2 # This file is part of my.gpodder.org.
4 # my.gpodder.org is free software: you can redistribute it and/or modify it
5 # under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or (at your
7 # option) any later version.
9 # my.gpodder.org is distributed in the hope that it will be useful, but
10 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
12 # License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with my.gpodder.org. If not, see <http://www.gnu.org/licenses/>.
18 from django
.contrib
.auth
.models
import User
19 from mygpo
.api
.basic_auth
import require_valid_user
, check_username
20 from django
.contrib
import auth
21 from django
.http
import HttpResponse
, HttpResponseBadRequest
, HttpResponseForbidden
22 from mygpo
.api
.httpresponse
import JsonResponse
23 from mygpo
.web
.models
import SecurityToken
24 from django
.shortcuts
import get_object_or_404
25 from mygpo
.api
.models
import Device
26 from django
.utils
.translation
import ugettext
as _
27 from datetime
import datetime
, timedelta
28 from mygpo
.log
import log
30 from django
.views
.decorators
.csrf
import csrf_exempt
36 def login(request
, username
, device_uid
):
38 authenticates the user with regular http basic auth
39 the device is created if it doesn't already exist
42 d
, created
= Device
.objects
.get_or_create(user
=request
.user
, uid
=device_uid
, defaults
= {'type': 'other', 'name': _('New Device')})
44 request
.session
['device'] = device_uid
45 request
.session
.set_expiry(datetime
.now()+timedelta(days
=365))
47 # the user has been logged in at this point already
49 return JsonResponse(r
)
54 def logout(request
, username
, device_uid
):
56 logs out the user. does nothing if he wasn't logged in
64 def validate(request
, username
, device_uid
):
66 checks if the client has been authenticated for the given useru
68 if not request
.user
.is_authenticated():
69 return JsonResponse({'valid': False, 'reason': 'Client not authenticated'})
71 if request
.user
.username
!= username
:
72 return JsonResponse({'valid': False, 'reason': 'Client authenticated for different username: %s' % request
.user
.username
})
74 get_object_or_404(Device
, user
=request
.user
, uid
=device_uid
)
76 # skip if client isn't authenticated for any device
77 if request
.session
['device'] and (device_uid
!= request
.session
['device']):
78 return JsonResponse({'valid': False, 'reason': 'Client authenticated for different device: %s' % request
.session
['device']})
80 return JsonResponse({'valid': True})