Update

Author: brian-emarquez

jwtpersonalizada/.env

@@ -0,0 +1,5 @@
+DEBUG = True
+SECRET_KEY = 'lwt5nsx3dt3br^gpm&ww_^nfi$h*v&y-t91x+$0@b9pfr#rslr'
+ALLOWED_HOSTS ='172.23.206.236'
+#DATABASE_URL = 'postgresql://postgres:postgres@localhost:5432/api_wallet'
+DATABASE_URL = 'postgresql://postgres:postgres@localhost:5432/demo'

jwtpersonalizada/.gitignore

@@ -0,0 +1,3 @@
+## Link de la Pagina
+
+https://egcoder.com/posts/django-rest-framework-custom-jwt-authentication/

jwtpersonalizada/README.md

@@ -0,0 +1,6 @@
+from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin
+from accounts.models import User
+
+# Register your models here.
+admin.site.register(User, UserAdmin)

jwtpersonalizada/accounts/__init__.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class AccountsConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'accounts'

jwtpersonalizada/accounts/__pycache__/__init__.cpython-38.pyc

@@ -0,0 +1,44 @@
+# Generated by Django 4.0.4 on 2022-05-31 16:42
+
+import django.contrib.auth.models
+import django.contrib.auth.validators
+from django.db import migrations, models
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('password', models.CharField(max_length=128, verbose_name='password')),
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
+                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
+                ('username', models.CharField(error_messages={'unique': 'A user with that username already exists.'}, help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.', max_length=150, unique=True, validators=[django.contrib.auth.validators.UnicodeUsernameValidator()], verbose_name='username')),
+                ('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')),
+                ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
+                ('email', models.EmailField(blank=True, max_length=254, verbose_name='email address')),
+                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
+                ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
+                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
+                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
+                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),
+            ],
+            options={
+                'verbose_name': 'user',
+                'verbose_name_plural': 'users',
+                'abstract': False,
+            },
+            managers=[
+                ('objects', django.contrib.auth.models.UserManager()),
+            ],
+        ),
+    ]

jwtpersonalizada/accounts/__pycache__/admin.cpython-38.pyc

@@ -0,0 +1,6 @@
+from django.db import models
+from django.contrib.auth.models import AbstractUser
+
+# Create your models here.
+class User(AbstractUser):
+    pass

jwtpersonalizada/accounts/__pycache__/apps.cpython-38.pyc

@@ -0,0 +1,10 @@
+# accounts.serializers
+from rest_framework import serializers
+from accounts.models import User
+
+
+class UserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = ['id', 'username', 'email',
+                  'first_name', 'last_name', 'is_active']

jwtpersonalizada/accounts/__pycache__/models.cpython-38.pyc

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

jwtpersonalizada/accounts/__pycache__/serializers.cpython-38.pyc

@@ -0,0 +1,12 @@
+# project.urls
+# accounts.urls
+
+
+from django.urls import path
+from .views import login_view, profile 
+
+
+urlpatterns = [
+    path('profile', profile, name='profile'),
+    path('login/', login_view, name='login'),
+]

jwtpersonalizada/accounts/__pycache__/urls.cpython-38.pyc

@@ -0,0 +1,29 @@
+# accounts.utils
+import datetime
+import jwt
+from django.conf import settings
+
+REFRESH_TOKEN_SECRET = "hola"
+
+def generate_access_token(user):
+
+    access_token_payload = {
+        'user_id': user.id,
+        'exp': datetime.datetime.utcnow() + datetime.timedelta(days=1, minutes=40),
+        'iat': datetime.datetime.utcnow(),
+    }
+    access_token = jwt.encode(access_token_payload,
+                              settings.SECRET_KEY, algorithm='HS256')
+    return access_token
+
+
+def generate_refresh_token(user):
+    refresh_token_payload = {
+        'user_id': user.id,
+        'exp': datetime.datetime.utcnow() + datetime.timedelta(days=7),
+        'iat': datetime.datetime.utcnow()
+    }
+    refresh_token = jwt.encode(
+        refresh_token_payload, REFRESH_TOKEN_SECRET, algorithm='HS256')#.decode('utf-8')
+
+    return refresh_token

