Implement token auth for sähköpiikki
This commit is contained in:
Jan Tuomi
@@ -1,5 +1,5 @@
|
||||
from django.core.management.base import BaseCommand, CommandError
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import User, Permission
|
||||
from rest_framework.authtoken.models import Token
|
||||
|
||||
|
||||
@@ -17,8 +17,12 @@ class Command(BaseCommand):
|
||||
|
||||
u = User(username=self.user_name)
|
||||
u.set_password(self.password)
|
||||
|
||||
u.save()
|
||||
|
||||
permission = Permission.objects.get(codename='check_by_email')
|
||||
u.user_permissions.add(permission)
|
||||
|
||||
token = Token.objects.create(user=u)
|
||||
|
||||
self.stdout.write("Created sahkopiikki user '{}' with password '{}' and token '{}'.".format(
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.11 on 2017-09-26 10:16
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('members', '0016_auto_20170925_1924'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='member',
|
||||
options={'permissions': (('check_by_email', 'Can check if user exists by email'),)},
|
||||
),
|
||||
]
|
||||
@@ -85,6 +85,11 @@ class Member(BaseMember):
|
||||
|
||||
created = models.DateTimeField(_('Created'), default=timezone.now)
|
||||
|
||||
class Meta:
|
||||
permissions = (
|
||||
('check_by_email', 'Can check if user exists by email'),
|
||||
)
|
||||
|
||||
def last_paid(self):
|
||||
"""Return member's last payment."""
|
||||
try:
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
from rest_framework.permissions import BasePermission
|
||||
|
||||
import logging
|
||||
|
||||
|
||||
class CheckByEmailPermission(BasePermission):
|
||||
def has_permission(self, request, view):
|
||||
return request.user.has_perm('members.check_by_email')
|
||||
+3
-1
@@ -25,7 +25,8 @@ from members.views import add_many_confirm
|
||||
from members.views import MemberAutoComplete
|
||||
|
||||
# rest api
|
||||
from members.views import MemberDetail
|
||||
from members.views import MemberDetail, CheckByEmail
|
||||
from rest_framework.authtoken import views
|
||||
|
||||
# application
|
||||
from members.views import application_form
|
||||
@@ -125,4 +126,5 @@ urlpatterns = [
|
||||
name='member-autocomplete',
|
||||
),
|
||||
|
||||
url(r'^check', CheckByEmail.as_view())
|
||||
]
|
||||
|
||||
@@ -3,7 +3,7 @@ from django.contrib.auth.decorators import permission_required
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.views.decorators.http import require_http_methods
|
||||
from django.views.decorators.csrf import ensure_csrf_cookie
|
||||
from django.http import HttpResponse, HttpResponseRedirect
|
||||
from django.http import HttpResponse, HttpResponseRedirect, JsonResponse, HttpResponseForbidden
|
||||
from django.core.mail import send_mail
|
||||
from django.conf import settings
|
||||
from django.utils.translation import ugettext as _
|
||||
@@ -13,6 +13,11 @@ from dal import autocomplete
|
||||
import logging
|
||||
import html
|
||||
|
||||
from rest_framework.views import APIView
|
||||
from rest_framework.response import Response
|
||||
from rest_framework import authentication, permissions
|
||||
from members.permissions import CheckByEmailPermission
|
||||
|
||||
from members.models import Member, Request, Payment
|
||||
from members.forms import MemberForm, CSVValidationError
|
||||
from members.tables import MemberTable
|
||||
@@ -199,3 +204,16 @@ class MemberAutoComplete(autocomplete.Select2QuerySetView):
|
||||
qs = Member.find_members_by_name(self.q)
|
||||
|
||||
return qs
|
||||
|
||||
|
||||
class CheckByEmail(APIView):
|
||||
"""Check by email"""
|
||||
|
||||
authentication_classes = (authentication.TokenAuthentication,)
|
||||
permission_classes = (CheckByEmailPermission,)
|
||||
|
||||
def get(self, request, format=None):
|
||||
email = request.query_params.get('email')
|
||||
exists = bool(email and Member.objects.filter(email=email).exists())
|
||||
resp = {'exists': exists}
|
||||
return JsonResponse(resp)
|
||||
|
||||
@@ -29,7 +29,7 @@ class MemberDetail(generics.RetrieveAPIView):
|
||||
|
||||
queryset = Member.objects.all()
|
||||
serializer_class = MemberSerializer
|
||||
permission_classes = (permissions.IsAdminUser, )
|
||||
permission_classes = (permissions.DjangoModelPermissions, )
|
||||
throttle_classes = (BurstRateThrottle, SustainedRateThrottle, )
|
||||
|
||||
|
||||
|
||||
@@ -193,6 +193,9 @@ REST_FRAMEWORK = {
|
||||
'rest_framework.permissions.DjangoModelPermissions',
|
||||
'rest_framework.permissions.IsAdminUser',
|
||||
),
|
||||
'DEFAULT_AUTHENTICATION_CLASSES': (
|
||||
'rest_framework.authentication.TokenAuthentication',
|
||||
),
|
||||
'DEFAULT_THROTTLE_CLASSES': (
|
||||
'members.throttles.BurstRateThrottle',
|
||||
'members.throttles.SustainedRateThrottle'
|
||||
|
||||
Reference in New Issue
Block a user