auth-drf 0.1.1__py3-none-any.whl

auth_drf/admin.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

auth_drf/apps.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class AuthDrfConfig(AppConfig):
+    name = 'auth_drf'

auth_drf/models/__init__.py

@@ -0,0 +1,8 @@
+from .token_model import TokenRefresh
+from .role_model import Role
+
+__all__ = [
+    "TokenRefresh",
+    "Role",
+    
+]

auth_drf/models/role_mixin_model.py

@@ -0,0 +1,50 @@
+from django.db import models
+from django.contrib.auth.models import Permission
+
+class RoleMixin(models.Model):
+
+    roles = models.ForeignKey(
+        "Role",
+        verbose_name=("roles"),
+        on_delete=models.SET_NULL,
+        blank=True, null=True,
+        help_text=(
+            "The role this user belongs to. A user will get all permissions granted to each of their groups."
+        ),
+        related_name="user_set",
+        related_query_name="user",
+    )
+
+    user_permissions = models.ManyToManyField(
+        Permission,
+        verbose_name=("user permissions"),
+        blank=True,
+        help_text="Specific permissions for this user.",
+        related_name="user_set",
+        related_query_name="user",
+    )
+
+    class Meta:
+        abstract = True
+
+    def get_user_permissions(self, obj=None):
+        return _user_get_permissions(self, "user")
+    
+    def get_role_permissions(self, obj=None):
+        return _user_get_permissions(self, "role")
+    
+    def get_all_permissions(self, obj=None):
+        return _user_get_permissions(self, "all")
+    
+
+def _user_get_permissions(user, from_name):
+    permissions = set()
+    if from_name == "user":
+        permissions.update(user.user_permissions.all())
+    elif from_name == "role":
+        permissions.update(user.roles.permissions.all())
+    elif from_name == "all":
+        permissions.update(user.user_permissions.all())
+        permissions.update(user.roles.permissions.all())
+    return permissions
+

auth_drf/models/role_model.py

@@ -0,0 +1,24 @@
+from django.db import models
+from django.contrib.auth.models import Permission
+
+from django.conf import settings
+
+class Role(models.Model):
+    
+    name = models.CharField(max_length=150)
+
+    permissions = models.ManyToManyField(
+        Permission,
+        verbose_name=("role permissions"),
+        help_text="Role Based Permissions",
+    )
+
+    admin = models.ForeignKey(
+        settings.AUTH_USER_MODEL,
+        on_delete=models.CASCADE,
+        related_name="users",
+    )
+
+    class Meta:
+        unique_together = ("name", "admin")
+

auth_drf/models/token_model.py

@@ -0,0 +1,67 @@
+import uuid
+
+from django.conf import settings
+from django.db import models
+
+
+class TokenRefresh(models.Model):
+    id = models.UUIDField(
+        primary_key=True,
+        default=uuid.uuid4,
+        editable=False,
+    )
+
+    user = models.ForeignKey(
+        settings.AUTH_USER_MODEL,
+        on_delete=models.CASCADE,
+        related_name="refresh_tokens",
+    )
+
+    jti = models.UUIDField(
+        unique=True,
+        db_index=True,
+    )
+
+    family_id = models.UUIDField(
+        db_index=True,
+    )
+
+    parent_jti = models.UUIDField(
+        null=True,
+        blank=True,
+    )
+
+    is_revoked = models.BooleanField(
+        default=False,
+    )
+
+    revoked_at = models.DateTimeField(
+        null=True,
+        blank=True,
+    )
+
+    expires_at = models.DateTimeField()
+
+    created_at = models.DateTimeField(
+        auto_now_add=True,
+    )
+
+    is_used = models.BooleanField(
+        default=False
+    )
+
+    used_at = models.DateTimeField(
+        null=True,
+        blank=True,
+    )
+
+    compromised = models.BooleanField(
+        default=False,
+    )
+
+    class Meta:
+        indexes = [
+            models.Index(fields=["family_id"]),
+            models.Index(fields=["user"]),
+            models.Index(fields=["expires_at"]),
+        ]

