diff options
| -rw-r--r-- | backend/views.py | 49 |
1 files changed, 41 insertions, 8 deletions
diff --git a/backend/views.py b/backend/views.py index 9ec67d9..e04270b 100644 --- a/backend/views.py +++ b/backend/views.py @@ -8,9 +8,10 @@ from django.template import loader from django.template import Context from django.shortcuts import render_to_response from django.conf import settings - from datetime import datetime +import sha + from backend.models import SJUserProfile API_HEADER = '#@scanjam 0.3b\n' @@ -61,6 +62,21 @@ def check_form_fields(request, form_fields): if not request.POST[field]: return api_error_headers('no %s' % field) +def user_response_str(request, user=None): + """ Return API response string for user """ + if not user: + user = request.user + if user.is_authenticated(): + user_id = user.id + username = user.username + session_id = request.session.session_key + user_access = user.get_profile().access + else: + user_id = 0 + username = 'anonymous' + session_id = sha.new('No valid session').hexdigest() + user_access = 0 + return '%d\t%s\t%s\t%d\n' % (user_id, username, session_id, user_access) # # AUTH API # @@ -73,12 +89,12 @@ def api_auth_login(request): if response: return response user = auth.authenticate(username=request.POST['username'], - password=request.POST['password']) + password=request.POST['password']) if user: if user.is_active: auth.login(request, user) response = api_ok_headers() - response.write('%d\t%s\t%d\n' % (user.id, user.username, user.get_profile().access)) + response.write(user_response_str(request)) return response else: return api_error_headers('user disabled') @@ -96,12 +112,25 @@ def api_auth_logout(request): @require_POST def api_auth_sneakin(request): - """""" + """ Sneak in user """ form_fields = ['userid', 'username'] response = check_form_fields(request, form_fields) if response: return response - return HttpResponse('Not implemented yet!\n') + try: + user = auth.models.User.objects.get(username=request.POST['username']) + if user.id != int(request.POST['userid']): + return api_error_headers('no match') + except: + return api_error_headers('no such user') + # Hack to authenticate user manually + for backend in auth.get_backends(): + user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) + break + auth.login(request, user) + response = api_ok_headers() + response.write(user_response_str(request, user)) + return response @require_POST def api_auth_register(request): @@ -130,7 +159,7 @@ def api_auth_register(request): except: return api_error_headers('problem storing user profile') response = api_ok_headers() - response.write('%d\t%s\t%d\n' % (user.id, user.username, user_profile.access)) + response.write(user_response_str(request, user)) return response @require_POST @@ -146,8 +175,12 @@ def api_auth_available(request): @require_POST def api_auth_checkin(request): - """""" - return HttpResponse('Not implemented yet!\n') + """ Check in user """ + if request.user.is_authenticated(): + response = api_ok_headers() + response.write(user_response_str(request)) + return response + return HttpResponse() @require_POST def api_auth_password(request): |