diff --git a/SAS/TMSS/src/tmss/settings.py b/SAS/TMSS/src/tmss/settings.py
index c88108420461a9315deeed3cc922fa7d1de70834..7169f7e461bd1ea20970e71f802ac65eed338c28 100644
--- a/SAS/TMSS/src/tmss/settings.py
+++ b/SAS/TMSS/src/tmss/settings.py
@@ -86,6 +86,7 @@ INSTALLED_APPS = [
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
+ 'rest_framework.authtoken',
'django_jsonforms',
'django_json_widget',
'jsoneditor',
@@ -218,6 +219,7 @@ if "TMSS_LDAPCREDENTIALS" in os.environ.keys():
REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.BasicAuthentication')
REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.SessionAuthentication')
+ REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.TokenAuthentication')
REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES'].append('rest_framework.permissions.IsAuthenticated')
# LDAP
@@ -246,6 +248,7 @@ if "OIDC_RP_CLIENT_ID" in os.environ.keys():
INSTALLED_APPS.append('mozilla_django_oidc') # Load after auth
REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('mozilla_django_oidc.contrib.drf.OIDCAuthentication')
REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.SessionAuthentication')
+ REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.TokenAuthentication')
REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES'].append('rest_framework.permissions.IsAuthenticated')
# OPEN-ID CONNECT
diff --git a/SAS/TMSS/src/tmss/tmssapp/views.py b/SAS/TMSS/src/tmss/tmssapp/views.py
index 01200a7261c3c04ee341d0c2c094999b755a23e2..6323f486e136d3fcaf76bf75bf03287306d17309 100644
--- a/SAS/TMSS/src/tmss/tmssapp/views.py
+++ b/SAS/TMSS/src/tmss/tmssapp/views.py
@@ -44,20 +44,19 @@ def index(request):
#return render(request, "../../../frontend/frontend_poc/build/index.html")
-from django.contrib.auth.views import LoginView as LW
from django.contrib.auth import authenticate, login
-class LoginView(LW):
+from django.contrib.auth.views import LoginView as LiW
+class LoginView(LiW):
def post(self, request, *args, **kwargs):
username = request.POST['username']
password = request.POST['password']
user = authenticate(request, username=username, password=password)
if user is not None:
- # TODO: Provide a proof of auth to frontend. Choose between HttpOnly sessionid or DRF TokenAuthentication
+ # TODO: Provide a proof of auth to frontend. DRF TokenAuthentication: POST /token-auth/
auth = login(request, user)
return HttpResponse('Success!', content_type='text/plain')
else:
- # TODO: Invalidate user's session for further requests (if we use DRF TokenAuthentication)
return HttpResponse('Invalid credentials!', content_type='text/plain')
diff --git a/SAS/TMSS/src/tmss/urls.py b/SAS/TMSS/src/tmss/urls.py
index 48df07df751eab0aba10984805a62096b5d3b0c0..3ca69e49f759e884d4451a9ffcfac739ff27732a 100644
--- a/SAS/TMSS/src/tmss/urls.py
+++ b/SAS/TMSS/src/tmss/urls.py
@@ -23,6 +23,7 @@ from django.views.generic.base import TemplateView, RedirectView
from collections import OrderedDict
from rest_framework import routers, permissions
+from rest_framework.authtoken.views import obtain_auth_token
from .tmssapp import viewsets, models, serializers, views
from rest_framework.documentation import include_docs_urls
from drf_yasg.views import get_schema_view
@@ -58,6 +59,7 @@ urlpatterns = [
path('admin/', admin.site.urls),
path('login/', views.LoginView.as_view(), name='login'),
path('logout/', LogoutView.as_view(), name='logout'),
+ path('token-auth/', obtain_auth_token, name='token-auth'),
path('docs/', include_docs_urls(title='TMSS API')),
re_path(r'^swagger(?P<format>\.json|\.yaml)$', swagger_schema_view.without_ui(cache_timeout=0), name='schema-json'),
path('swagger/', swagger_schema_view.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),