auth_drf/models/user_model.py

@@ -0,0 +1,67 @@
+from django.db import models
+from django.utils import timezone
+from django.core.mail import send_mail
+from django.contrib.auth.models import AbstractBaseUser, UserManager
+from django.contrib.auth.base_user import BaseUserManager
+
+from ..models.role_mixin_model import RoleMixin
+
+from django.conf import settings
+
+class BaseUser(AbstractBaseUser, RoleMixin):
+    first_name = models.CharField(max_length=150, blank=True)
+    last_name = models.CharField(max_length=150, blank=True)
+    email = models.EmailField(blank=True)
+    username = models.CharField(max_length=150, unique=True, blank=True)
+    is_staff = models.BooleanField(
+        default=False,
+        help_text=("Designates whether the user can log into this admin site."),
+    )
+    is_active = models.BooleanField(
+        default=True,
+        help_text=(
+            "Designates whether this user should be treated as active. "
+            "Unselect this instead of deleting accounts."
+        ),
+    )
+    date_joined = models.DateTimeField(default=timezone.now)
+
+    admin = models.ForeignKey(
+        "self",
+        on_delete=models.SET_NULL,
+        null=True,
+        blank=True,
+        related_name="managed_users",
+    )
+
+    objects = BaseUserManager()
+
+    EMAIL_FIELD = "email"
+    USERNAME_FIELD = "username"
+    REQUIRED_FIELDS = ["email"]
+
+    class Meta:
+        verbose_name = "user"
+        verbose_name_plural = "users"
+        abstract = True
+
+    def clean(self):
+        super().clean()
+        self.email = self.__class__.objects.normalize_email(self.email)
+
+    def get_full_name(self):
+        """
+        Return the first_name plus the last_name, with a space in between.
+        """
+        full_name = f"{self.first_name} {self.last_name}"
+        return full_name.strip()
+
+    def get_short_name(self):
+        """Return the short name for the user."""
+        return self.first_name
+
+    def email_user(self, subject, message, from_email=None, **kwargs):
+        """Send an email to this user."""
+        send_mail(subject, message, from_email, [self.email], **kwargs)
+
+    

auth_drf/serializers/__init__.py

@@ -0,0 +1,2 @@
+from .permission_serializer import PermissionSerializer
+from .role_serializer import RoleMiniSerializer, RoleCreateSerializer, RoleUpdateSerializer, RoleListSerializer, RoleRetrieveSerializer

auth_drf/serializers/auth_serializer.py

@@ -0,0 +1,67 @@
+from rest_framework import serializers
+
+from ..serializers.permission_serializer import PermissionSerializer
+from ..serializers.role_serializer import RoleMiniSerializer
+
+from django.contrib.auth import get_user_model
+User = get_user_model()
+
+class LoginSerializer(serializers.Serializer):
+    id = serializers.IntegerField(read_only=True)
+    email = serializers.EmailField()
+    username = serializers.CharField(max_length=150)
+    password = serializers.CharField(write_only=True)
+    roles = RoleMiniSerializer(read_only=True)
+    permissions = serializers.SerializerMethodField(read_only=True)
+
+    access = serializers.CharField(read_only=True)
+    refresh = serializers.CharField(read_only=True)
+
+    def get_permissions(self, obj):
+        user = self.context.get("user")
+        permissions = user.get_all_permissions()
+
+        grouped_data = {}
+
+        for perm in permissions:
+            if perm.content_type.name not in grouped_data:
+                grouped_data[perm.content_type.name] = []
+            grouped_data[perm.content_type.name].append(perm.codename)
+
+        formatted_list = [
+            {"module": module, "actions": actions}
+            for module, actions in grouped_data.items()
+        ]
+
+        return PermissionSerializer(
+            formatted_list,
+            many=True
+        ).data
+
+
+class RegisterSerializer(serializers.Serializer):
+    first_name = serializers.CharField(max_length=150)
+    last_name = serializers.CharField(max_length=150)
+    email = serializers.EmailField()
+    username = serializers.CharField(max_length=150)
+    password = serializers.CharField(max_length=128)
+
+    def validate_email(self, attr):
+        if User.objects.filter(
+            email=attr,
+        ).exists():
+            raise serializers.ValidationError(
+                "User with this email already exists."
+            )
+        
+        return attr
+    
+    def validate_username(self, attr):
+        if User.objects.filter(
+            username=attr,
+        ).exists():
+            raise serializers.ValidationError(
+                "User with this username already exists."
+            )
+        
+        return attr

