Experimental: support token authentication for API

backend/ciso_assistant/settings.py

@@ -131,6 +131,7 @@ def set_ciso_assistant_url(_, __, event_dict):
     "serdes",
     "rest_framework",
     "drf_spectacular",
+    "rest_framework.authtoken",
 ]
 
 MIDDLEWARE = [
@@ -181,6 +182,7 @@ def set_ciso_assistant_url(_, __, event_dict):
     ],
     "DEFAULT_AUTHENTICATION_CLASSES": [
         "rest_framework.authentication.SessionAuthentication",
+        "rest_framework.authentication.TokenAuthentication",
     ],
     "DEFAULT_PERMISSION_CLASSES": [
         "rest_framework.permissions.IsAuthenticated",

backend/ciso_assistant/urls.py

@@ -16,11 +16,12 @@
 from django.urls import include, path
 from ciso_assistant import settings
 from drf_spectacular.views import SpectacularAPIView, SpectacularRedocView, SpectacularSwaggerView
-
+from rest_framework.authtoken import views
 
 # beware of the order of url patterns, this can change de behavior in case of multiple matches and avoid giving identical paths that could cause conflicts
 urlpatterns = [
     path("api/", include("core.urls")),
+    path('api-token-auth/', views.obtain_auth_token),
     path("serdes/", include("serdes.urls")),
     path("i18n/", include("django.conf.urls.i18n")),
     path('api/schema/', SpectacularAPIView.as_view(), name='schema'),

backend/core/apps.py

@@ -359,3 +359,5 @@ def ready(self):
         # avoid post_migrate handler if we are in the main, as it interferes with restore
         if not os.environ.get("RUN_MAIN"):
             post_migrate.connect(startup, sender=self)
+
+        import core.signals

backend/core/signals.py

@@ -0,0 +1,9 @@
+from django.conf import settings
+from django.db.models.signals import post_save
+from django.dispatch import receiver
+from rest_framework.authtoken.models import Token
+
+@receiver(post_save, sender=settings.AUTH_USER_MODEL)
+def create_auth_token(sender, instance=None, created=False, **kwargs):
+    if created:
+        Token.objects.create(user=instance)