From d34eba531572bc1cec6b4e3dd4c57a6d30e003ca Mon Sep 17 00:00:00 2001
From: Sebastian Henschel <sebastian@tesobe.com>
Date: Mon, 6 Nov 2017 10:48:26 +0100
Subject: [PATCH] Enabled support for DirectLogin and GatewayLogin #36

---
 apimanager/apimanager/settings.py   |  7 ++++
 apimanager/apimanager/urls.py       | 12 +++++-
 apimanager/base/static/css/base.css |  8 ++++
 apimanager/base/static/js/base.js   |  5 +++
 apimanager/base/templates/home.html | 62 ++++++++++++++++++++++++-----
 apimanager/base/views.py            |  8 +++-
 apimanager/obp/directlogin.py       |  4 +-
 apimanager/obp/views.py             |  6 ++-
 8 files changed, 97 insertions(+), 15 deletions(-)

diff --git a/apimanager/apimanager/settings.py b/apimanager/apimanager/settings.py
index 494d6a3..9c0e78c 100644
--- a/apimanager/apimanager/settings.py
+++ b/apimanager/apimanager/settings.py
@@ -201,6 +201,7 @@ API_SWAGGER_BASE_PATH = '/obp/v1.4.0'
 # Always save session$
 SESSION_SAVE_EVERY_REQUEST = True
 
+# Paths on API_HOST to OAuth
 OAUTH_TOKEN_PATH = '/oauth/initiate'
 OAUTH_AUTHORIZATION_PATH = '/oauth/authorize'
 OAUTH_ACCESS_TOKEN_PATH = '/oauth/token'
@@ -209,6 +210,12 @@ OAUTH_ACCESS_TOKEN_PATH = '/oauth/token'
 OAUTH_CONSUMER_KEY = None
 OAUTH_CONSUMER_SECRET = None
 
+# Path on API_HOST to DirectLogin
+DIRECTLOGIN_PATH = '/my/logins/direct'
+
+# Set to true if the API is connected to a core banking system
+GATEWAYLOGIN_HAS_CBS = False
+
 # Local settings can override anything in here
 try:
     from apimanager.local_settings import *
diff --git a/apimanager/apimanager/urls.py b/apimanager/apimanager/urls.py
index abf2257..84c8b9b 100644
--- a/apimanager/apimanager/urls.py
+++ b/apimanager/apimanager/urls.py
@@ -6,7 +6,13 @@ URLs for apimanager
 from django.conf.urls import url, include
 
 from base.views import HomeView
-from obp.views import OAuthInitiateView, OAuthAuthorizeView, LogoutView
+from obp.views import (
+    OAuthInitiateView, OAuthAuthorizeView,
+    DirectLoginView,
+    GatewayLoginView,
+    LogoutView,
+)
+
 
 
 urlpatterns = [
@@ -17,6 +23,10 @@ urlpatterns = [
         OAuthInitiateView.as_view(), name='oauth-initiate'),
     url(r'^oauth/authorize$',
         OAuthAuthorizeView.as_view(), name='oauth-authorize'),
+    url(r'^directlogin$',
+        DirectLoginView.as_view(), name='directlogin'),
+    url(r'^gatewaylogin$',
+        GatewayLoginView.as_view(), name='gatewaylogin'),
     url(r'^logout$',
         LogoutView.as_view(), name='oauth-logout'),
     url(r'^consumers/', include('consumers.urls')),
diff --git a/apimanager/base/static/css/base.css b/apimanager/base/static/css/base.css
index 0da2a9a..0d84a47 100644
--- a/apimanager/base/static/css/base.css
+++ b/apimanager/base/static/css/base.css
@@ -140,3 +140,11 @@ table.tablesorter thead tr .headerSortDown {
 table.tablesorter thead tr .headerSortDown, table.tablesorter thead tr .headerSortUp {
 	background-color: #e6e6e6;
 }
+
+
+.authentication-method {
+	display: none;
+}
+.authentication-method h3 {
+	margin-top: 0;
+}
diff --git a/apimanager/base/static/js/base.js b/apimanager/base/static/js/base.js
index 265b22a..cb2ee98 100644
--- a/apimanager/base/static/js/base.js
+++ b/apimanager/base/static/js/base.js
@@ -1,3 +1,8 @@
 $(document).ready(function($) {
 	$('table.tablesorter').tablesorter();
+	$('#authentication-select').change(function() {
+		$('.authentication-method').hide();
+		var method = $(this).val();
+		$(`#authenticate-${method}`).show();
+	});
 });
diff --git a/apimanager/base/templates/home.html b/apimanager/base/templates/home.html
index a004481..6cbe046 100644
--- a/apimanager/base/templates/home.html
+++ b/apimanager/base/templates/home.html
@@ -13,15 +13,59 @@
 
