Change to our own token authentication.
This commit is contained in:
parent
cc23d516a0
commit
c00c208199
0
django_etesync/token_auth/__init__.py
Normal file
0
django_etesync/token_auth/__init__.py
Normal file
0
django_etesync/token_auth/admin.py
Normal file
0
django_etesync/token_auth/admin.py
Normal file
5
django_etesync/token_auth/apps.py
Normal file
5
django_etesync/token_auth/apps.py
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
from django.apps import AppConfig
|
||||||
|
|
||||||
|
|
||||||
|
class TokenAuthConfig(AppConfig):
|
||||||
|
name = 'django_etesync.token_auth'
|
46
django_etesync/token_auth/authentication.py
Normal file
46
django_etesync/token_auth/authentication.py
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
from django.utils import timezone
|
||||||
|
from django.utils.translation import gettext_lazy as _
|
||||||
|
|
||||||
|
from rest_framework import exceptions
|
||||||
|
from rest_framework.authentication import TokenAuthentication as DRFTokenAuthentication
|
||||||
|
|
||||||
|
from .models import AuthToken, get_default_expiry
|
||||||
|
|
||||||
|
|
||||||
|
AUTO_REFRESH = True
|
||||||
|
MIN_REFRESH_INTERVAL = 60
|
||||||
|
|
||||||
|
|
||||||
|
class TokenAuthentication(DRFTokenAuthentication):
|
||||||
|
keyword = 'Token'
|
||||||
|
model = AuthToken
|
||||||
|
|
||||||
|
def authenticate_credentials(self, key):
|
||||||
|
msg = _('Invalid token.')
|
||||||
|
model = self.get_model()
|
||||||
|
try:
|
||||||
|
token = model.objects.select_related('user').get(key=key)
|
||||||
|
except model.DoesNotExist:
|
||||||
|
raise exceptions.AuthenticationFailed(msg)
|
||||||
|
|
||||||
|
if not token.user.is_active:
|
||||||
|
raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))
|
||||||
|
|
||||||
|
if token.expiry is not None:
|
||||||
|
if token.expiry < timezone.now():
|
||||||
|
token.delete()
|
||||||
|
raise exceptions.AuthenticationFailed(msg)
|
||||||
|
|
||||||
|
if AUTO_REFRESH:
|
||||||
|
self.renew_token(token)
|
||||||
|
|
||||||
|
return (token.user, token)
|
||||||
|
|
||||||
|
def renew_token(self, auth_token):
|
||||||
|
current_expiry = auth_token.expiry
|
||||||
|
new_expiry = get_default_expiry()
|
||||||
|
# Throttle refreshing of token to avoid db writes
|
||||||
|
delta = (new_expiry - current_expiry).total_seconds()
|
||||||
|
if delta > MIN_REFRESH_INTERVAL:
|
||||||
|
auth_token.expiry = new_expiry
|
||||||
|
auth_token.save(update_fields=('expiry',))
|
28
django_etesync/token_auth/migrations/0001_initial.py
Normal file
28
django_etesync/token_auth/migrations/0001_initial.py
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
# Generated by Django 3.0.3 on 2020-06-03 12:49
|
||||||
|
|
||||||
|
from django.conf import settings
|
||||||
|
from django.db import migrations, models
|
||||||
|
import django.db.models.deletion
|
||||||
|
from django_etesync.token_auth import models as token_auth_models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
initial = True
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.CreateModel(
|
||||||
|
name='AuthToken',
|
||||||
|
fields=[
|
||||||
|
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
|
||||||
|
('key', models.CharField(db_index=True, default=token_auth_models.generate_key, max_length=40, unique=True)),
|
||||||
|
('created', models.DateTimeField(auto_now_add=True)),
|
||||||
|
('expiry', models.DateTimeField(blank=True, default=token_auth_models.get_default_expiry, null=True)),
|
||||||
|
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='auth_token_set', to=settings.AUTH_USER_MODEL)),
|
||||||
|
],
|
||||||
|
),
|
||||||
|
]
|
0
django_etesync/token_auth/migrations/__init__.py
Normal file
0
django_etesync/token_auth/migrations/__init__.py
Normal file
26
django_etesync/token_auth/models.py
Normal file
26
django_etesync/token_auth/models.py
