From 20d0c488390c25669eeb1d4055a472f6f1550749 Mon Sep 17 00:00:00 2001
From: kououken <kououken@gmail.com>
Date: Sun, 3 Feb 2019 16:56:34 -0800
Subject: [PATCH 1/3] Token authentication, api endpoints and
 'BearerAuthentication' working.

---
 Pipfile                            |  11 +++++++++++
 Pipfile.lock                       |  20 ++++++++++++++++++++
 back/Pipfile                       |   2 +-
 back/Pipfile.lock                  |  16 +++++++++++++++-
 back/backend/__init__.py           |   0
 back/backend/urls.py               |   5 +----
 back/backend/views.py              |  23 ++---------------------
 back/db.sqlite3                    | Bin 53248 -> 59392 bytes
 back/reimbursinator/custom_auth.py |   9 +++++++++
 back/reimbursinator/settings.py    |  11 +++++++++--
 back/reimbursinator/urls.py        |   4 +++-
 back/users/__init__.py             |   0
 12 files changed, 71 insertions(+), 30 deletions(-)
 create mode 100644 Pipfile
 create mode 100644 Pipfile.lock
 create mode 100644 back/backend/__init__.py
 create mode 100644 back/reimbursinator/custom_auth.py
 create mode 100644 back/users/__init__.py

diff --git a/Pipfile b/Pipfile
new file mode 100644
index 0000000..b723d01
--- /dev/null
+++ b/Pipfile
@@ -0,0 +1,11 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[dev-packages]
+
+[packages]
+
+[requires]
+python_version = "3.7"
diff --git a/Pipfile.lock b/Pipfile.lock
new file mode 100644
index 0000000..9a51a28
--- /dev/null
+++ b/Pipfile.lock
@@ -0,0 +1,20 @@
+{
+    "_meta": {
+        "hash": {
+            "sha256": "7e7ef69da7248742e869378f8421880cf8f0017f96d94d086813baa518a65489"
+        },
+        "pipfile-spec": 6,
+        "requires": {
+            "python_version": "3.7"
+        },
+        "sources": [
+            {
+                "name": "pypi",
+                "url": "https://pypi.org/simple",
+                "verify_ssl": true
+            }
+        ]
+    },
+    "default": {},
+    "develop": {}
+}
diff --git a/back/Pipfile b/back/Pipfile
index b2fa8cc..54943ec 100644
--- a/back/Pipfile
+++ b/back/Pipfile
@@ -9,8 +9,8 @@ verify_ssl = true
 django = "==2.1.5"
 django-cors-headers = "==2.4.0"
 djangorestframework = "==3.8.2"
-
 gunicorn = "==19.6.0"
+django-rest-auth = "==0.9.3"
 
 [requires]
 python_version = "3.5"
diff --git a/back/Pipfile.lock b/back/Pipfile.lock
index 4527d5b..e493330 100644
--- a/back/Pipfile.lock
+++ b/back/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "b5222b4256c8f09a9b1b1d380285fa65c443f84d28dc03450684fca84b38a26b"
+            "sha256": "d3bf402a934e168cbdc04022effcdb9ff8d4fde5b83d79bb388ad2a4c547894a"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -32,6 +32,13 @@
             "index": "pypi",
             "version": "==2.4.0"
         },
+        "django-rest-auth": {
+            "hashes": [
+                "sha256:ad155a0ed1061b32e3e46c9b25686e397644fd6acfd35d5c03bc6b9d2fc6c82a"
+            ],
+            "index": "pypi",
+            "version": "==0.9.3"
+        },
         "djangorestframework": {
             "hashes": [
                 "sha256:b6714c3e4b0f8d524f193c91ecf5f5450092c2145439ac2769711f7eba89a9d9",
@@ -54,6 +61,13 @@
                 "sha256:d5f05e487007e29e03409f9398d074e158d920d36eb82eaf66fb1136b0c5374c"
             ],
             "version": "==2018.9"
+        },
+        "six": {
+            "hashes": [
+                "sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c",
+                "sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73"
+            ],
+            "version": "==1.12.0"
         }
     },
     "develop": {}
diff --git a/back/backend/__init__.py b/back/backend/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/back/backend/urls.py b/back/backend/urls.py
index 8e0cada..1f1cdcd 100644
--- a/back/backend/urls.py
+++ b/back/backend/urls.py
@@ -12,9 +12,6 @@ urlpatterns = [
     path('reports', views.reports),
     path('report/<int:report_pk>', views.report_detail),
     path('report/<int:report_pk>/section/<int:section_pk>', views.section),
-    path('account', views.account),
-    path('account/login', views.account_login),
-    path('account/logout', views.account_logout),
 ]
 