 {% if not user.is_authenticated %}
 	<div id="login">
-		<h2>Please authenticate</h2>
-		<p>
-			<a class="btn btn-primary" href="{% url 'oauth-initiate' %}{% if request.GET.next %}?next={{ request.GET.next }}{% endif %}">Initiate OAuth authentication with API</a>
-		</p>
-	</div>
-{% else %}
-	<div id="loggedin">
-		<h2>Thanks for logging in!</h2>
-		<p>Please select one of the items in the navigation above.</p>
+		<label for="authentication-select"><h2>Authenticate</h2></label>
+		<div class="row">
+			<div class="col-xs-12 col-sm-3">
+				<select class="form-control" id="authentication-select">
+					<option value="">Choose ...</option>
+					<option value="oauth">OAuth 1</option>
+					<option value="directlogin">DirectLogin</option>
+					<option value="gatewaylogin">GatewayLogin</option>
+				</select>
+			</div>
+
+			<div class="col-xs-12 col-sm-9">
+				<div class="authentication-method" id="authenticate-oauth">
+					<h3>OAuth</h3>
+					<a class="btn btn-primary" href="{% url 'oauth-initiate' %}{% if request.GET.next %}?next={{ request.GET.next }}{% endif %}">Proceed to authentication server</a>
+				</div>
+				<div class="authentication-method" id="authenticate-directlogin">
+					<h3>DirectLogin</h3>
+					<form action="{% url 'directlogin' %}" method="post">
+						{% csrf_token %}
+						<div class="form-group">
+							<label for="username">Username:</label>
+							{{ directlogin_form.username }}
+						</div>
+						<div class="form-group">
+							<label for="password">Password:</label>
+							{{ directlogin_form.password }}
+						</div>
+						<div class="form-group">
+							<label for="consumer-key">Consumer Key:</label>
+							{{ directlogin_form.consumer_key }}
+						</div>
+						<button class="btn btn-primary">Login</button>
+					</form>
+				</div>
+				<div class="authentication-method" id="authenticate-gatewaylogin">
+					<h3>GatewayLogin</h3>
+					<form action="{% url 'gatewaylogin' %}" method="post">
+						{% csrf_token %}
+						<div class="form-group">
+							<label for="username">Username:</label>
+							{{ gatewaylogin_form.username }}
+						</div>
+						<div class="form-group">
+							<label for="secret">Secret:</label>
+							{{ gatewaylogin_form.secret }}
+						</div>
+						<button class="btn btn-primary">Login</button>
+					</form>
+
+				</div>
+			</div>
+		</div>
 	</div>
 {% endif %}
 
diff --git a/apimanager/base/views.py b/apimanager/base/views.py
index f9f6a3b..f34dc25 100644
--- a/apimanager/base/views.py
+++ b/apimanager/base/views.py
@@ -6,6 +6,8 @@ Views for base app
 from django.conf import settings
 from django.views.generic import TemplateView
 
+from obp.forms import DirectLoginForm, GatewayLoginForm
+
 
 class HomeView(TemplateView):
     """View for home page"""
@@ -13,5 +15,9 @@ class HomeView(TemplateView):
 
     def get_context_data(self, **kwargs):
         context = super(HomeView, self).get_context_data(**kwargs)
-        context['API_HOST'] = settings.API_HOST
+        context.update({
+            'API_HOST': settings.API_HOST,
+            'directlogin_form': DirectLoginForm(),
+            'gatewaylogin_form': GatewayLoginForm(),
+        })
         return context
diff --git a/apimanager/obp/directlogin.py b/apimanager/obp/directlogin.py
index 8025564..df61b2d 100644
--- a/apimanager/obp/directlogin.py
+++ b/apimanager/obp/directlogin.py
@@ -33,12 +33,12 @@ class DirectLoginAuthenticator(Authenticator):
         headers = {'Authorization': authorization}
 
         try:
-            response = requests.get(url, headers=headers)
+            response = requests.post(url, headers=headers)
         except requests.exceptions.ConnectionError as err:
             raise AuthenticatorError(err)
 
         result = response.json()
-        if response.status_code != 200:
+        if response.status_code != 201:
             raise AuthenticatorError(result['error'])
         else:
             self.token = result['token']
diff --git a/apimanager/obp/views.py b/apimanager/obp/views.py
index 38d7f41..5a71510 100644
--- a/apimanager/obp/views.py
+++ b/apimanager/obp/views.py
@@ -107,7 +107,8 @@ class DirectLoginView(FormView, LoginToDjangoMixin):
 
     def get_success_url(self):
         messages.success(self.request, 'DirectLogin successful!')
-        return reverse('runtests-index')
+        redirect_url = self.request.GET.get('next', reverse('home'))
+        return redirect_url
 
     def form_valid(self, form):
         """
@@ -132,7 +133,8 @@ class GatewayLoginView(FormView, LoginToDjangoMixin):
 
     def get_success_url(self):
         messages.success(self.request, 'GatewayLogin successful!')
-        return reverse('runtests-index')
+        redirect_url = self.request.GET.get('next', reverse('home'))
+        return redirect_url
 
     def form_valid(self, form):
         """