TMSS-521: Update switch to TokenAuthentication, add token-auth API

0e8cd043 · Mario Raciti · 631caffa · 0e8cd043 · 0e8cd043 · 0e8cd043
Commit 0e8cd043 authored 4 years ago by Mario Raciti
--- a/SAS/TMSS/src/tmss/settings.py
+++ b/SAS/TMSS/src/tmss/settings.py
@@ -86,6 +86,7 @@ INSTALLED_APPS = [
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'rest_framework',
+    'rest_framework.authtoken',
    'django_jsonforms',
    'django_json_widget',
    'jsoneditor',
@@ -218,6 +219,7 @@ if "TMSS_LDAPCREDENTIALS" in os.environ.keys():

    REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.BasicAuthentication')
    REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.SessionAuthentication')
+    REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.TokenAuthentication')
    REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES'].append('rest_framework.permissions.IsAuthenticated')

    # LDAP
@@ -246,6 +248,7 @@ if "OIDC_RP_CLIENT_ID" in os.environ.keys():
    INSTALLED_APPS.append('mozilla_django_oidc')  # Load after auth
    REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('mozilla_django_oidc.contrib.drf.OIDCAuthentication')
    REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.SessionAuthentication')
+    REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.TokenAuthentication')
    REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES'].append('rest_framework.permissions.IsAuthenticated')

    # OPEN-ID CONNECT

--- a/SAS/TMSS/src/tmss/tmssapp/views.py
+++ b/SAS/TMSS/src/tmss/tmssapp/views.py
@@ -44,20 +44,19 @@ def index(request):
    #return render(request, "../../../frontend/frontend_poc/build/index.html")


-from django.contrib.auth.views import LoginView as LW
 from django.contrib.auth import authenticate, login
-class LoginView(LW):
+from django.contrib.auth.views import LoginView as LiW
+class LoginView(LiW):

    def post(self, request, *args, **kwargs):
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(request, username=username, password=password)
        if user is not None:
-            # TODO: Provide a proof of auth to frontend. Choose between HttpOnly sessionid or DRF TokenAuthentication
+            # TODO: Provide a proof of auth to frontend. DRF TokenAuthentication: POST /token-auth/
            auth = login(request, user)
            return HttpResponse('Success!', content_type='text/plain')
        else:
-            # TODO: Invalidate user's session for further requests (if we use DRF TokenAuthentication)
            return HttpResponse('Invalid credentials!', content_type='text/plain')



--- a/SAS/TMSS/src/tmss/urls.py
+++ b/SAS/TMSS/src/tmss/urls.py
@@ -23,6 +23,7 @@ from django.views.generic.base import TemplateView, RedirectView

 from collections import OrderedDict
 from rest_framework import routers, permissions
+from rest_framework.authtoken.views import obtain_auth_token
 from .tmssapp import viewsets, models, serializers, views
 from rest_framework.documentation import include_docs_urls
 from drf_yasg.views import get_schema_view
@@ -58,6 +59,7 @@ urlpatterns = [
    path('admin/', admin.site.urls),
    path('login/', views.LoginView.as_view(), name='login'),
    path('logout/', LogoutView.as_view(), name='logout'),
+    path('token-auth/', obtain_auth_token, name='token-auth'),
    path('docs/', include_docs_urls(title='TMSS API')),
    re_path(r'^swagger(?P<format>\.json|\.yaml)$', swagger_schema_view.without_ui(cache_timeout=0), name='schema-json'),
    path('swagger/', swagger_schema_view.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),