Gitiles
Code Review Sign In
gerrit.opencord.org / xos / d2044a4ac84dc244507463b0cb78331f2d3a98a6 / . / xos / core / xoslib / methods / loginview.py
blob: ce64ec56e91c7fe6dd1cbc789edb27b0538f04b1 [file] [log] [blame]
# Copyright 2017-present Open Networking Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from rest_framework.decorators import api_view
from rest_framework.response import Response
from rest_framework.reverse import reverse
from rest_framework import serializers
from rest_framework import generics
from rest_framework.views import APIView
from core.models import *
from django.forms import widgets
from django.forms.models import model_to_dict
from django.core.exceptions import PermissionDenied
from django.contrib.contenttypes.models import ContentType
import json
import socket
import time
import django.middleware.csrf
from xos.exceptions import *
from django.contrib.sessions.backends.db import SessionStore
from django.contrib.sessions.models import Session
from django.contrib.auth import authenticate
def date_handler(obj):
return obj.isoformat() if hasattr(obj, 'isoformat') else obj
def serialize_user(model):
serialized = model_to_dict(model)
del serialized['timezone']
del serialized['password']
return json.dumps(serialized, default=date_handler)
class LoginView(APIView):
method_kind = "list"
method_name = "login"
def do_login(self, request, username, password):
if not username:
raise XOSMissingField("No username specified")
if not password:
raise XOSMissingField("No password specified")
u=authenticate(username=username, password=password)
if not u:
raise PermissionDenied("Failed to authenticate user %s" % username)
auth = {"username": username, "password": password}
request.session["auth"] = auth
request.session['_auth_user_id'] = u.pk
request.session['_auth_user_backend'] = u.backend
request.session.save()
return Response({
"xoscsrftoken": django.middleware.csrf.get_token(request),
"xossessionid": request.session.session_key,
"user": serialize_user(u)
})
def get(self, request, format=None):
username = request.GET.get("username", None)
password = request.GET.get("password", None)
return self.do_login(request, username, password)
def post(self, request, format=None):
username = request.data.get("username", None)
password = request.data.get("password", None)
return self.do_login(request, username, password)
class LogoutView(APIView):
method_kind = "list"
method_name = "logout"
def do_logout(self, request, sessionid):
if not sessionid:
raise XOSMissingField("No xossessionid specified")
# Make sure the session exists. This prevents us from accidentally
# creating empty sessions with SessionStore()
session = Session.objects.filter(session_key=sessionid)
if not session:
# session doesn't exist
raise PermissionDenied("Session does not exist")
session = SessionStore(session_key=sessionid)
if "auth" in session:
del session["auth"]
session.save()
if "_auth_user_id" in session:
del session["_auth_user_id"]
session.save()
return Response("Logged Out")
def get(self, request, format=None):
sessionid = request.GET.get("xossessionid", None)
return self.do_logout(request, sessionid)
def post(self, request, format=None):
sessionid = request.data.get("xossessionid", None)
return self.do_logout(request, sessionid)