Add API endpoint for user to request auth token

2024-08-30 18:33:04 +00:00 · 2019-06-23 23:47:06 +10:00 · 2019-06-23 23:47:06 +10:00 · 881adb9487
commit 881adb9487
parent e91eac0c66
4 changed files with 42 additions and 11 deletions
--- a/InvenTree/InvenTree/middleware.py
+++ b/InvenTree/InvenTree/middleware.py
@ -20,10 +20,9 @@ class AuthRequiredMiddleware(object):

        response = self.get_response(request)

+        # Redirect any unauthorized HTTP requests to the login page
        if not request.user.is_authenticated:
-            print(request.path_info)
-
-            if not request.path_info == reverse_lazy('login'):
+            if not request.path_info == reverse_lazy('login') and not request.path_info.startswith('/api/'):
                return HttpResponseRedirect(reverse_lazy('login'))

        # Code to be executed for each request/response after
--- a/InvenTree/InvenTree/settings.py
+++ b/InvenTree/InvenTree/settings.py
@ -65,14 +65,15 @@ INSTALLED_APPS = [
    'order.apps.OrderConfig',

    # Third part add-ons
-    'django_filters',       # Extended filter functionality
-    'dbbackup',             # Database backup / restore
-    'rest_framework',       # DRF (Django Rest Framework)
-    'corsheaders',          # Cross-origin Resource Sharing for DRF
-    'crispy_forms',         # Improved form rendering
-    'import_export',        # Import / export tables to file
-    'django_cleanup',       # Automatically delete orphaned MEDIA files
-    'qr_code',              # Generate QR codes
+    'django_filters',           # Extended filter functionality
+    'dbbackup',                 # Database backup / restore
+    'rest_framework',           # DRF (Django Rest Framework)
+    'rest_framework.authtoken', # Token authentication for API
+    'corsheaders',              # Cross-origin Resource Sharing for DRF
+    'crispy_forms',             # Improved form rendering
+    'import_export',            # Import / export tables to file
+    'django_cleanup',           # Automatically delete orphaned MEDIA files
+    'qr_code',                  # Generate QR codes
 ]

 LOGGING = {
@ -131,6 +132,11 @@ TEMPLATES = [
 REST_FRAMEWORK = {
    'EXCEPTION_HANDLER': 'rest_framework.views.exception_handler',
    'DATETIME_FORMAT': '%Y-%m-%d %H:%M',
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        'rest_framework.authentication.BasicAuthentication',
+        'rest_framework.authentication.SessionAuthentication',
+        'rest_framework.authentication.TokenAuthentication',
+    )
    # 'EXCEPTION_HANDLER': 'InvenTree.utils.api_exception_handler',
    # 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    # 'PAGE_SIZE': 50,
--- a/InvenTree/users/urls.py
+++ b/InvenTree/users/urls.py
@ -5,5 +5,7 @@ from . import views
 user_urls = [
    url(r'^(?P<pk>[0-9]+)/?$', views.UserDetail.as_view(), name='user-detail'),

+    url(r'token', views.GetAuthToken.as_view()),
+
    url(r'^$', views.UserList.as_view()),
 ]
--- a/InvenTree/users/views.py
+++ b/InvenTree/users/views.py
@ -2,8 +2,13 @@ from rest_framework import generics, permissions
 from django.contrib.auth.models import User
 from .serializers import UserSerializer

+from rest_framework.authtoken.views import ObtainAuthToken
+from rest_framework.authtoken.models import Token
+from rest_framework.response import Response
+

 class UserDetail(generics.RetrieveAPIView):
+    """ Detail endpoint for a single user """

    queryset = User.objects.all()
    serializer_class = UserSerializer
@ -11,7 +16,26 @@ class UserDetail(generics.RetrieveAPIView):


 class UserList(generics.ListAPIView):
+    """ List endpoint for detail on all users """

    queryset = User.objects.all()
    serializer_class = UserSerializer
    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+
+
+class GetAuthToken(ObtainAuthToken):
+    """ Return authentication token for an authenticated user. """
+
+    def post(self, request, *args, **kwargs):
+        serializer = self.serializer_class(data=request.data,
+                                           context={'request': request})
+        serializer.is_valid(raise_exception=True)
+        user = serializer.validated_data['user']
+        token, created = Token.objects.get_or_create(user=user)
+        print("YAAAAAAAAH")
+        return Response({
+            'token': token.key,
+            'pk': user.pk,
+            'username': user.username,
+            'email': user.email
+        })