CSRF disabling middleware added
diff --git a/tap/middleware.py b/tap/middleware.py
new file mode 100644
index 0000000..d69ac55
--- /dev/null
+++ b/tap/middleware.py
@@ -0,0 +1,23 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Disabling CSRF
+# Solution found at
+# http://stackoverflow.com/questions/30871033/django-rest-framework-remove-csrf/33778953#33778953
+
+class DisableCSRF(object):
+ def process_request(self, request):
+ setattr(request, '_dont_enforce_csrf_checks', True)
\ No newline at end of file
diff --git a/tap/settings.py b/tap/settings.py
index 5c7a213..2a2b16e 100644
--- a/tap/settings.py
+++ b/tap/settings.py
@@ -1,14 +1,14 @@
"""
-Django settings for tap project.
-
-Generated by 'django-admin startproject' using Django 1.9.7.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/1.9/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.9/ref/settings/
-"""
+ Django settings for tap project.
+
+ Generated by 'django-admin startproject' using Django 1.9.7.
+
+ For more information on this file, see
+ https://docs.djangoproject.com/en/1.9/topics/settings/
+
+ For the full list of settings and their values, see
+ https://docs.djangoproject.com/en/1.9/ref/settings/
+ """
import os
@@ -32,45 +32,46 @@
# Application definition
INSTALLED_APPS = [
- 'appmgr.apps.AppmgrConfig',
- 'django.contrib.admin',
- 'django.contrib.auth',
- 'django.contrib.contenttypes',
- 'django.contrib.sessions',
- 'django.contrib.messages',
- 'django.contrib.staticfiles',
-]
+ 'appmgr.apps.AppmgrConfig',
+ 'django.contrib.admin',
+ 'django.contrib.auth',
+ 'django.contrib.contenttypes',
+ 'django.contrib.sessions',
+ 'django.contrib.messages',
+ 'django.contrib.staticfiles',
+ ]
MIDDLEWARE_CLASSES = [
- 'django.middleware.security.SecurityMiddleware',
- 'django.contrib.sessions.middleware.SessionMiddleware',
- 'django.middleware.common.CommonMiddleware',
- 'django.middleware.csrf.CsrfViewMiddleware',
- 'django.contrib.auth.middleware.AuthenticationMiddleware',
- 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
- 'django.contrib.messages.middleware.MessageMiddleware',
- 'django.middleware.clickjacking.XFrameOptionsMiddleware',
-]
+ 'django.middleware.security.SecurityMiddleware',
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware',
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+ 'tap.middleware.DisableCSRF',
+ ]
ROOT_URLCONF = 'tap.urls'
TEMPLATES = [
- {
- 'BACKEND': 'django.template.backends.django.DjangoTemplates',
- 'DIRS': [
- os.path.join(BASE_DIR, 'templates'),
- ],
- 'APP_DIRS': True,
- 'OPTIONS': {
- 'context_processors': [
- 'django.template.context_processors.debug',
- 'django.template.context_processors.request',
- 'django.contrib.auth.context_processors.auth',
- 'django.contrib.messages.context_processors.messages',
- ],
- },
- },
-]
+ {
+ 'BACKEND': 'django.template.backends.django.DjangoTemplates',
+ 'DIRS': [
+ os.path.join(BASE_DIR, 'templates'),
+ ],
+ 'APP_DIRS': True,
+ 'OPTIONS': {
+ 'context_processors': [
+ 'django.template.context_processors.debug',
+ 'django.template.context_processors.request',
+ 'django.contrib.auth.context_processors.auth',
+ 'django.contrib.messages.context_processors.messages',
+ ],
+ },
+ },
+ ]
WSGI_APPLICATION = 'tap.wsgi.application'
@@ -86,7 +87,7 @@
'PASSWORD': 'Dr@p3rUs3r',
'HOST': 'localhost',
'PORT': '',
- }
+}
}
@@ -94,19 +95,19 @@
# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
- {
- 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
- },
- {
- 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
- },
- {
- 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
- },
- {
- 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
- },
-]
+ {
+ 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+ },
+ {
+ 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+ },
+ {
+ 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+ },
+ {
+ 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+ },
+ ]
# Internationalization
@@ -131,8 +132,8 @@
# STATIC_ROOT = os.path.join(BASE_DIR, "static/")
STATICFILES_DIRS = (
- os.path.join(BASE_DIR, "static"),
-)
+ os.path.join(BASE_DIR, "static"),
+ )
# SensSoft Distill URL connection
# used in app_mgr/distillviews.py
diff --git a/tap/settings/settings.py b/tap/settings/settings.py
index f9bf017..09691d2 100755
--- a/tap/settings/settings.py
+++ b/tap/settings/settings.py
@@ -1,14 +1,14 @@
"""
-Django settings for tap project.
