -86,9 +90,9 @@ """ View to get book informations. """ - #authentication_classes = (authentication.TokenAuthentication,) - #permission_classes = (permissions.IsAdminUser,) - permission_classes = (permissions.AllowAny,) + + authentication_classes = (TokenAuthentication,) + permission_classes = (IsAuthenticated,) def get(self, request, idBook): try: @@ -108,9 +112,9 @@ """ View to get book informations. """ - #authentication_classes = (authentication.TokenAuthentication,) - #permission_classes = (permissions.IsAdminUser,) - permission_classes = (permissions.AllowAny,) + + authentication_classes = (TokenAuthentication,) + permission_classes = (IsAuthenticated,) def get(self, request, idBook): try: @@ -126,9 +130,9 @@ """ Get/Set Slides order """ - #authentication_classes = (authentication.TokenAuthentication,) - #permission_classes = (permissions.IsAdminUser,) - permission_classes = (permissions.AllowAny,) + + authentication_classes = (TokenAuthentication,) + permission_classes = (IsAuthenticated,) def get(self, request, idBook): try: @@ -152,9 +156,9 @@ """ Views to list all books. """ - #authentication_classes = (authentication.TokenAuthentication,) - #permission_classes = (permissions.IsAdminUser,) - permission_classes = (permissions.AllowAny,) + + authentication_classes = (TokenAuthentication,) + permission_classes = (IsAuthenticated,) def get(self, request): """ @@ -175,9 +179,9 @@ """ View to get book informations. """ - #authentication_classes = (authentication.TokenAuthentication,) - #permission_classes = (permissions.IsAdminUser,) - permission_classes = (permissions.AllowAny,) + + authentication_classes = (TokenAuthentication,) + permission_classes = (IsAuthenticated,) def get(self, request, idSlide): try: diff -r c641b33f910f -r 032280909e65 server/authentication/__init__.py diff -r c641b33f910f -r 032280909e65 server/authentication/models.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/server/authentication/models.py Thu Apr 02 11:57:39 2015 +0200 @@ -0,0 +1,15 @@ +import json + +from django.contrib.auth.models import AbstractUser, BaseUserManager +from django.db import models +from django.utils import timezone +import requests + +from config import URL_JAMESPOT + +class AmmicoUser(AbstractUser): + idUser = models.CharField(max_length=50, unique=True, blank=True) + +class Profile(models.Model): + user = models.OneToOneField(AmmicoUser) + image = models.URLField(max_length=2048, blank=True) \ No newline at end of file diff -r c641b33f910f -r 032280909e65 server/authentication/urls.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/server/authentication/urls.py Thu Apr 02 11:57:39 2015 +0200 @@ -0,0 +1,11 @@ +from django.conf.urls import patterns, url +from rest_framework.authtoken import views + +from authentication.views import User, AuthView + + +urlpatterns = patterns('', + url(r'^user', User.as_view()), + url(r'^auth', AuthView.as_view(), name='auth-view'), + url(r'^api-token-auth', views.obtain_auth_token) +) diff -r c641b33f910f -r 032280909e65 server/authentication/views.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/server/authentication/views.py Thu Apr 02 11:57:39 2015 +0200 @@ -0,0 +1,66 @@ + +import json + +from django.contrib.auth import get_user_model +import requests +from rest_framework import serializers, status, permissions +from rest_framework.authentication import TokenAuthentication +from rest_framework.authtoken.models import Token +from rest_framework.exceptions import ParseError +from rest_framework.permissions import IsAuthenticated +from rest_framework.response import Response +from rest_framework.views import APIView + +from config import URL_JAMESPOT + + +class UserSerializer(serializers.ModelSerializer): + class Meta: + model = get_user_model() + +class User(APIView): + """ + get list user or add user + """ + permission_classes = (permissions.AllowAny,) + + def get(self, request): + print ("here ?") + user = get_user_model().objects.all() + serializer = UserSerializer(user, many=True) + return Response(serializer.data) + + def post(self, request): + VALID_USER_FIELDS = [f.name for f in get_user_model()._meta.fields] + DEFAULTS = { + "groups":"", + "user_permissions":"" + } + request.data.update(DEFAULTS) + serialized = UserSerializer(data=request.data) + + if serialized.is_valid(): + user_data = {field: data for (field, data) in request.DATA.items() if field in VALID_USER_FIELDS} + + params = {'o': 'user', 'f': 'get', 'mail': user_data['email']} + r = requests.get(URL_JAMESPOT, params=params) + infoUser = json.loads(r.content.decode('utf-8')) + + user_data.update({"idUser":infoUser['VAL']['idUser']}) + + user = get_user_model().objects.create_user( + **user_data + ) + return Response(UserSerializer(instance=user).data, status=status.HTTP_201_CREATED) + else: + return Response(serialized._errors, status=status.HTTP_400_BAD_REQUEST) + +class AuthView(APIView): + """ + Authentication is needed for this methods + """ + authentication_classes = (TokenAuthentication,) + permission_classes = (IsAuthenticated,) + + def get(self, request, format=None): + return Response({'detail': "I suppose you are authenticated"}) \ No newline at end of file diff -r c641b33f910f -r 032280909e65 server/settings.py --- a/server/settings.py Tue Mar 31 15:27:26 2015 +0200 +++ b/server/settings.py Thu Apr 02 11:57:39 2015 +0200 @@ -32,10 +32,12 @@ 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', + 'rest_framework.authtoken', 'corsheaders', 'requests', 'taggit', 'ammico', + 'authentication' ) MIDDLEWARE_CLASSES = ( @@ -59,7 +61,7 @@ # Use Django's standard `django.contrib.auth` permissions, # or allow read-only access for unauthenticated users. 'DEFAULT_PERMISSION_CLASSES': [ - 'rest_framework.authentication.SessionAuthentication' + 'rest_framework.authentication.TokenAuthentication' ] } @@ -70,6 +72,9 @@ } } +AUTH_USER_MODEL = 'authentication.AmmicoUser' +AUTH_PROFILE_MODULE = 'authentication.Profile' + # Internationalization # https://docs.djangoproject.com/en/1.7/topics/i18n/