Merge pull request #63 from SELab-2/csrf_fixes

Oplossing CSRF probleem

api/middleware.py

@@ -1,5 +1,6 @@
 from django.conf import settings
 from django.shortcuts import redirect
+from rest_framework.authentication import SessionAuthentication
 
 
 class RedirectAnonymousUserMiddleware:
@@ -30,3 +31,9 @@ def __call__(self, request):
             return redirect(settings.LOGIN_URL)
 
         return self.get_response(request)
+
+
+class CsrfExemptSessionAuthentication(SessionAuthentication):
+
+    def enforce_csrf(self, request):
+        return  # To not perform the csrf check previously happening

api/settings.py

@@ -166,3 +166,10 @@
 
 LOGIN_URL = "django_auth_adfs:login"
 LOGIN_REDIRECT_URL = "/login_redirect"
+
+REST_FRAMEWORK = {
+    "DEFAULT_AUTHENTICATION_CLASSES": [
+        "rest_framework.authentication.BasicAuthentication",
+        "api.middleware.CsrfExemptSessionAuthentication",
+    ]
+}

manage.py

@@ -6,7 +6,7 @@
 
 def main():
     """Run administrative tasks."""
-    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'api.settings')
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "api.settings")
     try:
         from django.core.management import execute_from_command_line
     except ImportError as exc:
@@ -18,5 +18,5 @@ def main():
     execute_from_command_line(sys.argv)
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     main()