-
-Generated by 'django-admin startproject' using Django 1.9.7.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/1.9/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.9/ref/settings/
-"""
+ Django settings for tap project.
+
+ Generated by 'django-admin startproject' using Django 1.9.7.
+
+ For more information on this file, see
+ https://docs.djangoproject.com/en/1.9/topics/settings/
+
+ For the full list of settings and their values, see
+ https://docs.djangoproject.com/en/1.9/ref/settings/
+ """
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
@@ -50,66 +50,67 @@
# Application definition
INSTALLED_APPS = (
- 'grappelli', # must be before django.contrib.admin
- 'django.contrib.admin',
- 'django.contrib.auth',
- 'django.contrib.contenttypes',
- 'django.contrib.sessions',
- 'django.contrib.messages',
- 'django.contrib.sites',
- 'django.contrib.staticfiles',
- 'custom_user',
- 'app_mgr',
- 'axes',
- 'rest_framework',
- 'rest_framework.authtoken',
- 'guardian',
- 'webpack_loader',
-)
+ 'grappelli', # must be before django.contrib.admin
+ 'django.contrib.admin',
+ 'django.contrib.auth',
+ 'django.contrib.contenttypes',
+ 'django.contrib.sessions',
+ 'django.contrib.messages',
+ 'django.contrib.sites',
+ 'django.contrib.staticfiles',
+ 'custom_user',
+ 'app_mgr',
+ 'axes',
+ 'rest_framework',
+ 'rest_framework.authtoken',
+ 'guardian',
+ 'webpack_loader',
+ )
MIDDLEWARE_CLASSES = (
- 'django.contrib.sessions.middleware.SessionMiddleware',
- 'django.middleware.common.CommonMiddleware',
- 'django.middleware.csrf.CsrfViewMiddleware',
- 'django.contrib.auth.middleware.AuthenticationMiddleware',
- 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
- 'django.contrib.messages.middleware.MessageMiddleware',
- 'django.middleware.clickjacking.XFrameOptionsMiddleware',
- 'django.middleware.security.SecurityMiddleware',
-)
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware',
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+ 'django.middleware.security.SecurityMiddleware',
+ 'tap.middleware.DisableCSRF',
+ )
ROOT_URLCONF = 'tap.urls'
AUTHENTICATION_BACKENDS = (
- 'django.contrib.auth.backends.ModelBackend',
- 'guardian.backends.ObjectPermissionBackend',
- )
+ 'django.contrib.auth.backends.ModelBackend',
+ 'guardian.backends.ObjectPermissionBackend',
+ )
GUARDIAN_MONKEY_PATCH = False
AUTH_USER_MODEL = 'app_mgr.UserProfile'
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
- 'rest_framework.authentication.TokenAuthentication',
- )
+ 'rest_framework.authentication.TokenAuthentication',
+ )
}
LOGIN_REDIRECT_URL = '/app_mgr/users'
TEMPLATES = [
- {
- 'BACKEND': 'django.template.backends.django.DjangoTemplates',
- 'DIRS': [os.path.join(SITE_ROOT, 'templates')],
- 'APP_DIRS': True,
- 'OPTIONS': {
- 'context_processors': [
- 'django.template.context_processors.debug',
- 'django.template.context_processors.request',
- 'django.contrib.auth.context_processors.auth',
- 'django.contrib.messages.context_processors.messages',
- ],
- },
- },
-]
+ {
+ 'BACKEND': 'django.template.backends.django.DjangoTemplates',
+ 'DIRS': [os.path.join(SITE_ROOT, 'templates')],
+ 'APP_DIRS': True,
+ 'OPTIONS': {
+ 'context_processors': [
+ 'django.template.context_processors.debug',
+ 'django.template.context_processors.request',
+ 'django.contrib.auth.context_processors.auth',
+ 'django.contrib.messages.context_processors.messages',
+ ],
+ },
+ },
+ ]
WSGI_APPLICATION = 'tap.wsgi.application'
@@ -125,7 +126,7 @@
'PASSWORD': MY_DB_PASSWORD,
'HOST': MY_DB_HOST,
'PORT': '',
- }
+}
}
@@ -149,8 +150,8 @@
STATIC_URL = '/static/'
STATICFILES_DIRS = [
- os.path.join(BASE_DIR, '../static'),
-]
+ os.path.join(BASE_DIR, '../static'),
+ ]
LOGGING = {
'version': 1,
@@ -165,8 +166,8 @@
'level': 'NOTSET',
'class': 'logging.StreamHandler',
'formatter': 'verbose'
- }
- },
+ }
+},
'loggers': {
'': {
'handlers': ['console'],
@@ -176,6 +177,6 @@
'handlers': ['console'],
'propagate': False,
'level': 'ERROR'
- }
}
}
+}