Add tokenloginmixin and beatify api page with example

acb8cf66 · Jonathan Seguin · 3eff9ae1 · acb8cf66 · acb8cf66 · acb8cf66
Commit acb8cf66 authored 4 years ago by Jonathan Seguin
--- a/iric_data/settings.py
+++ b/iric_data/settings.py
@@ -141,6 +141,7 @@ AUTHENTICATION_BACKENDS = [
    'social_core.backends.azuread_tenant.AzureADTenantOAuth2',
    'django.contrib.auth.backends.ModelBackend',
    'django_auth_ldap.backend.LDAPBackend',
+    'portal.auth_backends.TokenAuthBackend',
 ]

 SOCIAL_AUTH_PIPELINE = (

--- a/portal/auth_backends.py
+++ b/portal/auth_backends.py
+from django.contrib.auth.backends import ModelBackend
+from django.contrib.auth.models import User
+
+
+class TokenAuthBackend(ModelBackend):
+    def authenticate(self, request, token=None):
+        if not token and 'token' in request.headers and request.headers['token']:
+            token = request.headers['token']
+
+        try:
+            return User.objects.get(profile__api_token=token)
+        except User.DoesNotExist:
+            return None
+
+    def get_user(self, user_id):
+        try:
+            return User.objects.get(pk=user_id)
+        except User.DoesNotExist:
+            return None
--- a/portal/templates/portal/secure/user/api.html
+++ b/portal/templates/portal/secure/user/api.html
@@ -4,7 +4,26 @@
 {% block main_content %}
 <div class="row mb-5">
    <div class="col">
-        API Token : <pre><code>{{user.profile.api_token}}</code></pre>
+        <div class="alert alert-warning alert-dismissible fade show" role="alert">
+            <h4 class="alert-heading">{% trans 'Warning' %}!</h4>
+            <p>This token enables authentication to IRIC Data. Do not share this token!</p>
+        </div>
+
+
+        <p>API Token :</p>
+        <div class="col-8 alert alert-dark">
+            <pre class='mb-0'><code><h5 class='mb-0'>{{user.profile.api_token}}</h5></code></pre>
+        </div>
+        <p>
+        Use this token to authenticate your API calls by inserting it in the request header with the key 'token'.
+        Ex.
+        </p>
+        <div class="col-9 alert alert-secondary">
+            <pre class='mb-0'><code>import requests
+url = 'http://localhost:8000/api/v1/my-datasets/list/json/'
+headers = {'token': '{{user.profile.api_token}}'}
+r = requests.get(url, headers=headers)</code></pre>
+        </div>
    </div>
 </div>


--- a/portal/views/__init__.py
+++ b/portal/views/__init__.py
@@ -9,10 +9,19 @@ from django.views.generic import ListView
 from django.views.generic.base import ContextMixin
 from django.views.generic.detail import BaseDetailView, SingleObjectMixin
 from django.views.generic.edit import ModelFormMixin
+from django.contrib.auth import login, authenticate
+from django.contrib.auth.mixins import LoginRequiredMixin

 from ..models import (AppSettings, DataFile, DataSet, Lab, Log, Profile,
                      ShareGroup)

+class TokenLoginMixin(LoginRequiredMixin):
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_authenticated:
+            user = authenticate(request)
+            login(request, user)
+        return super().dispatch(request, *args, **kwargs)
+

 class StaffViewMixin(UserPassesTestMixin):
    def test_func(self):

--- a/portal/views/secure/api.py
+++ b/portal/views/secure/api.py
@@ -6,6 +6,7 @@ from django.db.models import Q
 from django.shortcuts import get_object_or_404
 from django.views.generic import TemplateView
 from django.utils.translation import ugettext_lazy as _
+from portal.views import TokenLoginMixin


 from ...models import DataFile, DataSet, Profile
@@ -22,7 +23,7 @@ class APIView(TemplateView, ActivePageViewMixin):


 # DataFile API Views #######
-class DataFileLookupJSONListView(LoginRequiredMixin, JSONListView):
+class DataFileLookupJSONListView(TokenLoginMixin, JSONListView):
    model = DataFile

    def get_queryset(self):
@@ -61,7 +62,7 @@ class DataFileLookupJSONListView(LoginRequiredMixin, JSONListView):
        return rows


-class DataFileAnnotationJSONView(LoginRequiredMixin, JSONView):
+class DataFileAnnotationJSONView(TokenLoginMixin, JSONView):
    model = DataFile

    def get_data(self):
@@ -69,7 +70,7 @@ class DataFileAnnotationJSONView(LoginRequiredMixin, JSONView):
        return o.annotations if o.annotations else {}


-class DataFileMetadataJSONView(LoginRequiredMixin, JSONView):
+class DataFileMetadataJSONView(TokenLoginMixin, JSONView):
    model = DataFile

    def get_data(self):
@@ -89,7 +90,7 @@ class DataFileMetadataJSONView(LoginRequiredMixin, JSONView):


 # DataSet API Views #######
-class AdminDataSetJSONListView(StaffViewMixin, JSONListView):
+class AdminDataSetJSONListView(TokenLoginMixin, JSONListView):
    model = DataSet

    def get_queryset(self):
@@ -113,7 +114,7 @@ class AdminDataSetJSONListView(StaffViewMixin, JSONListView):
        return rows


-class UserDataSetJSONListView(LoginRequiredMixin, JSONListView):
+class UserDataSetJSONListView(TokenLoginMixin, JSONListView):
    model = DataSet

    def get_queryset(self):

--- a/requirements.txt
+++ b/requirements.txt
@@ -4,7 +4,7 @@ cffi==1.14.3
 chardet==3.0.4
 cryptography==3.1.1
 defusedxml==0.7.0rc1
-Django==2.0.13
+Django==2.2.17
 django-auth-ldap==1.7.0
 django-chartjs==1.3
 django-crispy-forms==1.8.1