-urlpatterns = format_suffix_patterns(urlpatterns)
\ No newline at end of file
+urlpatterns = format_suffix_patterns(urlpatterns)
diff --git a/back/backend/views.py b/back/backend/views.py
index 1f99059..68d6acb 100644
--- a/back/backend/views.py
+++ b/back/backend/views.py
@@ -87,6 +87,8 @@ def report(request):
 
 @api_view(['GET'])
 def reports(request):
+    print("User: ", request.user)
+    print("User id: ", request.user.id)
     data = {
         "reports": [
             {
@@ -199,24 +201,3 @@ def section(request, report_pk, section_pk):
         }
     }
     return JsonResponse(data)
-
-@api_view(['POST'])
-def account(request):
-    '''
-    Create a new user account
-    '''
-    return JsonResponse({"message": "Account creation successful."})
-
-@api_view(['POST'])
-def account_login(request):
-    '''
-    Log in to a user account
-    '''
-    return JsonResponse({"message": "Successfully logged in."})
-
-@api_view(['DELETE'])
-def account_logout(request):
-    '''
-    Log out from a user account
-    '''
-    return JsonResponse({"message": "User logged out."})
diff --git a/back/db.sqlite3 b/back/db.sqlite3
index bfc38f728890df0c057a06cad169fe8f1804510a..47bfc6a538bd931d6f34bf4ae31df582615a398a 100644
GIT binary patch
delta 2231
zcma)7ZA_C_6u$SKmVStQC{U(OJ_fV|!M-2u`?koIiqI9M2=Y~oc5nL@DD(rNrGPPt
zlJILd@-A~`S+clg+aH%~Zx*IwSu&F)bD1%VKXh}O@#jAIvtRyjx2+;pH`nI9$vNja
z&pr2?d(S!b4xG9UuWc`mA%vXt6X*x@JG#7!!?BNFNdazAZ^CYkP7B9j6+Tc4^j&~W
z%F#_G_f4eJ2c%LAyRkeb#YW=(Xn15&N`&LFsj}iCFynv}91q20|8O`Ik@Ml^Rt+>@
zDVZ4cPlP6;;i)MKwJ58b%JoLNDg9ZL+nX%;Mi3DE3E#pGAgBfTW+>UJsW4?66LCtI
zS&Yj5!b{~wup{^bZoyT!2yemy90NaefL*Q1-v%XHj2cv7N^khcPwCit87$}*MOWg{
z<1!3rjS5xzMR$<~S7GCHIF#~d;Fc{KT#JozC=yD9vMO^{6&$6<eW0o<)Zhwilw>&z
zsa5Mre=Y+Hlq$Mi9zB?$3bsS3TBZMjlxqQFqb0MNGizODtyLO#-^#m$z(+1o;6<XJ
zf1VVe`FfY~BfImEE8*%5^i9vWT>Ir3w=j92-PPCC*EQ|+1j2#2Lz37L+-DzSh8p@L
zcWZm+q5a<Eu}II%cnfP~9F11C(aKe_oRbrrytRpC9K6UYEO)jzqvcsA!#3G@8_O{2
z_Z+(qOpsD^GmQjNYVi&i<fTJ2nA8);7d6zjr07mj+Y+@6f>r|tY*Ljo$Mhw7QjXwL
zn1{WvnOq}hiI0@i!yLuR^s5)TUn<k0ie}e(Ev!~6>!(uOPlL2uS=R1n1YXz}G3(?Q
zCvR_ZFoMWf`BF+y`-nhU)0C!9@DL@kb}J*OXP1)2MnFY~yh{pEky`K>CTih@zc(8R
zUO?n4y0kAZi<Z;PpzU1Hx`N5DBqU>ru@O-kp9;-J99Bn^nI1`5qvBX}!lwTEi58y}
zGW+mOo@){W#$gjrH<OGzCnu8f1jkQD=NwFGCYh9MleW=RL=xuW!RTDl%XV|Vxo*}s
z)@JJ*=o#~}9pheif3(XzG~TtZZ??17m-3DESv&W&@!sB^a3|YIbrXUo;uw_&d*Xv!
z|J=}^)G;g#bcegbo*7R#6&_^U8QDELEDw4k!H6U58}LpJ4cNv#WAX5idtx*Ym8TCx
zz0-kM&#W}yN%{u+tx~IP9T%Lnc>`=uB+%9|>SGg;K(t#~R*ybMPsuqS+y^@=h{EY+
zoH?a(XQh%RVjDIRSV6D?w_%0We*rpbpc6kUg^&h4D^Wzby;4_#kp?jck0OTD;QH);
z*|oiEKKZiF)X;#>R3)T9B(#2uvQI8Y6kB`RT)l0Ty{^3n+A6Datksp4YUQnS7Hx1c
zBqfyZy2_Q84sXlr^Lo1b+LXb=t-AV_jyzL$gHm*^yeh}p&*mtc%E;&E>q!v3U^1KW
zqL2yiv9|X>Xz@JcY{;STGdT(eLilaBJI{33mX0CU?Dxkb@)Ln%w6uNWgITYWIiy*y
zr*he;m(FCf;WG_S%WlT=X>7Lt%5z~X<Co6%za+YyR-v}AKHd2VTtRRbuE2ZrR=oi)
z?gSTp*a?^?-X7$dAHTFjz58XgrltsAM{ox&!|N~!y<mlW@;kXoE|59WPef9J*YI`P
zo<77UcUrUvSJiLm{H;=~GCc<>d(-2l+Dz@WjgJk2G$K0~9$@OSn2nPmjmgSc%#K=$
zsW3kp6={GZ>*TCi?f?2CZJ7bDBKQWDzzZehC-Odtks`cG1HFK2drSu8Dl{F&hV|^E
zJ3H-w+0Mj^HkMP)FIE;#NK;d(_@rEY<iv?12BH>STf=y>iuc^tEg#ew2+cXII<nDp
z{{_l@vo;TB9yXOP!XY=-9C6_wZF4-sGa_ead52w;M243ciR0M7FwaR2k(Xsw4ss6*
wwQ<NW4mx>kBwbq!HxS&Q#8+WY0~|5@U)rqiJp}g<eGo{b48Nu44K|Q}0PJ;wod5s;

