From 9b1764ec6ee14f71d547430abbbba683ef8557e4 Mon Sep 17 00:00:00 2001
From: eribeiro <edwardr@senado.leg.br>
Date: Fri, 24 Apr 2020 02:08:38 -0300
Subject: [PATCH] =?UTF-8?q?Adiciona=20autentica=C3=A7=C3=A3o=20via=20Token?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/token-auth.rst | 17 +++++++++++++++++
 sapl/api/urls.py    |  4 ++--
 sapl/api/views.py   | 18 ++++++++++++++++++
 sapl/settings.py    | 18 ++++++++++--------
 4 files changed, 47 insertions(+), 10 deletions(-)
 create mode 100644 docs/token-auth.rst

diff --git a/docs/token-auth.rst b/docs/token-auth.rst
new file mode 100644
index 000000000..76bc1d5a9
--- /dev/null
+++ b/docs/token-auth.rst
@@ -0,0 +1,17 @@
+1. Realizar o migrate
+
+./manage.py migrate
+
+2. Criar um API Token para usuário e anotar a API Key gerada.
+
+python3 manage.py drf_create_token admin
+
+3. Testar endpoint
+curl http://localhost:8000/api/version -H 'Authorization: Token <API Key>'
+
+4. Exemplo de POST
+curl -d '{"nome_completo”:”Gozer The Gozerian“, "nome_parlamentar": “Gozer”, "sexo":"M"}' -X POST http://localhost:8000/api/parlamentares/parlamentar/ -H 'Authorization: Token <API Key>' -H 'Content-Type: application/json'
+
+Note: If you use TokenAuthentication in production you must ensure that your API is only available over https.
+
+References: https://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication
diff --git a/sapl/api/urls.py b/sapl/api/urls.py
index 4fc853e08..6bfeb12bf 100644
--- a/sapl/api/urls.py
+++ b/sapl/api/urls.py
@@ -6,7 +6,7 @@ from rest_framework.routers import DefaultRouter
 from sapl.api.deprecated import MateriaLegislativaViewSet, SessaoPlenariaViewSet,\
     AutoresProvaveisListView, AutoresPossiveisListView, AutorListView,\
     ModelChoiceView
-from sapl.api.views import SaplApiViewSetConstrutor
+from sapl.api.views import SaplApiViewSetConstrutor, AppVersionView
 
 from .apps import AppConfig
 
@@ -70,7 +70,7 @@ urlpatterns = [
     url(r'^api/', include(deprecated_urlpatterns_api)),
     url(r'^api/', include(urlpatterns_api_doc)),
     url(r'^api/', include(urlpatterns_router)),
-
+    url(r'^api/version', AppVersionView.as_view()),
 
     # implementar caminho para autenticação
     # https://www.django-rest-framework.org/tutorial/4-authentication-and-permissions/
diff --git a/sapl/api/views.py b/sapl/api/views.py
index f07710215..285b80e2d 100644
--- a/sapl/api/views.py
+++ b/sapl/api/views.py
@@ -20,6 +20,9 @@ from rest_framework.decorators import action
 from rest_framework.fields import SerializerMethodField
 from rest_framework.response import Response
 from rest_framework.viewsets import ModelViewSet
+from rest_framework.permissions import IsAuthenticated
+
+from rest_framework.views import APIView
 
 from sapl.api.forms import SaplFilterSetMixin
 from sapl.api.permissions import SaplModelPermissions
@@ -587,3 +590,18 @@ class _NormaJuridicaViewset:
     def destaques(self, request, *args, **kwargs):
         self.queryset = self.get_queryset().filter(norma_de_destaque=True)
         return self.list(request, *args, **kwargs)
+
+
+class AppVersionView(APIView):
+    permission_classes = (IsAuthenticated,)
+
+    def get(self, request):
+        content = {
+            'name': 'SAPL',
+            'description': 'Sistema de Apoio ao Processo Legislativo',
+            'version': settings.SAPL_VERSION,
+            'user': request.user.username,
+            'is_authenticated': request.user.is_authenticated(),
+        }
+        return Response(content)
+
diff --git a/sapl/settings.py b/sapl/settings.py
index 01db9c336..cea3f2b4a 100644
--- a/sapl/settings.py
+++ b/sapl/settings.py
@@ -86,6 +86,7 @@ INSTALLED_APPS = (
     'drf_yasg',
     #'rest_framework_swagger',
     'rest_framework',
+    'rest_framework.authtoken',
     'django_filters',
 
     'easy_thumbnails',
@@ -147,14 +148,6 @@ if DEBUG:
 
 SITE_URL = config('SITE_URL', cast=str, default='')
 
-CACHES = {
-    'default': {
-        'BACKEND': 'speedinfo.backends.proxy_cache',
-        'CACHE_BACKEND': 'django.core.cache.backends.filebased.FileBasedCache',
-        'LOCATION': '/var/tmp/django_cache',
-    }
-}
-
 REST_FRAMEWORK = {
     "UNICODE_JSON": False,
     "DEFAULT_PARSER_CLASSES": (
@@ -167,6 +160,7 @@ REST_FRAMEWORK = {
         "sapl.api.permissions.SaplModelPermissions",
     ),
     "DEFAULT_AUTHENTICATION_CLASSES": (
+        'rest_framework.authentication.TokenAuthentication',
         "rest_framework.authentication.SessionAuthentication",
     ),
     "DEFAULT_PAGINATION_CLASS": "sapl.api.pagination.StandardPagination",
@@ -175,6 +169,14 @@ REST_FRAMEWORK = {
         'django_filters.rest_framework.DjangoFilterBackend',
     ),
 }
+CACHES = {
+    'default': {
+        'BACKEND': 'speedinfo.backends.proxy_cache',
+        'CACHE_BACKEND': 'django.core.cache.backends.filebased.FileBasedCache',
+        'LOCATION': '/var/tmp/django_cache',
+    }
+}
+
 
 
 ROOT_URLCONF = 'sapl.urls'