Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • zhuge/feature/coupon-api
  • chris/feature/social-auth
  • chris/feature/profile-update-username-and-email
  • chris/feature/login-with-email
  • chris/feature/user-auth-api
6 results
Blame Permalink
auth.py 8.62 KiB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217 






import json
import jwt
from jwt.algorithms import RSAAlgorithm
import requests

from django.contrib.auth.models import User
from django.shortcuts import render
from django.urls import reverse
from rest_framework import generics, status, serializers, HTTP_HEADER_ENCODING, permissions
from rest_framework.decorators import api_view, authentication_classes
from rest_framework.response import Response
from knox.auth import TokenAuthentication
from knox.models import AuthToken

from core.models.social_account import SocialAccount
from core.serializers.login import LoginSerializer
from core.serializers.register import RegisterSerializer
from core.serializers.user import UserSerializer
from core.serializers.socialAuthSerializer import AppleUserInputSerializer, FacebookUserInputSerializer, GoogleUserInputSerializer


class RegisterAPI(generics.GenericAPIView):
    serializer_class = RegisterSerializer

    def post(self, request, *args, **kwargs):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        user = serializer.save()
        user.is_active = False
        user.save()
        token = AuthToken.objects.create(user)
        return Response({
            "user": UserSerializer(user, context=self.get_serializer_context()).data,
            "token": token[1]
        })


class LoginAPI(generics.GenericAPIView):
    serializer_class = LoginSerializer

    def post(self, request):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        user = serializer.validated_data
        token = AuthToken.objects.create(user)
        return Response({
            "user": UserSerializer(user, context=self.get_serializer_context()).data,
            "token": token[1],
        })


class AppleLogin(generics.GenericAPIView):
    serializer_class = AppleUserInputSerializer
    APPLE_PUBLIC_KEY_URL = "https://appleid.apple.com/auth/keys"
    APPLE_APP_ID = "com.hamsterwhat.ios"
    
    def _decode_apple_user_token(self, apple_user_token):
        key_payload = requests.get(self.APPLE_PUBLIC_KEY_URL).json()

        for public_key in key_payload["keys"]:
            public_key = RSAAlgorithm.from_jwk(json.dumps(public_key))
            try:
                token = jwt.decode(apple_user_token, public_key, audience=[self.APPLE_APP_ID, 'host.exp.Exponent'], algorithms=['RS256'])
            except jwt.exceptions.ExpiredSignatureError as e:
                serializers.ValidationError({"id_token": "That token has expired."})
            except jwt.exceptions.InvalidAudienceError as e:
                serializers.ValidationError({"id_token": "That token's audience did not match."})
            except Exception as e:
                continue
        
        if token is None:
            serializers.ValidationError({"id_token": "That token is invalid."})
        return token

    def post(self, request):
        print(request.data)
        serializer = self.serializer_class(data=request.data)
        serializer.is_valid(raise_exception=True)
        id_token = serializer.validated_data.get('id_token')
        data_from_id_token = self._decode_apple_user_token(id_token)
        print(data_from_id_token)
        
        identity = 'apple_' + data_from_id_token.get('sub')
        if SocialAccount.objects.filter(identity=identity).exists():
            user = SocialAccount.objects.filter(identity=identity).first().user
        else:
            user, created = User.objects.get_or_create(
                username=identity,
                password=User.objects.make_random_password(),
                email=data_from_id_token.get('email', None),
            )
            social_account = SocialAccount(identity=identity, user=user)
            social_account.save()
        token = AuthToken.objects.create(user)
        return Response({
            "user": UserSerializer(user, context=self.get_serializer_context()).data,
            "token": token[1],
        })


class GoogleLogin(generics.GenericAPIView):
    serializer_class = GoogleUserInputSerializer
    GOOGLE_API = "https://www.googleapis.com/userinfo/v2/me"

    def post(self, request):
        serializer = self.serializer_class(data=request.data)
        serializer.is_valid(raise_exception=True)
        access_token = serializer.validated_data.get('access_token')
        req = requests.get(self.GOOGLE_API, params={'access_token': access_token})
        data_from_api = req.json()
        
        identity = 'google_' + data_from_api.get('id')
        if SocialAccount.objects.filter(identity=identity).exists():
            user = SocialAccount.objects.filter(identity=identity).first().user
        else:
            user, created = User.objects.get_or_create(
                username=identity,
                password=User.objects.make_random_password(),
                email=data_from_api.get('email', None),
            )
            if created:
                user.first_name = data_from_api.get('given_name', user.first_name)
                user.last_name = data_from_api.get('family_name', user.last_name)
                user.save()
                user.profile.photo = data_from_api.get('picture', user.profile.photo)
                user.profile.save()
            social_account = SocialAccount(identity=identity, user=user)
            social_account.save()
        token = AuthToken.objects.create(user)
        return Response({
            "user": UserSerializer(user, context=self.get_serializer_context()).data,
            "token": token[1],
        })


class FacebookLogin(generics.GenericAPIView):
    serializer_class = FacebookUserInputSerializer
    FACEBOOK_API = "https://graph.facebook.com/me"

    def post(self, request):
        serializer = self.serializer_class(data=request.data)
        serializer.is_valid(raise_exception=True)
        access_token = serializer.validated_data.get('access_token')
        req = requests.get(self.FACEBOOK_API, params={'fields': 'id,name,email,first_name,last_name,picture', 'access_token': access_token})
        data_from_api = req.json()
        
        identity = 'fb_' + data_from_api.get('id')
        if SocialAccount.objects.filter(identity=identity).exists():
            user = SocialAccount.objects.filter(identity=identity).first().user
        else:
            user, created = User.objects.get_or_create(
                username=identity,
                password=User.objects.make_random_password(),
                email=data_from_api.get('email', None),
            )
            if created:
                user.first_name = data_from_api.get('first_name', user.first_name)
                user.last_name = data_from_api.get('last_name', user.last_name)
                user.save()
                user.profile.photo = data_from_api.get('picture', {}).get('data', {}).get('url', user.profile.photo)
                user.profile.save()
            social_account = SocialAccount(identity=identity, user=user)
            social_account.save()
        token = AuthToken.objects.create(user)
        return Response({
            "user": UserSerializer(user, context=self.get_serializer_context()).data,
            "token": token[1],
        })


@api_view(['GET'])
@authentication_classes([])
def validate_token(request):
    try:
        authenticator = TokenAuthentication()
        user, auth_token = authenticator.authenticate(request)
        if user and auth_token:
            return Response({'valid': 'true'})
    except:
        return Response({'valid': 'false'})


class DeleteAccountAPI(generics.GenericAPIView):
    permission_classes = (permissions.IsAuthenticated,)

    def delete(self, request):
        user = self.request.user
        if user:
            user.delete()
            return Response({'msg': 'Delete successfully.'})
        return Response({'msg': 'Failed to delete this account.'}, status=status.HTTP_401_UNAUTHORIZED)


def verify_user_and_activate(request, token):
    try:
        auth = AuthToken.objects.filter(digest=token).first()
        auth.user.is_active = True
        auth.user.save()
        return render(
            request,
            template_name='email/verification_success.html',
            context={
                'msg': 'Your Email is verified successfully and account has been activated.',
                'status': 'Verification Successful!',
            }
        )
    except:
        return render(
            request,
            template_name='email/verification_fail.html',
            context={
                'msg': 'There is something wrong with this link, unable to verify the user...',
                'minor_msg': 'There is something wrong with this link...',
                'status': 'Verification Failed!',
            }
        )