PapaTutuWawa/etesync-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Authentication classes: add permissions to logout.

Browse Source
This commit is contained in:
Tom Hacohen 2020-06-03 14:21:52 +03:00
parent ad184f0ac3
commit 9cc68291df
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
django_etesync/views.py
View File

@ -553,6 +553,7 @@ class InvitationIncomingViewSet(BaseViewSet):
class AuthenticationViewSet(viewsets.ViewSet): class AuthenticationViewSet(viewsets.ViewSet):
allowed_methods = ['POST'] allowed_methods = ['POST']
authentication_classes = BaseViewSet.authentication_classes
def get_encryption_key(self, salt): def get_encryption_key(self, salt):
key = nacl.hash.blake2b(settings.SECRET_KEY.encode(), encoder=nacl.encoding.RawEncoder) key = nacl.hash.blake2b(settings.SECRET_KEY.encode(), encoder=nacl.encoding.RawEncoder)
@ -662,7 +663,7 @@ class AuthenticationViewSet(viewsets.ViewSet):
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@action_decorator(detail=False, methods=['POST']) @action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes)
def logout(self, request): def logout(self, request):
# FIXME: expire the token - we need better token handling - using knox? Something else? # FIXME: expire the token - we need better token handling - using knox? Something else?
return Response({}, status=status.HTTP_200_OK) return Response({}, status=status.HTTP_200_OK)