Configurable token length, max length 6

README.md

@@ -321,8 +321,10 @@ DEFAULTS = {
     'PASSWORDLESS_SMS_CALLBACK': 'drfpasswordless.utils.send_sms_with_callback_token',
 
     # Token Generation Retry Count
-    'PASSWORDLESS_TOKEN_GENERATION_ATTEMPTS': 3
+    'PASSWORDLESS_TOKEN_GENERATION_ATTEMPTS': 3,
 
+    # The length of the token to send in email or sms, maximum 6
+    'PASSWORDLESS_TOKEN_LENGTH': 6
 
 }
 ```

drfpasswordless/__version__.py

@@ -1,3 +1,3 @@
-VERSION = (1, 5, 8)
+VERSION = (1, 6, 4)
 
 __version__ = '.'.join(map(str, VERSION))

drfpasswordless/auth.py

@@ -0,0 +1,6 @@
+from rest_framework.authentication import TokenAuthentication
+from drfpasswordless.authtoken.models import Token
+
+
+class TokenAuthentication(TokenAuthentication):
+    model = Token

drfpasswordless/authtoken/__init__.py

@@ -0,0 +1,4 @@
+import django
+
+if django.VERSION < (3, 2):
+    default_app_config = 'drfpasswordless.authtoken.apps.AuthTokenConfig'

drfpasswordless/authtoken/admin.py

@@ -0,0 +1,53 @@
+from django.contrib import admin
+from django.contrib.admin.utils import quote
+from django.contrib.admin.views.main import ChangeList
+from django.contrib.auth import get_user_model
+from django.core.exceptions import ValidationError
+from django.urls import reverse
+
+from drfpasswordless.authtoken.models import Token, TokenProxy
+
+User = get_user_model()
+
+
+class TokenChangeList(ChangeList):
+    """Map to matching User id"""
+    def url_for_result(self, result):
+        pk = result.user.pk
+        return reverse('admin:%s_%s_change' % (self.opts.app_label,
+                                               self.opts.model_name),
+                       args=(quote(pk),),
+                       current_app=self.model_admin.admin_site.name)
+
+
+class TokenAdmin(admin.ModelAdmin):
+    list_display = ('key', 'user', 'device_type', 'created')
+    fields = ('user', 'device_id', 'device_type')
+    ordering = ('-created',)
+    actions = None  # Actions not compatible with mapped IDs.
+    readonly_fields = ("user", "device_id", "device_type")
+    list_filter = ("device_type",)
+
+    def get_changelist(self, request, **kwargs):
+        return TokenChangeList
+
+    def get_object(self, request, object_id, from_field=None):
+        """
+        Map from User ID to matching Token.
+        """
+        queryset = self.get_queryset(request)
+        field = User._meta.pk
+        try:
+            object_id = field.to_python(object_id)
+            user = User.objects.filter(**{field.name: object_id}).first()
+            return queryset.filter(user=user).first()
+        except (queryset.model.DoesNotExist, User.DoesNotExist, ValidationError, ValueError):
+            return None
+
+    def delete_model(self, request, obj):
+        # Map back to actual Token, since delete() uses pk.
+        token = Token.objects.get(key=obj.key)
+        return super().delete_model(request, token)
+
+
+admin.site.register(TokenProxy, TokenAdmin)

drfpasswordless/authtoken/apps.py

@@ -0,0 +1,7 @@
+from django.apps import AppConfig
+from django.utils.translation import gettext_lazy as _
+
+
+class AuthTokenConfig(AppConfig):
+    name = 'drfpasswordless.authtoken'
+    verbose_name = _("Auth Token")

drfpasswordless/authtoken/management/commands/drf_create_token.py

@@ -0,0 +1,45 @@
+from django.contrib.auth import get_user_model
+from django.core.management.base import BaseCommand, CommandError
+
+from drfpasswordless.authtoken.models import Token
+
+UserModel = get_user_model()
+
+
+class Command(BaseCommand):
+    help = 'Create DRF Token for a given user'
+
+    def create_user_token(self, username, reset_token):
+        user = UserModel._default_manager.get_by_natural_key(username)
+
+        if reset_token:
+            Token.objects.filter(user=user).delete()
+
+        token = Token.objects.get_or_create(user=user)
+        return token[0]
+
+    def add_arguments(self, parser):
+        parser.add_argument('username', type=str)
+
+        parser.add_argument(
+            '-r',
+            '--reset',
+            action='store_true',
+            dest='reset_token',
