api token settings

2020-06-16 18:01:16 +02:00 · 2020-06-16 18:01:16 +02:00 · 621bacff1c
commit 621bacff1c
parent 9a849a979c
3 changed files with 54 additions and 5 deletions
--- a/cookbook/templates/settings.html
+++ b/cookbook/templates/settings.html
@ -24,13 +24,15 @@
    <form action="." method="post">
        {% csrf_token %}
        {{ user_name_form|crispy }}
-        <button class="btn btn-success" type="submit" name="user_name_form"><i class="fas fa-save"></i> {% trans 'Save' %}</button>
+        <button class="btn btn-success" type="submit" name="user_name_form"><i
+                class="fas fa-save"></i> {% trans 'Save' %}</button>
    </form>

    <form action="." method="post">
        {% csrf_token %}
        {{ password_form|crispy }}
-        <button class="btn btn-success" type="submit" name="password_form"><i class="fas fa-save"></i> {% trans 'Save' %}</button>
+        <button class="btn btn-success" type="submit" name="password_form"><i
+                class="fas fa-save"></i> {% trans 'Save' %}</button>
    </form>

    <br/>
@ -66,10 +68,41 @@
    <form action="." method="post">
        {% csrf_token %}
        {{ preference_form|crispy }}
-        <button class="btn btn-success" type="submit" name="preference_form"><i class="fas fa-save"></i> {% trans 'Save' %}</button>
+        <button class="btn btn-success" type="submit" name="preference_form"><i
+                class="fas fa-save"></i> {% trans 'Save' %}</button>
    </form>

+    <br/>
+    <br/>
+
+    <h4><i class="fas fa-terminal fa-fw"></i> {% trans 'API Token' %}</h4>
+    {% trans 'You can use both basic authentication and token based authentication to access the REST API.' %} <br/>
+    <br/>


+    <div class="input-group mb-3">
+        <input class="form-control" value="{{ api_token }}" id="id_token">
+        <div class="input-group-append">
+            <button class="input-group-btn btn btn-primary" onclick="copyToken()"><i
+                    class="far fa-copy"></i></button>
+        </div>
+    </div>
+    <br/>
+    {% trans 'Use the token as an Authorization header prefixed by the word token as shown in the following examples:' %}
+    <br/>
+    <code>Authorization: Token {{ api_token }}</code> {% trans 'or' %}<br/>
+    <code>curl -X GET http://your.domain.com/api/recipes/ -H 'Authorization: Token {{ api_token }}'</code>

+    <br/>
+    <br/>
+    <br/>
+    <br/>
+
+    <script type="application/javascript">
+        function copyToken() {
+            let token = $('#id_token');
+            token.select();
+            document.execCommand("copy");
+        }
+    </script>
 {% endblock %}
--- a/cookbook/views/views.py
+++ b/cookbook/views/views.py
@ -16,6 +16,7 @@ from django_tables2 import RequestConfig
 from django.utils.translation import gettext as _

 from django.conf import settings
+from rest_framework.authtoken.models import Token

 from cookbook.filters import RecipeFilter
 from cookbook.forms import *
@ -246,7 +247,10 @@ def user_settings(request):
    else:
        preference_form = UserPreferenceForm()

-    return render(request, 'settings.html', {'preference_form': preference_form, 'user_name_form': user_name_form, 'password_form': password_form})
+    if (api_token := Token.objects.filter(user=request.user).first()) is None:
+        api_token = Token.objects.create(user=request.user)
+
+    return render(request, 'settings.html', {'preference_form': preference_form, 'user_name_form': user_name_form, 'password_form': password_form, 'api_token': api_token})


@group_required('guest')
--- a/recipes/settings.py
+++ b/recipes/settings.py
@ -10,6 +10,9 @@ For the full list of settings and their values, see
 https://docs.djangoproject.com/en/2.0/ref/settings/
 """
 import os
+import random
+import string
+
 from django.contrib import messages
 from dotenv import load_dotenv
 from django.utils.translation import gettext_lazy as _
@ -17,7 +20,7 @@ from django.utils.translation import gettext_lazy as _
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))

 # Get vars from .env files
-SECRET_KEY = os.getenv('SECRET_KEY') if os.getenv('SECRET_KEY') else '728f4t5438rz0748fa89esf9e'
+SECRET_KEY = os.getenv('SECRET_KEY') if os.getenv('SECRET_KEY') else 'INSECURE_STANDARD_KEY_SET_IN_ENV'

 DEBUG = bool(int(os.getenv('DEBUG', True)))

@ -61,6 +64,7 @@ INSTALLED_APPS = [
    'crispy_forms',
    'emoji_picker',
    'rest_framework',
+    'rest_framework.authtoken',
    'django_cleanup.apps.CleanupConfig',
    'cookbook.apps.CookbookConfig',
 ]
@ -85,6 +89,14 @@ if REVERSE_PROXY_AUTH:
    MIDDLEWARE.append('recipes.middleware.CustomRemoteUser')
    AUTHENTICATION_BACKENDS.append('django.contrib.auth.backends.RemoteUserBackend')

+REST_FRAMEWORK = {
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        'rest_framework.authentication.SessionAuthentication',
+        'rest_framework.authentication.TokenAuthentication',
+        'rest_framework.authentication.BasicAuthentication',
+    )
+}
+
 ROOT_URLCONF = 'recipes.urls'

 TEMPLATES = [