api: add token authentication
This commit is contained in:
parent
d5a3e09a98
commit
2e2c9f5287
|
@ -56,10 +56,11 @@ class GroupUpdateView(
|
|||
success_message = _("Successfully updated Group")
|
||||
|
||||
|
||||
class GroupDeleteView(LoginRequiredMixin, DeleteMessageView):
|
||||
class GroupDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessageView):
|
||||
"""Delete group"""
|
||||
|
||||
model = Group
|
||||
permission_required = "passbook_flows.delete_group"
|
||||
|
||||
template_name = "generic/delete.html"
|
||||
success_url = reverse_lazy("passbook_admin:groups")
|
||||
|
|
43
passbook/api/auth.py
Normal file
43
passbook/api/auth.py
Normal file
|
@ -0,0 +1,43 @@
|
|||
"""API Authentication"""
|
||||
from base64 import b64decode
|
||||
from typing import Any, Tuple, Union
|
||||
|
||||
from django.utils.translation import gettext as _
|
||||
from rest_framework import HTTP_HEADER_ENCODING, exceptions
|
||||
from rest_framework.authentication import BaseAuthentication, get_authorization_header
|
||||
from rest_framework.request import Request
|
||||
|
||||
from passbook.core.models import Token, TokenIntents, User
|
||||
|
||||
|
||||
class PassbookTokenAuthentication(BaseAuthentication):
|
||||
"""Token-based authentication using HTTP Basic authentication"""
|
||||
|
||||
def authenticate(self, request: Request) -> Union[Tuple[User, Any], None]:
|
||||
"""Token-based authentication using HTTP Basic authentication"""
|
||||
auth = get_authorization_header(request).split()
|
||||
|
||||
if not auth or auth[0].lower() != b"basic":
|
||||
return None
|
||||
|
||||
if len(auth) == 1:
|
||||
msg = _("Invalid basic header. No credentials provided.")
|
||||
raise exceptions.AuthenticationFailed(msg)
|
||||
if len(auth) > 2:
|
||||
msg = _(
|
||||
"Invalid basic header. Credentials string should not contain spaces."
|
||||
)
|
||||
raise exceptions.AuthenticationFailed(msg)
|
||||
|
||||
header_data = b64decode(auth[1]).decode(HTTP_HEADER_ENCODING).partition(":")
|
||||
|
||||
tokens = Token.filter_not_expired(
|
||||
token_uuid=header_data[2], intent=TokenIntents.INTENT_API
|
||||
)
|
||||
if not tokens.exists():
|
||||
raise exceptions.AuthenticationFailed(_("Invalid token."))
|
||||
|
||||
return (tokens.first().user, None)
|
||||
|
||||
def authenticate_header(self, request: Request) -> str:
|
||||
return 'Basic realm="passbook"'
|
|
@ -6,5 +6,5 @@ from passbook.api.v2.urls import urlpatterns as v2_urls
|
|||
|
||||
urlpatterns = [
|
||||
path("v1/", include(v1_urls)),
|
||||
path("v2/", include(v2_urls)),
|
||||
path("v2beta/", include(v2_urls)),
|
||||
]
|
||||
|
|
|
@ -118,6 +118,9 @@ GUARDIAN_MONKEY_PATCH = False
|
|||
|
||||
SWAGGER_SETTINGS = {
|
||||
"DEFAULT_INFO": "passbook.api.v2.urls.info",
|
||||
"SECURITY_DEFINITIONS": {
|
||||
"token": {"type": "apiKey", "name": "Authorization", "in": "header"}
|
||||
},
|
||||
}
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
|
@ -128,13 +131,10 @@ REST_FRAMEWORK = {
|
|||
"rest_framework.filters.OrderingFilter",
|
||||
"rest_framework.filters.SearchFilter",
|
||||
],
|
||||
"DEFAULT_PERMISSION_CLASSES": (
|
||||
# 'rest_framework.permissions.IsAuthenticated',
|
||||
"passbook.api.permissions.CustomObjectPermissions",
|
||||
),
|
||||
"DEFAULT_PERMISSION_CLASSES": ("passbook.api.permissions.CustomObjectPermissions"),
|
||||
"DEFAULT_AUTHENTICATION_CLASSES": (
|
||||
"passbook.api.auth.PassbookTokenAuthentication",
|
||||
"rest_framework.authentication.SessionAuthentication",
|
||||
# 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
|
||||
),
|
||||
}
|
||||
|
||||
|
|
10
swagger.yaml
10
swagger.yaml
|
@ -6,16 +6,18 @@ info:
|
|||
license:
|
||||
name: MIT License
|
||||
version: v2
|
||||
basePath: /api/v2
|
||||
basePath: /api/v2beta
|
||||
consumes:
|
||||
- application/json
|
||||
produces:
|
||||
- application/json
|
||||
securityDefinitions:
|
||||
Basic:
|
||||
type: basic
|
||||
token:
|
||||
type: apiKey
|
||||
name: Authorization
|
||||
in: header
|
||||
security:
|
||||
- Basic: []
|
||||
- token: []
|
||||
paths:
|
||||
/audit/events/:
|
||||
get:
|
||||
|
|
Reference in a new issue