No exception sent with create_token_response
poly82 opened this issue · comments
I'm using django axes with django oauth2 and, although the user lock is generated correctly, I can't get it to return the user locked error in the view.
It always generates the same error 400, either with wrong credentials or with the correct ones after the maximum number of attempts allowed.
I have generated the signals file and the validators file as indicated in the documentation but still, even though the user lock works correctly, I do not receive either the predefined or the custom error.
Here is the code of the view:
@method_decorator(csrf_exempt, name="dispatch")
class TokenView(OAuthLibMixin, View):
server_class = oauth2_settings.OAUTH2_SERVER_CLASS
validator_class = AxesOAuth2Validator
oauthlib_backend_class = oauth2_settings.OAUTH2_BACKEND_CLASS
pagination_class = None
@method_decorator(sensitive_post_parameters("password"))
def post(self, request, *args, **kwargs):
if not request.user.is_authenticated:
try:
user = mdb.User.objects.get(username=request.POST.get('username',None))
if (request.POST.get('client_id',None) == settings.CLIENT_ID_WEB ) and (user.category > UserCategories.Trained.value):
return HttpResponse(status=status.HTTP_401_UNAUTHORIZED)
if (request.POST.get('client_id',None) == settings.CLIENT_ID_BUILDER ) and (user.category > UserCategories.TrainerExpert.value):
return HttpResponse(status=status.HTTP_401_UNAUTHORIZED)
if (request.POST.get('client_id',None) == settings.CLIENT_ID_VISUALIZER ) and (user.category > UserCategories.Trained.value):
return HttpResponse(status=status.HTTP_401_UNAUTHORIZED)
except mdb.User.DoesNotExist:
return HttpResponse(status=status.HTTP_400_BAD_REQUEST)
try:
request.POST = request.POST.copy()
request.POST['grant_type'] = 'password'
url, headers, body, status_code = self.create_token_response(request)
if status_code == 200:
access_token = json.loads(body).get("access_token")
if access_token is not None:
token = get_access_token_model().objects.get(
token=access_token)
app_authorized.send(sender=self, request=request,token=token)
signals.user_logged_out.send(
sender = user.__class__,
request = request,
user = user,
)
signals.user_logged_in.send(
sender = user.__class__,
request = request,
user = user,
)
response = HttpResponse(content=body, status=status_code)
for k, v in headers.items():
response[k] = v
# reset_attempts(ip= get_client_ip(request) ,username=request.POST.get('username',None))
return response
except PermissionDenied:
return HttpResponse(status="418")
else:
return HttpResponse(status=status.HTTP_409_CONFLICT)
Thank you very much in advance