From 61f5c293dbdca4171940d2b213ccb22df4873b9d Mon Sep 17 00:00:00 2001 From: Jan Tuomi Date: Tue, 26 Sep 2017 14:39:21 +0300 Subject: [PATCH] =?UTF-8?q?Implement=20token=20auth=20for=20s=C3=A4hk?= =?UTF-8?q?=C3=B6piikki?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../commands/createsahkopiikkiuser.py | 6 +++++- members/migrations/0017_auto_20170926_1316.py | 19 ++++++++++++++++++ members/models.py | 5 +++++ members/permissions.py | 8 ++++++++ members/urls.py | 4 +++- members/views/members.py | 20 ++++++++++++++++++- members/views/utils.py | 2 +- sikweb/base.py | 3 +++ 8 files changed, 63 insertions(+), 4 deletions(-) create mode 100644 members/migrations/0017_auto_20170926_1316.py create mode 100644 members/permissions.py diff --git a/members/management/commands/createsahkopiikkiuser.py b/members/management/commands/createsahkopiikkiuser.py index 2274e86..ff9e3e5 100644 --- a/members/management/commands/createsahkopiikkiuser.py +++ b/members/management/commands/createsahkopiikkiuser.py @@ -1,5 +1,5 @@ from django.core.management.base import BaseCommand, CommandError -from django.contrib.auth.models import User +from django.contrib.auth.models import User, Permission from rest_framework.authtoken.models import Token @@ -17,8 +17,12 @@ class Command(BaseCommand): u = User(username=self.user_name) u.set_password(self.password) + u.save() + permission = Permission.objects.get(codename='check_by_email') + u.user_permissions.add(permission) + token = Token.objects.create(user=u) self.stdout.write("Created sahkopiikki user '{}' with password '{}' and token '{}'.".format( diff --git a/members/migrations/0017_auto_20170926_1316.py b/members/migrations/0017_auto_20170926_1316.py new file mode 100644 index 0000000..8aea6fd --- /dev/null +++ b/members/migrations/0017_auto_20170926_1316.py @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.11 on 2017-09-26 10:16 +from __future__ import unicode_literals + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('members', '0016_auto_20170925_1924'), + ] + + operations = [ + migrations.AlterModelOptions( + name='member', + options={'permissions': (('check_by_email', 'Can check if user exists by email'),)}, + ), + ] diff --git a/members/models.py b/members/models.py index 6cd4dc3..7e4d7ea 100644 --- a/members/models.py +++ b/members/models.py @@ -85,6 +85,11 @@ class Member(BaseMember): created = models.DateTimeField(_('Created'), default=timezone.now) + class Meta: + permissions = ( + ('check_by_email', 'Can check if user exists by email'), + ) + def last_paid(self): """Return member's last payment.""" try: diff --git a/members/permissions.py b/members/permissions.py new file mode 100644 index 0000000..f117b81 --- /dev/null +++ b/members/permissions.py @@ -0,0 +1,8 @@ +from rest_framework.permissions import BasePermission + +import logging + + +class CheckByEmailPermission(BasePermission): + def has_permission(self, request, view): + return request.user.has_perm('members.check_by_email') diff --git a/members/urls.py b/members/urls.py index 1578da4..39b973e 100644 --- a/members/urls.py +++ b/members/urls.py @@ -25,7 +25,8 @@ from members.views import add_many_confirm from members.views import MemberAutoComplete # rest api -from members.views import MemberDetail +from members.views import MemberDetail, CheckByEmail +from rest_framework.authtoken import views # application from members.views import application_form @@ -125,4 +126,5 @@ urlpatterns = [ name='member-autocomplete', ), + url(r'^check', CheckByEmail.as_view()) ] diff --git a/members/views/members.py b/members/views/members.py index 7c61fd4..16467a9 100644 --- a/members/views/members.py +++ b/members/views/members.py @@ -3,7 +3,7 @@ from django.contrib.auth.decorators import permission_required from django.utils.decorators import method_decorator from django.views.decorators.http import require_http_methods from django.views.decorators.csrf import ensure_csrf_cookie -from django.http import HttpResponse, HttpResponseRedirect +from django.http import HttpResponse, HttpResponseRedirect, JsonResponse, HttpResponseForbidden from django.core.mail import send_mail from django.conf import settings from django.utils.translation import ugettext as _ @@ -13,6 +13,11 @@ from dal import autocomplete import logging import html +from rest_framework.views import APIView +from rest_framework.response import Response +from rest_framework import authentication, permissions +from members.permissions import CheckByEmailPermission + from members.models import Member, Request, Payment from members.forms import MemberForm, CSVValidationError from members.tables import MemberTable @@ -199,3 +204,16 @@ class MemberAutoComplete(autocomplete.Select2QuerySetView): qs = Member.find_members_by_name(self.q) return qs + + +class CheckByEmail(APIView): + """Check by email""" + + authentication_classes = (authentication.TokenAuthentication,) + permission_classes = (CheckByEmailPermission,) + + def get(self, request, format=None): + email = request.query_params.get('email') + exists = bool(email and Member.objects.filter(email=email).exists()) + resp = {'exists': exists} + return JsonResponse(resp) diff --git a/members/views/utils.py b/members/views/utils.py index 80485c4..3463914 100644 --- a/members/views/utils.py +++ b/members/views/utils.py @@ -29,7 +29,7 @@ class MemberDetail(generics.RetrieveAPIView): queryset = Member.objects.all() serializer_class = MemberSerializer - permission_classes = (permissions.IsAdminUser, ) + permission_classes = (permissions.DjangoModelPermissions, ) throttle_classes = (BurstRateThrottle, SustainedRateThrottle, ) diff --git a/sikweb/base.py b/sikweb/base.py index e8b5bd7..5cdb35a 100644 --- a/sikweb/base.py +++ b/sikweb/base.py @@ -193,6 +193,9 @@ REST_FRAMEWORK = { 'rest_framework.permissions.DjangoModelPermissions', 'rest_framework.permissions.IsAdminUser', ), + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework.authentication.TokenAuthentication', + ), 'DEFAULT_THROTTLE_CLASSES': ( 'members.throttles.BurstRateThrottle', 'members.throttles.SustainedRateThrottle'