0002-api-do-not-do-CSRF-check-on-validate-password-API-24.patch
| src/authentic2/api_views.py | ||
|---|---|---|
| 22 | 22 |
from rest_framework.exceptions import PermissionDenied, AuthenticationFailed |
| 23 | 23 |
from rest_framework.fields import CreateOnlyDefault |
| 24 | 24 |
from rest_framework.decorators import list_route, detail_route |
| 25 |
from rest_framework.authentication import SessionAuthentication |
|
| 25 | 26 | |
| 26 | 27 |
from django_filters.rest_framework import FilterSet |
| 27 | 28 | |
| ... | ... | |
| 720 | 721 |
check_password = CheckPasswordAPI.as_view() |
| 721 | 722 | |
| 722 | 723 | |
| 724 |
class CsrfExemptSessionAuthentication(SessionAuthentication): |
|
| 725 |
def enforce_csrf(self, request): |
|
| 726 |
return # To not perform the csrf check previously happening |
|
| 727 | ||
| 728 | ||
| 723 | 729 |
class ValidatePasswordSerializer(serializers.Serializer): |
| 724 | 730 |
password = serializers.CharField(required=True) |
| 725 | 731 | |
| 726 | 732 | |
| 733 | ||
| 727 | 734 |
class ValidatePasswordAPI(BaseRpcView): |
| 728 | 735 |
permission_classes = () |
| 736 |
authentication_classes = (CsrfExemptSessionAuthentication,) |
|
| 729 | 737 |
serializer_class = ValidatePasswordSerializer |
| 730 | 738 | |
| 731 | 739 |
def rpc(self, request, serializer): |
| 732 |
- |
|