Token authentication, api endpoints and 'BearerAuthentication' working.

Pipfile

@@ -0,0 +1,11 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[dev-packages]
+
+[packages]
+
+[requires]
+python_version = "3.7"

Pipfile.lock

@@ -0,0 +1,20 @@
+{
+    "_meta": {
+        "hash": {
+            "sha256": "7e7ef69da7248742e869378f8421880cf8f0017f96d94d086813baa518a65489"
+        },
+        "pipfile-spec": 6,
+        "requires": {
+            "python_version": "3.7"
+        },
+        "sources": [
+            {
+                "name": "pypi",
+                "url": "https://pypi.org/simple",
+                "verify_ssl": true
+            }
+        ]
+    },
+    "default": {},
+    "develop": {}
+}

back/Pipfile

@@ -9,8 +9,8 @@ verify_ssl = true
 django = "==2.1.5"
 django-cors-headers = "==2.4.0"
 djangorestframework = "==3.8.2"
-
 gunicorn = "==19.6.0"
+django-rest-auth = "==0.9.3"
 
 [requires]
 python_version = "3.5"

back/Pipfile.lock

@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "b5222b4256c8f09a9b1b1d380285fa65c443f84d28dc03450684fca84b38a26b"
+            "sha256": "d3bf402a934e168cbdc04022effcdb9ff8d4fde5b83d79bb388ad2a4c547894a"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -32,6 +32,13 @@
             "index": "pypi",
             "version": "==2.4.0"
         },
+        "django-rest-auth": {
+            "hashes": [
+                "sha256:ad155a0ed1061b32e3e46c9b25686e397644fd6acfd35d5c03bc6b9d2fc6c82a"
+            ],
+            "index": "pypi",
+            "version": "==0.9.3"
+        },
         "djangorestframework": {
             "hashes": [
                 "sha256:b6714c3e4b0f8d524f193c91ecf5f5450092c2145439ac2769711f7eba89a9d9",
@@ -54,6 +61,13 @@
                 "sha256:d5f05e487007e29e03409f9398d074e158d920d36eb82eaf66fb1136b0c5374c"
             ],
             "version": "==2018.9"
+        },
+        "six": {
+            "hashes": [
+                "sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c",
+                "sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73"
+            ],
+            "version": "==1.12.0"
         }
     },
     "develop": {}

back/backend/urls.py

@@ -12,9 +12,6 @@ urlpatterns = [
     path('reports', views.reports),
     path('report/<int:report_pk>', views.report_detail),
     path('report/<int:report_pk>/section/<int:section_pk>', views.section),
-    path('account', views.account),
-    path('account/login', views.account_login),
-    path('account/logout', views.account_logout),
 ]
 
-urlpatterns = format_suffix_patterns(urlpatterns)
+urlpatterns = format_suffix_patterns(urlpatterns)

back/backend/views.py

@@ -87,6 +87,8 @@ def report(request):
 
 @api_view(['GET'])
 def reports(request):
+    print("User: ", request.user)
+    print("User id: ", request.user.id)
     data = {
         "reports": [
             {
@@ -199,24 +201,3 @@ def section(request, report_pk, section_pk):
         }
     }
     return JsonResponse(data)
-
-@api_view(['POST'])
-def account(request):
-    '''
-    Create a new user account
-    '''
-    return JsonResponse({"message": "Account creation successful."})
-
-@api_view(['POST'])
-def account_login(request):
-    '''
-    Log in to a user account
-    '''
-    return JsonResponse({"message": "Successfully logged in."})
-
-@api_view(['DELETE'])
-def account_logout(request):
-    '''
-    Log out from a user account
-    '''
-    return JsonResponse({"message": "User logged out."})

back/reimbursinator/custom_auth.py

@@ -0,0 +1,9 @@
+from rest_framework.authentication import TokenAuthentication
+
+class BearerAuthentication(TokenAuthentication):
+    """
+    This class simply changes the expected token keyword to 'Bearer'
+    from the Django rest authentication default 'Token'. This allows
+    applications like Postman to work with token authentication.
+    """
+    keyword = "Bearer"

back/reimbursinator/settings.py

@@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/2.1/ref/settings/
 """
 
 import os
+#from reimbursinator.custom_auth import BearerAuthentication
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -40,6 +41,8 @@ INSTALLED_APPS = [
     'django.contrib.staticfiles',
 # 3rd party
     'rest_framework',
+    'rest_framework.authtoken',
+    'rest_auth',
     'corsheaders',
 # local
     'users',
@@ -48,8 +51,12 @@ INSTALLED_APPS = [
 
 REST_FRAMEWORK = {
     'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.AllowAny',
+        'rest_framework.permissions.IsAuthenticated',
-    ]
+    ],
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.SessionAuthentication',
+        'reimbursinator.custom_auth.BearerAuthentication',
+    ],
 }
 
 MIDDLEWARE = [

back/reimbursinator/urls.py

@@ -12,4 +12,6 @@ from django.urls import path, include
 urlpatterns = [
     path('admin/', admin.site.urls),
     path('api/v1/', include("backend.urls")),
-]
+    path('api/v1/account/', include('rest_auth.urls')),
+    path('api-auth/', include('rest_framework.urls')),
+]