X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/6d42bc478e3d1bd90eb294464748c21e4de0fc63..ca8f4e8fef80cb603117ed579da8554f503698e5:/src/api/views.py diff --git a/src/api/views.py b/src/api/views.py index 69f9b8b03..622332f2f 100644 --- a/src/api/views.py +++ b/src/api/views.py @@ -1,22 +1,23 @@ -# This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later. -# Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information. +# This file is part of Wolne Lektury, licensed under GNU Affero GPLv3 or later. +# Copyright © Fundacja Wolne Lektury. See NOTICE for more information. # +from time import time +from django.contrib.auth import authenticate from django.contrib.auth.decorators import login_required from django import forms from django.http import HttpResponse from django.http import Http404 from django.shortcuts import render from django.views.generic.base import View -from oauthlib.common import urlencode +from oauthlib.common import urlencode, generate_token from oauthlib.oauth1 import RequestTokenEndpoint, AccessTokenEndpoint from oauthlib.oauth1 import AuthorizationEndpoint, OAuth1Error -from api.models import KEY_SIZE, SECRET_SIZE from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.views import APIView -from rest_framework.generics import ListAPIView, RetrieveAPIView, get_object_or_404 +from rest_framework.generics import GenericAPIView, RetrieveAPIView, get_object_or_404 from catalogue.models import Book -from .models import BookUserData +from .models import BookUserData, KEY_SIZE, SECRET_SIZE, Token from . import serializers from .request_validator import PistonRequestValidator from .utils import oauthlib_request, oauthlib_response, vary_on_auth @@ -76,7 +77,7 @@ def oauth_user_auth(request): realms, credentials = endpoint.get_realms_and_credentials( **oauthlib_request(request)) except OAuth1Error as e: - return HttpResponse(e.message, status=400) + return HttpResponse(str(e), status=400) callback = request.GET.get('oauth_callback') form = OAuthAuthenticationForm(initial={ @@ -86,7 +87,7 @@ def oauth_user_auth(request): return render(request, 'oauth/authorize_token.html', {'form': form}) - elif request.method == "POST": + if request.method == "POST": try: response = oauthlib_response( endpoint.create_authorization_response( @@ -132,6 +133,27 @@ class OAuth1AccessTokenView(View): ) +class LoginView(GenericAPIView): + serializer_class = serializers.LoginSerializer + + def post(self, request): + serializer = self.get_serializer(data=request.data) + serializer.is_valid(raise_exception=True) + d = serializer.validated_data + user = authenticate(username=d['username'], password=d['password']) + if user is None: + return Response({"detail": "Invalid credentials."}) + + key = generate_token()[:KEY_SIZE] + Token.objects.create( + key=key, + token_type=Token.ACCESS, + timestamp=time(), + user=user, + ) + return Response({"access_token": key}) + + @vary_on_auth class UserView(RetrieveAPIView): permission_classes = [IsAuthenticated]