X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/8952b9530d943655e552ea660c47e850123c5105..55e6abd52da631d0a36ed13e12f5e1dfb2af0d92:/src/api/views.py diff --git a/src/api/views.py b/src/api/views.py index 6762fb1da..622332f2f 100644 --- a/src/api/views.py +++ b/src/api/views.py @@ -1,21 +1,23 @@ -# This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later. -# Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information. +# This file is part of Wolne Lektury, licensed under GNU Affero GPLv3 or later. +# Copyright © Fundacja Wolne Lektury. See NOTICE for more information. # +from time import time +from django.contrib.auth import authenticate from django.contrib.auth.decorators import login_required from django import forms from django.http import HttpResponse from django.http import Http404 from django.shortcuts import render from django.views.generic.base import View -from oauthlib.common import urlencode +from oauthlib.common import urlencode, generate_token from oauthlib.oauth1 import RequestTokenEndpoint, AccessTokenEndpoint from oauthlib.oauth1 import AuthorizationEndpoint, OAuth1Error from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.views import APIView -from rest_framework.generics import RetrieveAPIView, get_object_or_404 +from rest_framework.generics import GenericAPIView, RetrieveAPIView, get_object_or_404 from catalogue.models import Book -from .models import BookUserData, KEY_SIZE, SECRET_SIZE +from .models import BookUserData, KEY_SIZE, SECRET_SIZE, Token from . import serializers from .request_validator import PistonRequestValidator from .utils import oauthlib_request, oauthlib_response, vary_on_auth @@ -75,7 +77,7 @@ def oauth_user_auth(request): realms, credentials = endpoint.get_realms_and_credentials( **oauthlib_request(request)) except OAuth1Error as e: - return HttpResponse(e.message, status=400) + return HttpResponse(str(e), status=400) callback = request.GET.get('oauth_callback') form = OAuthAuthenticationForm(initial={ @@ -131,6 +133,27 @@ class OAuth1AccessTokenView(View): ) +class LoginView(GenericAPIView): + serializer_class = serializers.LoginSerializer + + def post(self, request): + serializer = self.get_serializer(data=request.data) + serializer.is_valid(raise_exception=True) + d = serializer.validated_data + user = authenticate(username=d['username'], password=d['password']) + if user is None: + return Response({"detail": "Invalid credentials."}) + + key = generate_token()[:KEY_SIZE] + Token.objects.create( + key=key, + token_type=Token.ACCESS, + timestamp=time(), + user=user, + ) + return Response({"access_token": key}) + + @vary_on_auth class UserView(RetrieveAPIView): permission_classes = [IsAuthenticated]