+            default=False,
+            help='Reset existing User token and create a new one',
+        )
+
+    def handle(self, *args, **options):
+        username = options['username']
+        reset_token = options['reset_token']
+
+        try:
+            token = self.create_user_token(username, reset_token)
+        except UserModel.DoesNotExist:
+            raise CommandError(
+                'Cannot create the Token: user {} does not exist'.format(
+                    username)
+            )
+        self.stdout.write(
+            'Generated token {} for user {}'.format(token.key, username))

drfpasswordless/authtoken/migrations/0001_initial.py

@@ -0,0 +1,23 @@
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Token',
+            fields=[
+                ('key', models.CharField(primary_key=True, serialize=False, max_length=40)),
+                ('created', models.DateTimeField(auto_now_add=True)),
+                ('user', models.OneToOneField(to=settings.AUTH_USER_MODEL, related_name='auth_token', on_delete=models.CASCADE)),
+            ],
+            options={
+            },
+            bases=(models.Model,),
+        ),
+    ]

drfpasswordless/authtoken/migrations/0002_auto_20160226_1747.py

@@ -0,0 +1,31 @@
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authtoken', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='token',
+            options={'verbose_name_plural': 'Tokens', 'verbose_name': 'Token'},
+        ),
+        migrations.AlterField(
+            model_name='token',
+            name='created',
+            field=models.DateTimeField(verbose_name='Created', auto_now_add=True),
+        ),
+        migrations.AlterField(
+            model_name='token',
+            name='key',
+            field=models.CharField(verbose_name='Key', max_length=40, primary_key=True, serialize=False),
+        ),
+        migrations.AlterField(
+            model_name='token',
+            name='user',
+            field=models.OneToOneField(to=settings.AUTH_USER_MODEL, verbose_name='User', related_name='auth_token', on_delete=models.CASCADE),
+        ),
+    ]

drfpasswordless/authtoken/migrations/0003_tokenproxy.py

@@ -0,0 +1,25 @@
+# Generated by Django 3.1.1 on 2020-09-28 09:34
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authtoken', '0002_auto_20160226_1747'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='TokenProxy',
+            fields=[
+            ],
+            options={
+                'verbose_name': 'token',
+                'proxy': True,
+                'indexes': [],
+                'constraints': [],
+            },
+            bases=('authtoken.token',),
+        ),
+    ]

drfpasswordless/authtoken/migrations/0004_auto_20240927_1224.py

@@ -0,0 +1,35 @@
+# Generated by Django 3.2.18 on 2024-10-04 08:26
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('authtoken', '0003_tokenproxy'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='token',
+            name='device_id',
+            field=models.CharField(blank=True, max_length=64, null=True),
+        ),
+        migrations.AddField(
+            model_name='token',
+            name='device_type',
+            field=models.CharField(blank=True, choices=[('WEB', 'WEB'), ('SPECTRO_TV', 'SPECTRO_TV'), ('LOG_SHEET', 'LOG_SHEET'), ('MELTING_REPORT', 'MELTING_REPORT'), ('IOT', 'IOT')], max_length=32, null=True),
+        ),
+        migrations.AlterField(
+            model_name='token',
+            name='user',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='auth_token', to=settings.AUTH_USER_MODEL, verbose_name='User'),
+        ),
+        migrations.AddConstraint(
+            model_name='token',
+            constraint=models.UniqueConstraint(condition=models.Q(('device_id__isnull', False), models.Q(('device_id', ''), _negated=True)), fields=('device_id',), name='unique_device_id_not_null_blank'),
+        ),
+    ]

drfpasswordless/authtoken/migrations/0005_auto_20241017_1246.py

@@ -0,0 +1,24 @@
+# Generated by Django 3.2.18 on 2024-10-17 07:16
+
+from django.conf import settings
