From 596cbee153b7eeaeebcd66a6a56088d842a4822a Mon Sep 17 00:00:00 2001 From: Steve Recio Date: Fri, 10 Jan 2020 17:47:54 -0500 Subject: [PATCH 1/3] add DRF throttle scopes to relevant rest auth views --- rest_auth/registration/views.py | 1 + rest_auth/views.py | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/rest_auth/registration/views.py b/rest_auth/registration/views.py index 0e0ab0d..1c28c16 100644 --- a/rest_auth/registration/views.py +++ b/rest_auth/registration/views.py @@ -40,6 +40,7 @@ class RegisterView(CreateAPIView): serializer_class = RegisterSerializer permission_classes = register_permission_classes() token_model = TokenModel + throttle_scope = 'rest_auth' @sensitive_post_parameters_m def dispatch(self, *args, **kwargs): diff --git a/rest_auth/views.py b/rest_auth/views.py index 0a0a982..bbeab8a 100644 --- a/rest_auth/views.py +++ b/rest_auth/views.py @@ -43,6 +43,7 @@ class LoginView(GenericAPIView): permission_classes = (AllowAny,) serializer_class = LoginSerializer token_model = TokenModel + throttle_scope = 'rest_auth' @sensitive_post_parameters_m def dispatch(self, *args, **kwargs): @@ -114,6 +115,7 @@ class LogoutView(APIView): Accepts/Returns nothing. """ permission_classes = (AllowAny,) + throttle_scope = 'rest_auth' def get(self, request, *args, **kwargs): if getattr(settings, 'ACCOUNT_LOGOUT_ON_GET', False): @@ -178,6 +180,7 @@ class PasswordResetView(GenericAPIView): """ serializer_class = PasswordResetSerializer permission_classes = (AllowAny,) + throttle_scope = 'rest_auth' def post(self, request, *args, **kwargs): # Create a serializer with request.data @@ -203,6 +206,7 @@ class PasswordResetConfirmView(GenericAPIView): """ serializer_class = PasswordResetConfirmSerializer permission_classes = (AllowAny,) + throttle_scope = 'rest_auth' @sensitive_post_parameters_m def dispatch(self, *args, **kwargs): @@ -226,6 +230,7 @@ class PasswordChangeView(GenericAPIView): """ serializer_class = PasswordChangeSerializer permission_classes = (IsAuthenticated,) + throttle_scope = 'rest_auth' @sensitive_post_parameters_m def dispatch(self, *args, **kwargs): From 10eb4be9cd4b403d78cebbaed75e8e42a54e5ce9 Mon Sep 17 00:00:00 2001 From: Steve Recio Date: Mon, 10 Feb 2020 13:02:20 -0500 Subject: [PATCH 2/3] dont delete auth token on logout --- rest_auth/views.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/rest_auth/views.py b/rest_auth/views.py index bbeab8a..6e94a4c 100644 --- a/rest_auth/views.py +++ b/rest_auth/views.py @@ -129,10 +129,6 @@ class LogoutView(APIView): return self.logout(request) def logout(self, request): - try: - request.user.auth_token.delete() - except (AttributeError, ObjectDoesNotExist): - pass if getattr(settings, 'REST_SESSION_LOGIN', True): django_logout(request) From 2daa44e5f416e7d876a52b4fbd82a6ef63b7e4ed Mon Sep 17 00:00:00 2001 From: Steve Recio Date: Wed, 3 Jun 2020 09:17:15 -0400 Subject: [PATCH 3/3] change throttle scope naming (rest_auth -> dj_rest_auth) --- dj_rest_auth/registration/views.py | 2 +- dj_rest_auth/views.py | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dj_rest_auth/registration/views.py b/dj_rest_auth/registration/views.py index 02c73b9..d3c0de8 100644 --- a/dj_rest_auth/registration/views.py +++ b/dj_rest_auth/registration/views.py @@ -36,7 +36,7 @@ class RegisterView(CreateAPIView): serializer_class = RegisterSerializer permission_classes = register_permission_classes() token_model = TokenModel - throttle_scope = 'rest_auth' + throttle_scope = 'dj_rest_auth' @sensitive_post_parameters_m def dispatch(self, *args, **kwargs): diff --git a/dj_rest_auth/views.py b/dj_rest_auth/views.py index e68b2ac..dc3dea8 100644 --- a/dj_rest_auth/views.py +++ b/dj_rest_auth/views.py @@ -40,7 +40,7 @@ class LoginView(GenericAPIView): permission_classes = (AllowAny,) serializer_class = LoginSerializer token_model = TokenModel - throttle_scope = 'rest_auth' + throttle_scope = 'dj_rest_auth' @sensitive_post_parameters_m def dispatch(self, *args, **kwargs): @@ -116,7 +116,7 @@ class LogoutView(APIView): Accepts/Returns nothing. """ permission_classes = (AllowAny,) - throttle_scope = 'rest_auth' + throttle_scope = 'dj_rest_auth' def get(self, request, *args, **kwargs): if getattr(settings, 'ACCOUNT_LOGOUT_ON_GET', False): @@ -219,7 +219,7 @@ class PasswordResetView(GenericAPIView): """ serializer_class = PasswordResetSerializer permission_classes = (AllowAny,) - throttle_scope = 'rest_auth' + throttle_scope = 'dj_rest_auth' def post(self, request, *args, **kwargs): # Create a serializer with request.data @@ -245,7 +245,7 @@ class PasswordResetConfirmView(GenericAPIView): """ serializer_class = PasswordResetConfirmSerializer permission_classes = (AllowAny,) - throttle_scope = 'rest_auth' + throttle_scope = 'dj_rest_auth' @sensitive_post_parameters_m def dispatch(self, *args, **kwargs): @@ -269,7 +269,7 @@ class PasswordChangeView(GenericAPIView): """ serializer_class = PasswordChangeSerializer permission_classes = (IsAuthenticated,) - throttle_scope = 'rest_auth' + throttle_scope = 'dj_rest_auth' @sensitive_post_parameters_m def dispatch(self, *args, **kwargs):