-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix api authentication/authorization
- Loading branch information
Chris Wisecarver
committed
Jul 10, 2016
1 parent
bc7d47f
commit 8d7e89f
Showing
5 changed files
with
58 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
from rest_framework.authentication import SessionAuthentication | ||
|
||
|
||
class NonCSRFSessionAuthentication(SessionAuthentication): | ||
def authenticate(self, request): | ||
""" | ||
Returns a `User` if the request session currently has a logged in user. | ||
Otherwise returns `None`. | ||
""" | ||
|
||
# Get the session-based user from the underlying HttpRequest object | ||
user = getattr(request._request, 'user', None) | ||
|
||
# Unauthenticated, CSRF validation not required | ||
if not user or not user.is_active: | ||
return None | ||
|
||
# self.enforce_csrf(request) | ||
|
||
# CSRF passed with authenticated user | ||
return (user, None) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
from oauth2_provider.ext.rest_framework import TokenHasScope | ||
from rest_framework.permissions import BasePermission, IsAuthenticated, SAFE_METHODS | ||
import logging | ||
|
||
log = logging.getLogger(__name__) | ||
|
||
class ReadOnlyOrTokenHasScopeOrIsAuthenticated(TokenHasScope, IsAuthenticated, BasePermission): | ||
def has_permission(self, request, view): | ||
if request.method in SAFE_METHODS: | ||
return True | ||
|
||
if request.user and request.user.is_authenticated(): | ||
return True | ||
|
||
token = request.auth | ||
|
||
if not token: | ||
return False | ||
|
||
if hasattr(token, 'scope'): # OAuth 2 | ||
required_scopes = self.get_scopes(request, view) | ||
log.debug("Required scopes to access resource: {0}".format(required_scopes)) | ||
|
||
return token.is_valid(required_scopes) | ||
|
||
assert False, ('TokenHasScope requires either the' | ||
'`oauth2_provider.rest_framework.OAuth2Authentication` authentication ' | ||
'class to be used.') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters