django-rest-auth/rest_auth/views.py

from django.contrib.auth import (
    login as django_login,
    logout as django_logout
)
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.utils.translation import ugettext_lazy as _

from rest_framework import status
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.generics import GenericAPIView
from rest_framework.permissions import IsAuthenticated, AllowAny
from rest_framework.generics import RetrieveUpdateAPIView

from allauth.account import app_settings as allauth_settings

from .app_settings import (
    TokenSerializer, UserDetailsSerializer, LoginSerializer,
    PasswordResetSerializer, PasswordResetConfirmSerializer,
    PasswordChangeSerializer, JWTSerializer, create_token
)
from .models import TokenModel

from .utils import jwt_encode


class LoginView(GenericAPIView):

    """
    Check the credentials and return the REST Token
    if the credentials are valid and authenticated.
    Calls Django Auth login method to register User ID
    in Django session framework

    Accept the following POST parameters: username, password
    Return the REST Framework Token Object's key.
    """
    permission_classes = (AllowAny,)
    serializer_class = LoginSerializer
    token_model = TokenModel

    def process_login(self):
        django_login(self.request, self.user)

    def get_response_serializer(self):
        if getattr(settings, 'REST_USE_JWT', False):
            response_serializer = JWTSerializer
        else:
            response_serializer = TokenSerializer
        return response_serializer

    def login(self):
        self.user = self.serializer.validated_data['user']

        if getattr(settings, 'REST_USE_JWT', False):
            self.token = jwt_encode(self.user)
        else:
            self.token = create_token(self.token_model, self.user, self.serializer)

        if getattr(settings, 'REST_SESSION_LOGIN', True):
            self.process_login()

    def get_response(self):
        serializer_class = self.get_response_serializer()

        if getattr(settings, 'REST_USE_JWT', False):
            data = {
                'user': self.user,
                'token': self.token
            }
            serializer = serializer_class(instance=data, context={'request': self.request})
        else:
            serializer = serializer_class(instance=self.token, context={'request': self.request})

        return Response(serializer.data, status=status.HTTP_200_OK)

    def post(self, request, *args, **kwargs):
        self.request = request
        self.serializer = self.get_serializer(data=self.request.data)
        self.serializer.is_valid(raise_exception=True)

        self.login()
        return self.get_response()


class LogoutView(APIView):

    """
    Calls Django logout method and delete the Token object
    assigned to the current User object.

    Accepts/Returns nothing.
    """
    permission_classes = (AllowAny,)

    def get(self, request, *args, **kwargs):
        try:
            if allauth_settings.LOGOUT_ON_GET:
                response = self.logout(request)
            else:
                response = self.http_method_not_allowed(request, *args, **kwargs)
        except Exception as exc:
            response = self.handle_exception(exc)

        return self.finalize_response(request, response, *args, **kwargs)

    def post(self, request):
        return self.logout(request)

    def logout(self, request):
        try:
            request.user.auth_token.delete()
        except (AttributeError, ObjectDoesNotExist):
            pass

        django_logout(request)

        return Response({"success": _("Successfully logged out.")},
                        status=status.HTTP_200_OK)


class UserDetailsView(RetrieveUpdateAPIView):
    """
    Returns User's details in JSON format.

    Accepts the following GET parameters: token
    Accepts the following POST parameters:
        Required: token
        Optional: email, first_name, last_name and UserProfile fields
    Returns the updated UserProfile and/or User object.
    """
    serializer_class = UserDetailsSerializer
    permission_classes = (IsAuthenticated,)

    def get_object(self):
        return self.request.user


class PasswordResetView(GenericAPIView):

    """
    Calls Django Auth PasswordResetForm save method.

    Accepts the following POST parameters: email
    Returns the success/fail message.
    """

    serializer_class = PasswordResetSerializer
    permission_classes = (AllowAny,)

    def post(self, request, *args, **kwargs):
        # Create a serializer with request.data
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)

        serializer.save()
        # Return the success message with OK HTTP status
        return Response(
            {"success": _("Password reset e-mail has been sent.")},
            status=status.HTTP_200_OK
        )


class PasswordResetConfirmView(GenericAPIView):
    """
    Password reset e-mail link is confirmed, therefore this resets the user's password.

    Accepts the following POST parameters: new_password1, new_password2
    Accepts the following Django URL arguments: token, uid
    Returns the success/fail message.
    """

    serializer_class = PasswordResetConfirmSerializer
    permission_classes = (AllowAny,)

    def post(self, request):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response({"success": _("Password has been reset with the new password.")})


class PasswordChangeView(GenericAPIView):
    """
    Calls Django Auth SetPasswordForm save method.

