Initial commit

Author: wesleylima

README.md

@@ -0,0 +1,29 @@
+# Django Rest Framework Firebase Auth
+
+## Installation
+
+```
+pip install djangorestframework-firebase
+```
+
+On your project's `settings.py` add this to the `REST_FRAMEWORK` configuration
+
+```
+REST_FRAMEWORK = {
+  ...
+  'DEFAULT_AUTHENTICATION_CLASSES': (
+    'rest_framework_firebase_auth.authentication.Firebaseuthentication',
+  )
+  ...
+}
+```
+
+Get admin credentials `.json` from the Firebase SDK and add them to your project
+
+Also in your project's `settings.py` :
+
+```
+FIREBASE_AUTH = {
+    'FIREBASE_ACCOUNT_KEY_FILE': 'path_to_your_credentials.json',
+}
+```

rest_framework_firebase/__init__.py

@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+
+__title__ = 'djangorestframework-firebase-auth'
+__version__ = '0.1.0'
+__author__ = 'Wesley Lima'
+__license__ = 'MIT'
+__copyright__ = 'Copyright 2018 Fan Retreat, Inc.'
+
+# Version synonym
+VERSION = __version__

rest_framework_firebase/authentication.py

@@ -0,0 +1,121 @@
+import firebase_admin
+from firebase_admin import credentials
+from rest_framework_firebase.settings import api_settings
+from django.utils.encoding import smart_text
+from rest_framework import exceptions
+from firebase_admin import auth
+from django.utils.translation import ugettext as _
+from django.contrib.auth import get_user_model
+
+
+from rest_framework.authentication import (
+    BaseAuthentication, get_authorization_header
+)
+
+# TODO: Support entering the keys individually later
+cred = credentials.Certificate(api_settings.FIREBASE_ACCOUNT_KEY_FILE)
+firebase = firebase_admin.initialize_app(cred)
+
+class BaseFirebaseuthentication(BaseAuthentication):
+    """
+    Token based authentication using firebase.
+    """
+
+    def authenticate(self, request):
+        """
+        Returns a two-tuple of `User` and token if a valid signature has been
+        supplied using Firebase authentication.  Otherwise returns `None`.
+        """
+        firebase_token = self.get_token(request)
+        if firebase_token is None:
+            return None
+
+        try:
+            payload = auth.verify_id_token(firebase_token)
+        except ValueError:
+            msg = _('Signature has expired.')
+            raise exceptions.AuthenticationFailed(msg)
+        except auth.AuthError:
+            msg = _('Could not log in.')
+            raise exceptions.AuthenticationFailed(msg)
+
+        user = self.authenticate_credentials(payload)
+
+        return (user, payload)
+
+    def authenticate_credentials(self, payload):
+        """
+        Returns an active user that matches the payload's user id and email.
+        """
+        User = get_user_model()
+        uid_field = api_settings.FIREBASE_UID_FIELD
+        uid = payload['uid']
+        if not uid:
+            msg = _('Invalid payload.')
+            raise exceptions.AuthenticationFailed(msg)
+
+        try:
+            user = User.objects.get(**{uid_field: uid})
+        except User.DoesNotExist:
+            if not api_settings.FIREBASE_CREATE_NEW_USER:
+                msg = _('Invalid signature.')
+                raise exceptions.AuthenticationFailed(msg)
+
+            # Make a new user here!
+            user = auth.get_user(uid)
+            # TODO: This assumes emails are unique. Factor this out as an option
+            try:
+                user = User.objects.get(email=user.email)
+                setattr(user, uid_field, uid)
+                user.save()
+            except User.DoesNotExist:
+                fields = {
+                    uid_field : uid,
+                    'email':user.email
+                }
+                u = User(**fields)
+                u.save()
+                return u
+
+        if not user.is_active:
+            msg = _('User account is disabled.')
+            raise exceptions.AuthenticationFailed(msg)
+
+        return user
+
+
+class Firebaseuthentication(BaseFirebaseuthentication):
+    """
+    Clients should authenticate by passing the token key in the "Authorization"
+    HTTP header, prepended with the string specified in the setting
+    """
+    www_authenticate_realm = 'api'
+
+    def get_token(self, request):
+        auth = get_authorization_header(request).split()
+        auth_header_prefix = api_settings.FIREBASE_AUTH_HEADER_PREFIX.lower()
+
+        if not auth:
+            return None
+
+        if len(auth) == 1:
+            msg = _('Invalid Authorization header. No credentials provided.')
+            raise exceptions.AuthenticationFailed(msg)
+        elif len(auth) > 2:
+            msg = _('Invalid Authorization header. Credentials string '
+                    'should not contain spaces.')
+            raise exceptions.AuthenticationFailed(msg)
+
+        if smart_text(auth[0].lower()) != auth_header_prefix:
+            return None
+
+        return auth[1]
+
+    def authenticate_header(self, request):
+        """
+        Return a string to be used as the value of the `WWW-Authenticate`
+        header in a `401 Unauthenticated` response, or `None` if the
+        authentication scheme should return `403 Permission Denied` responses.
+        """
+        auth_header_prefix = api_settings.FIREBASE_AUTH_HEADER_PREFIX.lower()
+        return '{0} realm="{1}"'.format(auth_header_prefix, self.www_authenticate_realm)

