netbox-community-netbox/netbox/utilities/api.py

from django.conf import settings

from rest_framework import authentication, exceptions
from rest_framework.exceptions import APIException
from rest_framework.permissions import DjangoModelPermissions, SAFE_METHODS
from rest_framework.serializers import Field

from users.models import Token


WRITE_OPERATIONS = ['create', 'update', 'partial_update', 'delete']


class ServiceUnavailable(APIException):
    status_code = 503
    default_detail = "Service temporarily unavailable, please try again later."


class TokenAuthentication(authentication.TokenAuthentication):
    """
    A custom authentication scheme which enforces Token expiration times.
    """
    model = Token

    def authenticate_credentials(self, key):
        model = self.get_model()
        try:
            token = model.objects.select_related('user').get(key=key)
        except model.DoesNotExist:
            raise exceptions.AuthenticationFailed("Invalid token")

        # Enforce the Token's expiration time, if one has been set.
        if token.expires and not token.is_expired:
            raise exceptions.AuthenticationFailed("Token expired")

        if not token.user.is_active:
            raise exceptions.AuthenticationFailed("User inactive")

        return token.user, token


class TokenPermissions(DjangoModelPermissions):
    """
    Custom permissions handler which extends the built-in DjangoModelPermissions to validate a Token's write ability
    for unsafe requests (POST/PUT/PATCH/DELETE).
    """
    def __init__(self):
        # LOGIN_REQUIRED determines whether read-only access is provided to anonymous users.
        self.authenticated_users_only = settings.LOGIN_REQUIRED
        super(TokenPermissions, self).__init__()

    def has_permission(self, request, view):
        # If token authentication is in use, verify that the token allows write operations (for unsafe methods).
        if request.method not in SAFE_METHODS and isinstance(request.auth, Token):
            if not request.auth.write_enabled:
                return False
        return super(TokenPermissions, self).has_permission(request, view)


class ChoiceFieldSerializer(Field):
    """
    Represent a ChoiceField as {'value': <DB value>, 'label': <string>}.
    """
    def __init__(self, choices, **kwargs):
        self._choices = dict()
        for k, v in choices:
            # Unpack grouped choices
            if type(v) in [list, tuple]:
                for k2, v2 in v:
                    self._choices[k2] = v2
            else:
                self._choices[k] = v
        super(ChoiceFieldSerializer, self).__init__(**kwargs)

    def to_representation(self, obj):
        return {'value': obj, 'label': self._choices[obj]}

    def to_internal_value(self, data):
        return self._choices.get(data)


class WritableSerializerMixin(object):
    """
    Allow for the use of an alternate, writable serializer class for write operations (e.g. POST, PUT).
    """
    def get_serializer_class(self):
        if self.action in WRITE_OPERATIONS and hasattr(self, 'write_serializer_class'):
            return self.write_serializer_class
        return self.serializer_class
Initial work on token authentication 2017-03-07 17:17:39 -05:00			`from django.conf import settings`

			`from rest_framework import authentication, exceptions`
Initial push to public repo 2016-03-01 11:23:03 -05:00			`from rest_framework.exceptions import APIException`
Initial work on token authentication 2017-03-07 17:17:39 -05:00			`from rest_framework.permissions import DjangoModelPermissions, SAFE_METHODS`
Introduced ChoiceFieldSerializer for choice fields 2017-02-08 16:00:42 -05:00			`from rest_framework.serializers import Field`
Introduced WritableSerializerMixin 2017-01-27 14:36:13 -05:00
Initial work on token authentication 2017-03-07 17:17:39 -05:00			`from users.models import Token`

Introduced WritableSerializerMixin 2017-01-27 14:36:13 -05:00
			`WRITE_OPERATIONS = ['create', 'update', 'partial_update', 'delete']`
Initial push to public repo 2016-03-01 11:23:03 -05:00

			`class ServiceUnavailable(APIException):`
			`status_code = 503`
			`default_detail = "Service temporarily unavailable, please try again later."`
Introduced WritableSerializerMixin 2017-01-27 14:36:13 -05:00

