

# OAuth2 Basic Installation on Django

***



## Table of Contents
  * [Concept](#Concept)
  * [Requirements](#Requirements)
  * [Installation](#Installation)
  * [Server-creation Methodology](#createServer)
  * [Client-creation Methodology](#createClient)

## Concept



    OAuth is an open standard for authorization, commonly used as a way for Internet users to log into third party websites using their central accounts without exposing their password. In GLS, we are using OAuth in the centroid called "AAS" for the third party application such as TrakCare Addons, E-Clinical to be able to use single password.

## Requirements

#### Server

    1. Python 3.4.3 (MiniConda 3.16.0 is recommended)
    2. Django 1.9
    3. django-oauth-toolkit
    4. django-rest-framework
    5. django-rest-swagger (For documentation)

#### Client

    1. Python 3.0 or above (MiniConda is recommended) or node.js (For Node Developers)


## Installation

#### Python (Select One)

In [None]:
install miniconda

#### Django (Select One)

In [1]:
conda install django

SyntaxError: invalid syntax (<ipython-input-1-f3c70c2d2d07>, line 1)

#### django-oauth-toolkit

is a library for OAuth2, easy to use and straightforward

In [None]:
conda install django-oauth-toolkit    

#### django-rest-framework

In [None]:
conda install djangorestframework

<a name="createServer"></a>
## Server-creation Methodology

#### Django Environment Preparation

In [3]:
django-admin startproject hms-oauth

SyntaxError: invalid syntax (<ipython-input-3-7e3e1d6103ff>, line 1)

In [4]:
cd hms-oauth

[WinError 2] The system cannot find the file specified: 'hms-oauth'
C:\Users\Chailuck.Ch\Desktop\GLS-HMS\hms-oauth\tutorial


In [5]:
python manage.py migrate

SyntaxError: invalid syntax (<ipython-input-5-cd3823dcb5cd>, line 1)

In [None]:
python manage.py runserver

using webbrowser to localhost:8000

#### Django Setting

##### 1. Create Super User on Django

In [6]:
python manage.py createsuperuser

SyntaxError: invalid syntax (<ipython-input-6-fcfe38f02d6e>, line 1)

Then, Go to http://localhost:8000/admin/ and create sample user in the database

##### 2. Added these lines of code to url.py

In [None]:
from django.conf.urls import url, patterns, include
from django.contrib.auth.models import User, Group
from django.contrib import admin
admin.autodiscover()

from rest_framework import permissions, routers, serializers, viewsets

from oauth2_provider.ext.rest_framework import TokenHasReadWriteScope, TokenHasScope


# first we define the serializersn
class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User

# ViewSets define the view behavior.
class UserViewSet(viewsets.ModelViewSet):
    permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope]
    queryset = User.objects.all()
    serializer_class = UserSerializer



# Routers provide an easy way of automatically determining the URL conf
router = routers.DefaultRouter()
router.register(r'users', UserViewSet)


# Wire up our API using automatic URL routing.
# Additionally, we include login URLs for the browseable API.
urlpatterns = patterns('',
    url(r'^', include(router.urls)),
    url(r'^o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
    url(r'^admin/', include(admin.site.urls)),
    url(r'^docs/', include('rest_framework_swagger.urls')),
)

These lines of code is for url construction. urlpatterns is the url controller. r is an abbreviation of regex.

url(r'^admin/', include(admin.site.urls)),  every url that started with "admin/" will be redirected to admin.site.urls

##### 3. Change settings.py

1.Added these lines to INSTALLED_APPS (to let django knows what is already installed.