delta 754
zcmZXRT}YEr7{|{!&puw~bnkF(QX+GhQ*`Z1=SOv6lf=!BNHguCHQk)EwWUt&L&K#Y
z1i9pNk#}QJbW>1=vWXyhQDk7D5E?VYyP~9<?mG^;kPhc?cz)+R=lTDiGxZs!5^(>h
z+KmvZ;_Kh&oUgQF_lwKpfKRe5FiYeTcnr(1#d3vqz*>4KTi3LYiiBQopD2RyV87xI
z`#k+Yf5->>NT=o$AEL^93});b^o9cw&(&aH*c%N-!Xp~GoLwMf@ydA;sG#ZWGDQ}+
z5$wZ9_{v135#|$G>Q<$+S>QtO3$|emp20(yfg$jKi>V7OKwWuDP=ZUTT+>X8g)gi$
z|C<&{z(nPh&8%41A=G5vmTe;FA)7pYPlOndTofxu^sTL^u6m@WDQt5^8UxYB62}GS
zfY*Fx)N--Es-wnH)qSp`XUu7dwzRh1XmeJKng<=usKpx%)is==HhWxc)mtp}He0>b
ze!R|JYpu4i4ZE!ov@l8K*G*htGqA~9vl31yl}{ZI4=_4CB#1H+NAL<_a2j&RI*D^_
zy_k;OOVWbd<19Wms#Xx9LgW!q5fyj#R1wqH%5~?hIMzgmQx2KO6AAf_(e|X4uB6N@
znb4pwGmQBA4%+Jp`uH@I^Y*^hS*>`sA?oc7`44?eCg*=*r=R$vXA@Fs<^sLeR!#3F
zOiY#hlOw}q6_Hi0_6-s4oWRo78EFIEUDUH5FOOguhBSgSx48i{y;!Q`29Su52!ZJd
zmYcvtf)MUzdC5*p2T}_P1(%0m55XSK*#fq=VvrOnNf&}$Sb_&I44q&BCHYC#NRr$n
xUA(Y^u&#H{r5b^V2tL3Zw1I}~kS8QeM1K4otEMMv<T|4f&(>r-GjaVl{tI!)+?D_U

diff --git a/back/reimbursinator/custom_auth.py b/back/reimbursinator/custom_auth.py
new file mode 100644
index 0000000..9097e26
--- /dev/null
+++ b/back/reimbursinator/custom_auth.py
@@ -0,0 +1,9 @@
+from rest_framework.authentication import TokenAuthentication
+
+class BearerAuthentication(TokenAuthentication):
+    """
+    This class simply changes the expected token keyword to 'Bearer'
+    from the Django rest authentication default 'Token'. This allows
+    applications like Postman to work with token authentication.
+    """
+    keyword = "Bearer"
diff --git a/back/reimbursinator/settings.py b/back/reimbursinator/settings.py
index e274dc5..c9f3c5e 100644
--- a/back/reimbursinator/settings.py
+++ b/back/reimbursinator/settings.py
@@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/2.1/ref/settings/
 """
 
