django-restit 4.2.174__py3-none-any.whl → 4.2.175__py3-none-any.whl

account/migrations/0023_authsession_method.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.18 on 2025-03-23 19:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('account', '0022_alter_memberdevice_modified'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='authsession',
+            name='method',
+            field=models.CharField(blank=True, db_index=True, default=None, max_length=127, null=True),
+        ),
+    ]

account/models/session.py

@@ -42,6 +42,7 @@ class AuthSession(models.Model, RestModel):
     signature = models.CharField(max_length=127, db_index=True)
     ip = models.CharField(max_length=127, null=True, blank=True, db_index=True)
     buid = models.CharField(max_length=127, null=True, blank=True, default=None)
+    method = models.CharField(max_length=127, null=True, blank=True, db_index=True, default=None)
 
     member = models.ForeignKey("account.Member", null=True, blank=True, related_name="auth_sessions", on_delete=models.CASCADE)
     location = models.ForeignKey("location.GeoIP", related_name="auth_sessions", blank=True, null=True, default=None, on_delete=models.CASCADE)
@@ -72,8 +73,9 @@ class AuthSession(models.Model, RestModel):
         return f"{self.member.username} - {self.ip} - {self.os} - {self.browser}"
 
     @classmethod
-    def NewSession(cls, request):
+    def NewSession(cls, request, method="jwt"):
         obj = cls(ip=request.ip, member=request.member, signature=request.signature)
+        obj.method = method
         obj.user_agent = request.META.get('HTTP_USER_AGENT', None)
         obj.last_activity = datetime.now()
         obj.buid = request.POST.get("__buid__", request.GET.get("__buid__", None))
@@ -92,4 +94,3 @@ class AuthSession(models.Model, RestModel):
                 session.touch()
             return session
         return None
-

account/rpc/auth.py

@@ -37,6 +37,7 @@ def member_login(request):
 @rd.never_cache
 def jwt_login(request):
     # poor mans JWT, carried over
+    auth_method = "basic"
     username = request.DATA.get('username', None)
     if not username:
         return rv.restPermissionDenied(request, "Password and/or Username is incorrect", error_code=422)
@@ -45,29 +46,31 @@ def jwt_login(request):
         return rv.restPermissionDenied(request, error=f"Password and/or Username is incorrect for {username}", error_code=422)
     auth_code = request.DATA.get(["auth_code", "code", "invite_token"], None)
     if username and auth_code:
+        # this is typically used for OAUTH (final)
         return member_login_uname_code(request, username, auth_code)
     password = request.DATA.get('password', None)
     member.canLogin(request)  # throws exception if cannot login
     if member.requires_totp or member.has_totp:
+        auth_method = "basic+totp"
         resp = checkForTOTP(request, member)
         if resp is not None:
             return resp
     if not member.login(request=request, password=password, use_jwt=True):
         # we do not want permission denied catcher invoked as it is already handled in login method
         return rv.restStatus(request, False, error=f"Invalid Credentials {username}", error_code=401)
-    return on_complete_jwt(request, member)
+    return on_complete_jwt(request, member, auth_method)
 
 
-def on_complete_jwt(request, member):
+def on_complete_jwt(request, member, method="basic"):
     if member.security_token is None or member.security_token == JWT_KEY or member.force_single_session:
         member.refreshSecurityToken()
 
     member.log(
-        "jwt_login", "jwt login succesful", 
+        "jwt_login", "jwt login succesful",
         request, method="login", level=7)
 
     device_id = request.DATA.get(["device_id", "deviceID"])
-    
+
     token = JWToken(
         user_id=member.pk,
         key=member.security_token,
@@ -80,13 +83,13 @@ def on_complete_jwt(request, member):
     request.signature = token.session_id
     request.device_id = device_id
     request.buid = request.DATA.get("__buid__", None)
-    request.auth_session = am.AuthSession.NewSession(request)
+    request.auth_session = am.AuthSession.NewSession(request, method)
     if bool(device_id):
         am.MemberDevice.register(request, member, device_id)
-    
+
     request.jwt_token = token.access_token  # this tells the middleware to store in cookie
     return rv.restGet(
-        request, 
+        request,
         dict(
             access=token.access_token,
             refresh=token.refresh_token,
@@ -221,9 +224,9 @@ def member_login_uname_code(request, username, auth_code):
     member.login(request=request)
     member.save()
     member.log("code_login", "code login", request, method="login", level=8)
-    if request.DATA.get("auth_method") == "basic":
+    if request.DATA.get("auth_method") == "basic" and ALLOW_BASIC_LOGIN:
         return rv.restGet(request, dict(id=member.pk, session_key=request.session.session_key))
-    return on_complete_jwt(request, member)
+    return on_complete_jwt(request, member, "auth_code")
 
