2👍
✅
Since nobody answer this question, I figured it out myself and some help from my friend. I have to edit ApiKeyHandler to
class ApiKeyHandler(BaseHandler):
model = ApiKey
allowed_methods = ('GET', 'POST')
fileds = ('user', 'key')
def read(self, request):
# Return the API key for request.user
values_query_set = request.user.keys.values('key')
api_key = list(values_query_set)[0]['key']
return HttpResponse(api_key)
def create(self, request):
#Create a new API Key.
# Check if API key already exists
if request.user.keys.count() > 0:
values_query_set = request.user.keys.values('key')
api_key = list(values_query_set)[0]['key']
return HttpResponse(api_key)
else:
# Create API key
api_key = ApiKey(user=request.user)
api_key.save()
return HttpResponse(api_key)
According to django-piston doc methodreadis called on GET and methodcreateis called on POST. Thus, when client want to create new API key; client need to request HTTP POST to create API key forrequest.userif the API key is not already exists.
Finally in models.py I need to edit the ApiKey model to
class ApiKey(models.Model):
user = models.ForeignKey(User, related_name='keys', unique=True)
key = models.CharField(max_length=KEY_SIZE, null=True, blank=True)
def save(self, *args, **kwargs):
self.key = User.objects.make_random_password(length=KEY_SIZE)
while ApiKey.objects.filter(key__exact=self.key).count():
self.key = User.objects.make_random_password(length=KEY_SIZE)
super(ApiKey, self).save(*args, **kwargs)
def __unicode__(self):
return self.key
We need to call the “real” save() method
super(ApiKey, self).save(*args, **kwargs)
and APIKeyAuthenticatin is work now.
Last but not least, when authenticating user, client need to request the HTTP request with HEADER (‘Authorization’, api_key).api_key must match with therequest.user.
Source:stackexchange.com