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
from django.contrib.auth import get_user_model
|
||||||
|
from django.db import models
|
||||||
|
from django.utils import timezone
|
||||||
|
from django.utils.crypto import get_random_string
|
||||||
|
|
||||||
|
User = get_user_model()
|
||||||
|
|
||||||
|
|
||||||
|
def generate_key():
|
||||||
|
return get_random_string(40)
|
||||||
|
|
||||||
|
|
||||||
|
def get_default_expiry():
|
||||||
|
return timezone.now() + timezone.timedelta(days=14)
|
||||||
|
|
||||||
|
|
||||||
|
class AuthToken(models.Model):
|
||||||
|
|
||||||
|
key = models.CharField(max_length=40, unique=True, db_index=True, default=generate_key)
|
||||||
|
user = models.ForeignKey(User, null=False, blank=False,
|
||||||
|
related_name='auth_token_set', on_delete=models.CASCADE)
|
||||||
|
created = models.DateTimeField(auto_now_add=True)
|
||||||
|
expiry = models.DateTimeField(null=True, blank=True, default=get_default_expiry)
|
||||||
|
|
||||||
|
def __str__(self):
|
||||||
|
return '{}: {}'.format(self.key, self.user)
|
@ -16,7 +16,7 @@ import json
|
|||||||
from functools import reduce
|
from functools import reduce
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib.auth import get_user_model, user_logged_in
|
from django.contrib.auth import get_user_model, user_logged_in, user_logged_out
|
||||||
from django.core.exceptions import PermissionDenied
|
from django.core.exceptions import PermissionDenied
|
||||||
from django.db import transaction, IntegrityError
|
from django.db import transaction, IntegrityError
|
||||||
from django.db.models import Max, Q
|
from django.db.models import Max, Q
|
||||||
@ -28,13 +28,14 @@ from rest_framework import viewsets
|
|||||||
from rest_framework import parsers
|
from rest_framework import parsers
|
||||||
from rest_framework.decorators import action as action_decorator
|
from rest_framework.decorators import action as action_decorator
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
from rest_framework.authtoken.models import Token
|
|
||||||
|
|
||||||
import nacl.encoding
|
import nacl.encoding
|
||||||
import nacl.signing
|
import nacl.signing
|
||||||
import nacl.secret
|
import nacl.secret
|
||||||
import nacl.hash
|
import nacl.hash
|
||||||
|
|
||||||
|
from .token_auth.models import AuthToken
|
||||||
|
|
||||||
from . import app_settings, permissions
|
from . import app_settings, permissions
|
||||||
from .models import (
|
from .models import (
|
||||||
Collection,
|
Collection,
|
||||||
@ -566,7 +567,7 @@ class AuthenticationViewSet(viewsets.ViewSet):
|
|||||||
|
|
||||||
def login_response_data(self, user):
|
def login_response_data(self, user):
|
||||||
return {
|
return {
|
||||||
'token': Token.objects.get_or_create(user=user)[0].key,
|
'token': AuthToken.objects.create(user=user).key,
|
||||||
'user': UserSerializer(user).data,
|
'user': UserSerializer(user).data,
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -666,8 +667,9 @@ class AuthenticationViewSet(viewsets.ViewSet):
|
|||||||
|
|
||||||
@action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes)
|
@action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes)
|
||||||
def logout(self, request):
|
def logout(self, request):
|
||||||
# FIXME: expire the token - we need better token handling - using knox? Something else?
|
request._auth.delete()
|
||||||
return Response({}, status=status.HTTP_200_OK)
|
user_logged_out.send(sender=request.user.__class__, request=request, user=request.user)
|
||||||
|
return Response(status=status.HTTP_204_NO_CONTENT)
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes)
|
@action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes)
|
||||||
def change_password(self, request):
|
def change_password(self, request):
|
||||||
|
Loading…
Reference in New Issue
Block a user