mygpo/api/advanced/auth.py

   1 #
   2 # This file is part of my.gpodder.org.
   3 #
   4 # my.gpodder.org is free software: you can redistribute it and/or modify it
   5 # under the terms of the GNU Affero General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or (at your
   7 # option) any later version.
   8 #
   9 # my.gpodder.org is distributed in the hope that it will be useful, but
  10 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  11 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
  12 # License for more details.
  13 #
  14 # You should have received a copy of the GNU Affero General Public License
  15 # along with my.gpodder.org. If not, see <http://www.gnu.org/licenses/>.
  16 #
  17
  18 from django.contrib.auth.models import User
  19 from mygpo.api.basic_auth import require_valid_user, check_username
  20 from django.contrib import auth
  21 from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseForbidden, Http404, HttpResponseNotAllowed
  22 from mygpo.api.httpresponse import JsonResponse
  23 from mygpo.web.models import SecurityToken
  24 from django.shortcuts import get_object_or_404
  25 from mygpo.api.models import Device
  26 from django.utils.translation import ugettext as _
  27 from datetime import datetime, timedelta
  28 from mygpo.log import log
  29 import random
  30 from django.views.decorators.csrf import csrf_exempt
  31
  32
  33 @csrf_exempt
  34 @require_valid_user
  35 @check_username
  36 def login(request, username, device_uid):
  37     """
  38     authenticates the user with regular http basic auth
  39     the device is created if it doesn't already exist
  40     """
  41
  42     d, created = Device.objects.get_or_create(user=request.user, uid=device_uid, defaults = {'type': 'other', 'name': _('New Device')})
  43
  44     request.session['device'] = device_uid
  45     request.session.set_expiry(datetime.now()+timedelta(days=365))
  46
  47     # the user has been logged in at this point already
  48     r = {'valid': True}
  49     return JsonResponse(r)
  50
  51
  52 @csrf_exempt
  53 @check_username
  54 def logout(request, username, device_uid):
  55     """
  56     logs out the user. does nothing if he wasn't logged in
  57     """
  58     auth.logout(request)
  59
  60     return HttpResponse()
  61
  62
  63 @csrf_exempt
  64 def validate(request, username, device_uid):
  65     """
  66     checks if the client has been authenticated for the given useru
  67     """
  68     if not request.user.is_authenticated():
  69         return JsonResponse({'valid': False, 'reason': 'Client not authenticated'})
  70
  71     if request.user.username != username:
  72         return JsonResponse({'valid': False, 'reason': 'Client authenticated for different username: %s' % request.user.username})
  73
  74     get_object_or_404(Device, user=request.user, uid=device_uid)
  75
  76     # skip if client isn't authenticated for any device
  77     if request.session['device'] and (device_uid != request.session['device']):
  78         return JsonResponse({'valid': False, 'reason': 'Client authenticated for different device: %s' % request.session['device']})
  79
  80     return JsonResponse({'valid': True})
  81
  82