X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/6d42bc478e3d1bd90eb294464748c21e4de0fc63..131ae407ca583a8a8086cf94c222c85fa3f5be63:/src/api/views.py?ds=sidebyside diff --git a/src/api/views.py b/src/api/views.py index 69f9b8b03..08d1650e7 100644 --- a/src/api/views.py +++ b/src/api/views.py @@ -1,22 +1,23 @@ -# This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later. -# Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information. +# This file is part of Wolne Lektury, licensed under GNU Affero GPLv3 or later. +# Copyright © Fundacja Wolne Lektury. See NOTICE for more information. # +from time import time +from django.contrib.auth import authenticate from django.contrib.auth.decorators import login_required from django import forms from django.http import HttpResponse from django.http import Http404 from django.shortcuts import render from django.views.generic.base import View -from oauthlib.common import urlencode +from oauthlib.common import urlencode, generate_token from oauthlib.oauth1 import RequestTokenEndpoint, AccessTokenEndpoint from oauthlib.oauth1 import AuthorizationEndpoint, OAuth1Error -from api.models import KEY_SIZE, SECRET_SIZE from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.views import APIView -from rest_framework.generics import ListAPIView, RetrieveAPIView, get_object_or_404 +from rest_framework.generics import GenericAPIView, RetrieveAPIView, get_object_or_404 from catalogue.models import Book -from .models import BookUserData +from .models import BookUserData, KEY_SIZE, SECRET_SIZE, Token from . import serializers from .request_validator import PistonRequestValidator from .utils import oauthlib_request, oauthlib_response, vary_on_auth @@ -76,7 +77,7 @@ def oauth_user_auth(request): realms, credentials = endpoint.get_realms_and_credentials( **oauthlib_request(request)) except OAuth1Error as e: - return HttpResponse(e.message, status=400) + return HttpResponse(str(e), status=400) callback = request.GET.get('oauth_callback') form = OAuthAuthenticationForm(initial={ @@ -86,7 +87,7 @@ def oauth_user_auth(request): return render(request, 'oauth/authorize_token.html', {'form': form}) - elif request.method == "POST": + if request.method == "POST": try: response = oauthlib_response( endpoint.create_authorization_response( @@ -132,6 +133,59 @@ class OAuth1AccessTokenView(View): ) +class LoginView(GenericAPIView): + serializer_class = serializers.LoginSerializer + + def post(self, request): + serializer = self.get_serializer(data=request.data) + serializer.is_valid(raise_exception=True) + d = serializer.validated_data + user = authenticate(username=d['username'], password=d['password']) + if user is None: + return Response({"detail": "Invalid credentials."}) + + key = generate_token()[:KEY_SIZE] + Token.objects.create( + key=key, + token_type=Token.ACCESS, + timestamp=time(), + user=user, + ) + return Response({"access_token": key}) + + +class Login2View(GenericAPIView): + serializer_class = serializers.LoginSerializer + + def post(self, request): + serializer = self.get_serializer(data=request.data) + serializer.is_valid(raise_exception=True) + d = serializer.validated_data + user = authenticate(username=d['username'], password=d['password']) + if user is None: + return Response({"detail": "Invalid credentials."}) + + access_token = generate_token()[:KEY_SIZE] + Token.objects.create( + key=access_token, + token_type=Token.ACCESS, + timestamp=time(), + user=user, + ) + refresh_token = generate_token()[:KEY_SIZE] + Token.objects.create( + key=refresh_token, + token_type=Token.REFRESH, + timestamp=time(), + user=user, + ) + return Response({ + "access_token": access_token, + "refresh_token": refresh_token, + "expires": 3600, + }) + + @vary_on_auth class UserView(RetrieveAPIView): permission_classes = [IsAuthenticated] @@ -170,3 +224,64 @@ class BookUserDataView(RetrieveAPIView): class BlogView(APIView): def get(self, request): return Response([]) + + + +class RegisterView(APIView): + serializer_class = serializers.RegisterSerializer + + def get(self, request): + return Response({ + "options": [ + { + "id": 1, + "html": "Chcę otrzymywać newsletter Wolnych Lektur", + "required": False + } + ], + "info": [ + 'Administratorem danych osobowych jest Fundacja Wolne Lektury (ul. Marszałkowska 84/92 lok. 125, 00-514 Warszawa). Podanie danych osobowych jest dobrowolne. Dane są przetwarzane w zakresie niezbędnym do prowadzenia serwisu, a także w celach prowadzenia statystyk, ewaluacji i sprawozdawczości. W przypadku wyrażenia dodatkowej zgody adres e-mail zostanie wykorzystany także w celu przesyłania newslettera Wolnych Lektur. Osobom, których dane są zbierane, przysługuje prawo dostępu do treści swoich danych oraz ich poprawiania. Więcej informacji w polityce prywatności.' + ] + }) + + def post(self, request): + pass + + +class RefreshTokenView(APIView): + serializer_class = serializers.RefreshTokenSerializer + + def post(self, request): + serializer = self.get_serializer(data=request.data) + serializer.is_valid(raise_exception=True) + d = serializer.validated_data + + t = Token.objects.get( + key=d['refresh_token'], + token_type=Token.REFRESH + ) + user = t.user + + access_token = generate_token()[:KEY_SIZE] + Token.objects.create( + key=access_token, + token_type=Token.ACCESS, + timestamp=time(), + user=user, + ) + refresh_token = generate_token()[:KEY_SIZE] + Token.objects.create( + key=refresh_token, + token_type=Token.REFRESH, + timestamp=time(), + user=user, + ) + return Response({ + "access_token": access_token, + "refresh_token": refresh_token, + "expires": 3600, + }) + + +class RequestConfirmView(APIView): + pass