user validation and api_key retrieval via api

Author: MaKleSoft

urls.py

@@ -3,7 +3,8 @@
 
 urlpatterns = patterns('handball.views',
     (r'^$', 'index'),
-    (r'^signup/$', 'sign_up'),
-    (r'^activate/([abcdef0123456789]+)$', 'activate'),
-    (r'^thanks/$', 'thanks')
+    (r'^auth/signup/$', 'sign_up'),
+    (r'^auth/activate/([abcdef0123456789]+)$', 'activate'),
+    (r'^thanks/$', 'thanks'),
+    (r'^auth/validate/$', 'validate_user')
 )

views.py

@@ -1,11 +1,14 @@
 import sha
+import base64
 import datetime
 import pytz
 from random import random
-from django.http import HttpResponse, HttpResponseRedirect
+from django.http import HttpResponse, HttpResponseRedirect, HttpResponseNotFound, HttpResponseBadRequest
 from django.shortcuts import render_to_response, get_object_or_404
 from handball.forms import SignUpForm
 from handball.models import Person
+from handball.api import PersonResource
+from django.contrib.auth import authenticate
 from django.contrib.auth.models import User
 from django.utils.translation import ugettext as _
 
@@ -70,3 +73,47 @@ def activate(request, activation_key):
 
 def thanks(request):
     return render_to_response('thanks.html')
+
+
+def validate_user(request):
+    """
+    Checks a user's basic auth credentials and, if valid, returns the users data
+    """
+
+    # if not request.META.get('HTTP_AUTHORIZATION'):
+    #     return HttpResponseBadRequest('No HTTP_AUTHORIZATION header found')
+
+    # try:
+    #     (auth_type, data) = request.META['HTTP_AUTHORIZATION'].split()
+    #     if auth_type.lower() != 'basic':
+    #         return HttpResponseBadRequest('Wrong auth type. Use basic auth!')
+    #     user_pass = base64.b64decode(data)
+    # except:
+    #     return HttpResponseBadRequest('Could not decode auth credentials.')
+
+    # bits = user_pass.split(':', 1)
+
+    # if len(bits) != 2:
+    #     return HttpResponseBadRequest('Could not decode auth credentials.')
+
+    # user = authenticate(username=bits[0], password=bits[1])
+
+    username = request.POST['username']
+    password = request.POST['password']
+
+    if not username or not password:
+        return HttpResponseBadRequest()
+
+    user = authenticate(username=username, password=password)
+
+    if user is None or not user.is_active:
+        return HttpResponseNotFound('User does not exist or password incorrect.')
+
+    person = user.get_profile()
+
+    person_resource = PersonResource()
+    bundle = person_resource.build_bundle(obj=person, request=request)
+    person_resource.full_dehydrate(bundle)
+    bundle.data['api_key'] = user.api_key.key
+
+    return HttpResponse(person_resource.serialize(None, bundle, 'application/json'))