auth API

accounts/admin.py

@@ -0,0 +1,12 @@
+from django.contrib import admin
+from django.contrib.auth.admin import GroupAdmin as AuthGroupAdmin
+from django.contrib.auth.models import Group
+
+
+class GroupAdmin(AuthGroupAdmin):
+    def get_fieldsets(self, request, obj=None):
+        return [(None, {'fields': ['name',]})]
+
+
+admin.site.unregister(Group)
+admin.site.register(Group, GroupAdmin)

accounts/urls.py

@@ -8,6 +8,7 @@ from .forms import PasswordResetForm
 
 urlpatterns = [
     url(r'^profile/$', views.profile, name='profile'),
+    url(r'^auth_api/(?P<token>[a-zA-Z0-9]{32})/$', views.auth_api, name='auth_api'),
     url(r'^password_reset/$', auth_views.PasswordResetView.as_view(form_class=PasswordResetForm), name='password_reset'),
     url(r'^', include('django.contrib.auth.urls')),
 ]

accounts/views.py

@@ -1,6 +1,12 @@
 from django.contrib.auth.decorators import login_required
 from django.shortcuts import get_object_or_404, redirect, render
 from django.contrib import messages
+from django.core.exceptions import PermissionDenied
+from django.conf import settings
+from django.http import HttpResponse, HttpResponseBadRequest
+from django.views.decorators.http import require_POST
+from django.views.decorators.csrf import csrf_exempt
+from django.contrib.auth import authenticate, get_user_model
 
 from .forms import UserForm, ProfileForm
 
@@ -19,3 +25,28 @@ def profile(request):
         'user_form': user_form,
         'profile_form': profile_form,
     })
+
+
+@require_POST
+@csrf_exempt
+def auth_api(request, token):
+    # token could not be None due to url regex
+    if token != getattr(settings, 'AUTH_API_TOKEN', None):
+        raise PermissionDenied
+    username = request.POST.get('username')
+    if not username:
+        return HttpResponseBadRequest()
+    password = request.POST.get('password')
+    if password:
+        user = authenticate(username=username, password=password)
+        if user is None:
+            return HttpResponse('<h1>401 Unauthorized</h1>', status=401)
+    else:
+        user = get_object_or_404(get_user_model(), username=username)
+    required_groups = request.POST.get('groups')
+    if required_groups and not user.is_superuser: # skip groups check for superusers
+        required_groups = set(required_groups.split(' '))
+        user_groups = set(map(lambda g: g.name, user.groups.all()))
+        if required_groups - user_groups:
+            return HttpResponse('<h1>401 Unauthorized</h1>', status=401)
+    return HttpResponse()

adhesions/admin.py

@@ -2,7 +2,7 @@ from django.contrib import admin
 from django.contrib.contenttypes.admin import GenericStackedInline, GenericTabularInline
 from django.db.models import Q
 from django.contrib.contenttypes.models import ContentType
-from django.contrib.auth.models import User as AuthUser, Group
+from django.contrib.auth.models import User as AuthUser
 from django.contrib.auth.admin import UserAdmin as AuthUserAdmin
 from django.http import HttpResponseRedirect
 from django.utils.html import format_html
@@ -130,7 +130,7 @@ class UserAdmin(AdtSearchMixin, AuthUserAdmin):
                 }),
                 (AuthUserAdmin.fieldsets[2][0], {
                     'classes': ('collapse',),
-                    'fields': ('is_active', 'is_staff', 'is_superuser',), # removing groups and user_permissions
+                    'fields': ('is_active', 'is_staff', 'is_superuser', 'groups',), # removing user_permissions
                 }),
                 (AuthUserAdmin.fieldsets[3][0], {
                     'classes': ('collapse',),
@@ -236,7 +236,6 @@ class AdhesionAdmin(AdtSearchMixin, admin.ModelAdmin):
 
 
 admin.site.unregister(AuthUser)
-admin.site.unregister(Group)
 admin.site.register(User, UserAdmin)
 admin.site.register(Corporation, CorporationAdmin)
 admin.site.register(Adhesion, AdhesionAdmin)