feat(token): add get token api

Author: duanhongyi

rootfs/api/tests/test_auth.py

@@ -374,6 +374,20 @@ def test_regenerate(self):
         response = self.client.post(url, {})
         self.assertEqual(response.status_code, 401, response.data)
 
+    def test_key(self):
+        url = '/v2/auth/tokens/autotest2/'
+        self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.admin_token)
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200, response.data)
+
+        self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.user1_token)
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200, response.data)
+
+        self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.user2_token)
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 403, response.data)
+
     @mock.patch('django_auth_ldap.backend.logger')
     def test_auth_no_ldap_by_default(self, mock_logger):
         """Ensure that LDAP authentication is disabled by default."""

rootfs/api/urls.py

@@ -131,6 +131,8 @@
         views_obtain_auth_token),
     url(r'^auth/tokens/$',
         views.TokenManagementViewSet.as_view({'post': 'regenerate'})),
+    url(r'^auth/tokens/(?P<username>[\w.@+-]+)/?$',
+        views.TokenManagementViewSet.as_view({'get': 'token'})),
     # admin sharing
     url(r'^admin/perms/(?P<username>[\w.@+-]+)/?$',
         views.AdminPermsViewSet.as_view({'delete': 'destroy'})),

rootfs/api/views.py

@@ -80,6 +80,8 @@ def list(self, request, **kwargs):
         return Response(serializer.data)
 
     def destroy(self, request, **kwargs):
+        if settings.LDAP_ENDPOINT:
+            raise DryccException("You cannot destroy user when ldap is enabled.")
         calling_obj = self.get_object()
         target_obj = calling_obj
 
@@ -104,6 +106,8 @@ def destroy(self, request, **kwargs):
     def passwd(self, request, **kwargs):
         if not request.data.get('new_password'):
             raise DryccException("new_password is a required field")
+        if settings.LDAP_ENDPOINT:
+            raise DryccException("You cannot change password when ldap is enabled.")
 
         caller_obj = self.get_object()
         target_obj = self.get_object()
@@ -157,6 +161,14 @@ def regenerate(self, request, **kwargs):
         token = Token.objects.create(user=obj)
         return Response({'token': token.key})
 
+    def token(self, request, **kwargs):
+        if self.request.user.username == kwargs['username'] \
+                or self.request.user.is_superuser:
+            obj = get_object_or_404(User, username=kwargs['username'])
+            token = Token.objects.get(user=obj)
+            return Response({'token': token.key})
+        return Response(status=status.HTTP_403_FORBIDDEN)
+
 
 class BaseDryccViewSet(viewsets.OwnerViewSet):
     """

rootfs/requirements.txt

@@ -17,7 +17,6 @@ packaging==20.4
 pyasn1==0.4.8
 pynsq==0.9.0
 psycopg2-binary==2.8.5
-pyldap==3.0.0.post1
 pyOpenSSL==19.1.0
 pytz==2020.1
 requests==2.24.0