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('authtoken', '0004_auto_20240927_1224'),
+    ]
+
+    operations = [
+        migrations.RemoveConstraint(
+            model_name='token',
+            name='unique_device_id_not_null_blank',
+        ),
+        migrations.AlterUniqueTogether(
+            name='token',
+            unique_together={('user', 'device_id')},
+        ),
+    ]
+

drfpasswordless/authtoken/models.py

@@ -0,0 +1,71 @@
+import binascii
+import os
+from django.db.models import Q
+from django.conf import settings
+from django.db import models
+from django.utils.translation import gettext_lazy as _
+
+
+class Token(models.Model):
+    """
+    The default authorization token model.
+    """
+    WEB = "WEB"
+    SPECTRO_TV = "SPECTRO_TV"
+    LOG_SHEET = "LOG_SHEET"
+    MELTING_REPORT = "MELTING_REPORT"
+    IOT = "IOT"
+    DEVICE_TYPES = (
+        (WEB, "WEB"),
+        (SPECTRO_TV, "SPECTRO_TV"),
+        (LOG_SHEET, "LOG_SHEET"),
+        (MELTING_REPORT, "MELTING_REPORT"),
+        (IOT, "IOT"),
+    )
+    key = models.CharField(_("Key"), max_length=40, primary_key=True)
+    device_id = models.CharField(max_length=64, blank=True, null=True)
+    device_type = models.CharField(
+        choices=DEVICE_TYPES, max_length=32, blank=True, null=True
+    )
+    user = models.ForeignKey(
+        settings.AUTH_USER_MODEL, related_name='auth_token',
+        on_delete=models.CASCADE, verbose_name=_("User")
+    )
+    created = models.DateTimeField(_("Created"), auto_now_add=True)
+
+    class Meta:
+        # Work around for a bug in Django:
+        # https://code.djangoproject.com/ticket/19422
+        #
+        # Also see corresponding ticket:
+        # https://github.com/encode/django-rest-framework/issues/705
+        abstract = 'drfpasswordless.authtoken' not in settings.INSTALLED_APPS
+        verbose_name = _("Token")
+        verbose_name_plural = _("Tokens")
+        unique_together = (('user', 'device_id'),)
+
+    def save(self, *args, **kwargs):
+        if not self.key:
+            self.key = self.generate_key()
+        return super().save(*args, **kwargs)
+
+    @classmethod
+    def generate_key(cls):
+        return binascii.hexlify(os.urandom(20)).decode()
+
+    def __str__(self):
+        return self.key
+
+
+class TokenProxy(Token):
+    """
+    Proxy mapping pk to user pk for use in admin.
+    """
+    @property
+    def pk(self):
+        return self.user_id
+
+    class Meta:
+        proxy = 'drfpasswordless.authtoken' in settings.INSTALLED_APPS
+        abstract = 'drfpasswordless.authtoken' not in settings.INSTALLED_APPS
+        verbose_name = "token"

drfpasswordless/authtoken/serializers.py

@@ -0,0 +1,42 @@
+from django.contrib.auth import authenticate
+from django.utils.translation import gettext_lazy as _
+
+from rest_framework import serializers
+
+
+class AuthTokenSerializer(serializers.Serializer):
+    username = serializers.CharField(
+        label=_("Username"),
+        write_only=True
+    )
+    password = serializers.CharField(
+        label=_("Password"),
+        style={'input_type': 'password'},
+        trim_whitespace=False,
+        write_only=True
+    )
+    token = serializers.CharField(
+        label=_("Token"),
+        read_only=True
+    )
+
+    def validate(self, attrs):
+        username = attrs.get('username')
+        password = attrs.get('password')
+
+        if username and password:
+            user = authenticate(request=self.context.get('request'),
+                                username=username, password=password)
+
+            # The authenticate call simply returns None for is_active=False
+            # users. (Assuming the default ModelBackend authentication
+            # backend.)
+            if not user:
+                msg = _('Unable to log in with provided credentials.')
+                raise serializers.ValidationError(msg, code='authorization')
+        else:
+            msg = _('Must include "username" and "password".')
+            raise serializers.ValidationError(msg, code='authorization')
+
+        attrs['user'] = user
+        return attrs