X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/f9a95412f4923ce7b1b5b8844f314bed9a22142e..dd5ca8bb0dc7051c2860be668065c968f92c222c:/src/api/views.py diff --git a/src/api/views.py b/src/api/views.py index 011161e52..86275aaf4 100644 --- a/src/api/views.py +++ b/src/api/views.py @@ -2,14 +2,15 @@ # Copyright © Fundacja Wolne Lektury. See NOTICE for more information. # from time import time +from allauth.account.forms import ResetPasswordForm from django.conf import settings -from django.contrib.auth import authenticate +from django.contrib.auth import authenticate, login from django.contrib.auth.decorators import login_required from django.contrib.auth.models import User from django import forms -from django.http import HttpResponse +from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseForbidden from django.http import Http404 -from django.shortcuts import render +from django.shortcuts import redirect, render from django.views.generic.base import View from oauthlib.common import urlencode, generate_token from oauthlib.oauth1 import RequestTokenEndpoint, AccessTokenEndpoint @@ -19,7 +20,7 @@ from rest_framework.response import Response from rest_framework.views import APIView from rest_framework.generics import GenericAPIView, RetrieveAPIView, get_object_or_404 from catalogue.models import Book -from .models import BookUserData, KEY_SIZE, SECRET_SIZE, Token +from .models import BookUserData, KEY_SIZE, SECRET_SIZE, Token, SessionTransferToken from social.models import UserConfirmation from . import serializers from .request_validator import PistonRequestValidator @@ -334,3 +335,84 @@ class RequestConfirmView(APIView): UserConfirmation.request(user) return Response({}) + +class DeleteAccountView(GenericAPIView): + permission_classes = [IsAuthenticated] + serializer_class = serializers.DeleteAccountSerializer + + def post(self, request): + u = request.user + serializer = self.get_serializer( + data=request.data, + context={'user': u} + ) + serializer.is_valid(raise_exception=True) + d = serializer.validated_data + u.is_active = False + u.save() + return Response({}) + + +class PasswordView(GenericAPIView): + permission_classes = [IsAuthenticated] + serializer_class = serializers.PasswordSerializer + + def post(self, request): + u = request.user + serializer = self.get_serializer( + data=request.data, + context={'user': u} + ) + serializer.is_valid(raise_exception=True) + d = serializer.validated_data + u.set_password(d['new_password']) + u.save() + return Response({}) + + +class ResetPasswordView(GenericAPIView): + serializer_class = serializers.ResetPasswordSerializer + + def post(self, request): + serializer = serializers.ResetPasswordSerializer(data=request.data) + serializer.is_valid(raise_exception=True) + form = ResetPasswordForm({"email": serializer.validated_data['email']}) + form.is_valid() + form.save(request) + return Response({}) + + +class SessionTransferTokenView(APIView): + permission_classes = [IsAuthenticated] + + def post(self, request): + ott = SessionTransferToken.create_for_user(request.user) + return Response({ + "token": str(ott.token) + }) + + +class ConsumeSessionTransferTokenView(View): + def get(self, request): + token_str = request.GET.get("token") + next_url = request.GET.get("next", "/") #TODO: validate + + if not token_str: + return HttpResponseBadRequest("Missing token") + + try: + ott = SessionTransferToken.objects.get(token=token_str) + except SessionTransferToken.DoesNotExist: + return HttpResponseBadRequest("Invalid token") + + if not ott.is_valid(): + return HttpResponseForbidden("Token expired or already used") + + # Mark token as used + ott.used = True + ott.save(update_fields=["used"]) + + # Log in the user via Django session + login(request, ott.user) + + return redirect(next_url)