# This file is part of Wolne Lektury, licensed under GNU Affero GPLv3 or later.
# Copyright © Fundacja Wolne Lektury. See NOTICE for more information.
#
+from time import time
+from django.contrib.auth import authenticate
from django.contrib.auth.decorators import login_required
from django import forms
from django.http import HttpResponse
from django.http import Http404
from django.shortcuts import render
from django.views.generic.base import View
-from oauthlib.common import urlencode
+from oauthlib.common import urlencode, generate_token
from oauthlib.oauth1 import RequestTokenEndpoint, AccessTokenEndpoint
from oauthlib.oauth1 import AuthorizationEndpoint, OAuth1Error
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView
-from rest_framework.generics import RetrieveAPIView, get_object_or_404
+from rest_framework.generics import GenericAPIView, RetrieveAPIView, get_object_or_404
from catalogue.models import Book
-from .models import BookUserData, KEY_SIZE, SECRET_SIZE
+from .models import BookUserData, KEY_SIZE, SECRET_SIZE, Token
from . import serializers
from .request_validator import PistonRequestValidator
from .utils import oauthlib_request, oauthlib_response, vary_on_auth
)
+class LoginView(GenericAPIView):
+ serializer_class = serializers.LoginSerializer
+
+ def post(self, request):
+ serializer = self.get_serializer(data=request.data)
+ serializer.is_valid(raise_exception=True)
+ d = serializer.validated_data
+ user = authenticate(username=d['username'], password=d['password'])
+ if user is None:
+ return Response({"detail": "Invalid credentials."})
+
+ key = generate_token()[:KEY_SIZE]
+ Token.objects.create(
+ key=key,
+ token_type=Token.ACCESS,
+ timestamp=time(),
+ user=user,
+ )
+ return Response({"access_token": key})
+
+
+class Login2View(GenericAPIView):
+ serializer_class = serializers.LoginSerializer
+
+ def post(self, request):
+ serializer = self.get_serializer(data=request.data)
+ serializer.is_valid(raise_exception=True)
+ d = serializer.validated_data
+ user = authenticate(username=d['username'], password=d['password'])
+ if user is None:
+ return Response({"detail": "Invalid credentials."})
+
+ access_token = generate_token()[:KEY_SIZE]
+ Token.objects.create(
+ key=access_token,
+ token_type=Token.ACCESS,
+ timestamp=time(),
+ user=user,
+ )
+ refresh_token = generate_token()[:KEY_SIZE]
+ Token.objects.create(
+ key=refresh_token,
+ token_type=Token.REFRESH,
+ timestamp=time(),
+ user=user,
+ )
+ return Response({
+ "access_token": access_token,
+ "refresh_token": refresh_token,
+ "expires": 3600,
+ })
+
+
@vary_on_auth
class UserView(RetrieveAPIView):
permission_classes = [IsAuthenticated]
class BlogView(APIView):
def get(self, request):
return Response([])
+
+
+
+class RegisterView(APIView):
+ serializer_class = serializers.RegisterSerializer
+
+ def get(self, request):
+ return Response({
+ "options": [
+ {
+ "id": 1,
+ "html": "Chcę otrzymywać newsletter Wolnych Lektur",
+ "required": False
+ }
+ ],
+ "info": [
+ 'Administratorem danych osobowych jest Fundacja Wolne Lektury (ul. Marszałkowska 84/92 lok. 125, 00-514 Warszawa). Podanie danych osobowych jest dobrowolne. Dane są przetwarzane w zakresie niezbędnym do prowadzenia serwisu, a także w celach prowadzenia statystyk, ewaluacji i sprawozdawczości. W przypadku wyrażenia dodatkowej zgody adres e-mail zostanie wykorzystany także w celu przesyłania newslettera Wolnych Lektur. Osobom, których dane są zbierane, przysługuje prawo dostępu do treści swoich danych oraz ich poprawiania. Więcej informacji w <a href="https://fundacja.wolnelektury.pl/prywatnosc/">polityce prywatności</a>.'
+ ]
+ })
+
+ def post(self, request):
+ pass
+
+
+class RefreshTokenView(APIView):
+ serializer_class = serializers.RefreshTokenSerializer
+
+ def post(self, request):
+ serializer = self.get_serializer(data=request.data)
+ serializer.is_valid(raise_exception=True)
+ d = serializer.validated_data
+
+ t = Token.objects.get(
+ key=d['refresh_token'],
+ token_type=Token.REFRESH
+ )
+ user = t.user
+
+ access_token = generate_token()[:KEY_SIZE]
+ Token.objects.create(
+ key=access_token,
+ token_type=Token.ACCESS,
+ timestamp=time(),
+ user=user,
+ )
+ refresh_token = generate_token()[:KEY_SIZE]
+ Token.objects.create(
+ key=refresh_token,
+ token_type=Token.REFRESH,
+ timestamp=time(),
+ user=user,
+ )
+ return Response({
+ "access_token": access_token,
+ "refresh_token": refresh_token,
+ "expires": 3600,
+ })
+
+
+class RequestConfirmView(APIView):
+ pass
fnp / wolnelektury.git / blobdiff