Commit 76d20502 authored by Christopher Løkken's avatar Christopher Løkken
Browse files

moved RememberMe serializer to user + fixed api urls

parent f9a31555
Pipeline #171561 failed with stages
in 35 seconds
......@@ -21,16 +21,9 @@ from rest_framework_simplejwt.views import (
TokenObtainPairView,
TokenRefreshView,
)
import workouts.views
from users.views import user
from secfit import views
api_url_patterns = [
path("", include("workouts.urls")),
path("", include("users.urls")),
path("", include("comments.urls")),
path("", include("meals.urls")),
]
token_url_patterns = [
path(
"",
......@@ -42,17 +35,25 @@ token_url_patterns = [
name="token_refresh"),
]
urlpatterns = [
path("", views.api_root),
path("admin/", admin.site.urls),
path("api/", include(api_url_patterns)),
api_url_patterns = [
path("", include("workouts.urls")),
path("", include("users.urls")),
path("", include("comments.urls")),
path("", include("meals.urls")),
path("auth/", include("rest_framework.urls")),
path("token/", include(token_url_patterns)),
path(
"remember_me/",
workouts.views.RememberMe.as_view(),
user.RememberMe.as_view(),
name="remember_me"),
]
urlpatterns = [
path("", views.api_root),
path("admin/", admin.site.urls),
path("api/", include(api_url_patterns)),
]
urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
from rest_framework import serializers
from django.contrib.auth import get_user_model, password_validation
from users.models import Offer, AthleteFile
from django import forms
from django.contrib.auth import get_user_model
from users.models import Offer, AthleteFile, RememberMe
class UserGetSerializer(serializers.HyperlinkedModelSerializer):
......@@ -74,3 +71,16 @@ class OfferSerializer(serializers.HyperlinkedModelSerializer):
"status",
"timestamp",
]
class RememberMeSerializer(serializers.HyperlinkedModelSerializer):
"""Serializer for an RememberMe. Hyperlinks are used for relationships by default.
Serialized fields: remember_me
Attributes:
remember_me: Value of cookie used for remember me functionality
"""
class Meta:
model = RememberMe
fields = ["remember_me"]
import django
import json
import base64
import pickle
from collections import namedtuple
from django.contrib.auth import get_user_model
from django.core.exceptions import PermissionDenied
from django.core.signing import Signer
from rest_framework import mixins, generics
from rest_framework import permissions
from rest_framework import status
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework_simplejwt.tokens import RefreshToken
from users.models import User
from users.permissions import IsCurrentUser
from users.serializers.UserSerializer import UserSerializer
from users.serializers.UserCustomSerializers import (
UserPutAthleteSerializer,
UserPutVisibilitySerializer,
UserGetSerializer,
RememberMeSerializer
)