    Accepts the following POST parameters: new_password1, new_password2
    Returns the success/fail message.
    """

    serializer_class = PasswordChangeSerializer
    permission_classes = (IsAuthenticated,)

    def post(self, request):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response({"success": _("New password has been saved.")})
Increased test coverage (#229) * Added twitter login test * pep8 * Fixes missing backend attr issue * Refactored login process * pep8 * Added more tests for twitter social login 2016-07-18 08:06:28 +03:00			`from django.contrib.auth import (`
			`login as django_login,`
			`logout as django_logout`
			`)`
First commit. 2014-04-30 23:52:05 +04:00			`from django.conf import settings`
Fixed try/catch in logout view 2015-11-24 00:52:59 +03:00			`from django.core.exceptions import ObjectDoesNotExist`
Adds ugettext_lazy to more texts Also adds a first german translation. 2016-02-02 17:29:16 +03:00			`from django.utils.translation import ugettext_lazy as _`
First commit. 2014-04-30 23:52:05 +04:00
			`from rest_framework import status`
			`from rest_framework.views import APIView`
			`from rest_framework.response import Response`
			`from rest_framework.generics import GenericAPIView`
			`from rest_framework.permissions import IsAuthenticated, AllowAny`
revised user details view 2014-10-02 13:18:23 +04:00			`from rest_framework.generics import RetrieveUpdateAPIView`
First commit. 2014-04-30 23:52:05 +04:00
Allow logout on GET 2016-01-09 06:11:35 +03:00			`from allauth.account import app_settings as allauth_settings`

Flake8 style fixes 2015-04-28 11:22:08 +03:00			`from .app_settings import (`
			`TokenSerializer, UserDetailsSerializer, LoginSerializer,`
			`PasswordResetSerializer, PasswordResetConfirmSerializer,`
Added tests for JWT, fixed merge issues 2016-02-16 08:42:18 +03:00			`PasswordChangeSerializer, JWTSerializer, create_token`
Flake8 style fixes 2015-04-28 11:22:08 +03:00			`)`
Add support for custom Token model 2016-01-01 00:10:52 +03:00			`from .models import TokenModel`
First commit. 2014-04-30 23:52:05 +04:00
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00			`from .utils import jwt_encode`

First commit. 2014-04-30 23:52:05 +04:00
appending all views with View 2015-08-07 13:54:45 +03:00			`class LoginView(GenericAPIView):`
First commit. 2014-04-30 23:52:05 +04:00
			`"""`
			`Check the credentials and return the REST Token`
			`if the credentials are valid and authenticated.`
			`Calls Django Auth login method to register User ID`
			`in Django session framework`

			`Accept the following POST parameters: username, password`
			`Return the REST Framework Token Object's key.`
			`"""`
define permission classes inside views 2014-10-24 17:52:07 +04:00			`permission_classes = (AllowAny,)`
First commit. 2014-04-30 23:52:05 +04:00			`serializer_class = LoginSerializer`
Add support for custom Token model 2016-01-01 00:10:52 +03:00			`token_model = TokenModel`
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00
Increased test coverage (#229) * Added twitter login test * pep8 * Fixes missing backend attr issue * Refactored login process * pep8 * Added more tests for twitter social login 2016-07-18 08:06:28 +03:00			`def process_login(self):`
			`django_login(self.request, self.user)`

* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00			`def get_response_serializer(self):`
			`if getattr(settings, 'REST_USE_JWT', False):`
			`response_serializer = JWTSerializer`
			`else:`
			`response_serializer = TokenSerializer`
			`return response_serializer`
First commit. 2014-04-30 23:52:05 +04:00
revised user details view 2014-10-02 13:18:23 +04:00			`def login(self):`
support django-rest-framework v3.0 2015-01-09 14:05:14 +03:00			`self.user = self.serializer.validated_data['user']`
fixed code quality 2016-03-01 14:51:01 +03:00
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00			`if getattr(settings, 'REST_USE_JWT', False):`
			`self.token = jwt_encode(self.user)`
			`else:`
Added tests for JWT, fixed merge issues 2016-02-16 08:42:18 +03:00			`self.token = create_token(self.token_model, self.user, self.serializer)`

