From 63027e35647f09f74ccef2e5056778a34d3470ab Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Thu, 28 May 2020 10:14:29 +0700 Subject: [PATCH 01/14] [CHORES] Added google credentials --- pplbackend/settings.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pplbackend/settings.py b/pplbackend/settings.py index 1c437c7..dca12b9 100644 --- a/pplbackend/settings.py +++ b/pplbackend/settings.py @@ -190,6 +190,7 @@ REST_FRAMEWORK = { 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.TokenAuthentication', + 'rest_framework_simplejwt.authentication.JWTAuthentication', ], 'DEFAULT_PERMISSION_CLASSES': [ 'rest_framework.permissions.IsAuthenticated', @@ -207,4 +208,7 @@ EMAIL_USE_TLS = True EMAIL_HOST = 'smtp.gmail.com' EMAIL_HOST_USER = os.getenv("EMAIL_HOST_USER") EMAIL_HOST_PASSWORD = os.getenv("EMAIL_HOST_PASSWORD") -EMAIL_PORT = 587 \ No newline at end of file +EMAIL_PORT = 587 + +GOOGLE_OAUTH2_CLIENT_ID = os.getenv("GOOGLE_OAUTH2_CLIENT_ID") +GOOGLE_OAUTH2_CLIENT_SECRET = os.getenv("GOOGLE_OAUTH_CLIENT_SECRET") -- GitLab From dc3143f60e83a5b65f49621f9753757af6671af4 Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Thu, 28 May 2020 10:15:08 +0700 Subject: [PATCH 02/14] [NOT TESTED] Added login with google --- oauth/views.py | 130 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 128 insertions(+), 2 deletions(-) diff --git a/oauth/views.py b/oauth/views.py index 91ea44a..2917029 100644 --- a/oauth/views.py +++ b/oauth/views.py @@ -1,3 +1,129 @@ -from django.shortcuts import render +import requests +import random +from urllib.parse import parse_qs, urlparse + +from rest_framework.utils import json +from rest_framework.views import APIView +from rest_framework.response import Response +from rest_framework_simplejwt.tokens import RefreshToken +from rest_framework.permissions import IsAuthenticated + +from django.contrib.auth.base_user import BaseUserManager +from django.contrib.auth.hashers import make_password +from django.contrib.auth.models import User +from pplbackend.settings import GOOGLE_OAUTH2_CLIENT_ID, GOOGLE_OAUTH2_CLIENT_SECRET + +from registrasi.models import BisaGoUser + + +''' +class HelloView(APIView): + permission_classes = (IsAuthenticated,) + + def get(self, request): + content = {'message': 'Hello, World!'} + return Response(content) + +class GoogleView(APIView): + def post(self, request): + payload = {'access_token': request.data.get("token")} # validate the token + r = requests.get('https://www.googleapis.com/oauth2/v2/userinfo', params=payload) + data = json.loads(r.text) + + if 'error' in data: + content = {'message': 'wrong google token / this google token is already expired.'} + return Response(content) + + # create user if not exist + try: + user = User.objects.get(email=data['email']) + except User.DoesNotExist: + user = User() + user.username = data['email'] + # provider random default password + user.password = make_password(BaseUserManager().make_random_password()) + user.email = data['email'] + user.save() + + token = RefreshToken.for_user(user) # generate token without username & password + response = {} + response['username'] = user.username + response['access_token'] = str(token.access_token) + response['refresh_token'] = str(token) + return Response(response) +''' + +def request_token(request): + if request.method == "POST": + email = request["email"] + google = request["google"] + if google: + try: + user = User.objects.get(email=email) + except User.DoesNotExist: + user = request_token_from_google(email) + try: + user = User.objects.get(email=email) + except User.DoesNotExist: + return "User not exist" + if user.is_active: + token = RefreshToken(user) + response = {} + response['username'] = user.username + response['access_token'] = str(token.access_token) + response['refresh_token'] = str(token) + return Response(response) + else: + return "please activate your acc" + +def request_token_from_google(email): + url_request = "https://accounts.google.com/o/oauth2/v2/auth" + redirect_uri = "http://localhost:8000/accounts/google/login/callback/" + payload = { + "response_type" : "code", + "client_id" : GOOGLE_OAUTH2_CLIENT_ID, + "scope" : "email", + "redirect_uri" : redirect_uri, + "state" : "", + "nonce" : ''.join([str(random.randint(0, 9)) for i in range(8)]) + } + req = requests.get(url_request, params=payload) #Lets say berhasil + url_dict = parse_qs(urlparse(req.url).query) + auth_code = url_dict["code"] + post_data = { + "code":auth_code, + "client_id":GOOGLE_OAUTH2_CLIENT_ID, + "client_secret":GOOGLE_OAUTH2_CLIENT_SECRET, + "redirect_uri":redirect_uri, + "grant_type":"authorization_code" + } + post_url_request = "oauth2.googleapis.com" + req = requests.post(post_url_request, data=post_data) + data = json.loads(req.text) + access_token = data["access_token"] + refresh_token = data["refresh_token"] + + payload = {'access_token': access_token} # validate the token + req = requests.get('https://www.googleapis.com/oauth2/v2/userinfo', params=payload) + data = json.loads(req.text) + if 'error' in data: + content = {'message': 'wrong google token / this google token is already expired.'} + return Response(content) + user = User() + user.username = email + # provider random default password + user.password = make_password(BaseUserManager().make_random_password()) + user.email = email + user.save() + random_generated_phone_number = 'x'.join([str(random.randint(0, 9)) for i in range(8)]) + BisaGoUser.objects.create(user=user, phone_number=random_generated_phone_number) + return user + + + + + + + + -# Create your views here. -- GitLab From 2d0ce982ca32f445c73c2fb205bdbf6eb4d0753c Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Thu, 28 May 2020 10:22:52 +0700 Subject: [PATCH 03/14] [CHORES] Added new url for request token --- pplbackend/urls.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pplbackend/urls.py b/pplbackend/urls.py index eb48d10..2070e78 100644 --- a/pplbackend/urls.py +++ b/pplbackend/urls.py @@ -19,6 +19,7 @@ from rest_framework import routers from rest_framework.authtoken import views import new_rest_api.views import new_rest_api.urls +import oauth.views from django.views.generic import TemplateView @@ -35,7 +36,8 @@ urlpatterns = [ path('api/', include(new_rest_api.urls)), path('o/', include('oauth2_provider.urls', namespace='oauth2_provider')), path('', include(router.urls)), - path('api-token-auth/', views.obtain_auth_token, name='api-token-auth'), + path('api-token-auth/', oauth.views.request_token, name='api-token-auth'), + #path('api-token-auth/', views.obtain_auth_token, name='api-token-auth'), path('informasi-fasilitas/', include('informasi_fasilitas.urls')), path('layanan-khusus/', include('layanan_khusus.urls')) ] -- GitLab From ae441ed8176f26954bbabb16dce1371192b6c614 Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Thu, 28 May 2020 10:23:36 +0700 Subject: [PATCH 04/14] [NOT TESTED] Added login with google and new way to request token --- new_rest_api/views.py | 10 +++++----- oauth/views.py | 8 +++++--- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/new_rest_api/views.py b/new_rest_api/views.py index e8111dd..d3237b1 100644 --- a/new_rest_api/views.py +++ b/new_rest_api/views.py @@ -1,3 +1,5 @@ +from http import HTTPStatus as status + from django.contrib.auth.models import User from django.http import JsonResponse from django.views.decorators.csrf import csrf_exempt @@ -15,7 +17,6 @@ from rest_framework.decorators import api_view, permission_classes, authenticati from registrasi.models import BisaGoUser from django.db.utils import IntegrityError -from http import HTTPStatus as status from django.contrib.sites.models import Site from django.utils.encoding import force_bytes, force_text from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode @@ -36,9 +37,8 @@ def missing_key_message(key): @permission_classes([]) def user_list(request): if request.method == 'GET': - user_list = BisaGoUser.objects.all() json_return = [] - for user in user_list: + for user in BisaGoUser.objects.all(): json_return.append({"username":user.user.email, "name": user.user.last_name, "email": user.user.email, @@ -83,7 +83,7 @@ def register_user(request): }) mail = EmailMessage(mail_subject, message, to=[email]) mail.send() - BisaGoUser.objects.create(user= user, phone_number=phone_number) + BisaGoUser.objects.create(user=user, phone_number=phone_number) return JsonResponse({'response' : 'User created', 'email':email, 'name':name}, status = status.CREATED) except KeyError as e: return JsonResponse({'response' : missing_key_message(str(e))}, status = status.INTERNAL_SERVER_ERROR) @@ -109,5 +109,5 @@ def activate(request, uidb64, token): return JsonResponse({'response' : 'User activated'}, status = status.CREATED) else: return JsonResponse({'response' : request_error_message('get')}, status = status.BAD_REQUEST) - else : + else: return JsonResponse({'response' : request_error_message("get")}, status = status.BAD_REQUEST) diff --git a/oauth/views.py b/oauth/views.py index 2917029..50d5faa 100644 --- a/oauth/views.py +++ b/oauth/views.py @@ -15,7 +15,6 @@ from pplbackend.settings import GOOGLE_OAUTH2_CLIENT_ID, GOOGLE_OAUTH2_CLIENT_SE from registrasi.models import BisaGoUser - ''' class HelloView(APIView): permission_classes = (IsAuthenticated,) @@ -57,6 +56,7 @@ def request_token(request): if request.method == "POST": email = request["email"] google = request["google"] + response = {} if google: try: user = User.objects.get(email=email) @@ -65,7 +65,8 @@ def request_token(request): try: user = User.objects.get(email=email) except User.DoesNotExist: - return "User not exist" + response["response"] = "User not exist" + return Response(response) if user.is_active: token = RefreshToken(user) response = {} @@ -74,7 +75,8 @@ def request_token(request): response['refresh_token'] = str(token) return Response(response) else: - return "please activate your acc" + response["response"] = "Please activate your account" + return Response(response) def request_token_from_google(email): url_request = "https://accounts.google.com/o/oauth2/v2/auth" -- GitLab From 5592de5f4f91ecbd622548bcd26ffdcd20d7c2c2 Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Thu, 28 May 2020 10:35:58 +0700 Subject: [PATCH 05/14] [CHORES] Added djangojwt to req txt --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 3757106..0c2bc1c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,6 +16,7 @@ django-multiselectfield==0.1.12 django-oauth-toolkit==1.3.2 django-rest-auth==0.9.5 djangorestframework==3.11.0 +djangorestframework-simplejwt==4.4.0 google-api-python-client==1.7.11 google-auth==1.11.2 google-auth-httplib2==0.0.3 -- GitLab From 12a80be4d375496dbf2475e3e4b9a6e915715060 Mon Sep 17 00:00:00 2001 From: Usman Sidiq Date: Sun, 31 May 2020 20:39:26 +0700 Subject: [PATCH 06/14] [REFACTOR] fixing some csrf error --- oauth/views.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/oauth/views.py b/oauth/views.py index 50d5faa..882c51e 100644 --- a/oauth/views.py +++ b/oauth/views.py @@ -8,6 +8,8 @@ from rest_framework.response import Response from rest_framework_simplejwt.tokens import RefreshToken from rest_framework.permissions import IsAuthenticated +from django.views.decorators.csrf import csrf_exempt + from django.contrib.auth.base_user import BaseUserManager from django.contrib.auth.hashers import make_password from django.contrib.auth.models import User @@ -52,10 +54,11 @@ class GoogleView(APIView): return Response(response) ''' +@csrf_exempt def request_token(request): if request.method == "POST": - email = request["email"] - google = request["google"] + email = request.POST["email"] + google = request.POST["google"] response = {} if google: try: @@ -78,6 +81,7 @@ def request_token(request): response["response"] = "Please activate your account" return Response(response) +@csrf_exempt def request_token_from_google(email): url_request = "https://accounts.google.com/o/oauth2/v2/auth" redirect_uri = "http://localhost:8000/accounts/google/login/callback/" -- GitLab From 57a97f9c70de8316bd1a6cd380869e3c0a44e9ad Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Sun, 31 May 2020 23:38:15 +0700 Subject: [PATCH 07/14] [NOT TESTED] Adjusting the option of login with google --- oauth/views.py | 48 ++++++++++++++---------------------------------- 1 file changed, 14 insertions(+), 34 deletions(-) diff --git a/oauth/views.py b/oauth/views.py index 882c51e..7e4de78 100644 --- a/oauth/views.py +++ b/oauth/views.py @@ -58,18 +58,24 @@ class GoogleView(APIView): def request_token(request): if request.method == "POST": email = request.POST["email"] + password = request.POST["password"] google = request.POST["google"] response = {} if google: try: user = User.objects.get(email=email) except User.DoesNotExist: - user = request_token_from_google(email) - try: - user = User.objects.get(email=email) - except User.DoesNotExist: - response["response"] = "User not exist" - return Response(response) + user, response = _request_token_from_google(email, access_token) + else: + try: + user = User.objects.get(email=email) + except User.DoesNotExist: + response["response"] = "User not exist" + return Response(response) + + if response != 200: + return response + if user.is_active: token = RefreshToken(user) response = {} @@ -82,33 +88,7 @@ def request_token(request): return Response(response) @csrf_exempt -def request_token_from_google(email): - url_request = "https://accounts.google.com/o/oauth2/v2/auth" - redirect_uri = "http://localhost:8000/accounts/google/login/callback/" - payload = { - "response_type" : "code", - "client_id" : GOOGLE_OAUTH2_CLIENT_ID, - "scope" : "email", - "redirect_uri" : redirect_uri, - "state" : "", - "nonce" : ''.join([str(random.randint(0, 9)) for i in range(8)]) - } - req = requests.get(url_request, params=payload) #Lets say berhasil - url_dict = parse_qs(urlparse(req.url).query) - auth_code = url_dict["code"] - post_data = { - "code":auth_code, - "client_id":GOOGLE_OAUTH2_CLIENT_ID, - "client_secret":GOOGLE_OAUTH2_CLIENT_SECRET, - "redirect_uri":redirect_uri, - "grant_type":"authorization_code" - } - post_url_request = "oauth2.googleapis.com" - req = requests.post(post_url_request, data=post_data) - data = json.loads(req.text) - access_token = data["access_token"] - refresh_token = data["refresh_token"] - +def _request_token_from_google(email, access_token): payload = {'access_token': access_token} # validate the token req = requests.get('https://www.googleapis.com/oauth2/v2/userinfo', params=payload) data = json.loads(req.text) @@ -123,7 +103,7 @@ def request_token_from_google(email): user.save() random_generated_phone_number = 'x'.join([str(random.randint(0, 9)) for i in range(8)]) BisaGoUser.objects.create(user=user, phone_number=random_generated_phone_number) - return user + return user, 200 -- GitLab From 24319125c9742526d05ae9d1ad2149f05426ee18 Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Sun, 31 May 2020 23:42:53 +0700 Subject: [PATCH 08/14] [NOT TESTED] Added authenticate for user that not log in from google --- oauth/views.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/oauth/views.py b/oauth/views.py index 7e4de78..d0fbb7f 100644 --- a/oauth/views.py +++ b/oauth/views.py @@ -10,6 +10,7 @@ from rest_framework.permissions import IsAuthenticated from django.views.decorators.csrf import csrf_exempt +from django.contrib.auth import authenticate from django.contrib.auth.base_user import BaseUserManager from django.contrib.auth.hashers import make_password from django.contrib.auth.models import User @@ -62,13 +63,14 @@ def request_token(request): google = request.POST["google"] response = {} if google: + access_token = request.POST["access_token"] try: user = User.objects.get(email=email) except User.DoesNotExist: user, response = _request_token_from_google(email, access_token) else: try: - user = User.objects.get(email=email) + user = authenticate(username=email, password=password) except User.DoesNotExist: response["response"] = "User not exist" return Response(response) -- GitLab From 61a343e8293a17756cf2f3c3ae3d6e76e96e2410 Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Mon, 1 Jun 2020 00:00:07 +0700 Subject: [PATCH 09/14] [RED] Deleted commented code. Next commit will be about fixing the test --- oauth/views.py | 37 ------------------------------------- 1 file changed, 37 deletions(-) diff --git a/oauth/views.py b/oauth/views.py index d0fbb7f..732956c 100644 --- a/oauth/views.py +++ b/oauth/views.py @@ -18,43 +18,6 @@ from pplbackend.settings import GOOGLE_OAUTH2_CLIENT_ID, GOOGLE_OAUTH2_CLIENT_SE from registrasi.models import BisaGoUser -''' -class HelloView(APIView): - permission_classes = (IsAuthenticated,) - - def get(self, request): - content = {'message': 'Hello, World!'} - return Response(content) - -class GoogleView(APIView): - def post(self, request): - payload = {'access_token': request.data.get("token")} # validate the token - r = requests.get('https://www.googleapis.com/oauth2/v2/userinfo', params=payload) - data = json.loads(r.text) - - if 'error' in data: - content = {'message': 'wrong google token / this google token is already expired.'} - return Response(content) - - # create user if not exist - try: - user = User.objects.get(email=data['email']) - except User.DoesNotExist: - user = User() - user.username = data['email'] - # provider random default password - user.password = make_password(BaseUserManager().make_random_password()) - user.email = data['email'] - user.save() - - token = RefreshToken.for_user(user) # generate token without username & password - response = {} - response['username'] = user.username - response['access_token'] = str(token.access_token) - response['refresh_token'] = str(token) - return Response(response) -''' - @csrf_exempt def request_token(request): if request.method == "POST": -- GitLab From 9a2895a52a4a1a64b513f78bffa5ab667e3209d7 Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Mon, 1 Jun 2020 19:00:59 +0700 Subject: [PATCH 10/14] [CHORES] Edited some urls and settings --- pplbackend/settings.py | 6 ++++++ pplbackend/urls.py | 1 + 2 files changed, 7 insertions(+) diff --git a/pplbackend/settings.py b/pplbackend/settings.py index dca12b9..0037258 100644 --- a/pplbackend/settings.py +++ b/pplbackend/settings.py @@ -12,6 +12,7 @@ https://docs.djangoproject.com/en/3.0/ref/settings/ import dj_database_url import os +from datetime import timedelta # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) @@ -212,3 +213,8 @@ EMAIL_PORT = 587 GOOGLE_OAUTH2_CLIENT_ID = os.getenv("GOOGLE_OAUTH2_CLIENT_ID") GOOGLE_OAUTH2_CLIENT_SECRET = os.getenv("GOOGLE_OAUTH_CLIENT_SECRET") + +SIMPLE_JWT = { + 'ACCESS_TOKEN_LIFETIME': timedelta(days=1), + 'REFRESH_TOKEN_LIFETIME': timedelta(days=90), +} diff --git a/pplbackend/urls.py b/pplbackend/urls.py index 2070e78..e9f520d 100644 --- a/pplbackend/urls.py +++ b/pplbackend/urls.py @@ -37,6 +37,7 @@ urlpatterns = [ path('o/', include('oauth2_provider.urls', namespace='oauth2_provider')), path('', include(router.urls)), path('api-token-auth/', oauth.views.request_token, name='api-token-auth'), + path('request-token/', views.obtain_auth_token, name='token-request-auth'), #path('api-token-auth/', views.obtain_auth_token, name='api-token-auth'), path('informasi-fasilitas/', include('informasi_fasilitas.urls')), path('layanan-khusus/', include('layanan_khusus.urls')) -- GitLab From 7aa979a54127a7cd4c1582228e6de2eab31dddc5 Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Mon, 1 Jun 2020 19:02:15 +0700 Subject: [PATCH 11/14] [GREEN] Added login with google. and complying with test --- oauth/views.py | 57 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 14 deletions(-) diff --git a/oauth/views.py b/oauth/views.py index 732956c..cf5f21f 100644 --- a/oauth/views.py +++ b/oauth/views.py @@ -7,9 +7,11 @@ from rest_framework.views import APIView