2018-06-30 01:25:46 +00:00
|
|
|
# -*- mode: python; coding: utf-8 -*-
|
2020-11-23 16:06:37 +00:00
|
|
|
# Re2o est un logiciel d'administration développé initiallement au Rézo Metz. Il
|
2018-03-17 17:20:31 +00:00
|
|
|
# se veut agnostique au réseau considéré, de manière à être installable en
|
|
|
|
# quelques clics.
|
|
|
|
#
|
|
|
|
# Copyright © 2018 Maël Kervella
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License along
|
|
|
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
|
2018-06-17 01:06:58 +00:00
|
|
|
"""Defines the views of the API
|
2018-03-17 17:20:31 +00:00
|
|
|
|
2018-06-17 01:06:58 +00:00
|
|
|
All views inherits the `rest_framework.views.APIview` to respect the
|
|
|
|
REST API requirements such as dealing with HTTP status code, format of
|
|
|
|
the response (JSON or other), the CSRF exempting, ...
|
2018-03-17 17:20:31 +00:00
|
|
|
"""
|
2018-03-17 17:50:03 +00:00
|
|
|
|
2018-04-21 19:48:33 +00:00
|
|
|
import datetime
|
2018-03-17 17:50:03 +00:00
|
|
|
|
2018-04-21 19:48:33 +00:00
|
|
|
from django.conf import settings
|
2020-01-25 22:37:17 +00:00
|
|
|
from django.contrib.auth.models import Group
|
2021-02-10 10:06:09 +00:00
|
|
|
from django.db.models import Q
|
|
|
|
from rest_framework import generics, views, viewsets
|
2018-04-21 19:48:33 +00:00
|
|
|
from rest_framework.authtoken.models import Token
|
2018-09-24 17:14:46 +00:00
|
|
|
from rest_framework.authtoken.views import ObtainAuthToken
|
2018-04-19 22:00:49 +00:00
|
|
|
from rest_framework.response import Response
|
|
|
|
|
2018-04-24 15:57:55 +00:00
|
|
|
from . import serializers
|
2018-06-10 15:12:42 +00:00
|
|
|
from .pagination import PageSizedPagination
|
2018-06-13 22:39:37 +00:00
|
|
|
from .permissions import ACLPermission
|
2018-03-17 17:57:11 +00:00
|
|
|
|
2018-04-13 19:35:52 +00:00
|
|
|
|
2018-04-21 19:48:33 +00:00
|
|
|
class ObtainExpiringAuthToken(ObtainAuthToken):
|
2018-06-17 01:06:58 +00:00
|
|
|
"""Exposes a view to obtain a authentication token.
|
|
|
|
|
|
|
|
This view as the same behavior as the
|
|
|
|
`rest_framework.auth_token.views.ObtainAuthToken` view except that the
|
|
|
|
expiration time is send along with the token as an addtional information.
|
|
|
|
"""
|
2018-09-24 17:14:46 +00:00
|
|
|
|
2018-04-21 19:48:33 +00:00
|
|
|
def post(self, request, *args, **kwargs):
|
|
|
|
serializer = self.serializer_class(data=request.data)
|
|
|
|
serializer.is_valid(raise_exception=True)
|
2019-11-04 16:55:03 +00:00
|
|
|
user = serializer.validated_data["user"]
|
2018-04-21 19:48:33 +00:00
|
|
|
token, created = Token.objects.get_or_create(user=user)
|
|
|
|
|
2019-11-04 16:55:03 +00:00
|
|
|
token_duration = datetime.timedelta(seconds=settings.API_TOKEN_DURATION)
|
2018-04-21 19:48:33 +00:00
|
|
|
utc_now = datetime.datetime.now(datetime.timezone.utc)
|
|
|
|
if not created and token.created < utc_now - token_duration:
|
|
|
|
token.delete()
|
|
|
|
token = Token.objects.create(user=user)
|
|
|
|
token.created = datetime.datetime.utcnow()
|
|
|
|
token.save()
|
|
|
|
|
2019-11-04 16:55:03 +00:00
|
|
|
return Response(
|
|
|
|
{"token": token.key, "expiration": token.created + token_duration}
|
|
|
|
)
|