Skip to content

E
edx-platform
Switch branch/tag
Find file
Normal viewHistoryPermalink
authentication.py 1.33 KB
Newer Older
Merge release to master for 20150317 release.
243e2660
 
Brian Wilson committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 
"""Django Rest Framework Authentication classes for cross-domain end-points."""
from rest_framework import authentication
from cors_csrf.helpers import is_cross_domain_request_allowed, skip_cross_domain_referer_check


class SessionAuthenticationCrossDomainCsrf(authentication.SessionAuthentication):
    """Session authentication that skips the referer check over secure connections.

    Django Rest Framework's `SessionAuthentication` class calls Django's
    CSRF middleware implementation directly, which bypasses the middleware
    stack.

    This version of `SessionAuthentication` performs the same workaround
    as `CorsCSRFMiddleware` to skip the referer check for whitelisted
    domains over a secure connection.  See `cors_csrf.middleware` for
    more information.

    Since this subclass overrides only the `enforce_csrf()` method,
    it can be mixed in with other `SessionAuthentication` subclasses.

    """

    def enforce_csrf(self, request):
        """Skip the referer check if the cross-domain request is allowed. """
        if is_cross_domain_request_allowed(request):
            with skip_cross_domain_referer_check(request):
                return super(SessionAuthenticationCrossDomainCsrf, self).enforce_csrf(request)
        else:
            return super(SessionAuthenticationCrossDomainCsrf, self).enforce_csrf(request)