diff --git a/apps/users/api.py b/apps/users/api.py index d7c95e5f5..98d174124 100644 --- a/apps/users/api.py +++ b/apps/users/api.py @@ -1,4 +1,7 @@ # ~*~ coding: utf-8 ~*~ +import uuid + +from django.core.cache import cache from rest_framework import generics from rest_framework.permissions import AllowAny, IsAuthenticated @@ -11,7 +14,8 @@ from .serializers import UserSerializer, UserGroupSerializer, \ UserUpdateGroupSerializer, ChangeUserPasswordSerializer from .tasks import write_login_log_async from .models import User, UserGroup -from .permissions import IsSuperUser, IsValidUser, IsCurrentUserOrReadOnly +from .permissions import IsSuperUser, IsValidUser, IsCurrentUserOrReadOnly, \ + IsSuperUserOrAppUser from .utils import check_user_valid, generate_token from common.mixins import CustomFilterMixin from common.utils import get_logger @@ -160,3 +164,30 @@ class UserAuthApi(APIView): return Response({'token': token, 'user': user.to_json()}) else: return Response({'msg': msg}, status=401) + + +class UserConnectionTokenApi(APIView): + permission_classes = (IsSuperUserOrAppUser,) + + def post(self, request): + user_id = request.data.get('user', '') + asset_id = request.data.get('asset', '') + system_user_id = request.data.get('system_user', '') + token = str(uuid.uuid4()) + value = { + 'user': user_id, + 'asset': asset_id, + 'system_user': system_user_id + } + cache.set(token, value, timeout=3600) + return Response({"token": token}, status=201) + + def get(self, request): + token = request.query_params.get('token') + value = cache.get(token, None) + if value: + cache.delete(token) + return Response(value) + + + diff --git a/apps/users/urls/api_urls.py b/apps/users/urls/api_urls.py index fcde1e28f..ce681c146 100644 --- a/apps/users/urls/api_urls.py +++ b/apps/users/urls/api_urls.py @@ -17,6 +17,7 @@ router.register(r'v1/groups', api.UserGroupViewSet, 'user-group') urlpatterns = [ # url(r'', api.UserListView.as_view()), url(r'^v1/token/$', api.UserToken.as_view(), name='user-token'), + url(r'^v1/connection-token/$', api.UserConnectionTokenApi.as_view(), name='connection-token'), url(r'^v1/profile/$', api.UserProfile.as_view(), name='user-profile'), url(r'^v1/auth/$', api.UserAuthApi.as_view(), name='user-auth'), url(r'^v1/users/(?P[0-9a-zA-Z\-]{36})/password/$', diff --git a/apps/users/views/login.py b/apps/users/views/login.py index dd9654805..44abd0a81 100644 --- a/apps/users/views/login.py +++ b/apps/users/views/login.py @@ -80,7 +80,8 @@ class UserLogoutView(TemplateView): def get(self, request, *args, **kwargs): auth_logout(request) - return super().get(request, *args, **kwargs) + response = super().get(request, *args, **kwargs) + return response def get_context_data(self, **kwargs): context = {