QingdaoU/OnlineJudge
1
0
Fork 0
mirror of https://github.com/QingdaoU/OnlineJudge.git synced 2024-12-29 16:41:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

add api to reset openapi appkey and related middleware

Browse Source
This commit is contained in:
virusdefender 2017-11-25 21:47:51 +08:00
parent 79717c82b1
commit 00eb3b1967
5 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
account/middleware.py
View File

@ -3,6 +3,18 @@ from django.utils.timezone import now
from django.utils.deprecation import MiddlewareMixin from django.utils.deprecation import MiddlewareMixin
from utils.api import JSONResponse from utils.api import JSONResponse
from account.models import User
class APITokenAuthMiddleware(MiddlewareMixin):
def process_request(self, request):
appkey = request.META.get("HTTP_APPKEY")
if appkey:
try:
request.user = User.objects.get(open_api_appkey=appkey, open_api=True, is_disabled=False)
request.csrf_processing_done = True
except User.DoesNotExist:
pass
class SessionRecordMiddleware(MiddlewareMixin): class SessionRecordMiddleware(MiddlewareMixin):

16
account/tests.py
View File

@ -611,3 +611,19 @@ class GenerateUserAPITest(APITestCase):
resp = self.client.post(self.url, data=self.data) resp = self.client.post(self.url, data=self.data)
self.assertSuccess(resp) self.assertSuccess(resp)
mock_workbook.assert_called() mock_workbook.assert_called()
class OpenAPIAppkeyAPITest(APITestCase):
def setUp(self):
self.user = self.create_super_admin()
self.url = self.reverse("open_api_appkey_api")
def test_reset_appkey(self):
resp = self.client.post(self.url, data={})
self.assertFailed(resp)
self.user.open_api = True
self.user.save()
resp = self.client.post(self.url, data={})
self.assertSuccess(resp)
self.assertEqual(resp.data["data"]["appkey"], User.objects.get(username=self.user.username).open_api_appkey)

5
account/urls/oj.py
View File

@ -5,7 +5,7 @@ from ..views.oj import (ApplyResetPasswordAPI, ResetPasswordAPI,
UserLoginAPI, UserLogoutAPI, UsernameOrEmailCheck, UserLoginAPI, UserLogoutAPI, UsernameOrEmailCheck,
AvatarUploadAPI, TwoFactorAuthAPI, UserProfileAPI, AvatarUploadAPI, TwoFactorAuthAPI, UserProfileAPI,
UserRankAPI, CheckTFARequiredAPI, SessionManagementAPI, UserRankAPI, CheckTFARequiredAPI, SessionManagementAPI,
ProfileProblemDisplayIDRefreshAPI) ProfileProblemDisplayIDRefreshAPI, OpenAPIAppkeyAPI)
from utils.captcha.views import CaptchaAPIView from utils.captcha.views import CaptchaAPIView
@ -25,5 +25,6 @@ urlpatterns = [
url(r"^tfa_required/?$", CheckTFARequiredAPI.as_view(), name="tfa_required_check"), url(r"^tfa_required/?$", CheckTFARequiredAPI.as_view(), name="tfa_required_check"),
url(r"^two_factor_auth/?$", TwoFactorAuthAPI.as_view(), name="two_factor_auth_api"), url(r"^two_factor_auth/?$", TwoFactorAuthAPI.as_view(), name="two_factor_auth_api"),
url(r"^user_rank/?$", UserRankAPI.as_view(), name="user_rank_api"), url(r"^user_rank/?$", UserRankAPI.as_view(), name="user_rank_api"),
url(r"^sessions/?$", SessionManagementAPI.as_view(), name="session_management_api") url(r"^sessions/?$", SessionManagementAPI.as_view(), name="session_management_api"),
url(r"^open_api_appkey/?$", OpenAPIAppkeyAPI.as_view(), name="open_api_appkey_api"),
] ]

12
account/views/oj.py
View File

@ -401,3 +401,15 @@ class ProfileProblemDisplayIDRefreshAPI(APIView):
v["_id"] = id_map[k] v["_id"] = id_map[k]
profile.save(update_fields=["acm_problems_status", "oi_problems_status"]) profile.save(update_fields=["acm_problems_status", "oi_problems_status"])
return self.success() return self.success()
class OpenAPIAppkeyAPI(APIView):
@login_required
def post(self, request):
user = request.user
if not user.open_api:
return self.error("Permission denied")
api_appkey = rand_str()
user.open_api_appkey = api_appkey
user.save()
return self.success({"appkey": api_appkey})

1
oj/settings.py
View File

@ -49,6 +49,7 @@ MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware',
'account.middleware.APITokenAuthMiddleware',
'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware', 'django.middleware.security.SecurityMiddleware',