X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/52f5582c513e41f069f60b5e45b457dc17413166..fc245a481d9adf2621de1873783c32ada3f76d2f:/src/api/views.py diff --git a/src/api/views.py b/src/api/views.py index 08d1650e7..86275aaf4 100644 --- a/src/api/views.py +++ b/src/api/views.py @@ -2,12 +2,15 @@ # Copyright © Fundacja Wolne Lektury. See NOTICE for more information. # from time import time -from django.contrib.auth import authenticate +from allauth.account.forms import ResetPasswordForm +from django.conf import settings +from django.contrib.auth import authenticate, login from django.contrib.auth.decorators import login_required +from django.contrib.auth.models import User from django import forms -from django.http import HttpResponse +from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseForbidden from django.http import Http404 -from django.shortcuts import render +from django.shortcuts import redirect, render from django.views.generic.base import View from oauthlib.common import urlencode, generate_token from oauthlib.oauth1 import RequestTokenEndpoint, AccessTokenEndpoint @@ -17,7 +20,8 @@ from rest_framework.response import Response from rest_framework.views import APIView from rest_framework.generics import GenericAPIView, RetrieveAPIView, get_object_or_404 from catalogue.models import Book -from .models import BookUserData, KEY_SIZE, SECRET_SIZE, Token +from .models import BookUserData, KEY_SIZE, SECRET_SIZE, Token, SessionTransferToken +from social.models import UserConfirmation from . import serializers from .request_validator import PistonRequestValidator from .utils import oauthlib_request, oauthlib_response, vary_on_auth @@ -227,7 +231,7 @@ class BlogView(APIView): -class RegisterView(APIView): +class RegisterView(GenericAPIView): serializer_class = serializers.RegisterSerializer def get(self, request): @@ -245,8 +249,37 @@ class RegisterView(APIView): }) def post(self, request): - pass - + if not settings.FEATURE_API_REGISTER: + return Response( + { + "detail": "Rejestracja aktualnie niedostępna." + }, + status=400 + ) + serializer = self.get_serializer(data=request.data) + serializer.is_valid(raise_exception=True) + d = serializer.validated_data + + user = User( + username=d['email'], + email=d['email'], + is_active=False + ) + user.set_password(d['password']) + + try: + user.save() + except: + return Response( + { + "detail": "Nie można utworzyć konta.", + }, + status=400 + ) + + UserConfirmation.request(user) + return Response({}) + class RefreshTokenView(APIView): serializer_class = serializers.RefreshTokenSerializer @@ -284,4 +317,102 @@ class RefreshTokenView(APIView): class RequestConfirmView(APIView): - pass + serializer_class = serializers.RequestConfirmSerializer + + def post(self, request): + serializer = self.get_serializer(data=request.data) + serializer.is_valid(raise_exception=True) + d = serializer.validated_data + + try: + user = User.objects.get( + username=d['email'], + is_active=False + ) + except User.DoesNotExist: + raise Http404 + + UserConfirmation.request(user) + return Response({}) + + +class DeleteAccountView(GenericAPIView): + permission_classes = [IsAuthenticated] + serializer_class = serializers.DeleteAccountSerializer + + def post(self, request): + u = request.user + serializer = self.get_serializer( + data=request.data, + context={'user': u} + ) + serializer.is_valid(raise_exception=True) + d = serializer.validated_data + u.is_active = False + u.save() + return Response({}) + + +class PasswordView(GenericAPIView): + permission_classes = [IsAuthenticated] + serializer_class = serializers.PasswordSerializer + + def post(self, request): + u = request.user + serializer = self.get_serializer( + data=request.data, + context={'user': u} + ) + serializer.is_valid(raise_exception=True) + d = serializer.validated_data + u.set_password(d['new_password']) + u.save() + return Response({}) + + +class ResetPasswordView(GenericAPIView): + serializer_class = serializers.ResetPasswordSerializer + + def post(self, request): + serializer = serializers.ResetPasswordSerializer(data=request.data) + serializer.is_valid(raise_exception=True) + form = ResetPasswordForm({"email": serializer.validated_data['email']}) + form.is_valid() + form.save(request) + return Response({}) + + +class SessionTransferTokenView(APIView): + permission_classes = [IsAuthenticated] + + def post(self, request): + ott = SessionTransferToken.create_for_user(request.user) + return Response({ + "token": str(ott.token) + }) + + +class ConsumeSessionTransferTokenView(View): + def get(self, request): + token_str = request.GET.get("token") + next_url = request.GET.get("next", "/") #TODO: validate + + if not token_str: + return HttpResponseBadRequest("Missing token") + + try: + ott = SessionTransferToken.objects.get(token=token_str) + except SessionTransferToken.DoesNotExist: + return HttpResponseBadRequest("Invalid token") + + if not ott.is_valid(): + return HttpResponseForbidden("Token expired or already used") + + # Mark token as used + ott.used = True + ott.save(update_fields=["used"]) + + # Log in the user via Django session + login(request, ott.user) + + return redirect(next_url)