jwtpersonalizada/accounts/__pycache__/utils.cpython-38.pyc

@@ -0,0 +1,50 @@
+from django.contrib.auth import get_user_model
+from rest_framework.response import Response
+from rest_framework import exceptions
+from rest_framework.permissions import AllowAny
+from rest_framework.decorators import api_view, permission_classes
+from django.views.decorators.csrf import ensure_csrf_cookie
+from accounts.serializers import UserSerializer
+from accounts.utils import generate_access_token, generate_refresh_token
+
+# Create your views here.
+
+@api_view(['GET'])
+def profile(request):
+    user = request.user
+    serialized_user = UserSerializer(user).data
+    return Response({'user': serialized_user })
+
+@api_view(['POST'])
+@permission_classes([AllowAny])
+@ensure_csrf_cookie
+def login_view(request):
+    User = get_user_model()
+    username = request.data.get('username')
+    password = request.data.get('password')
+    response = Response()
+    if (username is None) or (password is None):
+        raise exceptions.AuthenticationFailed(
+            'username and password required')
+
+    user = User.objects.filter(username=username).first()
+    if(user is None):
+        raise exceptions.AuthenticationFailed('user not found')
+    if (not user.check_password(password)):
+        raise exceptions.AuthenticationFailed('wrong password')
+
+    serialized_user = UserSerializer(user).data
+    print(",,,,,")
+
+    access_token = generate_access_token(user)
+    print(">>>", access_token)
+    refresh_token = generate_refresh_token(user)
+    print("<<<", refresh_token)
+
+    response.set_cookie(key='refreshtoken', value=refresh_token, httponly=True)
+    response.data = {
+        'access_token': access_token,
+        'user': serialized_user,
+    }
+
+    return response

jwtpersonalizada/accounts/__pycache__/views.cpython-38.pyc

@@ -0,0 +1,190 @@
+"""
+Django settings for jwtpersonalizada project.
+
+Generated by 'django-admin startproject' using Django 2.2.12.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/2.2/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/2.2/ref/settings/
+"""
+
+import os
+import environs
+
+from pathlib import Path
+
+# Import .env file as env
+env = environs.Env()
+env.read_env()
+
+# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+#BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+BASE_DIR = Path(__file__).resolve().parent.parent
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = env.str('DEBUG', default=False)
+
+ALLOWED_HOSTS = env.list('ALLOWED_HOSTS', default=['*'])
+
+AUTH_USER_MODEL = 'accounts.User'
+
+# Quick-start development settings - unsuitable for production
+# See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = env.str('SECRET_KEY')
+REFRESH_TOKEN_SECRET = "hola"
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = True
+
+
+
+# Application definition
+
+INSTALLED_APPS = [
+    'django.contrib.admin',
+    'django.contrib.auth',
+    'django.contrib.contenttypes',
+    'django.contrib.sessions',
+    'django.contrib.messages',
+    'django.contrib.staticfiles',
+    # 3rd party apps
+    'corsheaders',
+    'rest_framework',
+
+    # project apps
+    'accounts',
+]
+
+CORS_ALLOW_CREDENTIALS = True # to accept cookies via ajax request
+CORS_ORIGIN_WHITELIST = [
+    'http://localhost:3000' # the domain for front-end app(you can add more than 1)
+]
+
+
+MIDDLEWARE = [
+    'django.middleware.security.SecurityMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+]
+
+ROOT_URLCONF = 'jwtpersonalizada.urls'
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [],
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                'django.template.context_processors.debug',
+                'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = 'jwtpersonalizada.wsgi.application'
+
+
+# Database
+# https://docs.djangoproject.com/en/2.2/ref/settings/#databases
+
+DATABASES = {
+    'default': env.dj_db_url(
+        'DATABASE_URL',
+        default='sqlite:///' + str(str(BASE_DIR) + '/db.sqlite3')
+    )
+}
+
+GRAPH_MODELS = {
+    'all_applications': True,
+    'group_models': True,
+    'app_labels': ['applications.clients', 'applications.company',
+                   'applications.cryptocurrencies',
+                   'applications.transactions', 'applications.reports'],
+}
+
+
+
+# Password validation
+# https://docs.djangoproject.com/en/2.2/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+]
+
+# Rest Framework validation
+# REST_FRAMEWORK = {
+#     'EXCEPTION_HANDLER':
+#         'jwtpersonalizada.custom_exception_handler.custom_exception_handler',
+#     'DEFAULT_PERMISSION_CLASSES': [
+#         'rest_framework.permissions.IsAuthenticated',
+#     ],
+#     'DEFAULT_AUTHENTICATION_CLASSES': [
+#         # 'rest_framework.authentication.TokenAuthentication',
+#         # 'rest_framework.authentication.BasicAuthentication',
+#         # 'rest_framework.authentication.SessionAuthentication',
+#         'rest_framework_simplejwt.authentication.JWTAuthentication',
+#     ],
+#     'TEST_REQUEST_DEFAULT_FORMAT': 'json'
+# }
+
+
+REST_FRAMEWORK = {
+    'DEFAULT_PERMISSION_CLASSES': (
+        'rest_framework.permissions.IsAuthenticated', # make all endpoints private
+    )
+}
+
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/2.2/topics/i18n/
+
+LANGUAGE_CODE = 'es-pe'
+
+TIME_ZONE = 'America/Lima'
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = True
+
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/2.2/howto/static-files/
+
+# STATIC_URL = '/static/'
+STATIC_URL = env.str('STATIC_URL', default='/static/')
+MEDIA_URL = env.str('MEDIA_URL', default='/media/')
+MEDIA_ROOT = os.path.join(BASE_DIR, 'mediafiles')
+
+STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles/')
+STATICFILES_DIRS = [os.path.join(BASE_DIR, "static/")]
+
+MEDIA_ROOT = os.path.join(BASE_DIR, 'media/')
+
+# STATIC_URL = '/static/'
+# STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')