rest_framework_firebase/settings.py

@@ -0,0 +1,26 @@
+import datetime
+
+from django.conf import settings
+from rest_framework.settings import APISettings
+
+
+USER_SETTINGS = getattr(settings, 'FIREBASE_AUTH', None)
+
+DEFAULTS = {
+    'FIREBASE_ACCOUNT_KEY_FILE': '', # JSON formatted key file you get directly from firebase
+
+    # The credentials if you want to enter them in manually (not implemented)
+    'FIREBASE_PRIVATE_KEY': None,
+    'FIREBASE_PUBLIC_KEY': None,
+    'FIREBASE_CLIENT_EMAIL': None,
+    'FIREBASE_CREATE_NEW_USER': True, # We'll make a new user if we get one that we don't have yet
+
+    'FIREBASE_AUTH_HEADER_PREFIX': "JWT",
+    'FIREBASE_UID_FIELD': 'username',
+}
+
+# List of settings that may be in string import notation.
+IMPORT_STRINGS = (
+)
+
+api_settings = APISettings(USER_SETTINGS, DEFAULTS, IMPORT_STRINGS)

setup.py

@@ -0,0 +1,111 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+import os
+import re
+import shutil
+import sys
+
+from setuptools import setup
+
+
+def get_version(package):
+    """
+    Return package version as listed in `__version__` in `init.py`.
+    """
+    with open(os.path.join(package, '__init__.py'), 'rb') as init_py:
+        src = init_py.read().decode('utf-8')
+        return re.search("__version__ = ['\"]([^'\"]+)['\"]", src).group(1)
+
+
+name = 'djangorestframework-firebase'
+version = get_version('rest_framework_firebase')
+package = 'rest_framework_firebase'
+description = 'Firebase based authentication for Django REST framework'
+url = 'https://github.com/wesleylima/django-rest-framework-firebase-auth'
+author = 'Wesley Lima'
+author_email = '[email protected]'
+license = 'MIT'
+install_requires = [
+    'firebase-admin>=2.0.0,<3.0.0',
+]
+
+
+def read(*paths):
+    """
+    Build a file path from paths and return the contents.
+    """
+    with open(os.path.join(*paths), 'r') as f:
+        return f.read()
+
+
+def get_packages(package):
+    """
+    Return root package and all sub-packages.
+    """
+    return [dirpath
+            for dirpath, dirnames, filenames in os.walk(package)
+            if os.path.exists(os.path.join(dirpath, '__init__.py'))]
+
+
+def get_package_data(package):
+    """
+    Return all files under the root package, that are not in a
+    package themselves.
+    """
+    walk = [(dirpath.replace(package + os.sep, '', 1), filenames)
+            for dirpath, dirnames, filenames in os.walk(package)
+            if not os.path.exists(os.path.join(dirpath, '__init__.py'))]
+
+    filepaths = []
+    for base, filenames in walk:
+        filepaths.extend([os.path.join(base, filename)
+                          for filename in filenames])
+    return {package: filepaths}
+
+
+if sys.argv[-1] == 'publish':
+    if os.system('pip freeze | grep twine'):
+        print('twine not installed.\nUse `pip install twine`.\nExiting.')
+        sys.exit()
+    os.system('python setup.py sdist bdist_wheel')
+    os.system('twine upload dist/*')
+    shutil.rmtree('dist')
+    shutil.rmtree('build')
+    shutil.rmtree('djangorestframework_firebase_auth.egg-info')
+    print('You probably want to also tag the version now:')
+    print("  git tag -a {0} -m 'version {0}'".format(version))
+    print('  git push --tags')
+    sys.exit()
+
+
+setup(
+    name=name,
+    version=version,
+    url=url,
+    license=license,
+    description=description,
+    long_description=read('README.md'),
+    author=author,
+    author_email=author_email,
+    packages=get_packages(package),
+    package_data=get_package_data(package),
+    install_requires=install_requires,
+    classifiers=[
+        'Development Status :: 5 - Production/Stable',
+        'Environment :: Web Environment',
+        'Framework :: Django',
+        'Intended Audience :: Developers',
+        'License :: OSI Approved :: MIT License',
+        'Operating System :: OS Independent',
+        'Programming Language :: Python',
+        'Programming Language :: Python :: 2',
+        'Programming Language :: Python :: 2.7',
+        'Programming Language :: Python :: 3',
+        'Programming Language :: Python :: 3.3',
+        'Programming Language :: Python :: 3.4',
+        'Programming Language :: Python :: 3.5',
+        'Programming Language :: Python :: 3.6',
+        'Topic :: Internet :: WWW/HTTP',
+    ]
+)