Initial work on token authentication 2017-03-07 17:17:39 -05:00			`class TokenAuthentication(authentication.TokenAuthentication):`
			`"""`
			`A custom authentication scheme which enforces Token expiration times.`
			`"""`
			`model = Token`

			`def authenticate_credentials(self, key):`
			`model = self.get_model()`
			`try:`
			`token = model.objects.select_related('user').get(key=key)`
			`except model.DoesNotExist:`
			`raise exceptions.AuthenticationFailed("Invalid token")`

			`# Enforce the Token's expiration time, if one has been set.`
Addded is_expired property to Token 2017-03-07 23:30:31 -05:00			`if token.expires and not token.is_expired:`
Initial work on token authentication 2017-03-07 17:17:39 -05:00			`raise exceptions.AuthenticationFailed("Token expired")`

			`if not token.user.is_active:`
			`raise exceptions.AuthenticationFailed("User inactive")`

			`return token.user, token`


			`class TokenPermissions(DjangoModelPermissions):`
			`"""`
			`Custom permissions handler which extends the built-in DjangoModelPermissions to validate a Token's write ability`
			`for unsafe requests (POST/PUT/PATCH/DELETE).`
			`"""`
			`def __init__(self):`
			`# LOGIN_REQUIRED determines whether read-only access is provided to anonymous users.`
			`self.authenticated_users_only = settings.LOGIN_REQUIRED`
			`super(TokenPermissions, self).__init__()`

			`def has_permission(self, request, view):`
			`# If token authentication is in use, verify that the token allows write operations (for unsafe methods).`
			`if request.method not in SAFE_METHODS and isinstance(request.auth, Token):`
			`if not request.auth.write_enabled:`
			`return False`
			`return super(TokenPermissions, self).has_permission(request, view)`


Introduced ChoiceFieldSerializer for choice fields 2017-02-08 16:00:42 -05:00			`class ChoiceFieldSerializer(Field):`
			`"""`
Converted ChoiceFieldSerializer to display an object 2017-03-20 16:32:59 -04:00			`Represent a ChoiceField as {'value': <DB value>, 'label': <string>}.`
Introduced ChoiceFieldSerializer for choice fields 2017-02-08 16:00:42 -05:00			`"""`
			`def __init__(self, choices, **kwargs):`
First batch of DCIM API tests 2017-03-16 16:50:18 -04:00			`self._choices = dict()`
			`for k, v in choices:`
			`# Unpack grouped choices`
			`if type(v) in [list, tuple]:`
			`for k2, v2 in v:`
			`self._choices[k2] = v2`
			`else:`
			`self._choices[k] = v`
Introduced ChoiceFieldSerializer for choice fields 2017-02-08 16:00:42 -05:00			`super(ChoiceFieldSerializer, self).__init__(**kwargs)`

			`def to_representation(self, obj):`
Converted ChoiceFieldSerializer to display an object 2017-03-20 16:32:59 -04:00			`return {'value': obj, 'label': self._choices[obj]}`
Introduced ChoiceFieldSerializer for choice fields 2017-02-08 16:00:42 -05:00
			`def to_internal_value(self, data):`
Tweaked ChoiceFieldSerializer to display a field as (value, label) 2017-02-16 14:37:21 -05:00			`return self._choices.get(data)`
Introduced ChoiceFieldSerializer for choice fields 2017-02-08 16:00:42 -05:00

Introduced WritableSerializerMixin 2017-01-27 14:36:13 -05:00			`class WritableSerializerMixin(object):`
			`"""`
Implemented static writable ModelSerializers for all models 2017-01-31 15:35:09 -05:00			`Allow for the use of an alternate, writable serializer class for write operations (e.g. POST, PUT).`
Introduced WritableSerializerMixin 2017-01-27 14:36:13 -05:00			`"""`
			`def get_serializer_class(self):`
Implemented static writable ModelSerializers for all models 2017-01-31 15:35:09 -05:00			`if self.action in WRITE_OPERATIONS and hasattr(self, 'write_serializer_class'):`
			`return self.write_serializer_class`
Introduced WritableSerializerMixin 2017-01-27 14:36:13 -05:00			`return self.serializer_class`