from rest_framework.response import Response from rest_framework_simplejwt.tokens import RefreshToken from rest_framework.permissions import IsAuthenticated +from rest_framework.authtoken.models import Token from django.views.decorators.csrf import csrf_exempt +from django.http import JsonResponse, HttpResponse from django.contrib.auth import authenticate from django.contrib.auth.base_user import BaseUserManager from django.contrib.auth.hashers import make_password @@ -21,36 +23,51 @@ from registrasi.models import BisaGoUser @csrf_exempt def request_token(request): if request.method == "POST": - email = request.POST["email"] + email = request.POST["username"] password = request.POST["password"] - google = request.POST["google"] + google = request.POST.get("google", False) response = {} + status = 200 if google: access_token = request.POST["access_token"] try: user = User.objects.get(email=email) except User.DoesNotExist: - user, response = _request_token_from_google(email, access_token) + user, status = _request_token_from_google(email, access_token) else: try: - user = authenticate(username=email, password=password) + user = User.objects.get(username=email) except User.DoesNotExist: response["response"] = "User not exist" - return Response(response) - - if response != 200: + return JsonResponse(response, status=404) + if status != 200: return response - if user.is_active: - token = RefreshToken(user) + #print("user active") + token, create = Token.objects.get_or_create(user=user) response = {} response['username'] = user.username - response['access_token'] = str(token.access_token) - response['refresh_token'] = str(token) - return Response(response) + response['token'] = token.key + response['token_type'] = "token" + return JsonResponse(response, status=200) else: response["response"] = "Please activate your account" - return Response(response) + return JsonResponse(response, status=400) + ''' + if user.is_active: + #token = RefreshToken(user) + payload = {'username':email, 'password':user.password} + token = requests.post("/request-token/", data=payload) + token = token['token'] + response = {} + response['username'] = user.username + response['token'] = token + #response['refresh_token'] = str(token) + return JsonResponse(response, status=200) + else: + response["response"] = "Please activate your account" + return JsonResponse(response, status=404) + ''' @csrf_exempt def _request_token_from_google(email, access_token): @@ -59,17 +76,29 @@ def _request_token_from_google(email, access_token): data = json.loads(req.text) if 'error' in data: content = {'message': 'wrong google token / this google token is already expired.'} - return Response(content) + return None, JsonResponse(content, status=404) user = User() user.username = email # provider random default password user.password = make_password(BaseUserManager().make_random_password()) user.email = email + user.is_active = True user.save() random_generated_phone_number = 'x'.join([str(random.randint(0, 9)) for i in range(8)]) BisaGoUser.objects.create(user=user, phone_number=random_generated_phone_number) return user, 200 +''' +@csrf_exempt +def validate_google_token(email, access_token): + payload = {'access_token': access_token} # validate the token + req = requests.get('https://www.googleapis.com/oauth2/v2/userinfo', params=payload) + data = json.loads(req.text) + if 'error' in data: + content = {'message': 'wrong google token / this google token is already expired.'} + return None, JsonResponse(content, status=404) + return User.objects.get(email=email) +''' -- GitLab From 56b581b4b5194b047d00d7c1ddf1d756e872d988 Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Mon, 1 Jun 2020 19:02:41 +0700 Subject: [PATCH 12/14] [REFACTOR] Removed some whitespace --- new_rest_api/views.