5df3d689d814d586740ee2af3075789e06085056
[wolnelektury.git] / src / api / views.py
1 # -*- coding: utf-8 -*-
2 # This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later.
3 # Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information.
4 #
5 from django.contrib.auth.decorators import login_required
6 from django import forms
7 from django.http import HttpResponse
8 from django.http import Http404
9 from django.shortcuts import render
10 from django.views.generic.base import View
11 from oauthlib.common import urlencode
12 from oauthlib.oauth1 import RequestTokenEndpoint, AccessTokenEndpoint
13 from oauthlib.oauth1 import AuthorizationEndpoint, OAuth1Error
14 from api.models import KEY_SIZE, SECRET_SIZE
15 from rest_framework.permissions import IsAuthenticated
16 from rest_framework.response import Response
17 from rest_framework.views import APIView
18 from rest_framework.generics import ListAPIView, RetrieveAPIView, get_object_or_404
19 from migdal.models import Entry
20 from catalogue.models import Book
21 from .models import BookUserData
22 from . import serializers
23 from .request_validator import PistonRequestValidator
24 from .utils import oauthlib_request, oauthlib_response, vary_on_auth
25
26
27 class OAuth1RequestTokenEndpoint(RequestTokenEndpoint):
28     def _create_request(self, *args, **kwargs):
29         r = super(OAuth1RequestTokenEndpoint, self)._create_request(*args, **kwargs)
30         r.redirect_uri = 'oob'
31         return r
32
33     def create_request_token(self, request, credentials):
34         token = {
35             'oauth_token': self.token_generator()[:KEY_SIZE],
36             'oauth_token_secret': self.token_generator()[:SECRET_SIZE],
37         }
38         token.update(credentials)
39         self.request_validator.save_request_token(token, request)
40         return urlencode(token.items())
41
42
43 # Never Cache
44 class OAuth1RequestTokenView(View):
45     def __init__(self):
46         self.endpoint = OAuth1RequestTokenEndpoint(PistonRequestValidator())
47
48     def dispatch(self, request):
49         return oauthlib_response(
50             self.endpoint.create_request_token_response(
51                 **oauthlib_request(request)
52             )
53         )
54
55
56 class OAuthAuthenticationForm(forms.Form):
57     oauth_token = forms.CharField(widget=forms.HiddenInput)
58     oauth_callback = forms.CharField(widget=forms.HiddenInput)  # changed from URLField - too strict
59     # removed authorize_access - redundant
60
61
62 class OAuth1AuthorizationEndpoint(AuthorizationEndpoint):
63     def create_verifier(self, request, credentials):
64         verifier = super(OAuth1AuthorizationEndpoint, self).create_verifier(request, credentials)
65         return {
66             'oauth_token': verifier['oauth_token'],
67         }
68
69
70 @login_required
71 def oauth_user_auth(request):
72     endpoint = OAuth1AuthorizationEndpoint(PistonRequestValidator())
73
74     if request.method == "GET":
75         # Why not just get oauth_token here?
76         # This is fairly straightforward, in't?
77         try:
78             realms, credentials = endpoint.get_realms_and_credentials(
79                 **oauthlib_request(request))
80         except OAuth1Error as e:
81             return HttpResponse(e.message, status=400)
82         callback = request.GET.get('oauth_callback')
83
84         form = OAuthAuthenticationForm(initial={
85             'oauth_token': credentials['resource_owner_key'],
86             'oauth_callback': callback,
87         })
88
89         return render(request, 'oauth/authorize_token.html', {'form': form})
90
91     elif request.method == "POST":
92         try:
93             response = oauthlib_response(
94                 endpoint.create_authorization_response(
95                     credentials={"user": request.user},
96                     **oauthlib_request(request)
97                 )
98             )
99         except OAuth1Error as e:
100             return HttpResponse(e.message, status=400)
101         else:
102             return response
103
104
105 class OAuth1AccessTokenEndpoint(AccessTokenEndpoint):
106     def _create_request(self, *args, **kwargs):
107         r = super(OAuth1AccessTokenEndpoint, self)._create_request(*args, **kwargs)
108         r.verifier = 'x' * 20
109         return r
110
111     def create_access_token(self, request, credentials):
112         request.realms = self.request_validator.get_realms(
113             request.resource_owner_key, request)
114         token = {
115             'oauth_token': self.token_generator()[:KEY_SIZE],
116             'oauth_token_secret': self.token_generator()[:SECRET_SIZE],
117             'oauth_authorized_realms': ' '.join(request.realms)
118         }
119         token.update(credentials)
120         self.request_validator.save_access_token(token, request)
121         return urlencode(token.items())
122
123
124 # Never cache
125 class OAuth1AccessTokenView(View):
126     def __init__(self):
127         self.endpoint = OAuth1AccessTokenEndpoint(PistonRequestValidator())
128
129     def dispatch(self, request):
130         return oauthlib_response(
131             self.endpoint.create_access_token_response(
132                 **oauthlib_request(request)
133             )
134         )
135
136
137 @vary_on_auth
138 class UserView(RetrieveAPIView):
139     permission_classes = [IsAuthenticated]
140     serializer_class = serializers.UserSerializer
141
142     def get_object(self):
143         return self.request.user
144
145
146 @vary_on_auth
147 class BookUserDataView(RetrieveAPIView):
148     permission_classes = [IsAuthenticated]
149     serializer_class = serializers.BookUserDataSerializer
150     lookup_field = 'book__slug'
151     lookup_url_kwarg = 'slug'
152
153     def get_queryset(self):
154         return BookUserData.objects.filter(user=self.request.user)
155
156     def get(self, *args, **kwargs):
157         try:
158             return super(BookUserDataView, self).get(*args, **kwargs)
159         except Http404:
160             return Response({"state": "not_started"})
161
162     def post(self, request, slug, state):
163         if state not in ('reading', 'complete'):
164             raise Http404
165
166         book = get_object_or_404(Book, slug=slug)
167         instance = BookUserData.update(book, request.user, state)
168         serializer = self.get_serializer(instance)
169         return Response(serializer.data)
170
171
172 class BlogView(ListAPIView):
173     serializer_class = serializers.BlogSerializer
174
175     def get_queryset(self):
176         after = self.request.query_params.get('after')
177         count = int(self.request.query_params.get('count', 20))
178         entries = Entry.published_objects.filter(in_stream=True).order_by('-first_published_at')
179         if after:
180             entries = entries.filter(first_published_at__lt=after)
181         if count:
182             entries = entries[:count]
183         return entries