Merge pull request jpadilla#5 from bskim45/master

Exempt Views from CSRF verification
pbgc · Dec 28, 2015 · 1802270 · 1802270
2 parents 0096200 + c9e1698
commit 1802270
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/jwt_auth/mixins.py b/jwt_auth/mixins.py
@@ -1,6 +1,9 @@
 from django.http import HttpResponse
 
 import jwt
+from django.utils.decorators import method_decorator
+from django.views.decorators.csrf import csrf_exempt
+
 from jwt_auth import settings, exceptions
 from jwt_auth.utils import get_authorization_header
 from jwt_auth.compat import json, smart_text, User
@@ -22,6 +25,7 @@ class JSONWebTokenAuthMixin(object):
     """
     www_authenticate_realm = 'api'
 
+    @method_decorator(csrf_exempt)
     def dispatch(self, request, *args, **kwargs):
         try:
             request.user, request.token = self.authenticate(request)

diff --git a/jwt_auth/views.py b/jwt_auth/views.py
@@ -1,4 +1,6 @@
 from django.http import HttpResponse, HttpResponseBadRequest
+from django.utils.decorators import method_decorator
+from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import View
 from django.core.serializers.json import DjangoJSONEncoder
 
@@ -11,6 +13,10 @@ class ObtainJSONWebToken(View):
     error_response_dict = {'errors': ['Improperly formatted request']}
     json_encoder_class = DjangoJSONEncoder
 
+    @method_decorator(csrf_exempt)
+    def dispatch(self, request, *args, **kwargs):
+        return super(ObtainJSONWebToken, self).dispatch(request, *args, **kwargs)
+
     def post(self, request, *args, **kwargs):
         try:
             request_json = json.loads(smart_text(request.body))