			`if getattr(settings, 'REST_SESSION_LOGIN', True):`
Increased test coverage (#229) * Added twitter login test * pep8 * Fixes missing backend attr issue * Refactored login process * pep8 * Added more tests for twitter social login 2016-07-18 08:06:28 +03:00			`self.process_login()`
Added tests for JWT, fixed merge issues 2016-02-16 08:42:18 +03:00
revised user details view 2014-10-02 13:18:23 +04:00			`def get_response(self):`
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00			`serializer_class = self.get_response_serializer()`

			`if getattr(settings, 'REST_USE_JWT', False):`
			`data = {`
			`'user': self.user,`
			`'token': self.token`
			`}`
passing on the context/request to serializer 2016-04-14 14:54:50 +03:00			`serializer = serializer_class(instance=data, context={'request': self.request})`
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00			`else:`
passing on the context/request to serializer 2016-04-14 14:54:50 +03:00			`serializer = serializer_class(instance=self.token, context={'request': self.request})`
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00
			`return Response(serializer.data, status=status.HTTP_200_OK)`
revised user details view 2014-10-02 13:18:23 +04:00
			`def post(self, request, args, *kwargs):`
Increased test coverage (#229) * Added twitter login test * pep8 * Fixes missing backend attr issue * Refactored login process * pep8 * Added more tests for twitter social login 2016-07-18 08:06:28 +03:00			`self.request = request`
bugfix, request.DATA is deprecated, replaced with request.data 2015-08-07 14:31:33 +03:00			`self.serializer = self.get_serializer(data=self.request.data)`
raise_exception=True for views 2015-11-23 17:04:56 +03:00			`self.serializer.is_valid(raise_exception=True)`
Increased test coverage (#229) * Added twitter login test * pep8 * Fixes missing backend attr issue * Refactored login process * pep8 * Added more tests for twitter social login 2016-07-18 08:06:28 +03:00
revised user details view 2014-10-02 13:18:23 +04:00			`self.login()`
			`return self.get_response()`
First commit. 2014-04-30 23:52:05 +04:00

appending all views with View 2015-08-07 13:54:45 +03:00			`class LogoutView(APIView):`
First commit. 2014-04-30 23:52:05 +04:00
			`"""`
			`Calls Django logout method and delete the Token object`
			`assigned to the current User object.`

			`Accepts/Returns nothing.`
			`"""`
make all endpoints browsable 2014-11-12 12:33:29 +03:00			`permission_classes = (AllowAny,)`
First commit. 2014-04-30 23:52:05 +04:00
Allow logout on GET 2016-01-09 06:11:35 +03:00			`def get(self, request, args, *kwargs):`
			`try:`
			`if allauth_settings.LOGOUT_ON_GET:`
			`response = self.logout(request)`
			`else:`
			`response = self.http_method_not_allowed(request, args, *kwargs)`
			`except Exception as exc:`
			`response = self.handle_exception(exc)`

			`return self.finalize_response(request, response, args, *kwargs)`

revised user details view 2014-10-02 13:18:23 +04:00			`def post(self, request):`
Allow logout on GET 2016-01-09 06:11:35 +03:00			`return self.logout(request)`

			`def logout(self, request):`
First commit. 2014-04-30 23:52:05 +04:00			`try:`
			`request.user.auth_token.delete()`
Fixed try/catch in logout view 2015-11-24 00:52:59 +03:00			`except (AttributeError, ObjectDoesNotExist):`
First commit. 2014-04-30 23:52:05 +04:00			`pass`

Increased test coverage (#229) * Added twitter login test * pep8 * Fixes missing backend attr issue * Refactored login process * pep8 * Added more tests for twitter social login 2016-07-18 08:06:28 +03:00			`django_logout(request)`
First commit. 2014-04-30 23:52:05 +04:00
Adds ugettext_lazy to more texts Also adds a first german translation. 2016-02-02 17:29:16 +03:00			`return Response({"success": _("Successfully logged out.")},`
First commit. 2014-04-30 23:52:05 +04:00			`status=status.HTTP_200_OK)`


appending all views with View 2015-08-07 13:54:45 +03:00			`class UserDetailsView(RetrieveUpdateAPIView):`
First commit. 2014-04-30 23:52:05 +04:00			`"""`
			`Returns User's details in JSON format.`

