Token authentication

apps/api/urls.py

@@ -5,6 +5,7 @@
 from django.conf.urls import url, include
 from django.contrib.auth.models import User
 from rest_framework import routers, serializers, viewsets
+from rest_framework.authtoken import views as token_views
 
 from .activity.urls import register_activity_urls
 from .members.urls import register_members_urls
@@ -49,5 +50,5 @@ register_note_urls(router, 'note')
 # Additionally, we include login URLs for the browsable API.
 urlpatterns = [
     url('^', include(router.urls)),
-    url('^api-auth/', include('rest_framework.urls', namespace='rest_framework'))
+    url('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
 ]

apps/member/urls.py

@@ -18,6 +18,7 @@ urlpatterns = [
     path('user/',views.UserListView.as_view(),name="user_list"),
     path('user/<int:pk>',views.UserDetailView.as_view(),name="user_detail"),
     path('user/<int:pk>/update',views.UserUpdateView.as_view(),name="user_update_profile"),
+    path('generate-auth-token/', views.GenerateAuthTokenView.as_view(), name='generate_auth_token'),
 
     # API for the user autocompleter
     path('user/user-autocomplete',views.UserAutocomplete.as_view(),name="user_autocomplete"),

apps/member/views.py

@@ -5,12 +5,13 @@
 from dal import autocomplete
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.utils.translation import gettext_lazy as _
-from django.views.generic import CreateView, ListView, DetailView, UpdateView
+from django.views.generic import CreateView, ListView, DetailView, UpdateView, TemplateView
 from django.contrib.auth.models import User
 from django.urls import reverse_lazy
 from django.db.models import Q
 
 from django_tables2.views import SingleTableView
+from rest_framework.authtoken.models import Token
 
 from note.models import Alias, Note, NoteUser
 from .models import Profile, Club, Membership
@@ -139,6 +140,22 @@ class UserListView(LoginRequiredMixin,SingleTableView):
         return context
 
 
+class GenerateAuthTokenView(LoginRequiredMixin, TemplateView):
+    """
+    Génère un jeton d'authentification pour un utilisateur
+    """
+    template_name = "member/generate_auth_token.html"
+
+    def get_context_data(self):
+        context = super().get_context_data()
+
+        if Token.objects.filter(user=self.request.user).exists():
+            Token.objects.get(user=self.request.user).delete()
+        token = Token.objects.create(user=self.request.user)
+
+        context['token'] = token.key
+        return context
+
 class UserAutocomplete(autocomplete.Select2QuerySetView):
     """
     Auto complete users by usernames

note_kfet/settings/base.py

@@ -52,6 +52,7 @@ INSTALLED_APPS = [
     'django.contrib.staticfiles',
     # API
     'rest_framework',
+    'rest_framework.authtoken',
     # Autocomplete
     'dal',
     'dal_select2',
@@ -127,6 +128,9 @@ REST_FRAMEWORK = {
     # or allow read-only access for unauthenticated users.
     'DEFAULT_PERMISSION_CLASSES': [
         'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
+    ],
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.TokenAuthentication',
     ]
 }
 

templates/member/generate_auth_token.html

@@ -0,0 +1,6 @@
+{% extends "base.html" %}
+{% load i18n static pretty_money django_tables2 %}
+
+{% block content %}
+    Jeton : <strong>{{ token }}</strong>
+{% endblock %}