Merge pull request #53 from danieldupriest/token-authentication

Token authentication
2019-02-04 16:51:36 -08:00 · 2019-02-04 16:51:36 -08:00 · a81f637cf9
commit a81f637cf9
parent a16ff029e1 b423d23eb6
10 changed files with 40 additions and 30 deletions
--- a/back/Pipfile
+++ b/back/Pipfile
@ -9,8 +9,8 @@ verify_ssl = true
 django = "==2.1.5"
 django-cors-headers = "==2.4.0"
 djangorestframework = "==3.8.2"
-
 gunicorn = "==19.6.0"
+django-rest-auth = "==0.9.3"

 [requires]
 python_version = "3.5"
--- a/back/Pipfile.lock
+++ b/back/Pipfile.lock
@ -1,7 +1,7 @@
 {
    "_meta": {
        "hash": {
-            "sha256": "b5222b4256c8f09a9b1b1d380285fa65c443f84d28dc03450684fca84b38a26b"
+            "sha256": "d3bf402a934e168cbdc04022effcdb9ff8d4fde5b83d79bb388ad2a4c547894a"
        },
        "pipfile-spec": 6,
        "requires": {
@ -32,6 +32,13 @@
            "index": "pypi",
            "version": "==2.4.0"
        },
+        "django-rest-auth": {
+            "hashes": [
+                "sha256:ad155a0ed1061b32e3e46c9b25686e397644fd6acfd35d5c03bc6b9d2fc6c82a"
+            ],
+            "index": "pypi",
+            "version": "==0.9.3"
+        },
        "djangorestframework": {
            "hashes": [
                "sha256:b6714c3e4b0f8d524f193c91ecf5f5450092c2145439ac2769711f7eba89a9d9",
@ -54,6 +61,13 @@
                "sha256:d5f05e487007e29e03409f9398d074e158d920d36eb82eaf66fb1136b0c5374c"
            ],
            "version": "==2018.9"
+        },
+        "six": {
+            "hashes": [
+                "sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c",
+                "sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73"
+            ],
+            "version": "==1.12.0"
        }
    },
    "develop": {}
--- a/back/backend/init.py
+++ b/back/backend/init.py
--- a/back/backend/urls.py
+++ b/back/backend/urls.py
@ -12,9 +12,6 @@ urlpatterns = [
    path('reports', views.reports),
    path('report/<int:report_pk>', views.report_detail),
    path('report/<int:report_pk>/section/<int:section_pk>', views.section),
-    path('account', views.account),
-    path('account/login', views.account_login),
-    path('account/logout', views.account_logout),
 ]

-urlpatterns = format_suffix_patterns(urlpatterns)
+urlpatterns = format_suffix_patterns(urlpatterns)
--- a/back/backend/views.py
+++ b/back/backend/views.py
@ -87,6 +87,8 @@ def report(request):

@api_view(['GET'])
 def reports(request):
+    print("User: ", request.user)
+    print("User id: ", request.user.id)
    data = {
        "reports": [
            {
@ -199,24 +201,3 @@ def section(request, report_pk, section_pk):
        }
    }
    return JsonResponse(data)
-
-@api_view(['POST'])
-def account(request):
-    '''
-    Create a new user account
-    '''
-    return JsonResponse({"message": "Account creation successful."})
-
-@api_view(['POST'])
-def account_login(request):
-    '''
-    Log in to a user account
-    '''
-    return JsonResponse({"message": "Successfully logged in."})
-
-@api_view(['DELETE'])
-def account_logout(request):
-    '''
-    Log out from a user account
-    '''
-    return JsonResponse({"message": "User logged out."})
--- a/back/db.sqlite3
+++ b/back/db.sqlite3
--- a/back/reimbursinator/custom_auth.py
+++ b/back/reimbursinator/custom_auth.py
@ -0,0 +1,9 @@
+from rest_framework.authentication import TokenAuthentication
+
+class BearerAuthentication(TokenAuthentication):
+    """
+    This class simply changes the expected token keyword to 'Bearer'
+    from the Django rest authentication default 'Token'. This allows
+    applications like Postman to work with token authentication.
+    """
+    keyword = "Bearer"
--- a/back/reimbursinator/settings.py
+++ b/back/reimbursinator/settings.py
@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/2.1/ref/settings/
 """

 import os
+#from reimbursinator.custom_auth import BearerAuthentication

 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@ -40,6 +41,8 @@ INSTALLED_APPS = [
    'django.contrib.staticfiles',
 # 3rd party
    'rest_framework',
+    'rest_framework.authtoken',
+    'rest_auth',
    'corsheaders',
 # local
    'users',
@ -48,8 +51,12 @@ INSTALLED_APPS = [

 REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.AllowAny',
-    ]
+        'rest_framework.permissions.IsAuthenticated',
+    ],
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'reimbursinator.custom_auth.BearerAuthentication',
+        'rest_framework.authentication.SessionAuthentication',
+    ],
 }

 MIDDLEWARE = [
--- a/back/reimbursinator/urls.py
+++ b/back/reimbursinator/urls.py
@ -12,4 +12,6 @@ from django.urls import path, include
 urlpatterns = [
    path('admin/', admin.site.urls),
    path('api/v1/', include("backend.urls")),
-]
+    path('api/v1/account/', include('rest_auth.urls')),
+    path('api-auth/', include('rest_framework.urls')),
+]
--- a/back/users/init.py
+++ b/back/users/init.py