CSRF Exempt added to API Token Obtention

DEKHTIARJonathan · Sep 5, 2017 · 67f4b39 · 67f4b39
1 parent 9979555
commit 67f4b39
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 20 deletions.
diff --git a/feedcrunch_api_v1/urls.py b/feedcrunch_api_v1/urls.py
@@ -5,9 +5,11 @@
 from django.conf import settings
 from django.conf.urls import include, url
 import django.contrib.auth.views
+from django.views.decorators.csrf import csrf_exempt
 
 #from .admin import admin_site
 from .views import *
+import rest_framework.authtoken.views
 
 urlpatterns = [
 
@@ -18,7 +20,7 @@
 
     # ====================== Authentication Required API Routes ====================== #
     # Login/Logout Route
-    url(r'^get_auth_token/$', ObtainAuthToken.as_view(), name='Obtain_Auth_Token'),
+    url(r'^get_auth_token/$', csrf_exempt(rest_framework.authtoken.views.obtain_auth_token), name='Obtain_Auth_Token'),
     url(r'^logout/$', django.contrib.auth.views.logout, {'next_page': '/login',}, name='logout'),
 
     # User Routes

diff --git a/feedcrunch_api_v1/views.py b/feedcrunch_api_v1/views.py
@@ -9,9 +9,7 @@
 from django.http import HttpResponse
 from django.views.decorators.csrf import csrf_exempt
 
-from rest_framework import parsers, renderers
 from rest_framework.authtoken.models import Token
-from rest_framework.authtoken.serializers import AuthTokenSerializer
 from rest_framework.parsers import FileUploadParser, MultiPartParser
 from rest_framework.permissions import IsAuthenticated, AllowAny
 from rest_framework.response import Response
@@ -48,23 +46,6 @@ def mark_RSSArticle_Assoc_as_read(RSSArticle_AssocID, user):
     RSSArticle_Assoc_obj.marked_read = True
     RSSArticle_Assoc_obj.save()
 
-
-class ObtainAuthToken(APIView):    
-
-    throttle_classes = ()
-    permission_classes = (AllowAny,) #maybe not needed in your case
-    parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,)
-    renderer_classes = (renderers.JSONRenderer,)
-    serializer_class = AuthTokenSerializer
-
-    @csrf_exempt
-    def post(self, request):
-        serializer = self.serializer_class(data=request.data)
-        serializer.is_valid(raise_exception=True)
-        user = serializer.validated_data['user']
-        token, created = Token.objects.get_or_create(user=user)
-        return Response({'token': token.key})
-
 class Authentication_Login_View(APIView):
 
     def post(self, request):