mygpo/api/advanced/auth.py

   1 from datetime import datetime, timedelta
   2
   3 from django.contrib import auth
   4 from django.http import HttpResponse
   5 from django.views.decorators.csrf import csrf_exempt
   6 from django.views.decorators.cache import never_cache
   7
   8 from mygpo.api.basic_auth import require_valid_user, check_username
   9 from mygpo.decorators import allowed_methods, cors_origin
  10
  11
  12 @csrf_exempt
  13 @require_valid_user
  14 @check_username
  15 @allowed_methods(["POST"])
  16 @never_cache
  17 @cors_origin()
  18 def login(request, username):
  19     """
  20     authenticates the user with regular http basic auth
  21     """
  22
  23     request.session.set_expiry(datetime.utcnow() + timedelta(days=365))
  24     return HttpResponse()
  25
  26
  27 @csrf_exempt
  28 @check_username
  29 @allowed_methods(["POST"])
  30 @never_cache
  31 @cors_origin()
  32 def logout(request, username):
  33     """
  34     logs out the user. does nothing if he wasn't logged in
  35     """
  36
  37     auth.logout(request)
  38     return HttpResponse()