mirror of
https://github.com/Tivix/django-rest-auth.git
synced 2024-11-22 00:56:34 +03:00
Add sensitive_post_parameters
decorator to several views
This commit is contained in:
parent
ce58da58b2
commit
971072ae37
|
@ -1,5 +1,7 @@
|
|||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.conf import settings
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.views.decorators.debug import sensitive_post_parameters
|
||||
|
||||
from rest_framework.views import APIView
|
||||
from rest_framework.response import Response
|
||||
|
@ -15,13 +17,16 @@ from allauth.account import app_settings as allauth_settings
|
|||
from rest_auth.app_settings import (TokenSerializer,
|
||||
JWTSerializer,
|
||||
create_token)
|
||||
from rest_auth.models import TokenModel
|
||||
from rest_auth.registration.serializers import (SocialLoginSerializer,
|
||||
VerifyEmailSerializer)
|
||||
from rest_auth.utils import jwt_encode
|
||||
from rest_auth.views import LoginView
|
||||
from rest_auth.models import TokenModel
|
||||
from .app_settings import RegisterSerializer
|
||||
|
||||
from rest_auth.utils import jwt_encode
|
||||
sensitive_post_parameters_m = method_decorator(
|
||||
sensitive_post_parameters('password1', 'password2')
|
||||
)
|
||||
|
||||
|
||||
class RegisterView(CreateAPIView):
|
||||
|
@ -29,6 +34,10 @@ class RegisterView(CreateAPIView):
|
|||
permission_classes = (AllowAny, )
|
||||
token_model = TokenModel
|
||||
|
||||
@sensitive_post_parameters_m
|
||||
def dispatch(self, *args, **kwargs):
|
||||
return super(RegisterView, self).dispatch(*args, **kwargs)
|
||||
|
||||
def get_response_data(self, user):
|
||||
if allauth_settings.EMAIL_VERIFICATION == \
|
||||
allauth_settings.EmailVerificationMethod.MANDATORY:
|
||||
|
|
|
@ -5,7 +5,9 @@ from django.contrib.auth import (
|
|||
from django.conf import settings
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.views.decorators.debug import sensitive_post_parameters
|
||||
|
||||
from rest_framework import status
|
||||
from rest_framework.views import APIView
|
||||
|
@ -21,6 +23,12 @@ from .app_settings import (
|
|||
from .models import TokenModel
|
||||
from .utils import jwt_encode
|
||||
|
||||
sensitive_post_parameters_m = method_decorator(
|
||||
sensitive_post_parameters(
|
||||
'password', 'old_password', 'new_password1', 'new_password2'
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
class LoginView(GenericAPIView):
|
||||
"""
|
||||
|
@ -36,6 +44,10 @@ class LoginView(GenericAPIView):
|
|||
serializer_class = LoginSerializer
|
||||
token_model = TokenModel
|
||||
|
||||
@sensitive_post_parameters_m
|
||||
def dispatch(self, *args, **kwargs):
|
||||
return super(LoginView, self).dispatch(*args, **kwargs)
|
||||
|
||||
def process_login(self):
|
||||
django_login(self.request, self.user)
|
||||
|
||||
|
@ -176,6 +188,10 @@ class PasswordResetConfirmView(GenericAPIView):
|
|||
serializer_class = PasswordResetConfirmSerializer
|
||||
permission_classes = (AllowAny,)
|
||||
|
||||
@sensitive_post_parameters_m
|
||||
def dispatch(self, *args, **kwargs):
|
||||
return super(PasswordResetConfirmView, self).dispatch(*args, **kwargs)
|
||||
|
||||
def post(self, request):
|
||||
serializer = self.get_serializer(data=request.data)
|
||||
serializer.is_valid(raise_exception=True)
|
||||
|
@ -195,6 +211,10 @@ class PasswordChangeView(GenericAPIView):
|
|||
serializer_class = PasswordChangeSerializer
|
||||
permission_classes = (IsAuthenticated,)
|
||||
|
||||
@sensitive_post_parameters_m
|
||||
def dispatch(self, *args, **kwargs):
|
||||
return super(PasswordChangeView, self).dispatch(*args, **kwargs)
|
||||
|
||||
def post(self, request):
|
||||
serializer = self.get_serializer(data=request.data)
|
||||
serializer.is_valid(raise_exception=True)
|
||||
|
|
Loading…
Reference in New Issue
Block a user