exempt publishing api from csrf
authorRadek Czajka <radoslaw.czajka@nowoczesnapolska.org.pl>
Thu, 26 Apr 2012 14:10:46 +0000 (16:10 +0200)
committerRadek Czajka <radoslaw.czajka@nowoczesnapolska.org.pl>
Thu, 26 Apr 2012 14:10:46 +0000 (16:10 +0200)
apps/api/helpers.py
apps/api/urls.py

index aa22465..acb491a 100644 (file)
@@ -1,8 +1,14 @@
 # -*- coding: utf-8 -*-
 
 from time import mktime
+from piston.resource import Resource
 
 def timestamp(dtime):
     "converts a datetime.datetime object to a timestamp int"
     return int(mktime(dtime.timetuple()))
 
+class CsrfExemptResource(Resource):
+    """A Custom Resource that is csrf exempt"""
+    def __init__(self, handler, authentication=None):
+        super(CsrfExemptResource, self).__init__(handler, authentication)
+        self.csrf_exempt = getattr(self.handler, 'csrf_exempt', True)
index a22f3b7..f9f9c22 100644 (file)
@@ -1,10 +1,11 @@
 # -*- coding: utf-8 -*-
 from django.conf.urls.defaults import *
-from piston.authentication import OAuthAuthentication
+from django.views.decorators.csrf import csrf_exempt
+from piston.authentication import OAuthAuthentication, oauth_access_token 
 from piston.resource import Resource
 
 from api import handlers
-from catalogue.models import Book
+from api.helpers import CsrfExemptResource
 
 auth = OAuthAuthentication(realm="Wolne Lektury")
 
@@ -12,7 +13,7 @@ book_changes_resource = Resource(handler=handlers.BookChangesHandler)
 tag_changes_resource = Resource(handler=handlers.TagChangesHandler)
 changes_resource = Resource(handler=handlers.ChangesHandler)
 
-book_list_resource = Resource(handler=handlers.BooksHandler, authentication=auth)
+book_list_resource = CsrfExemptResource(handler=handlers.BooksHandler, authentication=auth)
 #book_list_resource = Resource(handler=handlers.BooksHandler)
 book_resource = Resource(handler=handlers.BookDetailHandler)
 
@@ -22,13 +23,13 @@ tag_resource = Resource(handler=handlers.TagDetailHandler)
 fragment_resource = Resource(handler=handlers.FragmentDetailHandler)
 fragment_list_resource = Resource(handler=handlers.FragmentsHandler)
 
-picture_resource = Resource(handler=handlers.PictureHandler, authentication=auth)
+picture_resource = CsrfExemptResource(handler=handlers.PictureHandler, authentication=auth)
 
 urlpatterns = patterns(
     'piston.authentication',
     url(r'^oauth/request_token/$', 'oauth_request_token'),
     url(r'^oauth/authorize/$', 'oauth_user_auth'),
-    url(r'^oauth/access_token/$', 'oauth_access_token'),
+    url(r'^oauth/access_token/$', csrf_exempt(oauth_access_token)),
 
 ) + patterns('',
     url(r'^$', 'django.views.generic.simple.direct_to_template',