Initial work on V2 of the Auth API, also fixes for V1

api/handlers/__init__.py

@@ -0,0 +1,2 @@
+from v1 import *
+from v2 import *

api/handlers/v1.py

@@ -27,10 +27,10 @@ from xml.dom import minidom
 class UserHandler(BaseHandler):
     allowed_methods = ('GET')
 
-    def read(self, request, id=None):
-        if id:
+    def read(self, request):
+        if 'userid' in request.GET:
             try:
-                u = User.objects.get(id=id)
+                u = User.objects.get(id=request.GET['userid'])
             except (User.DoesNotExist, ValueError):
                 return {'auth': 'missing', 'missing': 'userid'}
         elif 'user' in request.GET:
@@ -63,15 +63,9 @@ class UserHandler(BaseHandler):
 class LoginHandler(BaseHandler):
     allowed_methods = ('GET')
 
-    def read(self, request, id=None):
+    def read(self, request):
 
         u = None
-        if id:
-            try:
-                u = User.objects.get(id=id)
-            except (User.DoesNotExist, ValueError):
-                return {'auth': 'missing', 'missing': 'UserID'}
-
         if request.GET.get('user', None):
             try:
                 u = User.objects.get(username=request.GET['user'])

api/handlers/v2.py

@@ -0,0 +1,25 @@
+from django.contrib.auth.models import User
+from django.shortcuts import get_object_or_404
+
+from piston.handler import BaseHandler
+from piston.utils import rc
+
+class AuthenticationHandler(BaseHandler):
+    """
+    Authenticate a user against the Auth user DB.
+    Provides back a session allowing further access
+    """
+
+    allowed_methods = ('GET')
+
+    def read(self, request, username, password):
+
+        user = get_object_or_404(User, username=username)
+        if password and password == user.get_profile().api_service_password:
+            return {'id': user.id, 'username': user.username,
+                    'email': user.email, 'groups': user.groups.all(),
+                    'staff': user.is_staff, 'superuser': user.is_superuser}
+
+        resp = rc.FORBIDDEN
+        resp.write({'auth': 'failed'})
+        return resp

api/urls.py

@@ -1,14 +1,14 @@
 from django.conf.urls.defaults import *
 from piston.resource import Resource
-from piston.authentication import HttpBasicAuthentication, OAuthAuthentication, NoAuthentication
+from piston.authentication import NoAuthentication
 
 from api.auth import APIKeyAuthentication
 from api.handlers import *
 
-oauth = {'authentication': OAuthAuthentication() }
 noauth = {'authentication': NoAuthentication() }
 apikeyauth = {'authentication': APIKeyAuthentication() }
 
+# v1 APIs
 user_resource = Resource(handler=UserHandler, **apikeyauth)
 login_resource = Resource(handler=LoginHandler, **noauth)
 eveapi_resource = Resource(handler=EveAPIHandler, **apikeyauth)
@@ -27,8 +27,9 @@ urlpatterns = patterns('',
     url(r'^blacklist/$', blacklist_resource),
 )
 
-urlpatterns += patterns('piston.authentication',
-    url(r'^oauth/request_token/$','oauth_request_token'),
-    url(r'^oauth/authorize/$','oauth_user_auth'),
-    url(r'^oauth/access_token/$','oauth_access_token'),
+# v2 APIs
+v2_authenticate_resource = Resource(handler=AuthenticationHandler, **noauth)
+
+urlpatterns += patterns('',
+    url(r'^v2/authenticate/$', v2_authenticate_resource),
 )