from users.models import User
from django.contrib.auth import get_user_model
from users.permissions import IsCurrentUser
from workouts.permissions import IsReadOnly
# Create your views here.
......@@ -38,8 +42,8 @@ class UserList(mixins.ListModelMixin, mixins.CreateModelMixin,
if self.request.user:
# Return the currently logged in user
status = self.request.query_params.get("user", None)
if status and status == "current":
stat = self.request.query_params.get("user", None)
if stat and stat == "current":
qs = get_user_model().objects.filter(pk=self.request.user.pk)
return qs
......@@ -101,3 +105,50 @@ class UserVisibility(
def put(self, request, *args, **kwargs):
self.serializer_class = UserPutVisibilitySerializer
return self.update(request, *args, **kwargs)
# Allow users to save a persistent session in their browser
class RememberMe(
mixins.ListModelMixin,
mixins.CreateModelMixin,
mixins.DestroyModelMixin,
generics.GenericAPIView,
):
serializer_class = RememberMeSerializer
def get(self, request):
if not request.user.is_authenticated:
raise PermissionDenied
else:
return Response({"remember_me": self.rememberme()})
def post(self, request):
cookie_object = namedtuple("Cookies", request.COOKIES.keys())(
*request.COOKIES.values()
)
user = self.get_user(cookie_object)
refresh = RefreshToken.for_user(user)
return Response(
{
"refresh": str(refresh),
"access": str(refresh.access_token),
}
)
def get_user(self, cookie_object):
decode = base64.b64decode(cookie_object.remember_me)
user, sign = pickle.loads(decode)
# Validate signature
if sign == self.sign_user(user):
return user
def rememberme(self):
creds = [self.request.user, self.sign_user(str(self.request.user))]
return base64.b64encode(pickle.dumps(creds))
def sign_user(self, username):
signer = Signer()
signed_user = signer.sign(username)
return signed_user
......@@ -5,7 +5,6 @@ from rest_framework.serializers import HyperlinkedRelatedField
from workouts.models.workouts import Workout
from workouts.models.exercises import Exercise, ExerciseInstance
from workouts.models.storage import WorkoutFile
from users.models import RememberMe
class ExerciseInstanceSerializer(serializers.HyperlinkedModelSerializer):
......@@ -233,17 +232,3 @@ class ExerciseSerializer(serializers.HyperlinkedModelSerializer):
"muscleGroup",
"unit",
"instances"]
class RememberMeSerializer(serializers.HyperlinkedModelSerializer):
"""Serializer for an RememberMe. Hyperlinks are used for relationships by default.
Serialized fields: remember_me
Attributes:
remember_me: Value of cookie used for remember me functionality
"""
class Meta:
model = RememberMe
fields = ["remember_me"]
"""Contains views for the workouts application. These are mostly class-based views.
"""
import base64
import pickle
from collections import namedtuple
from rest_framework import generics, mixins
from rest_framework import permissions
from rest_framework import filters
from rest_framework.parsers import (
JSONParser,
)
from rest_framework.response import Response
from rest_framework import filters
from rest_framework_simplejwt.tokens import RefreshToken
from django.db.models import Q
from django.core.exceptions import PermissionDenied
from django.core.signing import Signer
from workouts.parsers import MultipartJsonParser
from workouts.permissions import (
IsOwner,
......@@ -29,56 +22,7 @@ from workouts.mixins import CreateListModelMixin
from workouts.models.workouts import Workout
from workouts.models.exercises import Exercise, ExerciseInstance
from workouts.models.storage import WorkoutFile
from workouts.serializers import WorkoutSerializer, ExerciseSerializer
from workouts.serializers import RememberMeSerializer
from workouts.serializers import ExerciseInstanceSerializer, WorkoutFileSerializer
# Allow users to save a persistent session in their browser
class RememberMe(
mixins.ListModelMixin,
mixins.CreateModelMixin,
mixins.DestroyModelMixin,
generics.GenericAPIView,
):
serializer_class = RememberMeSerializer
def get(self, request):
if not request.user.is_authenticated:
raise PermissionDenied
else:
return Response({"remember_me": self.rememberme()})
def post(self, request):
cookie_object = namedtuple("Cookies", request.COOKIES.keys())(
*request.COOKIES.values()
)
user = self.get_user(cookie_object)
refresh = RefreshToken.for_user(user)
return Response(
{
"refresh": str(refresh),
"access": str(refresh.access_token),
}
)
def get_user(self, cookie_object):
decode = base64.b64decode(cookie_object.remember_me)
user, sign = pickle.loads(decode)
# Validate signature
if sign == self.sign_user(user):
return user
def rememberme(self):
creds = [self.request.user, self.sign_user(str(self.request.user))]
return base64.b64encode(pickle.dumps(creds))
def sign_user(self, username):
signer = Signer()
signed_user = signer.sign(username)
return signed_user
from workouts.serializers import WorkoutSerializer, ExerciseSerializer, ExerciseInstanceSerializer, WorkoutFileSerializer
class WorkoutList(
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment