Authentication classes: add permissions to logout.

2020-06-03 14:21:52 +03:00 · 2020-06-03 14:21:52 +03:00 · 9cc68291df
commit 9cc68291df
parent ad184f0ac3
1 changed files with 2 additions and 1 deletions
--- a/django_etesync/views.py
+++ b/django_etesync/views.py
@ -553,6 +553,7 @@ class InvitationIncomingViewSet(BaseViewSet):

 class AuthenticationViewSet(viewsets.ViewSet):
    allowed_methods = ['POST']
+    authentication_classes = BaseViewSet.authentication_classes

    def get_encryption_key(self, salt):
        key = nacl.hash.blake2b(settings.SECRET_KEY.encode(), encoder=nacl.encoding.RawEncoder)
@ -662,7 +663,7 @@ class AuthenticationViewSet(viewsets.ViewSet):

        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

-    @action_decorator(detail=False, methods=['POST'])
+    @action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes)
    def logout(self, request):
        # FIXME: expire the token - we need better token handling - using knox? Something else?
        return Response({}, status=status.HTTP_200_OK)