 
 @rd.url(r'^logout$')
@@ -296,7 +299,7 @@ def get_member_from_request(request):
         request.member = member
         member.log("login_blocked", "account is locked out", request, method="login", level=31)
         return member, rv.restPermissionDenied(request, error=f"{member.username} Account locked out", error_code=411)
-    return member, None  
+    return member, None
 
 
 @rd.urlPOST('forgot')
@@ -408,5 +411,3 @@ def totp_verify(request):
         return rv.restPermissionDenied(request, "invalid code")
     request.member.setProperty("totp_verified", 1)
     return rv.restStatus(request, True)
-
-

account/rpc/oauth.py

@@ -20,37 +20,43 @@ def oauth_google_login(request):
     state = request.DATA.get("state")
     app_url = settings.DEFAULT_LOGIN_URL
 
-    rh.log_print("google/login", request.DATA.toDict(), request.session.get("state"))
+    # rh.log_print("google/login", request.DATA.toDict(), request.session.get("state"))
 
     if state:
+        # this is where we should pull out the passed in state and get the proper URL
         state = objict.fromJSON(rh.hexToString(state))
         rh.log_print("state", state)
         app_url = state.url
 
     if not code:
         params = urlencode({'error': error})
-        return redirect(f"{app_url}?{params}")
+        separator = '&' if '?' in app_url and app_url[-1] != '?' else '?'
+        return redirect(f"{app_url}{separator}{params}")
 
-    redirect_uri = f"{settings.BASE_URL_SECURE}{REST_PREFIX}account/oauth/google/login"
+    redirect_uri = f"{request.scheme}://{request.get_host()}/{REST_PREFIX}account/oauth/google/login"
     auth_data = google.getAccessToken(code, redirect_uri)
     if auth_data is None or auth_data.access_token is None:
         params = urlencode({'error': "failed to get access token from google"})
-        return redirect(f"{app_url}?{params}")
+        separator = '&' if '?' in app_url and app_url[-1] != '?' else '?'
+        return redirect(f"{app_url}{separator}{params}")
 
     user_data = google.getUserInfo(auth_data.access_token)
     if user_data is None:
         params = urlencode({'error': "failed to get user data from google"})
-        return redirect(f"{app_url}?{params}")
+        separator = '&' if '?' in app_url and app_url[-1] != '?' else '?'
+        return redirect(f"{app_url}{separator}{params}")
 
     if not user_data.email:
         params = urlencode({'error': "no email with account"})
-        return redirect(f"{app_url}?{params}")
+        separator = '&' if '?' in app_url and app_url[-1] != '?' else '?'
+        return redirect(f"{app_url}{separator}{params}")
 
     # TODO allow new accounts?
     member = Member.objects.filter(email=user_data.email).last()
     if member is None:
         params = urlencode({'error': "user not found"})
-        return redirect(f"{app_url}?{params}")
+        separator = '&' if '?' in app_url and app_url[-1] != '?' else '?'
+        return redirect(f"{app_url}{separator}{params}")
 
     member.setProperties(auth_data, category="google_auth")
     member.setProperties(user_data, category="google")
@@ -69,13 +75,8 @@ def oauth_google_login(request):
     member.save()
     member.auditLog("user succesfully authenticated with google", "google_oauth", level=17)
 
-    params = urlencode({'oauth_code': member.auth_code, "username":member.username})
+    params = urlencode({'oauth_code': member.auth_code, "username":member.username, "auth_method":"google_oauth"})
     rurl = None
-    if "?" in app_url:
-        if app_url[-1] == "?":
-            rurl = f"{app_url}{params}"
-        else:
-            rurl = f"{app_url}&{params}"
-    else:
-        rurl = f"{app_url}?{params}"
+    separator = '&' if '?' in app_url and app_url[-1] != '?' else '?'
+    rurl = f"{app_url}{separator}{params}"
     return redirect(rurl)

account/rpc/passkeys.py

@@ -51,4 +51,4 @@ def rest_on_passkeys_auth_complete(request):
         request.session.pop("fido2_state"),
         request.session.pop("fido2_rp_id"))
     # we now want to handle the JWT or basic login flow
-    return on_complete_jwt(request, uk.member)
+    return on_complete_jwt(request, uk.member, "passkey")

{django_restit-4.2.174.dist-info → django_restit-4.2.175.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: django-restit
-Version: 4.2.174
+Version: 4.2.175
 Summary: A Rest Framework for DJANGO
 License: MIT
 Author: Ian Starnes

{django_restit-4.2.174.dist-info → django_restit-4.2.175.dist-info}/RECORD

@@ -24,6 +24,7 @@ account/migrations/0019_group_location.py,sha256=EfMB_w4qWUGDqQeNc453PFZwpjpTeoA
 account/migrations/0020_cloudcredentials_cloudcredentialsmetadata.py,sha256=mHwxkyDfA4ueQOt34w5ndJB4XwNTDLv79CkKgzhlz-c,2250
 account/migrations/0021_alter_cloudcredentials_group.py,sha256=zoFYmE-hd3uRGX6DRO9k-osPwH0jFeTU7S-pjCOtakk,561
 account/migrations/0022_alter_memberdevice_modified.py,sha256=9eeKcdr9p6qFJ8ZxSnKSj1KxZjW8NZfM0YCMck6i0QQ,424
+account/migrations/0023_authsession_method.py,sha256=5oIOXyj24rlrLFq7frij5VBaWk_ckh7hRPqq_jpO_b0,452
 account/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 account/models/__init__.py,sha256=cV_lMnT2vL_mjiYtT4hlcIHo52ocFbGSNVkOIHHLXZY,385
 account/models/device.py,sha256=8D-Sbv9PZWAnX6UVpp1lNJ03P24fknNnN1VOhqY7RVg,6306
@@ -34,7 +35,7 @@ account/models/member.py,sha256=qmLCOVbNTRr4L-E7BbOMtv4V64QN7K-0pXDgnuB-AbY,5472
 account/models/membership.py,sha256=90EpAhOsGaqphDAkONP6j_qQ0OWSRaQsI8H7E7fgMkE,9249
 account/models/notify.py,sha256=YKYEXT56i98b7-ydLt5UuEVOqW7lipQMi-KuiPhcSwY,15627
 account/models/passkeys.py,sha256=lObapudvL--ABSTZTIELmYvHE3dPF0tO_KmuYk0ZJXc,1699
-account/models/session.py,sha256=ELkWjB_2KXQvPtRPrvuGJpJsqrxCQX_4J53SbqGz_2U,3737
+account/models/session.py,sha256=5tpyRF1BHTPBL5gBIx8Eu55sWc6pTziqDpm7Zm5bdJI,3876
 account/models/settings.py,sha256=gOyRWBVd3BQpjfj_hJPtqX3H46ztyRAFxBrPbv11lQg,2137
 account/oauth/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 account/oauth/google.py,sha256=q5M6Qhpfp9QslKRVYFZBvtG6kgXV6vYMrR5fp6Xdb9I,2078
@@ -42,13 +43,13 @@ account/passkeys/__init__.py,sha256=FwXYJXwSJXfkLojGBcVpF1dFpgFhzDdd9N_3naYQ0cc,
 account/passkeys/core.py,sha256=4aUBNCuF_kjOvE1zFapK1Pj28ap5slO71dRyfnWi0YU,4148
 account/periodic.py,sha256=-u0n-7QTJgDOkasGhBAPwHAwjpqWGA-MZLEFkVTqCGU,874
 account/rpc/__init__.py,sha256=SGF0M_-H0dKh3b1apSX29BotNWAvITYccGQVC0MIjL8,336
-account/rpc/auth.py,sha256=O-co_vZM9T4lsu3hidjKAeL2tTPWgbmoLsrjhmFZ7lA,17064
+account/rpc/auth.py,sha256=0LUTb-dO6wk6rWitPVAXeR0IqpbX5Yw8tHM5U9QJibA,17234
 account/rpc/device.py,sha256=lU2BHNPreHV0dDTjAPc7Sc-5m2JP8SiWVqiKuBfV7Fo,2281
 account/rpc/group.py,sha256=hw7iczZ6W_IrRbx5ZDw6cZ5I_ztqxhtUFJD9WR91_4s,4948
 account/rpc/member.py,sha256=8XnJX-iri0Om4nc-V2_tDJzfCSzziKLw6dUx9egtEZE,2236
 account/rpc/notify.py,sha256=Q2YWejP36egeF060Hih5uX4Psv_B8NWlLLPi7iDYlIw,3344
-account/rpc/oauth.py,sha256=ISLVsR5HvKALANokaOFRvF4FTRxWtXPvVnZAYANKxpo,2864
-account/rpc/passkeys.py,sha256=5x28nYILJUMMSwfVuWYL66hfoGUXahMqOwiHhM4I3Do,1729
+account/rpc/oauth.py,sha256=1dMvEpoMcvGXEdgDq2OBZcRMnXcE1jD18-itVrZwH9A,3333
+account/rpc/passkeys.py,sha256=AKgF2xgaGJi8UCFgfSMBh7rUqrJgVL8-RfDDRoPWiDM,1740
 account/rpc/settings.py,sha256=EvPuwW63Gp_Va0ANIPAZ894tnS_JCctQ0FzqYRdKUNM,271
 account/settings.py,sha256=XEvZdcA6p_iUpDq9NmICK8rxzIQ8NViKfrpyuYgSV4o,53
 account/templates/email/base.html,sha256=GUuatccaZtO_hLLNZmMQQKew1Bjfz3e6Z7p3dM6BrWk,9669
@@ -379,7 +380,7 @@ pushit/utils.py,sha256=IeTCGa-164nmB1jIsK1lu1O1QzUhS3BKfuXHGjCW-ck,2121
 rest/.gitignore,sha256=TbEvWRMnAiajCTOdhiNrd9eeCAaIjRp9PRjE_VkMM5g,118
 rest/README.md,sha256=V3ETc-cJu8PZIbKr9xSe_pA4JEUpC8Dhw4bQeVCDJPw,5460
 rest/RemoteEvents.py,sha256=nL46U7AuxIrlw2JunphR1tsXyqi-ep_gD9CYGpYbNgE,72
-rest/__init__.py,sha256=j76Rqm_TIvJvezmNJkUripR1cpoqTtqZAXhwIQ0t_Uk,122
+rest/__init__.py,sha256=5nuojPskvcFtHA31BnuuT6Z7MtZov2YpOn2IHnzm9cw,122
 rest/arc4.py,sha256=y644IbF1ec--e4cUJ3KEYsewTCITK0gmlwa5mJruFC0,1967
 rest/cache.py,sha256=1Qg0rkaCJCaVP0-l5hZg2CIblTdeBSlj_0fP6vlKUpU,83
 rest/crypto/__init__.py,sha256=Tl0U11rgj1eBYqd6OXJ2_XSdNLumW_JkBZnaJqI6Ldw,72
@@ -429,7 +430,7 @@ rest/serializers/legacy.py,sha256=a5O-x2PqMKX8wYWrhCmdcivVbkPnru7UdyLbrhCaAdY,61
 rest/serializers/localizers.py,sha256=BegaCvTQVaruhWzvGHq3zWeVFmtBChatquRqAtkke10,410
 rest/serializers/model.py,sha256=08HJeqpmytjxvyiJFfsSRRG0uH-iK2mXCw6w0oMfWrI,8598
 rest/serializers/profiler.py,sha256=OxOimhEyvCAuzUBC9Q1dz2xaakjAqmSnekMATsjduXM,997
-rest/serializers/response.py,sha256=aSZ9bvhsYGHR26NA6sin7fGqFptjTsBhmIcDKrqeeoY,8656
+rest/serializers/response.py,sha256=fsGgS9mtZSceXzNjMcjEJplisn4bG8qQSSdRGrq5Spo,8657
 rest/serializers/util.py,sha256=-In89fpuVTd6_Ul8nwEUt3DjVKdpeoEyAxudlyB8K6Y,2734
 rest/service.py,sha256=jl8obnMDEUzB8y3LROGPvmfKKoFU_SzOvywUQjoQZpg,4046
 rest/settings_helper.py,sha256=_Vn9nmL5_GPss9zIsXzacbTQkn99NbO42CqvOZC3ge4,1532
@@ -516,7 +517,7 @@ ws4redis/servers/uwsgi.py,sha256=VyhoCI1DnVFqBiJYHoxqn5Idlf6uJPHvfBKgkjs34mo,172
 ws4redis/settings.py,sha256=KKq00EwoGnz1yLwCZr5Dfoq2izivmAdsNEEM4EhZwN4,1610
 ws4redis/utf8validator.py,sha256=S0OlfjeGRP75aO6CzZsF4oTjRQAgR17OWE9rgZdMBZA,5122
 ws4redis/websocket.py,sha256=R0TUyPsoVRD7Y_oU7w2I6NL4fPwiz5Vl94-fUkZgLHA,14848
-django_restit-4.2.174.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
-django_restit-4.2.174.dist-info/METADATA,sha256=r1t8GFE4qKAq75b6CnYkpJCE6BbfW7-t2qt2dy-XkaA,7714
-django_restit-4.2.174.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
-django_restit-4.2.174.dist-info/RECORD,,
+django_restit-4.2.175.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
+django_restit-4.2.175.dist-info/METADATA,sha256=DuVZg0LP0bkuNNdfm9IlJXwcpPE-O4-V6qSZYRHICTk,7714
+django_restit-4.2.175.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
+django_restit-4.2.175.dist-info/RECORD,,

rest/__init__.py

@@ -1,4 +1,4 @@
 from .uberdict import UberDict  # noqa: F401
 from .settings_helper import settings  # noqa: F401
 
-__version__ = "4.2.174"
+__version__ = "4.2.175"

rest/serializers/response.py

@@ -15,7 +15,7 @@ from . import csv
 from . import excel
 # from . import profiler
 STATUS_ON_PERM_DENIED = settings.get("STATUS_ON_PERM_DENIED", 403)
-REST_LIST_CACHE_COUNT = settings.get("REST_LIST_CACHE_COUNT", True)
+REST_LIST_CACHE_COUNT = settings.get("REST_LIST_CACHE_COUNT", False)
 
 
 def get_query_hash(queryset):