From 7be1f97cba037a79b0e7adce8c6935f167e0b36d Mon Sep 17 00:00:00 2001 From: Andrew Williams Date: Sun, 9 Jan 2011 13:01:29 +0000 Subject: [PATCH] Initial work on V2 of the Auth API, also fixes for V1 --- api/handlers/__init__.py | 2 ++ api/{handlers.py => handlers/v1.py} | 14 ++++---------- api/handlers/v2.py | 25 +++++++++++++++++++++++++ api/urls.py | 13 +++++++------ 4 files changed, 38 insertions(+), 16 deletions(-) create mode 100644 api/handlers/__init__.py rename api/{handlers.py => handlers/v1.py} (96%) mode change 100755 => 100644 create mode 100644 api/handlers/v2.py diff --git a/api/handlers/__init__.py b/api/handlers/__init__.py new file mode 100644 index 0000000..08641d5 --- /dev/null +++ b/api/handlers/__init__.py @@ -0,0 +1,2 @@ +from v1 import * +from v2 import * diff --git a/api/handlers.py b/api/handlers/v1.py old mode 100755 new mode 100644 similarity index 96% rename from api/handlers.py rename to api/handlers/v1.py index 5ee5486..4b4db9c --- a/api/handlers.py +++ b/api/handlers/v1.py @@ -27,10 +27,10 @@ from xml.dom import minidom class UserHandler(BaseHandler): allowed_methods = ('GET') - def read(self, request, id=None): - if id: + def read(self, request): + if 'userid' in request.GET: try: - u = User.objects.get(id=id) + u = User.objects.get(id=request.GET['userid']) except (User.DoesNotExist, ValueError): return {'auth': 'missing', 'missing': 'userid'} elif 'user' in request.GET: @@ -63,15 +63,9 @@ class UserHandler(BaseHandler): class LoginHandler(BaseHandler): allowed_methods = ('GET') - def read(self, request, id=None): + def read(self, request): u = None - if id: - try: - u = User.objects.get(id=id) - except (User.DoesNotExist, ValueError): - return {'auth': 'missing', 'missing': 'UserID'} - if request.GET.get('user', None): try: u = User.objects.get(username=request.GET['user']) diff --git a/api/handlers/v2.py b/api/handlers/v2.py new file mode 100644 index 0000000..8d4f632 --- /dev/null +++ b/api/handlers/v2.py @@ -0,0 +1,25 @@ +from django.contrib.auth.models import User +from django.shortcuts import get_object_or_404 + +from piston.handler import BaseHandler +from piston.utils import rc + +class AuthenticationHandler(BaseHandler): + """ + Authenticate a user against the Auth user DB. + Provides back a session allowing further access + """ + + allowed_methods = ('GET') + + def read(self, request, username, password): + + user = get_object_or_404(User, username=username) + if password and password == user.get_profile().api_service_password: + return {'id': user.id, 'username': user.username, + 'email': user.email, 'groups': user.groups.all(), + 'staff': user.is_staff, 'superuser': user.is_superuser} + + resp = rc.FORBIDDEN + resp.write({'auth': 'failed'}) + return resp diff --git a/api/urls.py b/api/urls.py index b83ca42..cc9b2db 100755 --- a/api/urls.py +++ b/api/urls.py @@ -1,14 +1,14 @@ from django.conf.urls.defaults import * from piston.resource import Resource -from piston.authentication import HttpBasicAuthentication, OAuthAuthentication, NoAuthentication +from piston.authentication import NoAuthentication from api.auth import APIKeyAuthentication from api.handlers import * -oauth = {'authentication': OAuthAuthentication() } noauth = {'authentication': NoAuthentication() } apikeyauth = {'authentication': APIKeyAuthentication() } +# v1 APIs user_resource = Resource(handler=UserHandler, **apikeyauth) login_resource = Resource(handler=LoginHandler, **noauth) eveapi_resource = Resource(handler=EveAPIHandler, **apikeyauth) @@ -27,8 +27,9 @@ urlpatterns = patterns('', url(r'^blacklist/$', blacklist_resource), ) -urlpatterns += patterns('piston.authentication', - url(r'^oauth/request_token/$','oauth_request_token'), - url(r'^oauth/authorize/$','oauth_user_auth'), - url(r'^oauth/access_token/$','oauth_access_token'), +# v2 APIs +v2_authenticate_resource = Resource(handler=AuthenticationHandler, **noauth) + +urlpatterns += patterns('', + url(r'^v2/authenticate/$', v2_authenticate_resource), )