From 67f4b39919cb744a93e8f911283471de49c906b9 Mon Sep 17 00:00:00 2001 From: DEKHTIARJonathan Date: Tue, 5 Sep 2017 10:41:58 +0200 Subject: [PATCH] CSRF Exempt added to API Token Obtention --- feedcrunch_api_v1/urls.py | 4 +++- feedcrunch_api_v1/views.py | 19 ------------------- 2 files changed, 3 insertions(+), 20 deletions(-) diff --git a/feedcrunch_api_v1/urls.py b/feedcrunch_api_v1/urls.py index 092762f..a145628 100644 --- a/feedcrunch_api_v1/urls.py +++ b/feedcrunch_api_v1/urls.py @@ -5,9 +5,11 @@ from django.conf import settings from django.conf.urls import include, url import django.contrib.auth.views +from django.views.decorators.csrf import csrf_exempt #from .admin import admin_site from .views import * +import rest_framework.authtoken.views urlpatterns = [ @@ -18,7 +20,7 @@ # ====================== Authentication Required API Routes ====================== # # Login/Logout Route - url(r'^get_auth_token/$', ObtainAuthToken.as_view(), name='Obtain_Auth_Token'), + url(r'^get_auth_token/$', csrf_exempt(rest_framework.authtoken.views.obtain_auth_token), name='Obtain_Auth_Token'), url(r'^logout/$', django.contrib.auth.views.logout, {'next_page': '/login',}, name='logout'), # User Routes diff --git a/feedcrunch_api_v1/views.py b/feedcrunch_api_v1/views.py index 7555916..93ed00e 100644 --- a/feedcrunch_api_v1/views.py +++ b/feedcrunch_api_v1/views.py @@ -9,9 +9,7 @@ from django.http import HttpResponse from django.views.decorators.csrf import csrf_exempt -from rest_framework import parsers, renderers from rest_framework.authtoken.models import Token -from rest_framework.authtoken.serializers import AuthTokenSerializer from rest_framework.parsers import FileUploadParser, MultiPartParser from rest_framework.permissions import IsAuthenticated, AllowAny from rest_framework.response import Response @@ -48,23 +46,6 @@ def mark_RSSArticle_Assoc_as_read(RSSArticle_AssocID, user): RSSArticle_Assoc_obj.marked_read = True RSSArticle_Assoc_obj.save() - -class ObtainAuthToken(APIView): - - throttle_classes = () - permission_classes = (AllowAny,) #maybe not needed in your case - parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,) - renderer_classes = (renderers.JSONRenderer,) - serializer_class = AuthTokenSerializer - - @csrf_exempt - def post(self, request): - serializer = self.serializer_class(data=request.data) - serializer.is_valid(raise_exception=True) - user = serializer.validated_data['user'] - token, created = Token.objects.get_or_create(user=user) - return Response({'token': token.key}) - class Authentication_Login_View(APIView): def post(self, request):