Fix Cloud-CV#1688: Add API endpoint to fetch or create user auth toke…

…n from database (Cloud-CV#1683) * Add endpoint to process token * Add tests for token backend
HargovindArora · Nov 17, 2018 · c1fcac7 · c1fcac7
1 parent c234928
commit c1fcac7
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 1 deletion.
diff --git a/apps/accounts/urls.py b/apps/accounts/urls.py
@@ -5,5 +5,6 @@
 urlpatterns = [
 
     url(r'^user/disable$', views.disable_user, name='disable_user'),
+    url(r'^user/get_auth_token$', views.get_auth_token, name='get_auth_token'),
 
 ]
diff --git a/apps/accounts/views.py b/apps/accounts/views.py
@@ -1,12 +1,18 @@
 from django.contrib.auth import logout
+from django.contrib.auth.models import User
 
+from rest_framework.authtoken.models import Token
 from rest_framework.response import Response
 from rest_framework import permissions, status
 from rest_framework.decorators import (api_view,
                                        authentication_classes,
-                                       permission_classes,)
+                                       permission_classes,
+                                       throttle_classes,)
+from rest_framework.throttling import UserRateThrottle
 from rest_framework_expiring_authtoken.authentication import (ExpiringTokenAuthentication,)
 
+from .permissions import HasVerifiedEmail
+
 
 @api_view(['POST'])
 @permission_classes((permissions.IsAuthenticated,))
@@ -18,3 +24,24 @@ def disable_user(request):
     user.save()
     logout(request)
     return Response(status=status.HTTP_200_OK)
+
+
+@throttle_classes([UserRateThrottle])
+@api_view(['GET'])
+@permission_classes((permissions.IsAuthenticated, HasVerifiedEmail))
+@authentication_classes((ExpiringTokenAuthentication,))
+def get_auth_token(request):
+    try:
+        user = User.objects.get(email=request.user.email)
+    except User.DoesNotExist:
+        response_data = {"error": "This User account doesn't exist."}
+        Response(response_data, status.HTTP_404_NOT_FOUND)
+
+    try:
+        token = Token.objects.get(user=user)
+    except Token.DoesNotExist:
+        token = Token.objects.create(user=user)
+        token.save()
+
+    response_data = {"token": "{}".format(token)}
+    return Response(response_data, status=status.HTTP_200_OK)
diff --git a/tests/unit/accounts/test_urls.py b/tests/unit/accounts/test_urls.py
@@ -30,3 +30,6 @@ class TestStringMethods(BaseAPITestClass):
     def test_disable_user(self):
         url = reverse_lazy('accounts:disable_user')
         self.assertEqual(unicode(url), '/api/accounts/user/disable')
+
+        url = reverse_lazy('accounts:get_auth_token')
+        self.assertEqual(unicode(url), '/api/accounts/user/get_auth_token')
diff --git a/tests/unit/accounts/test_views.py b/tests/unit/accounts/test_views.py
@@ -1,5 +1,7 @@
 import os
 
+from rest_framework.authtoken.models import Token
+
 from django.core.urlresolvers import reverse_lazy
 from django.contrib.auth.models import User
 
@@ -48,3 +50,15 @@ def test_cannot_update_username(self):
         self.assertNotContains(response, 'anotheruser')
         self.assertContains(response, 'someuser')
         self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+
+class GetAuthTokenTest(BaseAPITestClass):
+
+    url = reverse_lazy('accounts:get_auth_token')
+
+    def test_get_auth_token(self):
+        response = self.client.get(self.url, {})
+        token = Token.objects.get(user=self.user)
+        expected_data = {"token": "{}".format(token)}
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data, expected_data)