mirror of
https://github.com/Tivix/django-rest-auth.git
synced 2024-11-25 10:33:45 +03:00
Add sensitive_post_parameters
decorator to several views
This commit is contained in:
parent
ce58da58b2
commit
971072ae37
|
@ -1,5 +1,7 @@
|
||||||
from django.utils.translation import ugettext_lazy as _
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
from django.utils.decorators import method_decorator
|
||||||
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
from django.views.decorators.debug import sensitive_post_parameters
|
||||||
|
|
||||||
from rest_framework.views import APIView
|
from rest_framework.views import APIView
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
|
@ -15,13 +17,16 @@ from allauth.account import app_settings as allauth_settings
|
||||||
from rest_auth.app_settings import (TokenSerializer,
|
from rest_auth.app_settings import (TokenSerializer,
|
||||||
JWTSerializer,
|
JWTSerializer,
|
||||||
create_token)
|
create_token)
|
||||||
|
from rest_auth.models import TokenModel
|
||||||
from rest_auth.registration.serializers import (SocialLoginSerializer,
|
from rest_auth.registration.serializers import (SocialLoginSerializer,
|
||||||
VerifyEmailSerializer)
|
VerifyEmailSerializer)
|
||||||
|
from rest_auth.utils import jwt_encode
|
||||||
from rest_auth.views import LoginView
|
from rest_auth.views import LoginView
|
||||||
from rest_auth.models import TokenModel
|
|
||||||
from .app_settings import RegisterSerializer
|
from .app_settings import RegisterSerializer
|
||||||
|
|
||||||
from rest_auth.utils import jwt_encode
|
sensitive_post_parameters_m = method_decorator(
|
||||||
|
sensitive_post_parameters('password1', 'password2')
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class RegisterView(CreateAPIView):
|
class RegisterView(CreateAPIView):
|
||||||
|
@ -29,6 +34,10 @@ class RegisterView(CreateAPIView):
|
||||||
permission_classes = (AllowAny, )
|
permission_classes = (AllowAny, )
|
||||||
token_model = TokenModel
|
token_model = TokenModel
|
||||||
|
|
||||||
|
@sensitive_post_parameters_m
|
||||||
|
def dispatch(self, *args, **kwargs):
|
||||||
|
return super(RegisterView, self).dispatch(*args, **kwargs)
|
||||||
|
|
||||||
def get_response_data(self, user):
|
def get_response_data(self, user):
|
||||||
if allauth_settings.EMAIL_VERIFICATION == \
|
if allauth_settings.EMAIL_VERIFICATION == \
|
||||||
allauth_settings.EmailVerificationMethod.MANDATORY:
|
allauth_settings.EmailVerificationMethod.MANDATORY:
|
||||||
|
|
|
@ -5,7 +5,9 @@ from django.contrib.auth import (
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib.auth import get_user_model
|
from django.contrib.auth import get_user_model
|
||||||
from django.core.exceptions import ObjectDoesNotExist
|
from django.core.exceptions import ObjectDoesNotExist
|
||||||
|
from django.utils.decorators import method_decorator
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
from django.views.decorators.debug import sensitive_post_parameters
|
||||||
|
|
||||||
from rest_framework import status
|
from rest_framework import status
|
||||||
from rest_framework.views import APIView
|
from rest_framework.views import APIView
|
||||||
|
@ -21,6 +23,12 @@ from .app_settings import (
|
||||||
from .models import TokenModel
|
from .models import TokenModel
|
||||||
from .utils import jwt_encode
|
from .utils import jwt_encode
|
||||||
|
|
||||||
|
sensitive_post_parameters_m = method_decorator(
|
||||||
|
sensitive_post_parameters(
|
||||||
|
'password', 'old_password', 'new_password1', 'new_password2'
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class LoginView(GenericAPIView):
|
class LoginView(GenericAPIView):
|
||||||
"""
|
"""
|
||||||
|
@ -36,6 +44,10 @@ class LoginView(GenericAPIView):
|
||||||
serializer_class = LoginSerializer
|
serializer_class = LoginSerializer
|
||||||
token_model = TokenModel
|
token_model = TokenModel
|
||||||
|
|
||||||
|
@sensitive_post_parameters_m
|
||||||
|
def dispatch(self, *args, **kwargs):
|
||||||
|
return super(LoginView, self).dispatch(*args, **kwargs)
|
||||||
|
|
||||||
def process_login(self):
|
def process_login(self):
|
||||||
django_login(self.request, self.user)
|
django_login(self.request, self.user)
|
||||||
|
|
||||||
|
@ -176,6 +188,10 @@ class PasswordResetConfirmView(GenericAPIView):
|
||||||
serializer_class = PasswordResetConfirmSerializer
|
serializer_class = PasswordResetConfirmSerializer
|
||||||
permission_classes = (AllowAny,)
|
permission_classes = (AllowAny,)
|
||||||
|
|
||||||
|
@sensitive_post_parameters_m
|
||||||
|
def dispatch(self, *args, **kwargs):
|
||||||
|
return super(PasswordResetConfirmView, self).dispatch(*args, **kwargs)
|
||||||
|
|
||||||
def post(self, request):
|
def post(self, request):
|
||||||
serializer = self.get_serializer(data=request.data)
|
serializer = self.get_serializer(data=request.data)
|
||||||
serializer.is_valid(raise_exception=True)
|
serializer.is_valid(raise_exception=True)
|
||||||
|
@ -195,6 +211,10 @@ class PasswordChangeView(GenericAPIView):
|
||||||
serializer_class = PasswordChangeSerializer
|
serializer_class = PasswordChangeSerializer
|
||||||
permission_classes = (IsAuthenticated,)
|
permission_classes = (IsAuthenticated,)
|
||||||
|
|
||||||
|
@sensitive_post_parameters_m
|
||||||
|
def dispatch(self, *args, **kwargs):
|
||||||
|
return super(PasswordChangeView, self).dispatch(*args, **kwargs)
|
||||||
|
|
||||||
def post(self, request):
|
def post(self, request):
|
||||||
serializer = self.get_serializer(data=request.data)
|
serializer = self.get_serializer(data=request.data)
|
||||||
serializer.is_valid(raise_exception=True)
|
serializer.is_valid(raise_exception=True)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user