 import os
+#from reimbursinator.custom_auth import BearerAuthentication
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -40,6 +41,8 @@ INSTALLED_APPS = [
     'django.contrib.staticfiles',
 # 3rd party
     'rest_framework',
+    'rest_framework.authtoken',
+    'rest_auth',
     'corsheaders',
 # local
     'users',
@@ -48,8 +51,12 @@ INSTALLED_APPS = [
 
 REST_FRAMEWORK = {
     'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.AllowAny',
-    ]
+        'rest_framework.permissions.IsAuthenticated',
+    ],
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.SessionAuthentication',
+        'reimbursinator.custom_auth.BearerAuthentication',
+    ],
 }
 
 MIDDLEWARE = [
diff --git a/back/reimbursinator/urls.py b/back/reimbursinator/urls.py
index 53beb58..62397e8 100644
--- a/back/reimbursinator/urls.py
+++ b/back/reimbursinator/urls.py
@@ -12,4 +12,6 @@ from django.urls import path, include
 urlpatterns = [
     path('admin/', admin.site.urls),
     path('api/v1/', include("backend.urls")),
-]
\ No newline at end of file
+    path('api/v1/account/', include('rest_auth.urls')),
+    path('api-auth/', include('rest_framework.urls')),
+]
diff --git a/back/users/__init__.py b/back/users/__init__.py
new file mode 100644
index 0000000..e69de29

From c8ae149510ea3dc045788ff81ecdcd7e581f6947 Mon Sep 17 00:00:00 2001
From: kououken <kououken@gmail.com>
Date: Sun, 3 Feb 2019 18:30:42 -0800
Subject: [PATCH 2/3] CSRF backend issue fixed. If cookies are maintained, it
 seems to work.

---
 back/db.sqlite3                 | Bin 59392 -> 59392 bytes
 back/reimbursinator/settings.py |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/back/db.sqlite3 b/back/db.sqlite3
index 47bfc6a538bd931d6f34bf4ae31df582615a398a..cb78c4ce8a1b68160cad808fed6c059b6c863fe2 100644
GIT binary patch
delta 1853
zcmeH|&u`;I6vypMvf5T0sDu!L6)HatNT|ggd;BAXL$^+Xqn)v`Byl~c5@{Vf{?&Aw
zA5KO{-L01UHvJb?+>l^%C^ulaaay50a#-yVIB@5JQ`9B2D;0_BTC#kY=kL7t=6$|%
z`w_VP2;6&vzjJhLgTM35XFtFtd0Bu(5f&x5s>+J0OH(NQ{P`l_%3SUtf0rvC9cc%L
zYxx4cTUZbGT&de_LvJ6#K2&b)x``jj?Jn9CdagVSEV~@wumK&m&ZyA|Xjno7HW&^&
zAr0e%7;fO$=GX}vf&-fYwW~2T_Ea<0JMQMq?xxgabhGNUDrMH%FcmZO8LpcjARJzg
zoVqCyhy|zarw*%0R;3wPbvGhL4U(`VS;qB<Bn`nbj_*xhIjD9V*pIi9T3`j$sFjol
z6lwzp>I3)V>Yfvz(;aUlXK^>#jYu5QO0!o>%3%vO2Xw>iUC7Ly>6v45SNI4DqP`-)
z6;WFj#3Is*2(BUtX|jB{1`bXeHkSIHpQbSklcCpk$0-_&b*1mM1E}l{{T@l0k;6*N
zvT2O%+6WtQVAUN+?M6zB62h<~l1gbzDyHnfTGk9V!t6N>J4-7_gH2c#-OBNm2f?Q@
zW~H%JH&Z&(U~ZUc$+&_A!a7;wBZ(R{frQS8Fh8XRjfvrpE|w+=MM+uJbxlL!;TnHh
z+3}N;<>{{vUguu|V8Vf4zzLXu$#m)37C3kpV7@i-2SVVdN#7s9^j4~?eRm(V-E9pj
z``tt-%z`d!510jAHgx%S0A6UdJA3_j)Pv$Mo&J9ET0TqbJ_nwH``}0LMV8h8Y`qEA
z`S~+@HunmYMN~MyEEebM1{as-Pdq<;`rX?vzrf}NHvc%n{P>*1=2d?3ef|ocdzhK*
z^sTGk<}!;doN{#;H`sP0!gdf%YGa4R5jHv@u}LR$#f<Q3MC+vysW%WYW=@DR*Dx6k
zpW_(+-(nZz$PBvy4$R*1mtQwl&ROEW@#6k|a@hxEuQFYF{0Er4cQpr2GCIEkpH%q#
zR>o(0TM|W8-th!cl3SjJWVHpo9o<t@LDxlDYD=o??woNf%->(4f}omPob8n7IPf?V
f{t0~eKG<6Lud>hn{gcx(6)jWv4HWW#U&#Fhz#TX^

