From 26281afea9221b955105ae0325c71bd712173d4f Mon Sep 17 00:00:00 2001 From: Arnout Allaert Date: Thu, 14 Mar 2024 17:06:33 +0100 Subject: [PATCH 1/5] Update django.yml --- .github/workflows/django.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/django.yml b/.github/workflows/django.yml index 4f95499b..ce56c185 100644 --- a/.github/workflows/django.yml +++ b/.github/workflows/django.yml @@ -37,7 +37,9 @@ jobs: pip install -r requirements.txt - name: Linting API run: | - flake8 ./api + cd api + flake8 . + cd .. - name: Run Tests env: CLIENT_ID: ${{ secrets.CLIENT_ID }} From 4e85d03750e024ddaac418f15b669d4072284875 Mon Sep 17 00:00:00 2001 From: ticoucke Date: Thu, 14 Mar 2024 17:18:50 +0100 Subject: [PATCH 2/5] Dit lost het probleem op dat we zogezegd de csrf token niet meegaven aan onze post requests --- api/middleware.py | 8 ++++++++ api/settings.py | 7 +++++++ 2 files changed, 15 insertions(+) diff --git a/api/middleware.py b/api/middleware.py index 685195c6..1dfecdad 100644 --- a/api/middleware.py +++ b/api/middleware.py @@ -1,5 +1,6 @@ from django.conf import settings from django.shortcuts import redirect +from rest_framework.authentication import SessionAuthentication class RedirectAnonymousUserMiddleware: @@ -30,3 +31,10 @@ def __call__(self, request): return redirect(settings.LOGIN_URL) return self.get_response(request) + + +class CsrfExemptSessionAuthentication(SessionAuthentication): + + def enforce_csrf(self, request): + return # To not perform the csrf check previously happening + diff --git a/api/settings.py b/api/settings.py index f1f44c9b..3134fe48 100644 --- a/api/settings.py +++ b/api/settings.py @@ -166,3 +166,10 @@ LOGIN_URL = "django_auth_adfs:login" LOGIN_REDIRECT_URL = "/login_redirect" + +REST_FRAMEWORK = { + 'DEFAULT_AUTHENTICATION_CLASSES': [ + 'rest_framework.authentication.BasicAuthentication', + 'api.middleware.CsrfExemptSessionAuthentication' + ] +} \ No newline at end of file From 2aad4cda0048560ecfce632d0a98998dd24df11a Mon Sep 17 00:00:00 2001 From: ticoucke Date: Thu, 14 Mar 2024 17:25:26 +0100 Subject: [PATCH 3/5] Linting errors oplossen --- api/middleware.py | 3 +-- api/settings.py | 8 ++++---- manage.py | 4 ++-- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/api/middleware.py b/api/middleware.py index 1dfecdad..630478de 100644 --- a/api/middleware.py +++ b/api/middleware.py @@ -31,10 +31,9 @@ def __call__(self, request): return redirect(settings.LOGIN_URL) return self.get_response(request) - + class CsrfExemptSessionAuthentication(SessionAuthentication): def enforce_csrf(self, request): return # To not perform the csrf check previously happening - diff --git a/api/settings.py b/api/settings.py index 3134fe48..3a4ed619 100644 --- a/api/settings.py +++ b/api/settings.py @@ -168,8 +168,8 @@ LOGIN_REDIRECT_URL = "/login_redirect" REST_FRAMEWORK = { - 'DEFAULT_AUTHENTICATION_CLASSES': [ - 'rest_framework.authentication.BasicAuthentication', - 'api.middleware.CsrfExemptSessionAuthentication' + "DEFAULT_AUTHENTICATION_CLASSES": [ + "rest_framework.authentication.BasicAuthentication", + "api.middleware.CsrfExemptSessionAuthentication", ] -} \ No newline at end of file +} diff --git a/manage.py b/manage.py index 8c45ccf3..7fbe8935 100755 --- a/manage.py +++ b/manage.py @@ -6,7 +6,7 @@ def main(): """Run administrative tasks.""" - os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'api.settings') + os.environ.setdefault("DJANGO_SETTINGS_MODULE", "api.settings") try: from django.core.management import execute_from_command_line except ImportError as exc: @@ -18,5 +18,5 @@ def main(): execute_from_command_line(sys.argv) -if __name__ == '__main__': +if __name__ == "__main__": main() From 32f837c2bbd297d312133f0d72750acf805dfddf Mon Sep 17 00:00:00 2001 From: ticoucke Date: Thu, 14 Mar 2024 18:10:04 +0100 Subject: [PATCH 4/5] kleine changes reversen die onnodig waren --- api/middleware.py | 7 ------- api/settings.py | 7 ------- 2 files changed, 14 deletions(-) diff --git a/api/middleware.py b/api/middleware.py index 630478de..685195c6 100644 --- a/api/middleware.py +++ b/api/middleware.py @@ -1,6 +1,5 @@ from django.conf import settings from django.shortcuts import redirect -from rest_framework.authentication import SessionAuthentication class RedirectAnonymousUserMiddleware: @@ -31,9 +30,3 @@ def __call__(self, request): return redirect(settings.LOGIN_URL) return self.get_response(request) - - -class CsrfExemptSessionAuthentication(SessionAuthentication): - - def enforce_csrf(self, request): - return # To not perform the csrf check previously happening diff --git a/api/settings.py b/api/settings.py index 3a4ed619..f1f44c9b 100644 --- a/api/settings.py +++ b/api/settings.py @@ -166,10 +166,3 @@ LOGIN_URL = "django_auth_adfs:login" LOGIN_REDIRECT_URL = "/login_redirect" - -REST_FRAMEWORK = { - "DEFAULT_AUTHENTICATION_CLASSES": [ - "rest_framework.authentication.BasicAuthentication", - "api.middleware.CsrfExemptSessionAuthentication", - ] -} From 84d50bb309aed8f36569414c358558fd9b8e0085 Mon Sep 17 00:00:00 2001 From: ticoucke Date: Thu, 14 Mar 2024 18:23:36 +0100 Subject: [PATCH 5/5] middleware redirect terug uncommenten --- api/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/settings.py b/api/settings.py index f1f44c9b..6466be37 100644 --- a/api/settings.py +++ b/api/settings.py @@ -54,7 +54,7 @@ "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", - # 'api.middleware.RedirectAnonymousUserMiddleware', + "api.middleware.RedirectAnonymousUserMiddleware", ] ROOT_URLCONF = "api.urls"