Commit 4f6047dd authored by Giannis Tsapelas's avatar Giannis Tsapelas
Browse files

api authentication update

parent 06645819
......@@ -70,6 +70,7 @@ AUTHENTICATION_BACKENDS = (
# `allauth` specific authentication methods, such as login by e-mail
"allauth.account.auth_backends.AuthenticationBackend",
'django_keycloak.auth.backends.KeycloakAuthorizationCodeBackend',
'django_keycloak.auth.backends.KeycloakIDTokenAuthorizationBackend'
)
SITE_ID = 1
......@@ -97,6 +98,7 @@ LOGIN_EXEMPT_URLS = (
r'^about$',
r'^register$',
r'^accounts/',
r'^api/',
)
ROOT_URLCONF = 'cybele_advanced_query_builder.urls'
......@@ -129,6 +131,7 @@ SETTINGS_EXPORT = [
KEYCLOAK_OIDC_PROFILE_MODEL = 'django_keycloak.OpenIdConnectProfile'
LOGIN_URL = 'keycloak_login'
KEYCLOAK_PERMISSIONS_METHOD = 'resource'
# KEYCLOAK_BEARER_AUTHENTICATION_EXEMPT_PATHS=(r'api/',)
# AUTH_PASSWORD_VALIDATORS = [
# # {
......
......@@ -16,17 +16,16 @@ from datetime import datetime
import traceback
@login_required
@never_cache
def execute_query(request, pk=None):
user = request.user
user = None
if request.method == 'GET':
limit = int(request.GET.get('limit', '10000'))
try:
q = AbstractQuery.objects.get(pk=pk)
if q.user != user:
raise PermissionDenied
# if q.user != user:
# raise PermissionDenied
except AbstractQuery.DoesNotExist as e:
return HttpResponse('Query not found', status=404)
......
......@@ -15,6 +15,8 @@ from django.contrib.auth.decorators import login_required
from django.core.exceptions import PermissionDenied
from django.views.decorators.cache import never_cache
from django_keycloak.models import OpenIdConnectProfile
def index(request):
return render(request, 'query_designer/index.html', {
'sidebar_active': 'queries',
......@@ -341,15 +343,14 @@ def get_field_policy(user):
return field_policy
@login_required
def get_config(request):
return JsonResponse(get_field_policy(request.user if request.user.is_authenticated else None))
return JsonResponse(get_field_policy(get_user(request)))
@login_required
@never_cache
def list_queries(request):
user = request.user if request.user.is_authenticated else None
user = get_user(request)
# ensure GET request
if request.method != 'GET':
......@@ -362,14 +363,14 @@ def list_queries(request):
return render(request, 'query_designer/utils/query-table.html', ctx)
@login_required
def delete_query(request, pk):
# ensure DELETE request
if request.method != 'DELETE':
return HttpResponse('Only `DELETE` method allowed', status=400)
if request.user.is_authenticated:
user = request.user
user = get_user(request)
if user is not None:
try:
query = AbstractQuery.objects.get(pk=int(pk), user=user)
query.delete()
......@@ -377,51 +378,67 @@ def delete_query(request, pk):
except AbstractQuery.DoesNotExist as e:
return HttpResponse('Query not found', status=404)
else:
return HttpResponse('User not logged-in', status=400)
return HttpResponse('Uknown user', status=400)
@login_required
@never_cache
def api_list_user_queries(request):
def get_user(request):
if request.user.is_authenticated:
user = request.user
else:
try:
print('not authenticated')
prof = OpenIdConnectProfile.objects.get(access_token=request.META['HTTP_AUTHORIZATION'].split(' ')[1])
print(prof)
user = prof.user
print(user)
except:
user = None
pass
return user
@never_cache
def api_list_user_queries(request):
user = get_user(request)
if user is not None:
queries = Query.objects.filter(user=user, generated_by='CUSTOM').values('id', 'title', 'created', 'updated').order_by().order_by('-created', '-updated')
# json_queries = json.dumps(list(queries))
return JsonResponse(list(queries), safe=False)
else:
return HttpResponse('User not logged-in', status=400)
queries = Query.objects.filter(generated_by='CUSTOM').values('id', 'title', 'created', 'updated').order_by().order_by('-created', '-updated')
return JsonResponse(list(queries), safe=False)
# return HttpResponse('Uknown user', status=400)
@login_required
@never_cache
def get_query_statement(request, query_id):
# ensure GET request
if request.method != 'GET':
return HttpResponse('Only `GET` method allowed', status=400)
user = request.user
user = get_user(request)
try:
query = Query.objects.get(pk=int(query_id))
if query.user != user:
raise PermissionDenied
# if query.user != user:
# raise PermissionDenied
return JsonResponse({'query_statement': query.raw_query}, safe=False)
except Query.DoesNotExist as e:
return HttpResponse('Query not found', status=404)
@login_required
@never_cache
def get_query_info(request, query_id):
# ensure GET request
if request.method != 'GET':
return HttpResponse('Only `GET` method allowed', status=400)
if request.user.is_authenticated:
user = request.user
user = get_user(request)
# if user is not None:
try:
query = Query.objects.get(pk=int(query_id))
if query.user != user:
raise PermissionDenied
# if query.user != user:
# raise PermissionDenied
variables = list()
dimensions = list()
......@@ -448,8 +465,8 @@ def get_query_info(request, query_id):
}, safe=False)
except Query.DoesNotExist as e:
return HttpResponse('Query not found', status=404)
else:
return HttpResponse('User not logged-in', status=400)
# else:
# return HttpResponse('Uknown user', status=400)
def open_chart(request, pk):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment