We use cookies to ensure you get the best experience on our website
Home Verkennen Help
Registreren Inloggen
0ct0pu5
/
desec-stack
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: cf471ea8fa
Aftakkingen Labels
desec-stack
/
api
/
desecapi
/
views.py

views.py 25 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645 
  1. import base64
    2. 

  2. import binascii
    3. 

  3. 

  4. import django.core.exceptions
    5. 

  5. from django.conf import settings
    6. 

  6. from django.contrib.auth import user_logged_in
    7. 

  7. from django.core.mail import EmailMessage
    8. 

  8. from django.http import Http404
    9. 

  9. from django.template.loader import get_template
    10. 

  10. from rest_framework import generics
    11. 

  11. from rest_framework import mixins
    12. 

  12. from rest_framework import status
    13. 

  13. from rest_framework.authentication import get_authorization_header, BaseAuthentication
    14. 

  14. from rest_framework.exceptions import (NotFound, PermissionDenied, ValidationError)
    15. 

  15. from rest_framework.permissions import IsAuthenticated
    16. 

  16. from rest_framework.response import Response
    17. 

  17. from rest_framework.reverse import reverse
    18. 

  18. from rest_framework.views import APIView
    19. 

  19. from rest_framework.viewsets import GenericViewSet
    20. 

  20. 

  21. import desecapi.authentication as auth
    22. 

  22. from desecapi import serializers, models
    23. 

  23. from desecapi.pdns_change_tracker import PDNSChangeTracker
    24. 

  24. from desecapi.permissions import IsOwner, IsDomainOwner, WithinDomainLimitOnPOST
    25. 

  25. from desecapi.renderers import PlainTextRenderer
    26. 

  26. 

  27. 

  28. class IdempotentDestroy:
    29. 

  29. 

  30.     def destroy(self, request, *args, **kwargs):
    31. 

  31.         try:
    32. 

  32.             # noinspection PyUnresolvedReferences
    33. 

  33.             super().destroy(request, *args, **kwargs)
    34. 

  34.         except Http404:
    35. 

  35.             pass
    36. 

  36.         return Response(status=status.HTTP_204_NO_CONTENT)
    37. 

  37. 

  38. 

  39. class DomainView:
    40. 

  40. 

  41.     def initial(self, request, *args, **kwargs):
    42. 

  42.         # noinspection PyUnresolvedReferences
    43. 

  43.         super().initial(request, *args, **kwargs)
    44. 

  44.         try:
    45. 

  45.             # noinspection PyAttributeOutsideInit, PyUnresolvedReferences
    46. 

  46.             self.domain = self.request.user.domains.get(name=self.kwargs['name'])
    47. 

  47.         except models.Domain.DoesNotExist:
    48. 

  48.             raise Http404
    49. 

  49. 

  50. 

  51. class TokenViewSet(IdempotentDestroy,
    52. 

  52.                    mixins.CreateModelMixin,
    53. 

  53.                    mixins.RetrieveModelMixin,
    54. 

  54.                    mixins.DestroyModelMixin,
    55. 

  55.                    mixins.ListModelMixin,
    56. 

  56.                    GenericViewSet):
    57. 

  57.     serializer_class = serializers.TokenSerializer
    58. 

  58.     permission_classes = (IsAuthenticated, )
    59. 

  59. 

  60.     def get_queryset(self):
    61. 

  61.         return self.request.user.auth_tokens.all()
    62. 

  62. 

  63.     def get_serializer(self, *args, **kwargs):
    64. 

  64.         # When creating a new token, return the plaintext representation
    65. 

  65.         if self.request.method == 'POST':
    66. 

  66.             kwargs.setdefault('include_plain', True)
    67. 

  67.         return super().get_serializer(*args, **kwargs)
    68. 

  68. 

  69.     def perform_create(self, serializer):
    70. 

  70.         serializer.save(user=self.request.user)
    71. 

  71. 

  72. 

  73. class DomainList(generics.ListCreateAPIView):
    74. 

  74.     serializer_class = serializers.DomainSerializer
    75. 

  75.     permission_classes = (IsAuthenticated, IsOwner, WithinDomainLimitOnPOST)
    76. 

  76. 

  77.     def get_queryset(self):
    78. 

  78.         return models.Domain.objects.filter(owner=self.request.user.pk)
    79. 

  79. 

  80.     def perform_create(self, serializer):
    81. 

  81.         with PDNSChangeTracker():
    82. 

  82.             domain = serializer.save(owner=self.request.user)
    83. 

  83. 

  84.         # TODO this line raises if the local public suffix is not in our database!
    85. 

  85.         PDNSChangeTracker.track(lambda: self.auto_delegate(domain))
    86. 

  86. 

  87.     @staticmethod
    88. 

  88.     def auto_delegate(domain: models.Domain):
    89. 

  89.         if domain.is_locally_registrable:
    90. 

  90.             parent_domain = models.Domain.objects.get(name=domain.parent_domain_name)
    91. 

  91.             parent_domain.update_delegation(domain)
    92. 

  92. 

  93. 

  94. class DomainDetail(IdempotentDestroy, generics.RetrieveUpdateDestroyAPIView):
    95. 

  95.     serializer_class = serializers.DomainSerializer
    96. 

  96.     permission_classes = (IsAuthenticated, IsOwner,)
    97. 

  97.     lookup_field = 'name'
    98. 

  98. 

  99.     def perform_destroy(self, instance: models.Domain):
    100. 

  100.         with PDNSChangeTracker():
    101. 

  101.             instance.delete()
    102. 

  102.         if instance.is_locally_registrable:
    103. 

  103.             parent_domain = models.Domain.objects.get(name=instance.parent_domain_name)
    104. 

  104.             with PDNSChangeTracker():
    105. 

  105.                 parent_domain.update_delegation(instance)
    106. 

  106. 

  107.     def get_queryset(self):
    108. 

  108.         return models.Domain.objects.filter(owner=self.request.user.pk)
    109. 

  109. 

  110.     def update(self, request, *args, **kwargs):
    111. 

  111.         try:
    112. 

  112.             return super().update(request, *args, **kwargs)
    113. 

  113.         except django.core.exceptions.ValidationError as e:
    114. 

  114.             raise ValidationError(detail={"detail": e.message})
    115. 

  115. 

  116. 

  117. class RRsetDetail(IdempotentDestroy, DomainView, generics.RetrieveUpdateDestroyAPIView):
    118. 

  118.     serializer_class = serializers.RRsetSerializer
    119. 

  119.     permission_classes = (IsAuthenticated, IsDomainOwner,)
    120. 

  120. 

  121.     def get_queryset(self):
    122. 

  122.         return self.domain.rrset_set
    123. 

  123. 

  124.     def get_object(self):
    125. 

  125.         queryset = self.filter_queryset(self.get_queryset())
    126. 

  126. 

  127.         filter_kwargs = {k: self.kwargs[k] for k in ['subname', 'type']}
    128. 

  128.         obj = generics.get_object_or_404(queryset, **filter_kwargs)
    129. 

  129. 

  130.         # May raise a permission denied
    131. 

  131.         self.check_object_permissions(self.request, obj)
    132. 

  132. 

  133.         return obj
    134. 

  134. 

  135.     def get_serializer(self, *args, **kwargs):
    136. 

  136.         kwargs['domain'] = self.domain
    137. 

  137.         return super().get_serializer(*args, **kwargs)
    138. 

  138. 

  139.     def update(self, request, *args, **kwargs):
    140. 

  140.         response = super().update(request, *args, **kwargs)
    141. 

  141. 

  142.         if response.data is None:
    143. 

  143.             response.status_code = 204
    144. 

  144.         return response
    145. 

  145. 

  146.     def perform_update(self, serializer):
    147. 

  147.         with PDNSChangeTracker():
    148. 

  148.             super().perform_update(serializer)
    149. 

  149. 

  150.     def perform_destroy(self, instance):
    151. 

  151.         with PDNSChangeTracker():
    152. 

  152.             super().perform_destroy(instance)
    153. 

  153. 

  154. 

  155. class RRsetList(DomainView, generics.ListCreateAPIView, generics.UpdateAPIView):
    156. 

  156.     serializer_class = serializers.RRsetSerializer
    157. 

  157.     permission_classes = (IsAuthenticated, IsDomainOwner,)
    158. 

  158. 

  159.     def get_queryset(self):
    160. 

  160.         rrsets = models.RRset.objects.filter(domain=self.domain)
    161. 

  161. 

  162.         for filter_field in ('subname', 'type'):
    163. 

  163.             value = self.request.query_params.get(filter_field)
    164. 

  164. 

  165.             if value is not None:
    166. 

  166.                 # TODO consider moving this
    167. 

  167.                 if filter_field == 'type' and value in models.RRset.RESTRICTED_TYPES:
    168. 

  168.                     raise PermissionDenied("You cannot tinker with the %s RRset." % value)
    169. 

  169. 

  170.                 rrsets = rrsets.filter(**{'%s__exact' % filter_field: value})
    171. 

  171. 

  172.         return rrsets
    173. 

  173. 

  174.     def get_object(self):
    175. 

  175.         # For this view, the object we're operating on is the queryset that one can also GET. Serializing a queryset
    176. 

  176.         # is fine as per https://www.django-rest-framework.org/api-guide/serializers/#serializing-multiple-objects.
    177. 

  177.         # We skip checking object permissions here to avoid evaluating the queryset. The user can access all his RRsets
    178. 

  178.         # anyways.
    179. 

  179.         return self.filter_queryset(self.get_queryset())
    180. 

  180. 

  181.     def get_serializer(self, *args, **kwargs):
    182. 

  182.         data = kwargs.get('data')
    183. 

  183.         if data and 'many' not in kwargs:
    184. 

  184.             if self.request.method == 'POST':
    185. 

  185.                 kwargs['many'] = isinstance(data, list)
    186. 

  186.             elif self.request.method in ['PATCH', 'PUT']:
    187. 

  187.                 kwargs['many'] = True
    188. 

  188.         return super().get_serializer(domain=self.domain, *args, **kwargs)
    189. 

  189. 

  190.     def perform_create(self, serializer):
    191. 

  191.         with PDNSChangeTracker():
    192. 

  192.             serializer.save(domain=self.domain)
    193. 

  193. 

  194.     def perform_update(self, serializer):
    195. 

  195.         with PDNSChangeTracker():
    196. 

  196.             serializer.save(domain=self.domain)
    197. 

  197. 

  198. 

  199. class Root(APIView):
    200. 

  200.     def get(self, request, *_):
    201. 

  201.         if self.request.user.is_authenticated:
    202. 

  202.             routes = {
    203. 

  203.                 'account': {
    204. 

  204.                     'show': reverse('account', request=request),
    205. 

  205.                     'delete': reverse('account-delete', request=request),
    206. 

  206.                     'change-email': reverse('account-change-email', request=request),
    207. 

  207.                     'reset-password': reverse('account-reset-password', request=request),
    208. 

  208.                 },
    209. 

  209.                 'logout': reverse('logout', request=request),
    210. 

  210.                 'tokens': reverse('token-list', request=request),
    211. 

  211.                 'domains': reverse('domain-list', request=request),
    212. 

  212.             }
    213. 

  213.         else:
    214. 

  214.             routes = {
    215. 

  215.                 'register': reverse('register', request=request),
    216. 

  216.                 'login': reverse('login', request=request),
    217. 

  217.                 'reset-password': reverse('account-reset-password', request=request),
    218. 

  218.             }
    219. 

  219.         return Response(routes)
    220. 

  220. 

  221. 

  222. class DynDNS12Update(APIView):
    223. 

  223.     authentication_classes = (auth.TokenAuthentication, auth.BasicTokenAuthentication, auth.URLParamAuthentication,)
    224. 

  224.     renderer_classes = [PlainTextRenderer]
    225. 

  225. 

  226.     def _find_domain(self, request):
    227. 

  227.         def find_domain_name(r):
    228. 

  228.             # 1. hostname parameter
    229. 

  229.             if 'hostname' in r.query_params and r.query_params['hostname'] != 'YES':
    230. 

  230.                 return r.query_params['hostname']
    231. 

  231. 

  232.             # 2. host_id parameter
    233. 

  233.             if 'host_id' in r.query_params:
    234. 

  234.                 return r.query_params['host_id']
    235. 

  235. 

  236.             # 3. http basic auth username
    237. 

  237.             try:
    238. 

  238.                 domain_name = base64.b64decode(
    239. 

  239.                     get_authorization_header(r).decode().split(' ')[1].encode()).decode().split(':')[0]
    240. 

  240.                 if domain_name and '@' not in domain_name:
    241. 

  241.                     return domain_name
    242. 

  242.             except IndexError:
    243. 

  243.                 pass
    244. 

  244.             except UnicodeDecodeError:
    245. 

  245.                 pass
    246. 

  246.             except binascii.Error:
    247. 

  247.                 pass
    248. 

  248. 

  249.             # 4. username parameter
    250. 

  250.             if 'username' in r.query_params:
    251. 

  251.                 return r.query_params['username']
    252. 

  252. 

  253.             # 5. only domain associated with this user account
    254. 

  254.             if len(r.user.domains.all()) == 1:
    255. 

  255.                 return r.user.domains.all()[0].name
    256. 

  256.             if len(r.user.domains.all()) > 1:
    257. 

  257.                 ex = ValidationError(detail={
    258. 

  258.                     "detail": "Request does not specify domain unambiguously.",
    259. 

  259.                     "code": "domain-ambiguous"
    260. 

  260.                 })
    261. 

  261.                 ex.status_code = status.HTTP_409_CONFLICT
    262. 

  262.                 raise ex
    263. 

  263. 

  264.             return None
    265. 

  265. 

  266.         name = find_domain_name(request).lower()
    267. 

  267. 

  268.         try:
    269. 

  269.             return self.request.user.domains.get(name=name)
    270. 

  270.         except models.Domain.DoesNotExist:
    271. 

  271.             return None
    272. 

  272. 

  273.     @staticmethod
    274. 

  274.     def find_ip(request, params, version=4):
    275. 

  275.         if version == 4:
    276. 

  276.             look_for = '.'
    277. 

  277.         elif version == 6:
    278. 

  278.             look_for = ':'
    279. 

  279.         else:
    280. 

  280.             raise Exception
    281. 

  281. 

  282.         # Check URL parameters
    283. 

  283.         for p in params:
    284. 

  284.             if p in request.query_params:
    285. 

  285.                 if not len(request.query_params[p]):
    286. 

  286.                     return None
    287. 

  287.                 if look_for in request.query_params[p]:
    288. 

  288.                     return request.query_params[p]
    289. 

  289. 

  290.         # Check remote IP address
    291. 

  291.         client_ip = request.META.get('REMOTE_ADDR')
    292. 

  292.         if look_for in client_ip:
    293. 

  293.             return client_ip
    294. 

  294. 

  295.         # give up
    296. 

  296.         return None
    297. 

  297. 

  298.     def _find_ip_v4(self, request):
    299. 

  299.         return self.find_ip(request, ['myip', 'myipv4', 'ip'])
    300. 

  300. 

  301.     def _find_ip_v6(self, request):
    302. 

  302.         return self.find_ip(request, ['myipv6', 'ipv6', 'myip', 'ip'], version=6)
    303. 

  303. 

  304.     def get(self, request, *_):
    305. 

  305.         domain = self._find_domain(request)
    306. 

  306. 

  307.         if domain is None:
    308. 

  308.             raise NotFound('nohost')
    309. 

  309. 

  310.         ipv4 = self._find_ip_v4(request)
    311. 

  311.         ipv6 = self._find_ip_v6(request)
    312. 

  312. 

  313.         data = [
    314. 

  314.             {'type': 'A', 'subname': '', 'ttl': 60, 'records': [ipv4] if ipv4 else []},
    315. 

  315.             {'type': 'AAAA', 'subname': '', 'ttl': 60, 'records': [ipv6] if ipv6 else []},
    316. 

  316.         ]
    317. 

  317. 

  318.         instances = domain.rrset_set.filter(subname='', type__in=['A', 'AAAA']).all()
    319. 

  319.         serializer = serializers.RRsetSerializer(instances, domain=domain, data=data, many=True, partial=True)
    320. 

  320.         try:
    321. 

  321.             serializer.is_valid(raise_exception=True)
    322. 

  322.         except ValidationError as e:
    323. 

  323.             raise e
    324. 

  324. 

  325.         with PDNSChangeTracker():
    326. 

  326.             serializer.save(domain=domain)
    327. 

  327. 

  328.         return Response('good', content_type='text/plain')
    329. 

  329. 

  330. 

  331. class DonationList(generics.CreateAPIView):
    332. 

  332.     serializer_class = serializers.DonationSerializer
    333. 

  333. 

  334.     def perform_create(self, serializer):
    335. 

  335.         instance = self.serializer_class.Meta.model(**serializer.validated_data)
    336. 

  336. 

  337.         context = {
    338. 

  338.             'donation': instance,
    339. 

  339.             'creditoridentifier': settings.SEPA['CREDITOR_ID'],
    340. 

  340.             'creditorname': settings.SEPA['CREDITOR_NAME'],
    341. 

  341.         }
    342. 

  342. 

  343.         # internal desec notification
    344. 

  344.         content_tmpl = get_template('emails/donation/desec-content.txt')
    345. 

  345.         subject_tmpl = get_template('emails/donation/desec-subject.txt')
    346. 

  346.         attachment_tmpl = get_template('emails/donation/desec-attachment-jameica.txt')
    347. 

  347.         from_tmpl = get_template('emails/from.txt')
    348. 

  348.         email = EmailMessage(subject_tmpl.render(context),
    349. 

  349.                              content_tmpl.render(context),
    350. 

  350.                              from_tmpl.render(context),
    351. 

  351.                              ['donation@desec.io'],
    352. 

  352.                              attachments=[
    353. 

  353.                                  ('jameica-directdebit.xml',
    354. 

  354.                                   attachment_tmpl.render(context),
    355. 

  355.                                   'text/xml')
    356. 

  356.                              ])
    357. 

  357.         email.send()
    358. 

  358. 

  359.         # donor notification
    360. 

  360.         if instance.email:
    361. 

  361.             content_tmpl = get_template('emails/donation/donor-content.txt')
    362. 

  362.             subject_tmpl = get_template('emails/donation/donor-subject.txt')
    363. 

  363.             footer_tmpl = get_template('emails/footer.txt')
    364. 

  364.             email = EmailMessage(subject_tmpl.render(context),
    365. 

  365.                                  content_tmpl.render(context) + footer_tmpl.render(),
    366. 

  366.                                  from_tmpl.render(context),
    367. 

  367.                                  [instance.email])
    368. 

  368.             email.send()
    369. 

  369. 

  370. 

  371. class AccountCreateView(generics.CreateAPIView):
    372. 

  372.     serializer_class = serializers.RegisterAccountSerializer
    373. 

  373. 

  374.     def create(self, request, *args, **kwargs):
    375. 

  375.         # Create user and send trigger email verification.
    376. 

  376.         # Alternative would be to create user once email is verified, but this could be abused for bulk email.
    377. 

  377. 

  378.         serializer = self.get_serializer(data=request.data)
    379. 

  379.         activation_required = settings.USER_ACTIVATION_REQUIRED
    380. 

  380.         try:
    381. 

  381.             serializer.is_valid(raise_exception=True)
    382. 

  382.         except ValidationError as e:
    383. 

  383.             # Hide existing users
    384. 

  384.             email_detail = e.detail.pop('email', [])
    385. 

  385.             email_detail = [detail for detail in email_detail if detail.code != 'unique']
    386. 

  386.             if email_detail:
    387. 

  387.                 e.detail['email'] = email_detail
    388. 

  388.             if e.detail:
    389. 

  389.                 raise e
    390. 

  390.         else:
    391. 

  391.             # create user
    392. 

  392.             user = serializer.save(is_active=(not activation_required))
    393. 

  393. 

  394.             # send email if needed
    395. 

  395.             domain = serializer.validated_data.get('domain')
    396. 

  396.             if domain or activation_required:
    397. 

  397.                 action = models.AuthenticatedActivateUserAction(user=user, domain=domain)
    398. 

  398.                 verification_code = serializers.AuthenticatedActivateUserActionSerializer(action).data['code']
    399. 

  399.                 user.send_email('activate-with-domain' if domain else 'activate', context={
    400. 

  400.                     'confirmation_link': reverse('confirm-activate-account', request=request, args=[verification_code])
    401. 

  401.                 })
    402. 

  402. 

  403.         # This request is unauthenticated, so don't expose whether we did anything.
    404. 

  404.         message = 'Welcome! Please check your mailbox.' if activation_required else 'Welcome!'
    405. 

  405.         return Response(data={'detail': message}, status=status.HTTP_202_ACCEPTED)
    406. 

  406. 

  407. 

  408. class AccountView(generics.RetrieveAPIView):
    409. 

  409.     permission_classes = (IsAuthenticated,)
    410. 

  410.     serializer_class = serializers.UserSerializer
    411. 

  411. 

  412.     def get_object(self):
    413. 

  413.         return self.request.user
    414. 

  414. 

  415. 

  416. class AccountDeleteView(generics.GenericAPIView):
    417. 

  417.     authentication_classes = (auth.EmailPasswordPayloadAuthentication,)
    418. 

  418.     permission_classes = (IsAuthenticated,)
    419. 

  419.     response_still_has_domains = Response(
    420. 

  420.         data={'detail': 'To delete your user account, first delete all of your domains.'},
    421. 

  421.         status=status.HTTP_409_CONFLICT,
    422. 

  422.     )
    423. 

  423. 

  424.     def post(self, request, *args, **kwargs):
    425. 

  425.         if self.request.user.domains.exists():
    426. 

  426.             return self.response_still_has_domains
    427. 

  427.         action = models.AuthenticatedDeleteUserAction(user=self.request.user)
    428. 

  428.         verification_code = serializers.AuthenticatedDeleteUserActionSerializer(action).data['code']
    429. 

  429.         request.user.send_email('delete-user', context={
    430. 

  430.             'confirmation_link': reverse('confirm-delete-account', request=request, args=[verification_code])
    431. 

  431.         })
    432. 

  432. 

  433.         return Response(data={'detail': 'Please check your mailbox for further account deletion instructions.'},
    434. 

  434.                         status=status.HTTP_202_ACCEPTED)
    435. 

  435. 

  436. 

  437. class AccountLoginView(generics.GenericAPIView):
    438. 

  438.     authentication_classes = (auth.EmailPasswordPayloadAuthentication,)
    439. 

  439.     permission_classes = (IsAuthenticated,)
    440. 

  440. 

  441.     def post(self, request, *args, **kwargs):
    442. 

  442.         user = self.request.user
    443. 

  443. 

  444.         token = models.Token.objects.create(user=user, name="login")
    445. 

  445.         user_logged_in.send(sender=user.__class__, request=self.request, user=user)
    446. 

  446. 

  447.         data = serializers.TokenSerializer(token, include_plain=True).data
    448. 

  448.         return Response(data)
    449. 

  449. 

  450. 

  451. class AccountLogoutView(generics.GenericAPIView, mixins.DestroyModelMixin):
    452. 

  452.     authentication_classes = (auth.TokenAuthentication,)
    453. 

  453.     permission_classes = (IsAuthenticated,)
    454. 

  454. 

  455.     def get_object(self):
    456. 

  456.         # self.request.auth contains the hashed key as it is stored in the database
    457. 

  457.         return models.Token.objects.get(key=self.request.auth)
    458. 

  458. 

  459.     def post(self, request, *args, **kwargs):
    460. 

  460.         return self.destroy(request, *args, **kwargs)
    461. 

  461. 

  462. 

  463. class AccountChangeEmailView(generics.GenericAPIView):
    464. 

  464.     authentication_classes = (auth.EmailPasswordPayloadAuthentication,)
    465. 

  465.     permission_classes = (IsAuthenticated,)
    466. 

  466.     serializer_class = serializers.ChangeEmailSerializer
    467. 

  467. 

  468.     def post(self, request, *args, **kwargs):
    469. 

  469.         # Check password and extract email
    470. 

  470.         serializer = self.get_serializer(data=request.data)
    471. 

  471.         serializer.is_valid(raise_exception=True)
    472. 

  472.         new_email = serializer.validated_data['new_email']
    473. 

  473. 

  474.         action = models.AuthenticatedChangeEmailUserAction(user=request.user, new_email=new_email)
    475. 

  475.         verification_code = serializers.AuthenticatedChangeEmailUserActionSerializer(action).data['code']
    476. 

  476.         request.user.send_email('change-email', recipient=new_email, context={
    477. 

  477.             'confirmation_link': reverse('confirm-change-email', request=request, args=[verification_code]),
    478. 

  478.             'old_email': request.user.email,
    479. 

  479.             'new_email': new_email,
    480. 

  480.         })
    481. 

  481. 

  482.         # At this point, we know that we are talking to the user, so we can tell that we sent an email.
    483. 

  483.         return Response(data={'detail': 'Please check your mailbox to confirm email address change.'},
    484. 

  484.                         status=status.HTTP_202_ACCEPTED)
    485. 

  485. 

  486. 

  487. class AccountResetPasswordView(generics.GenericAPIView):
    488. 

  488.     serializer_class = serializers.EmailSerializer
    489. 

  489. 

  490.     def post(self, request, *args, **kwargs):
    491. 

  491.         serializer = self.get_serializer(data=request.data)
    492. 

  492.         serializer.is_valid(raise_exception=True)
    493. 

  493.         try:
    494. 

  494.             email = serializer.validated_data['email']
    495. 

  495.             user = models.User.objects.get(email=email, is_active=True)
    496. 

  496.         except models.User.DoesNotExist:
    497. 

  497.             pass
    498. 

  498.         else:
    499. 

  499.             action = models.AuthenticatedResetPasswordUserAction(user=user)
    500. 

  500.             verification_code = serializers.AuthenticatedResetPasswordUserActionSerializer(action).data['code']
    501. 

  501.             user.send_email('reset-password', context={
    502. 

  502.                 'confirmation_link': reverse('confirm-reset-password', request=request, args=[verification_code])
    503. 

  503.             })
    504. 

  504. 

  505.         # This request is unauthenticated, so don't expose whether we did anything.
    506. 

  506.         return Response(data={'detail': 'Please check your mailbox for further password reset instructions. '
    507. 

  507.                                         'If you did not receive an email, please contact support.'},
    508. 

  508.                         status=status.HTTP_202_ACCEPTED)
    509. 

  509. 

  510. 

  511. class AuthenticatedActionView(generics.GenericAPIView):
    512. 

  512.     """
    513. 

  513.     Abstract class. Deserializes the given payload according the serializers specified by the view extending
    514. 

  514.     this class. If the `serializer.is_valid`, `act` is called on the action object.
    515. 

  515.     """
    516. 

  516. 

  517.     class AuthenticatedActionAuthenticator(BaseAuthentication):
    518. 

  518.         """
    519. 

  519.         Authenticates a request based on whether the serializer determines the validity of the given verification code
    520. 

  520.         and additional data (using `serializer.is_valid()`). The serializer's input data will be determined by (a) the
    521. 

  521.         view's 'code' kwarg and (b) the request payload for POST requests. Request methods other than GET and POST will
    522. 

  522.         fail authentication regardless of other conditions.
    523. 

  523. 

  524.         If the request is valid, the AuthenticatedAction instance will be attached to the view as `authenticated_action`
    525. 

  525.         attribute.
    526. 

  526. 

  527.         Note that this class will raise ValidationError instead of AuthenticationFailed, usually resulting in status
    528. 

  528.         400 instead of 403.
    529. 

  529.         """
    530. 

  530. 

  531.         def __init__(self, view):
    532. 

  532.             super().__init__()
    533. 

  533.             self.view = view
    534. 

  534. 

  535.         def authenticate(self, request):
    536. 

  536.             data = {**request.data, 'code': self.view.kwargs['code']}  # order crucial to avoid override from payload!
    537. 

  537.             serializer = self.view.serializer_class(data=data, context=self.view.get_serializer_context())
    538. 

  538.             serializer.is_valid(raise_exception=True)
    539. 

  539.             try:
    540. 

  540.                 self.view.authenticated_action = serializer.Meta.model(**serializer.validated_data)
    541. 

  541.             except ValueError:
    542. 

  542.                 raise ValidationError()
    543. 

  543. 

  544.             return self.view.authenticated_action.user, None
    545. 

  545. 

  546.     def __init__(self, *args, **kwargs):
    547. 

  547.         super().__init__(*args, **kwargs)
    548. 

  548.         self.authenticated_action = None
    549. 

  549. 

  550.     def get_authenticators(self):
    551. 

  551.         return [self.AuthenticatedActionAuthenticator(self)]
    552. 

  552. 

  553.     def get(self, request, *args, **kwargs):
    554. 

  554.         return self.take_action()
    555. 

  555. 

  556.     def post(self, request, *args, **kwargs):
    557. 

  557.         return self.take_action()
    558. 

  558. 

  559.     def finalize(self):
    560. 

  560.         raise NotImplementedError
    561. 

  561. 

  562.     def take_action(self):
    563. 

  563.         # execute the action
    564. 

  564.         self.authenticated_action.act()
    565. 

  565. 

  566.         return self.finalize()
    567. 

  567. 

  568. 

  569. class AuthenticatedActivateUserActionView(AuthenticatedActionView):
    570. 

  570.     http_method_names = ['get']
    571. 

  571.     serializer_class = serializers.AuthenticatedActivateUserActionSerializer
    572. 

  572. 

  573.     def finalize(self):
    574. 

  574.         action = self.authenticated_action
    575. 

  575. 

  576.         if not action.domain:
    577. 

  577.             return Response({
    578. 

  578.                 'detail': 'Success! Please log in at {}.'.format(self.request.build_absolute_uri(reverse('v1:login')))
    579. 

  579.             })
    580. 

  580. 

  581.         serializer = serializers.DomainSerializer(
    582. 

  582.             data={'name': action.domain},
    583. 

  583.             context=self.get_serializer_context()
    584. 

  584.         )
    585. 

  585.         try:
    586. 

  586.             serializer.is_valid(raise_exception=True)
    587. 

  587.         except ValidationError as e:  # e.g. domain name unavailable
    588. 

  588.             action.user.delete()
    589. 

  589.             reasons = ', '.join([detail.code for detail in e.detail.get('name', [])])
    590. 

  590.             raise ValidationError(
    591. 

  591.                 f'The requested domain {action.domain} could not be registered (reason: {reasons}). '
    592. 

  592.                 f'Please start over and sign up again.'
    593. 

  593.             )
    594. 

  594.         domain = PDNSChangeTracker.track(lambda: serializer.save(owner=action.user))
    595. 

  595. 

  596.         if domain.is_locally_registrable:
    597. 

  597.             # TODO the following line raises Domain.DoesNotExist under unknown conditions
    598. 

  598.             PDNSChangeTracker.track(lambda: DomainList.auto_delegate(domain))
    599. 

  599.             token = models.Token.objects.create(user=action.user, name='dyndns')
    600. 

  600.             return Response({
    601. 

  601.                 'detail': "Success! Here is the secret token required for updating your domain's DNS information. When "
    602. 

  602.                           "configuring a router (or other DNS client), place it into the password field of the "
    603. 

  603.                           "configuration. Do not confuse the secret token with your account password! Your password is "
    604. 

  604.                           "not needed for DNS configuration, and you should not store it anywhere in plain text.",
    605. 

  605.                 **serializers.TokenSerializer(token, include_plain=True).data,
    606. 

  606.             })
    607. 

  607.         else:
    608. 

  608.             return Response({
    609. 

  609.                 'detail': 'Success! Please check the docs for the next steps, https://desec.readthedocs.io/.'
    610. 

  610.             })
    611. 

  611. 

  612. 

  613. class AuthenticatedChangeEmailUserActionView(AuthenticatedActionView):
    614. 

  614.     http_method_names = ['get']
    615. 

  615.     serializer_class = serializers.AuthenticatedChangeEmailUserActionSerializer
    616. 

  616. 

  617.     def finalize(self):
    618. 

  618.         return Response({
    619. 

  619.             'detail': f'Success! Your email address has been changed to {self.authenticated_action.user.email}.'
    620. 

  620.         })
    621. 

  621. 

  622. 

  623. class AuthenticatedResetPasswordUserActionView(AuthenticatedActionView):
    624. 

  624.     http_method_names = ['post']
    625. 

  625.     serializer_class = serializers.AuthenticatedResetPasswordUserActionSerializer
    626. 

  626. 

  627.     def finalize(self):
    628. 

  628.         return Response({'detail': 'Success! Your password has been changed.'})
    629. 

  629. 

  630. 

  631. class AuthenticatedDeleteUserActionView(AuthenticatedActionView):
    632. 

  632.     http_method_names = ['get']
    633. 

  633.     serializer_class = serializers.AuthenticatedDeleteUserActionSerializer
    634. 

  634. 

  635.     def take_action(self):
    636. 

  636.         if self.request.user.domains.exists():
    637. 

  637.             return AccountDeleteView.response_still_has_domains
    638. 

  638.         return super().take_action()
    639. 

  639. 

  640.     def finalize(self):
    641. 

  641.         return Response({'detail': 'All your data has been deleted. Bye bye, see you soon! <3'})
    642. 

  642. 

  643. 

  644. class CaptchaView(generics.CreateAPIView):
    645. 

  645.     serializer_class = serializers.CaptchaSerializer
    646.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5