add api_secret auth and (mostly) finalize firmware endpoint

2023-11-05 19:09:36 +01:00 · 2023-11-05 19:09:36 +01:00 · aa2df8d3c5
commit aa2df8d3c5
parent 9e9e41fb3f
6 changed files with 123 additions and 4 deletions
--- a/src/c3nav/api/auth.py
+++ b/src/c3nav/api/auth.py
@ -0,0 +1,20 @@
+from django.utils.translation import gettext_lazy as _
+from rest_framework.authentication import TokenAuthentication
+from rest_framework.exceptions import AuthenticationFailed
+
+
+class APISecretAuthentication(TokenAuthentication):
+    def authenticate_credentials(self, key):
+        from c3nav.control.models import UserPermissions
+
+        try:
+            user_perms = UserPermissions.objects.exclude(api_secret='').exclude(api_secret__isnull=True).filter(
+                api_secret=key
+            ).get()
+        except UserPermissions.DoesNotExist:
+            raise AuthenticationFailed(_('Invalid token.'))
+
+        if not user_perms.user.is_active:
+            raise AuthenticationFailed(_('User inactive or deleted.'))
+
+        return (user_perms.user, user_perms)