auth_drf/serializers/permission_serializer.py

@@ -0,0 +1,10 @@
+from rest_framework import serializers
+from django.contrib.auth.models import Permission
+
+class PermissionSerializer(serializers.Serializer):
+    module = serializers.CharField(max_length=255)
+    actions = serializers.ListField(
+        child=serializers.CharField(max_length=100),
+        allow_empty=True
+    )
+    

auth_drf/serializers/role_serializer.py

@@ -0,0 +1,109 @@
+from rest_framework import serializers
+from ..models.role_model import Role
+from ..serializers.permission_serializer import *
+
+class RoleCreateSerializer(serializers.ModelSerializer):
+    permissions = PermissionSerializer(many=True)
+
+    class Meta:
+        model = Role
+        exclude = [
+            "id",
+            "admin"
+        ]
+
+    def validate_name(self, attr):
+        request = self.context.get("request")
+
+        if Role.objects.filter(
+            name=attr,
+            admin=request.user.admin,
+        ).exists():
+            raise serializers.ValidationError(
+                "Role with this name already exist."
+            )
+        
+        return attr
+
+class RoleUpdateSerializer(serializers.ModelSerializer):
+    permissions = PermissionSerializer(many=True)
+
+    class Meta:
+        model = Role
+        exclude = [
+            "id",
+            "admin"
+        ]
+
+class RoleListSerializer(serializers.ModelSerializer):
+    permissions = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Role
+        fields = [
+            "id",
+            "name",
+            "permissions"
+        ]
+
+    def get_permissions(self, obj):
+        permissions = obj.permissions.all()
+
+        grouped_data = {}
+
+        for perm in permissions:
+            if perm.content_type.name not in grouped_data:
+                grouped_data[perm.content_type.name] = []
+            grouped_data[perm.content_type.name].append(perm.codename)
+
+        formatted_list = [
+            {"module": module, "actions": actions}
+            for module, actions in grouped_data.items()
+        ]
+
+        return PermissionSerializer(
+            formatted_list,
+            many=True
+        ).data
+
+
+
+class RoleRetrieveSerializer(serializers.ModelSerializer):
+    permissions = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Role
+        fields = [
+            "id",
+            "name",
+            "permissions"
+        ]
+
+    def get_permissions(self, obj):
+        permissions = obj.permissions.all()
+
+        grouped_data = {}
+
+        for perm in permissions:
+            if perm.content_type.name not in grouped_data:
+                grouped_data[perm.content_type.name] = []
+            grouped_data[perm.content_type.name].append(perm.codename)
+
+        formatted_list = [
+            {"module": module, "actions": actions}
+            for module, actions in grouped_data.items()
+        ]
+
+        return PermissionSerializer(
+            formatted_list,
+            many=True
+        ).data
+
+class RoleMiniSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = Role
+        exclude = [
+            "permissions",
+            "admin",
+        ]

auth_drf/services/__init__.py

@@ -0,0 +1,14 @@
+from .role_service import RoleService
+from .auth_service import AuthService
+from .token_service import TokenService
+from .jwt_service import JWTService
+from .permissions_service import PermissionService
+
+__all__ = [
+    "RoleService",
+    "AuthService",
+    "TokenService",
+    "JWTService",
+    "PermissionService",
+
+]

auth_drf/services/auth_service.py

@@ -0,0 +1,69 @@
+from django.contrib.auth import authenticate
+from django.contrib.auth import get_user_model
+from django.db import transaction
+
+from rest_framework.exceptions import ValidationError
+
+from ..services.token_service import TokenService
+from ..services.role_service import RoleService
+from ..services.permissions_service import PermissionService
+from ..models.role_model import Role
+
+User = get_user_model()
+
+class AuthService:
+
+    @classmethod
+    @transaction.atomic
+    def register(cls, *, data):
+        password = data.pop("password")
+        
+        user = User.objects.create(
+            **data
+        )
+        user.set_password(password)
+        user.admin=user
+        user.save()
+
+        permissions = PermissionService.list_all()
+        permissions_instances = PermissionService.list_all_instances()
+
+        data = {
+            "name": "Administrator",
+            "permissions": permissions
+        }
+
+        role = RoleService.create(
+            data=data,
+            user=user
+        )
+        user.roles=role
+        user.user_permissions.set(permissions_instances)
+
+        user.save()
+
+        return user
+
+    @classmethod
+    def login(cls, *, data):
+        user = authenticate(
+            username=data["username"],
+            password=data["password"]
+        )
+
+        if not user:
+            raise ValidationError("Invalid credentials")
+
+        user_data = {
+            "id": user.id,
+            "email": user.email,
+            "username": user.username,
+            "role": user.roles,
+            "user": user,
+        }
+
+        token = TokenService.issue_token_pair(user)
+
+        user_data.update(token)
+
+        return user_data

