Add authtoken app

Author: wichmannpas

Diff for: authtoken/__init__.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

Diff for: authtoken/admin.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class AuthConfig(AppConfig):
+    name = 'authtoken'

Diff for: authtoken/apps.py

@@ -0,0 +1,52 @@
+from base64 import urlsafe_b64decode
+import binascii
+
+from django.utils.translation import ugettext_lazy as _
+from rest_framework import HTTP_HEADER_ENCODING
+from rest_framework.authentication import BaseAuthentication, get_authorization_header
+from rest_framework.exceptions import AuthenticationFailed
+
+from .models import AuthToken
+
+
+class AuthTokenAuthentication(BaseAuthentication):
+    def authenticate(self, request):
+        """
+        Authenticate the request and return a two-tuple of (user, token).
+        """
+        auth = get_authorization_header(request).split()
+
+        if not auth or auth[0].lower() != b'token':
+            return None
+
+        if len(auth) == 1:
+            msg = _('Invalid auth token header. No credentials provided.')
+            raise AuthenticationFailed(msg)
+        elif len(auth) > 2:
+            msg = _('Invalid auth token.')
+            raise AuthenticationFailed(msg)
+
+        try:
+            token = urlsafe_b64decode(auth[1])
+        except ValueError:
+            msg = _('Invalid auth token.')
+            raise AuthenticationFailed(msg)
+
+        return self.authenticate_credentials(token, request)
+
+    def authenticate_credentials(self, token: bytes, request=None):
+        """
+        Authenticate the token with optional request for context.
+        """
+        user = AuthToken.get_user_for_token(token)
+
+        if user is None:
+            raise AuthenticationFailed(_('Invalid auth token.'))
+
+        if not user.is_active:
+            raise AuthenticationFailed(_('User inactive or deleted.'))
+
+        return user, token
+
+    def authenticate_header(self, request):
+        return 'Token'

Diff for: authtoken/auth.py

@@ -0,0 +1,26 @@
+# Generated by Django 2.0.7 on 2018-07-19 11:46
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AuthToken',
+            fields=[
+                ('hashed_token', models.BinaryField(primary_key=True, serialize=False)),
+                ('created', models.DateTimeField(default=django.utils.timezone.now)),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='auth_tokens', to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]

Diff for: authtoken/migrations/0001_initial.py

@@ -0,0 +1,72 @@
+from datetime import timedelta
+from hashlib import sha512
+from os import urandom
+from typing import Union
+
+from django.conf import settings
+from django.contrib.auth import get_user_model
+from django.db import models
+from django.utils import timezone
+
+
+class AuthToken(models.Model):
+    hashed_token = models.BinaryField(primary_key=True)
+
+    user = models.ForeignKey(
+        settings.AUTH_USER_MODEL,
+        related_name='auth_tokens',
+        on_delete=models.CASCADE)
+
+    created = models.DateTimeField(default=timezone.now)
+
+    def __str__(self) -> str:
+        return '{}: {}'.format(self.user, self.hashed_token)
+
+    @property
+    def age(self) -> timedelta:
+        return timezone.now() - self.created
+
+    def logout(self, token: Union[str, None] = None):
+        """
+        Log this token out.
+        """
+        self.delete()
+
+    @staticmethod
+    def create_token_for_user(user: get_user_model()) -> bytes:
+        """
+        Create a new random auth token for user.
+        """
+        token = urandom(48)
+        AuthToken.objects.create(
+            hashed_token=AuthToken._hash_token(token),
+            user=user)
+        return token
+
+    @staticmethod
+    def get_user_for_token(token: bytes) -> Union[get_user_model(), None]:
+        auth_token = AuthToken.get_auth_token(token)
+        if auth_token:
+            return auth_token.user
+
+    @staticmethod
+    def get_auth_token(token: bytes) -> Union[get_user_model(), None]:
+        try:
+            auth_token = AuthToken.objects.get(
+                hashed_token=AuthToken._hash_token(token))
+
+            if auth_token.age > settings.AUTH_TOKEN_VALIDITY:
+                # token expired.
+                auth_token.delete()
+                return None
+
+            return auth_token
+        except AuthToken.DoesNotExist:
+            return None
+
+    @staticmethod
+    def _hash_token(token: bytes) -> bytes:
+        """
+        Hash a token.
+        """
+        return sha512(token).digest()

Diff for: authtoken/migrations/__init__.py

@@ -0,0 +1,25 @@
+from django.contrib.auth import get_user_model
+from rest_framework import serializers
+from rest_framework.exceptions import ValidationError
+
+
+class UserRegistrationSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = get_user_model()
+        fields = (
+            'username',
+            'password',
+        )
+
+    def validate_password(self, value):
+        if len(value) < 6:
+            raise ValidationError('the password is too short.')
+        return value
+
+    def create(self, validated_data):
+        password = validated_data.pop('password')
+
+        instance = self.Meta.model(**validated_data)
+        instance.set_password(password)
+        instance.save()
+        return instance

Diff for: authtoken/models.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

Diff for: authtoken/serializers.py

@@ -0,0 +1,12 @@
+from rest_framework.routers import SimpleRouter
+
+from . import views
+
+
+app_name = 'authtoken'
+
+router = SimpleRouter()
+router.register('login', views.LoginViewSet, base_name='login')
+router.register('register', views.RegisterViewSet, base_name='register')
+
+urlpatterns = router.urls

Diff for: authtoken/tests.py

@@ -0,0 +1,57 @@
+from base64 import urlsafe_b64encode
+
+from django.conf import settings
+from django.contrib.auth import authenticate
+from django.utils.translation import ugettext_lazy as _
+from rest_framework import status
+from rest_framework.request import Request
+from rest_framework.response import Response
+from rest_framework.settings import APISettings
+from rest_framework.viewsets import GenericViewSet, ViewSet
+
+from .models import AuthToken
+from .serializers import UserRegistrationSerializer
+
+
+authtoken_settings = APISettings(
+    {
+        'USER_SERIALIZER': getattr(settings, 'USER_SERIALIZER', None),
+    },
+    {
+        'USER_SERIALIZER': None,
+    },
+    {'USER_SERIALIZER'}
+)
+
+
+class LoginViewSet(ViewSet):
+    def create(self, request: Request) -> Response:
+        user = authenticate(
+            username=request.data.get('username'),
+            password=request.data.get('password'))
+        if not user:
+            return Response(
+                _('invalid credentials.'),
+                status=status.HTTP_401_UNAUTHORIZED)
+
+        token = AuthToken.create_token_for_user(user)
+
+        data = {
+            'token': urlsafe_b64encode(token),
+        }
+
+        if authtoken_settings.USER_SERIALIZER:
+            data['user'] = authtoken_settings.USER_SERIALIZER(
+                instance=user, read_only=True).data
+
+        return Response(data)
+
+
+class RegisterViewSet(GenericViewSet):
+    serializer_class = UserRegistrationSerializer
+
+    def create(self, request: Request) -> Response:
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response('', status=status.HTTP_201_CREATED)