Introduce a way to override how auth tokens are created

aleffert · aleffert · commit e2b56e57691a · 2019-12-08T15:18:50.000-05:00
This creates a new setting PASSWORDLESS_AUTH_TOKEN_CREATOR. This is a
string representing the function used to construct an authentication
token after receiving a valid passwordless token.
diff --git a/README.md b/README.md
@@ -290,6 +290,13 @@ DEFAULTS = {
 
     # Automatically send verification email or sms when a user changes their alias.
     'PASSWORDLESS_AUTO_SEND_VERIFICATION_TOKEN': False,
+
+    # What function is called to construct an authentication tokens when
+    # exchanging a passwordless token for a real user auth token. This function
+    # should take a user and return a tuple of two values. The first value is
+    # the token itself, the second is a boolean value representating whether
+    # the token was newly created.
+    'PASSWORDLESS_AUTH_TOKEN_CREATOR': 'drfpasswordless.utils.create_authentication_token'
 }
 ```
 
diff --git a/drfpasswordless/settings.py b/drfpasswordless/settings.py
@@ -69,6 +69,9 @@
     # Automatically send verification email or sms when a user changes their alias.
     'PASSWORDLESS_AUTO_SEND_VERIFICATION_TOKEN': False,
 
+    # What function is called to construct an authentication tokens when
+    # exchanging a passwordless token for a real user auth token.
+    'PASSWORDLESS_AUTH_TOKEN_CREATOR': 'drfpasswordless.utils.create_authentication_token'
 }
 
 # List of settings that may be in string import notation.
diff --git a/drfpasswordless/utils.py b/drfpasswordless/utils.py
@@ -5,6 +5,7 @@
 from django.core.mail import send_mail
 from django.template import loader
 from django.utils import timezone
+from rest_framework.authtoken.models import Token
 from drfpasswordless.models import CallbackToken
 from drfpasswordless.settings import api_settings
 
@@ -184,3 +185,8 @@ def send_sms_with_callback_token(user, mobile_token, **kwargs):
                   "Number entered was {}".format(user.id, getattr(user, api_settings.PASSWORDLESS_USER_MOBILE_FIELD_NAME)))
         logger.debug(e)
         return False
+
+
+def create_authentication_token(user):
+    """ Default way to create an authentication token"""
+    return Token.objects.get_or_create(user=user)
diff --git a/drfpasswordless/views.py b/drfpasswordless/views.py
@@ -1,6 +1,6 @@
 import logging
+from django.utils.module_loading import import_string
 from rest_framework import parsers, renderers, status
-from rest_framework.authtoken.models import Token
 from rest_framework.response import Response
 from rest_framework.permissions import AllowAny, IsAuthenticated 
 from rest_framework.views import APIView
@@ -130,7 +130,8 @@ def post(self, request, *args, **kwargs):
         serializer = self.serializer_class(data=request.data)
         if serializer.is_valid(raise_exception=True):
             user = serializer.validated_data['user']
-            token, created = Token.objects.get_or_create(user=user)
+            token_creator = import_string(api_settings.PASSWORDLESS_AUTH_TOKEN_CREATOR)
+            token, created = token_creator(user)
 
             if created:
                 # Initially set an unusable password if a user is created through this.

Original file line number	Diff line number	Diff line change
`@@ -69,6 +69,9 @@`
`69`	`69`	`# Automatically send verification email or sms when a user changes their alias.`
`70`	`70`	`'PASSWORDLESS_AUTO_SEND_VERIFICATION_TOKEN': False,`
`71`	`71`
	`72`	`+ # What function is called to construct an authentication tokens when`
	`73`	`+ # exchanging a passwordless token for a real user auth token.`
	`74`	`+ 'PASSWORDLESS_AUTH_TOKEN_CREATOR': 'drfpasswordless.utils.create_authentication_token'`
`72`	`75`	`}`
`73`	`76`
`74`	`77`	`# List of settings that may be in string import notation.`