From 0e8cd043947358657ea208091c9157c33f0df5bc Mon Sep 17 00:00:00 2001
From: Mario Raciti <mario.raciti@inaf.it>
Date: Thu, 7 Jan 2021 11:08:57 +0100
Subject: [PATCH] TMSS-521: Update switch to TokenAuthentication, add
token-auth API
---
SAS/TMSS/src/tmss/settings.py | 3 +++
SAS/TMSS/src/tmss/tmssapp/views.py | 7 +++----
SAS/TMSS/src/tmss/urls.py | 2 ++
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/SAS/TMSS/src/tmss/settings.py b/SAS/TMSS/src/tmss/settings.py
index c8810842046..7169f7e461b 100644
--- a/SAS/TMSS/src/tmss/settings.py
+++ b/SAS/TMSS/src/tmss/settings.py
@@ -86,6 +86,7 @@ INSTALLED_APPS = [
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
+ 'rest_framework.authtoken',
'django_jsonforms',
'django_json_widget',
'jsoneditor',
@@ -218,6 +219,7 @@ if "TMSS_LDAPCREDENTIALS" in os.environ.keys():
REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.BasicAuthentication')
REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.SessionAuthentication')
+ REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.TokenAuthentication')
REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES'].append('rest_framework.permissions.IsAuthenticated')
# LDAP
@@ -246,6 +248,7 @@ if "OIDC_RP_CLIENT_ID" in os.environ.keys():
INSTALLED_APPS.append('mozilla_django_oidc') # Load after auth
REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('mozilla_django_oidc.contrib.drf.OIDCAuthentication')
REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.SessionAuthentication')
+ REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append('rest_framework.authentication.TokenAuthentication')
REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES'].append('rest_framework.permissions.IsAuthenticated')
# OPEN-ID CONNECT
diff --git a/SAS/TMSS/src/tmss/tmssapp/views.py b/SAS/TMSS/src/tmss/tmssapp/views.py
index 01200a7261c..6323f486e13 100644
--- a/SAS/TMSS/src/tmss/tmssapp/views.py
+++ b/SAS/TMSS/src/tmss/tmssapp/views.py
@@ -44,20 +44,19 @@ def index(request):
#return render(request, "../../../frontend/frontend_poc/build/index.html")
-from django.contrib.auth.views import LoginView as LW
from django.contrib.auth import authenticate, login
-class LoginView(LW):
+from django.contrib.auth.views import LoginView as LiW
+class LoginView(LiW):
def post(self, request, *args, **kwargs):
username = request.POST['username']
password = request.POST['password']
user = authenticate(request, username=username, password=password)
if user is not None:
- # TODO: Provide a proof of auth to frontend. Choose between HttpOnly sessionid or DRF TokenAuthentication
+ # TODO: Provide a proof of auth to frontend. DRF TokenAuthentication: POST /token-auth/
auth = login(request, user)
return HttpResponse('Success!', content_type='text/plain')
else:
- # TODO: Invalidate user's session for further requests (if we use DRF TokenAuthentication)
return HttpResponse('Invalid credentials!', content_type='text/plain')
diff --git a/SAS/TMSS/src/tmss/urls.py b/SAS/TMSS/src/tmss/urls.py
index 48df07df751..3ca69e49f75 100644
--- a/SAS/TMSS/src/tmss/urls.py
+++ b/SAS/TMSS/src/tmss/urls.py
@@ -23,6 +23,7 @@ from django.views.generic.base import TemplateView, RedirectView
from collections import OrderedDict
from rest_framework import routers, permissions
+from rest_framework.authtoken.views import obtain_auth_token
from .tmssapp import viewsets, models, serializers, views
from rest_framework.documentation import include_docs_urls
from drf_yasg.views import get_schema_view
@@ -58,6 +59,7 @@ urlpatterns = [
path('admin/', admin.site.urls),
path('login/', views.LoginView.as_view(), name='login'),
path('logout/', LogoutView.as_view(), name='logout'),
+ path('token-auth/', obtain_auth_token, name='token-auth'),
path('docs/', include_docs_urls(title='TMSS API')),
re_path(r'^swagger(?P<format>\.json|\.yaml)$', swagger_schema_view.without_ui(cache_timeout=0), name='schema-json'),
path('swagger/', swagger_schema_view.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),
--
GitLab