delta 659
zcma))O=}ZD7{_<^Ni5099@Qd21Pjuz^Rl}$n<7M8gN03PY->_1xMsEOCYuJ^ZQ4b!
zgnR(Qf}g-^4{;BB6z$DZksf=H9`)b{XhFw_Q1ws`GcYgDZ+`!o**$>W19)`>wfbXs
zP;2n`JsG7rLM>`qOv@827-un|pI&5D)Kk<Cvb)>w^YLy0(snOhtOsk38MHRN749@P
zp6)b-CVafL($ReG`E5P^@-~fLnmIx&$}C3nriq2ly9ISvPTkGGZBw@8hXQxDgTT?B
z>#LonV}|Q>KMcxbj@H6CQuC&D`(ec^lbJ@jwCK;4mKw8D3p@6FtyA+BG<#~AmFFvK
zHnHVg+q~Blt8TTjUZsoSQZ;%s$e``$bg&Wa#kVg>8)`9PVUjltVsf)vKtr48bCQ$7
zmr+)QM1cg3Ac;rEdN6YxY;;~!__^u4Kx%xHjHe`jUx8!Thc}Y{8g5;MA|e_V6B?Po
z|J)Y*z5J)X8Xv#Ab}>#(o{seIk7QIuQ4HC1iT(!B_Z#U8Xc$M1_uxSZrIw4RE+2tm
zhB-9|69#uUW-fLpB~P9)>IlwUm$-HMTS`0gE3lBJx|)?|AUIUuP=Y_g<V{%4{4e%b
U?TG>>ijWvC311<d0+dmI03*S=1poj5

diff --git a/back/reimbursinator/settings.py b/back/reimbursinator/settings.py
index c9f3c5e..6fb5556 100644
--- a/back/reimbursinator/settings.py
+++ b/back/reimbursinator/settings.py
@@ -54,8 +54,8 @@ REST_FRAMEWORK = {
         'rest_framework.permissions.IsAuthenticated',
     ],
     'DEFAULT_AUTHENTICATION_CLASSES': [
-        'rest_framework.authentication.SessionAuthentication',
         'reimbursinator.custom_auth.BearerAuthentication',
+        'rest_framework.authentication.SessionAuthentication',
     ],
 }
 

From b423d23eb64ce299a74898170f51f2153d1ac53b Mon Sep 17 00:00:00 2001
From: kououken <kououken@gmail.com>
Date: Sun, 3 Feb 2019 19:40:26 -0800
Subject: [PATCH 3/3] Deleted extraneous Pipfile

---
 Pipfile      | 11 -----------
 Pipfile.lock | 20 --------------------
 2 files changed, 31 deletions(-)
 delete mode 100644 Pipfile
 delete mode 100644 Pipfile.lock

diff --git a/Pipfile b/Pipfile
deleted file mode 100644
index b723d01..0000000
--- a/Pipfile
+++ /dev/null
@@ -1,11 +0,0 @@
-[[source]]
-name = "pypi"
-url = "https://pypi.org/simple"
-verify_ssl = true
-
-[dev-packages]
-
-[packages]
-
-[requires]
-python_version = "3.7"
diff --git a/Pipfile.lock b/Pipfile.lock
deleted file mode 100644
index 9a51a28..0000000
--- a/Pipfile.lock
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-    "_meta": {
-        "hash": {
-            "sha256": "7e7ef69da7248742e869378f8421880cf8f0017f96d94d086813baa518a65489"
-        },
-        "pipfile-spec": 6,
-        "requires": {
-            "python_version": "3.7"
-        },
-        "sources": [
-            {
-                "name": "pypi",
-                "url": "https://pypi.org/simple",
-                "verify_ssl": true
-            }
-        ]
-    },
-    "default": {},
-    "develop": {}
-}