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/new_rest_api/views.py b/new_rest_api/views.py index d3237b1..7a85d85 100644 --- a/new_rest_api/views.py +++ b/new_rest_api/views.py @@ -86,9 +86,9 @@ def register_user(request): BisaGoUser.objects.create(user=user, phone_number=phone_number) return JsonResponse({'response' : 'User created', 'email':email, 'name':name}, status = status.CREATED) except KeyError as e: - return JsonResponse({'response' : missing_key_message(str(e))}, status = status.INTERNAL_SERVER_ERROR) + return JsonResponse({'response' : missing_key_message(str(e))}, status=status.INTERNAL_SERVER_ERROR) except IntegrityError as e: - return JsonResponse({'response' : 'User is already exist'}, status = status.INTERNAL_SERVER_ERROR) + return JsonResponse({'response' : 'User is already exist'}, status=status.INTERNAL_SERVER_ERROR) @api_view(['GET']) -- GitLab From 2d084967e908debb99fd88a984dd2261ed1c9494 Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Mon, 1 Jun 2020 19:10:34 +0700 Subject: [PATCH 13/14] [REFACTOR] Added password security issue fix --- oauth/views.py | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/oauth/views.py b/oauth/views.py index cf5f21f..d4ac3ca 100644 --- a/oauth/views.py +++ b/oauth/views.py @@ -36,22 +36,26 @@ def request_token(request): user, status = _request_token_from_google(email, access_token) else: try: - user = User.objects.get(username=email) + user = authenticate(request, username=email, password=password) except User.DoesNotExist: response["response"] = "User not exist" return JsonResponse(response, status=404) if status != 200: return response - if user.is_active: - #print("user active") - token, create = Token.objects.get_or_create(user=user) - response = {} - response['username'] = user.username - response['token'] = token.key - response['token_type'] = "token" - return JsonResponse(response, status=200) + if user is not None: + if user.is_active: + #print("user active") + token, create = Token.objects.get_or_create(user=user) + response = {} + response['username'] = user.username + response['token'] = token.key + response['token_type'] = "token" + return JsonResponse(response, status=200) + else: + response["response"] = "Please activate your account" + return JsonResponse(response, status=400) else: - response["response"] = "Please activate your account" + response["response"] = "Wrong password" return JsonResponse(response, status=400) ''' if user.is_active: -- GitLab From dd1553d57409ef24b9b70b0eb2e146eabaf71afa Mon Sep 17 00:00:00 2001 From: Bimo Iman Smartadi Date: Mon, 1 Jun 2020 19:34:48 +0700 Subject: [PATCH 14/14] [REFACTOR] Removed commented code --- oauth/views.py | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/oauth/views.py b/oauth/views.py index d4ac3ca..fe9750c 100644 --- a/oauth/views.py +++ b/oauth/views.py @@ -57,22 +57,7 @@ def request_token(request): else: response["response"] = "Wrong password" return JsonResponse(response, status=400) - ''' - if user.is_active: - #token = RefreshToken(user) - payload = {'username':email, 'password':user.password} - token = requests.post("/request-token/", data=payload) - token = token['token'] - response = {} - response['username'] = user.username - response['token'] = token - #response['refresh_token'] = str(token) - return JsonResponse(response, status=200) - else: - response["response"] = "Please activate your account" - return JsonResponse(response, status=404) - ''' - + @csrf_exempt def _request_token_from_google(email, access_token): payload = {'access_token': access_token} # validate the token @@ -92,7 +77,7 @@ def _request_token_from_google(email, access_token): BisaGoUser.objects.create(user=user, phone_number=random_generated_phone_number) return user, 200 -''' + @csrf_exempt def validate_google_token(email, access_token): payload = {'access_token': access_token} # validate the token @@ -102,7 +87,6 @@ def validate_google_token(email, access_token): content = {'message': 'wrong google token / this google token is already expired.'} return None, JsonResponse(content, status=404) return User.objects.get(email=email) -''' -- GitLab