Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add json web token authentication check #97

Closed
wants to merge 1 commit into from
Closed

Add json web token authentication check #97

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions webpush/urls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
),
name='javascript-catalog'),
path('save_information', views.save_info, name='save_webpush_info'),
path('jwt/save_information', views.jwt_save_info, name='jwt_save_webpush_info'),
# Service worker need to be loaded from same domain
path('service-worker.js', views.ServiceWorkerView.as_view(), name='service_worker')
]
44 changes: 44 additions & 0 deletions webpush/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@
from django.views.decorators.http import require_POST, require_GET
from django.views.generic import TemplateView

from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import IsAuthenticated

from .forms import WebPushForm, SubscriptionForm


Expand Down Expand Up @@ -48,6 +51,47 @@ def save_info(request):
return HttpResponse(status=400)


@api_view(['POST'])
@permission_classes((IsAuthenticated, ))
@csrf_exempt
def jwt_save_info(request):
# Parse the json object from post data. return 400 if the json encoding is wrong
try:
post_data = json.loads(request.body.decode('utf-8'))
except ValueError:
return HttpResponse(status=400)

# Process the subscription data to mach with the model
subscription_data = process_subscription_data(post_data)
subscription_form = SubscriptionForm(subscription_data)
# pass the data through WebPushForm for validation purpose
web_push_form = WebPushForm(post_data)


# Get the cleaned data in order to get status_type and group_name
web_push_data = web_push_form.cleaned_data
status_type = web_push_data.pop("status_type")
group_name = web_push_data.pop("group")

# We at least need the user or group to subscribe for a notification
if request.user.is_authenticated or group_name:
# Save the subscription info with subscription data
# as the subscription data is a dictionary and its valid
subscription = subscription_form.get_or_save()
web_push_form.save_or_delete(
subscription=subscription, user=request.user,
status_type=status_type, group_name=group_name)

# If subscribe is made, means object is created. So return 201
if status_type == 'subscribe':
return HttpResponse(status=201)
# Unsubscribe is made, means object is deleted. So return 202
elif "unsubscribe":
return HttpResponse(status=202)

return HttpResponse(status=400)


def process_subscription_data(post_data):
"""Process the subscription data according to out model"""
subscription_data = post_data.pop("subscription", {})
Expand Down