diff --git a/greenmine/base/auth.py b/greenmine/base/auth.py new file mode 100644 index 00000000..6ca71405 --- /dev/null +++ b/greenmine/base/auth.py @@ -0,0 +1,24 @@ +# -*- coding: utf-8 -*- + +from rest_framework.authentication import BaseAuthentication + + +class SessionAuthentication(BaseAuthentication): + """ + Use Django's session framework for authentication without csrf. + """ + + def authenticate(self, request): + """ + Returns a `User` if the request session currently has a logged in user. + Otherwise returns `None`. + """ + + http_request = request._request + user = getattr(http_request, 'user', None) + + if not user or not user.is_active: + return None + + return (user, None) + diff --git a/greenmine/settings/common.py b/greenmine/settings/common.py index 5ee18652..32755125 100644 --- a/greenmine/settings/common.py +++ b/greenmine/settings/common.py @@ -163,13 +163,13 @@ TEMPLATE_LOADERS = [ MIDDLEWARE_CLASSES = [ 'django.middleware.common.CommonMiddleware', + 'django.middleware.locale.LocaleMiddleware', 'greenmine.base.middleware.GreenmineSessionMiddleware', 'greenmine.base.middleware.CoorsMiddleware', - 'django.middleware.locale.LocaleMiddleware', - 'django.middleware.csrf.CsrfViewMiddleware', + #'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'django.contrib.messages.middleware.MessageMiddleware', - 'django.middleware.clickjacking.XFrameOptionsMiddleware', + #'django.contrib.messages.middleware.MessageMiddleware', + #'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.transaction.TransactionMiddleware', 'reversion.middleware.RevisionMiddleware', ] @@ -320,7 +320,7 @@ HAYSTACK_DEFAULT_OPERATOR = 'AND' REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( - 'rest_framework.authentication.SessionAuthentication', + 'greenmine.base.auth.SessionAuthentication', ), 'FILTER_BACKEND': 'rest_framework.filters.DjangoFilterBackend', }