add login/logout, validates 1 order max, delete method for user

2025-01-18 12:11:35 +00:00 · 2022-01-02 17:31:28 -08:00 · 2022-01-02 17:31:28 -08:00 · 80e0ca46fb
commit 80e0ca46fb
parent 225c142cd9
3 changed files with 81 additions and 25 deletions
--- a/api/views.py
+++ b/api/views.py
@ -1,7 +1,7 @@
 from rest_framework import status
 from rest_framework.views import APIView
 from rest_framework.response import Response
-from django.contrib.auth.backends import BaseBackend
+from django.contrib.auth import authenticate, login, logout
 from django.contrib.auth.models import User

 from .serializers import OrderSerializer, MakeOrderSerializer
@ -31,9 +31,15 @@ class MakeOrder(APIView):
            premium = serializer.data.get('premium')
            satoshis = serializer.data.get('satoshis')

-            #################
-            # TODO
+            user = User.objects.get(id=request.user.id)
+
            # query if the user is already a maker or taker, return error
+            queryset = Order.objects.filter(maker=request.user.id)
+            if queryset.exists():
+                return Response({'Bad Request':'You are already maker of an order'},status=status.HTTP_400_BAD_REQUEST)
+            queryset = Order.objects.filter(taker=request.user.id)
+            if queryset.exists():
+                return Response({'Bad Request':'You are already taker of an order'},status=status.HTTP_400_BAD_REQUEST) 

            # Creates a new order in db
            order = Order(
@ -42,7 +48,8 @@ class MakeOrder(APIView):
                amount=amount,
                payment_method=payment_method,
                premium=premium,
-                satoshis=satoshis)
+                satoshis=satoshis,
+                maker=user)
            order.save()

        if not serializer.is_valid():
@ -66,21 +73,17 @@ class OrderView(APIView):
                print("It is only one!")
                order = order[0]
                data = self.serializer_class(order).data
-                
-                # TODO
-                # # Check if requester is participant in the order and add boolean to response
-                
-                # user = authenticate(username=username, password=password)
-                # data['is_participant'] = any(user.id == order.maker, user.id == order.taker)
+                nickname = request.user.username

-                # if data['is_participant']:
-                #     return Response(data, status=status.HTTP_200_OK)
-                # else:
-                #     # Non participants can't get access to the status or who is the taker
-                #     data.pop(['status'],['taker'])
-                #     return Response(data, status=status.HTTP_200_OK)
+                # Check if requester is participant in the order and add boolean to response
+                data['is_participant'] = (str(order.maker) == nickname or str(order.taker) == nickname)

-                return Response(data, status=status.HTTP_200_OK)
+                if data['is_participant']:
+                    return Response(data, status=status.HTTP_200_OK)
+                else:
+                    # Non participants should not see the status or who is the taker
+                    data.pop('status','taker')
+                    return Response(data, status=status.HTTP_200_OK)

            return Response({'Order Not Found':'Invalid Order Id'},status=status.HTTP_404_NOT_FOUND)

@ -150,9 +153,19 @@ class UserGenerator(APIView):
            # why? It is unlikely but there is only 20 billion names
            # but if the token is not exact

-        # TODO Keep user authenticated.
-        # BaseBackend.authenticate(self, request=None,username=nickname, password=token)
+        user = authenticate(request, username=nickname, password=token)
+        if user is not None:
+            login(request, user)

        return Response(context, status=status.HTTP_201_CREATED)

+    def delete(self,request):
+        user = User.objects.get(id = request.user.id)
+
+        if user is not None:
+            logout(request)
+            user.delete()
+            return Response(status=status.HTTP_301_MOVED_PERMANENTLY)
+
+        return Response(status=status.HTTP_403_FORBIDDEN)

--- a/frontend/src/components/UserGenPage.js
+++ b/frontend/src/components/UserGenPage.js
@ -3,13 +3,30 @@ import { Button , Grid, Typography, TextField, Select, FormHelperText, MenuItem,
 import { Link } from 'react-router-dom'
 import Image from 'material-ui-image'

+function getCookie(name) {
+  let cookieValue = null;
+  if (document.cookie && document.cookie !== '') {
+      const cookies = document.cookie.split(';');
+      for (let i = 0; i < cookies.length; i++) {
+          const cookie = cookies[i].trim();
+          // Does this cookie string begin with the name we want?
+          if (cookie.substring(0, name.length + 1) === (name + '=')) {
+              cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+              break;
+          }
+      }
+  }
+  return cookieValue;
+}
+const csrftoken = getCookie('csrftoken');
+
 export default class UserGenPage extends Component {
  constructor(props) {
    super(props);
    this.state = {
      token: this.genBase62Token(32),
    };
-    this.getGenerateUser();
+    this.getGeneratedUser();
  }

  // sort of cryptographically strong function to generate Base62 token client-side
@ -23,7 +40,7 @@ export default class UserGenPage extends Component {
          .substring(0, length);
  }

-  getGenerateUser() {
+  getGeneratedUser() {
    fetch('/api/usergen' + '?token=' + this.state.token)
      .then((response) => response.json())
      .then((data) => {
@ -38,22 +55,34 @@ export default class UserGenPage extends Component {
      });
  }

+  delGeneratedUser() {
+    const requestOptions = {
+      method: 'DELETE',
+      headers: {'Content-Type':'application/json', 'X-CSRFToken': csrftoken},
+    };
+    fetch("/api/usergen", requestOptions)
+      .then((response) => response.json())
+      .then((data) => console.log(data));
+  }
+
  // Fix next two handler functions so they work sequentially
  // at the moment they make the request generate a new user in parallel
  // to updating the token in the state. So the it works a bit weird.

  handleAnotherButtonPressed=(e)=>{
+    this.delGeneratedUser()
    this.setState({
      token: this.genBase62Token(32),
    })
-    this.getGenerateUser();
+    this.getGeneratedUser();
  }

  handleChangeToken=(e)=>{
+    this.delGeneratedUser()
    this.setState({
      token: e.target.value,
    })
-    this.getGenerateUser();
+    this.getGeneratedUser();
  }

  render() {
@ -76,8 +105,8 @@ export default class UserGenPage extends Component {
            <div style={{ maxWidth: 200, maxHeight: 200 }}>
              <Image className='newAvatar'
                disableError='true'
-                animationDuration='1500'
                cover='true'
+                color='null'
                src={this.state.avatar_url}
              />
            </div>
@ -107,5 +136,4 @@ export default class UserGenPage extends Component {
      </Grid>
    );
  }
-
 }
--- a/frontend/src/components/getCookieToken.js
+++ b/frontend/src/components/getCookieToken.js
@ -0,0 +1,15 @@
+function getCookie(name) {
+  let cookieValue = null;
+  if (document.cookie && document.cookie !== '') {
+      const cookies = document.cookie.split(';');
+      for (let i = 0; i < cookies.length; i++) {
+          const cookie = cookies[i].trim();
+          // Does this cookie string begin with the name we want?
+          if (cookie.substring(0, name.length + 1) === (name + '=')) {
+              cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+              break;
+          }
+      }
+  }
+  return cookieValue;
+}