In [None]:
'oauth2_provider',
'rest_framework',
'rest_framework_swagger',

2.Added these lines to setting.py to initialise the service

In [None]:
OAUTH2_PROVIDER = {
    # this is the list of available scopes
    'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'}
}


REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
#      'rest_framework.permissions.IsAuthenticated',
      'oauth2_provider.ext.rest_framework.OAuth2Authentication',
    )
}


##### 4. Run Server and result checking

In [5]:
python manage.py migrate

SyntaxError: invalid syntax (<ipython-input-5-cd3823dcb5cd>, line 1)

In [None]:
python manage.py runserver

Then, Go to http://localhost:8000/users and voila! find out it is unauthorised to be viewed.

to be able to view the data for testing purpose, comment out the 
    > permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope]
in url.py

<a name="createClient"></a>
## Client-creation Methodology

It is mandatory for the client to get the tokens from the OAuth before accessing the server to get the user data. Here is the brief instruction on how to get the authorised data from OAuth.

    1. Get the token by login to the server using your username and password. However there are client_id and client_secret to higher the based security.
    2. Use the tokens to get the RestFul data
    

Here is the thorough steps:
    1. running the django server
    2. access to http://localhost:8000/admin/
    3. Under the [DJANGO OAUTH TOOLKIT], add the application
    4. Set as Resource-Owner Password based and create
    5. remember the client_id and client secret
    6. access to 'http://localhost:8000/o/token/?grant_type=password&username=xxxxx&password=xxxxx&client_id=xxxxx&client_secret=xxxxx' using your own information (via curl is recommended)
    7. You would get an authoisation token from step 6, keep it.
    8. access to the http://localhost:8000/users/ by using 
    
    headers: {
             'Authorization': 'bearer '+access_token
            }
            
     9. HooraY! you have done the authorisation!
     
The code below is a node.js which is written as an example:

In [3]:
var http = require('http');
 
// Set the headers
var headers = {
    'User-Agent':       'Super Agent/0.0.1',
    'Content-Type':     'application/x-www-form-urlencoded'
}
 
// Configure the request
var options = {
    method: 'POST',
    host: '127.0.0.1',
    port: '8000',
    path: '/o/token/?grant_type=password&username=admin&password=admin@1234&client_id=oNqcvFrINsdc5l2vJxkYRKtBBg6TWr0ktJN0tSBV&client_secret=Bhc5wl09ih34MC8EEoJzrFukBNayZ7egQP4Zyzi6xtFqtGzXqFhQPBXXxRRkfMZ7swUB6Tf4f3rm2G6zJFXrrMP8OHoeXHKYsmgbIHAZa8YeVvkdm1mVJdeark7XwTMI'
    }
// Start the request
var request =  http.request(options, function (res) {
//var request = http.request(uri, function(res) {
  var chunks = [];
   
  res.on("data", function (chunk) {
    chunks.push(chunk);
    //console.log("response.dsta="+)
   // console.log(chunks.)
  });

  res.on("end", function () {
    var body = Buffer.concat(chunks);
    console.log(body.toString());

    var json = JSON.parse(body)

    var access_token = json.access_token;
    console.log("RECEIVED->ACCESS_TOKEN:"+json.access_token);
   // var user_url = "http://çΩΩ8000/users"
    var userapi_options =  {
         method: 'GET',
         host: '127.0.0.1',
         port: '8000',
         path: '/groups/',
         headers: {
             'Authorization': 'bearer '+access_token
            }
    };

    //var users_http_request = http.request(userapi_options, function(res) {
      var users_http_request = http.request(userapi_options, function(res) {
        users_http_request.auth = 'Bearer '+access_token;
       // console.log('request url:'+users_http_request.url);
        var user_chunks =[];
        
        res.on("data", function(chunk){
            user_chunks.push(chunk);
            //console.log("users_http_request.ondata.chunk"+chunk);
        });


        res.on("end", function(){
          var body = Buffer.concat(user_chunks);
          console.log("users_http_request.end");
        });
      //
    });
    users_http_request.on('error', function(e){
      if (e)
           throw(e);
      //TODO:
    });
    users_http_request.end();
   

  });
});

request.end();

SyntaxError: invalid syntax (<ipython-input-3-1ae0267e5a45>, line 1)