auth_drf/services/jwt_service.py

@@ -0,0 +1,37 @@
+import uuid
+
+from rest_framework_simplejwt.tokens import AccessToken, RefreshToken
+from rest_framework_simplejwt.exceptions import TokenError
+from rest_framework.exceptions import AuthenticationFailed
+
+class JWTService:
+
+    @staticmethod
+    def create_access_token(user):
+        token = AccessToken.for_user(user)
+
+        return str(token)
+    
+    @staticmethod
+    def create_refresh_token(*, user, jti, family_id, parent_jti=None):    
+        token = RefreshToken.for_user(user)
+
+        token["jti"] = str(jti)
+        token["family"] = str(family_id)
+        token["sub"] = str(user.id)
+
+        if parent_jti:
+            token["parent"] = str(parent_jti)
+ 
+        return str(token)
+    
+    @staticmethod
+    def decode_refresh_token(token: str) -> dict:
+        try:
+            refresh = RefreshToken(token)
+
+            return refresh
+        except TokenError as exc:
+            raise AuthenticationFailed(
+                f"Invalid refresh token: {exc}"
+            )

auth_drf/services/permissions_service.py

@@ -0,0 +1,33 @@
+from django.contrib.auth.models import Permission
+
+from ..serializers.permission_serializer import PermissionSerializer
+
+class PermissionService:
+
+    @staticmethod
+    def list_all():
+        permissions = Permission.objects.all()
+
+        grouped_data = {}
+
+        for perm in permissions:
+            if perm.content_type.app_label not in grouped_data:
+                grouped_data[perm.content_type.app_label] = []
+            grouped_data[perm.content_type.app_label].append(perm.codename)
+        
+        formatted_list = [
+            {"module": module, "actions": actions}
+            for module, actions in grouped_data.items()
+        ]
+
+        return PermissionSerializer(
+            formatted_list,
+            many=True
+        ).data
+    
+    @staticmethod
+    def list_all_instances():
+        permissions = list(Permission.objects.all())
+
+        return permissions
+

auth_drf/services/role_service.py

@@ -0,0 +1,79 @@
+from ..models.role_model import Role
+
+from rest_framework.exceptions import ValidationError
+from django.contrib.auth.models import Permission
+
+class RoleService:
+
+    @staticmethod
+    def create(*, data, user):
+        permissions = data.pop("permissions")
+
+        code_names = [
+            action
+            for perm in permissions if isinstance(perm, dict)
+            for action in perm.get("actions", [])
+        ]
+
+        if code_names:
+            permission_instance = list(Permission.objects.filter(codename__in=code_names))
+
+        
+        role = Role.objects.create(
+            **data,
+            admin=user.admin
+        )
+
+        role.permissions.set(permission_instance)
+        role.save()
+
+        return role
+
+    @staticmethod
+    def update(*, data, role, user):
+
+        has_permission_key = "permissions" in data
+        permission_list = data.pop("permissions", [])
+        
+        for key, value in data.items():
+            setattr(role, key, value)
+
+        role.save()
+
+        if has_permission_key:
+            code_names = [
+                action
+                for perm in permission_list if isinstance(perm, dict)
+                for action in perm.get("actions", [])
+            ]
+
+            if code_names:
+                permission_instances = list(Permission.objects.filter(codename__in=code_names))
+
+                role.permissions.set(permission_instances)
+            else:
+                role.permissions.clear()
+
+        return role
+
+    @staticmethod
+    def list(user):
+        
+        roles = Role.objects.filter(
+            admin=user.admin if user.admin else user
+        ).prefetch_related("permissions")
+
+        return roles
+
+    @staticmethod
+    def retrieve(*, id):
+        try:
+            role = Role.objects.prefetch_related("permissions").get(
+                id=id
+            )
+        except Role.DoesNotExist:
+            raise ValidationError({
+                "detail": "Role with given query does not exist."
+            })
+        else:
+            return role