0002-api-do-not-do-CSRF-check-on-validate-password-API-24.patch
src/authentic2/api_views.py | ||
---|---|---|
22 | 22 |
from rest_framework.exceptions import PermissionDenied, AuthenticationFailed |
23 | 23 |
from rest_framework.fields import CreateOnlyDefault |
24 | 24 |
from rest_framework.decorators import list_route, detail_route |
25 |
from rest_framework.authentication import SessionAuthentication |
|
25 | 26 | |
26 | 27 |
from django_filters.rest_framework import FilterSet |
27 | 28 | |
... | ... | |
720 | 721 |
check_password = CheckPasswordAPI.as_view() |
721 | 722 | |
722 | 723 | |
724 |
class CsrfExemptSessionAuthentication(SessionAuthentication): |
|
725 |
def enforce_csrf(self, request): |
|
726 |
return # To not perform the csrf check previously happening |
|
727 | ||
728 | ||
723 | 729 |
class ValidatePasswordSerializer(serializers.Serializer): |
724 | 730 |
password = serializers.CharField(required=True) |
725 | 731 | |
726 | 732 | |
733 | ||
727 | 734 |
class ValidatePasswordAPI(BaseRpcView): |
728 | 735 |
permission_classes = () |
736 |
authentication_classes = (CsrfExemptSessionAuthentication,) |
|
729 | 737 |
serializer_class = ValidatePasswordSerializer |
730 | 738 | |
731 | 739 |
def rpc(self, request, serializer): |
732 |
- |