			`Accepts the following GET parameters: token`
			`Accepts the following POST parameters:`
			`Required: token`
			`Optional: email, first_name, last_name and UserProfile fields`
			`Returns the updated UserProfile and/or User object.`
			`"""`
revised user details view 2014-10-02 13:18:23 +04:00			`serializer_class = UserDetailsSerializer`
define permission classes inside views 2014-10-24 17:52:07 +04:00			`permission_classes = (IsAuthenticated,)`
First commit. 2014-04-30 23:52:05 +04:00
revised user details view 2014-10-02 13:18:23 +04:00			`def get_object(self):`
			`return self.request.user`
First commit. 2014-04-30 23:52:05 +04:00

appending all views with View 2015-08-07 13:54:45 +03:00			`class PasswordResetView(GenericAPIView):`
First commit. 2014-04-30 23:52:05 +04:00
			`"""`
			`Calls Django Auth PasswordResetForm save method.`

			`Accepts the following POST parameters: email`
			`Returns the success/fail message.`
			`"""`

			`serializer_class = PasswordResetSerializer`
define permission classes inside views 2014-10-24 17:52:07 +04:00			`permission_classes = (AllowAny,)`
First commit. 2014-04-30 23:52:05 +04:00
password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`def post(self, request, args, *kwargs):`
bugfix, request.DATA is deprecated, replaced with request.data 2015-08-07 14:31:33 +03:00			`# Create a serializer with request.data`
			`serializer = self.get_serializer(data=request.data)`
raise_exception=True for views 2015-11-23 17:04:56 +03:00			`serializer.is_valid(raise_exception=True)`
First commit. 2014-04-30 23:52:05 +04:00
password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`serializer.save()`
			`# Return the success message with OK HTTP status`
Flake8 style fixes 2015-04-28 11:22:08 +03:00			`return Response(`
Adds ugettext_lazy to more texts Also adds a first german translation. 2016-02-02 17:29:16 +03:00			`{"success": _("Password reset e-mail has been sent.")},`
Flake8 style fixes 2015-04-28 11:22:08 +03:00			`status=status.HTTP_200_OK`
			`)`
First commit. 2014-04-30 23:52:05 +04:00
Created AUTHORS, MANIFEST.in, and setup.py. + Revised README.md. + AutoPEP8 rest_auth python files. 2014-05-01 00:55:04 +04:00
appending all views with View 2015-08-07 13:54:45 +03:00			`class PasswordResetConfirmView(GenericAPIView):`
First commit. 2014-04-30 23:52:05 +04:00			`"""`
			`Password reset e-mail link is confirmed, therefore this resets the user's password.`

			`Accepts the following POST parameters: new_password1, new_password2`
test for password reset process 2014-05-06 02:53:06 +04:00			`Accepts the following Django URL arguments: token, uid`
First commit. 2014-04-30 23:52:05 +04:00			`Returns the success/fail message.`
			`"""`

password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`serializer_class = PasswordResetConfirmSerializer`
define permission classes inside views 2014-10-24 17:52:07 +04:00			`permission_classes = (AllowAny,)`
First commit. 2014-04-30 23:52:05 +04:00
password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`def post(self, request):`
bugfix, request.DATA is deprecated, replaced with request.data 2015-08-07 14:31:33 +03:00			`serializer = self.get_serializer(data=request.data)`
raise_exception=True for views 2015-11-23 17:04:56 +03:00			`serializer.is_valid(raise_exception=True)`
password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`serializer.save()`
Adds ugettext_lazy to more texts Also adds a first german translation. 2016-02-02 17:29:16 +03:00			`return Response({"success": _("Password has been reset with the new password.")})`
First commit. 2014-04-30 23:52:05 +04:00

appending all views with View 2015-08-07 13:54:45 +03:00			`class PasswordChangeView(GenericAPIView):`
First commit. 2014-04-30 23:52:05 +04:00			`"""`
			`Calls Django Auth SetPasswordForm save method.`

			`Accepts the following POST parameters: new_password1, new_password2`
			`Returns the success/fail message.`
			`"""`

password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`serializer_class = PasswordChangeSerializer`
define permission classes inside views 2014-10-24 17:52:07 +04:00			`permission_classes = (IsAuthenticated,)`
First commit. 2014-04-30 23:52:05 +04:00
			`def post(self, request):`
bugfix, request.DATA is deprecated, replaced with request.data 2015-08-07 14:31:33 +03:00			`serializer = self.get_serializer(data=request.data)`
raise_exception=True for views 2015-11-23 17:04:56 +03:00			`serializer.is_valid(raise_exception=True)`
password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`serializer.save()`
Adds ugettext_lazy to more texts Also adds a first german translation. 2016-02-02 17:29:16 +03:00			`return Response({"success": _("New password has been saved.")})`