From: Radek Czajka Date: Thu, 26 Apr 2012 14:10:46 +0000 (+0200) Subject: exempt publishing api from csrf X-Git-Url: https://git.mdrn.pl/wolnelektury.git/commitdiff_plain/bdf5017081b6f2017bed812c8276a9b693d8c564 exempt publishing api from csrf --- diff --git a/apps/api/helpers.py b/apps/api/helpers.py index aa22465fc..acb491afc 100644 --- a/apps/api/helpers.py +++ b/apps/api/helpers.py @@ -1,8 +1,14 @@ # -*- coding: utf-8 -*- from time import mktime +from piston.resource import Resource def timestamp(dtime): "converts a datetime.datetime object to a timestamp int" return int(mktime(dtime.timetuple())) +class CsrfExemptResource(Resource): + """A Custom Resource that is csrf exempt""" + def __init__(self, handler, authentication=None): + super(CsrfExemptResource, self).__init__(handler, authentication) + self.csrf_exempt = getattr(self.handler, 'csrf_exempt', True) diff --git a/apps/api/urls.py b/apps/api/urls.py index a22f3b772..f9f9c2279 100644 --- a/apps/api/urls.py +++ b/apps/api/urls.py @@ -1,10 +1,11 @@ # -*- coding: utf-8 -*- from django.conf.urls.defaults import * -from piston.authentication import OAuthAuthentication +from django.views.decorators.csrf import csrf_exempt +from piston.authentication import OAuthAuthentication, oauth_access_token from piston.resource import Resource from api import handlers -from catalogue.models import Book +from api.helpers import CsrfExemptResource auth = OAuthAuthentication(realm="Wolne Lektury") @@ -12,7 +13,7 @@ book_changes_resource = Resource(handler=handlers.BookChangesHandler) tag_changes_resource = Resource(handler=handlers.TagChangesHandler) changes_resource = Resource(handler=handlers.ChangesHandler) -book_list_resource = Resource(handler=handlers.BooksHandler, authentication=auth) +book_list_resource = CsrfExemptResource(handler=handlers.BooksHandler, authentication=auth) #book_list_resource = Resource(handler=handlers.BooksHandler) book_resource = Resource(handler=handlers.BookDetailHandler) @@ -22,13 +23,13 @@ tag_resource = Resource(handler=handlers.TagDetailHandler) fragment_resource = Resource(handler=handlers.FragmentDetailHandler) fragment_list_resource = Resource(handler=handlers.FragmentsHandler) -picture_resource = Resource(handler=handlers.PictureHandler, authentication=auth) +picture_resource = CsrfExemptResource(handler=handlers.PictureHandler, authentication=auth) urlpatterns = patterns( 'piston.authentication', url(r'^oauth/request_token/$', 'oauth_request_token'), url(r'^oauth/authorize/$', 'oauth_user_auth'), - url(r'^oauth/access_token/$', 'oauth_access_token'), + url(r'^oauth/access_token/$', csrf_exempt(oauth_access_token)), ) + patterns('', url(r'^$', 'django.views.generic.simple.direct_to_template',