From 270af0073815349ad40efa5052763ca34d499c09 Mon Sep 17 00:00:00 2001
From: Brian Moe <brian.moe@ligo.org>
Date: Wed, 14 Nov 2012 14:46:04 -0600
Subject: [PATCH] CSRF problems with DRF SessionAuthentication.  Use custom
 auth class.

---
 gracedb/api.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/gracedb/api.py b/gracedb/api.py
index 680854713..403ec47b9 100644
--- a/gracedb/api.py
+++ b/gracedb/api.py
@@ -80,7 +80,7 @@ class EventList(APIView):
     ##renderer_classes = (JSONRenderer, JSONPRenderer, YAMLRenderer, XMLRenderer)
     ##permission_classes = (AllowAny,)
     ##authentication_classes = (authentication.SessionAuthentication,)
-    #authentication_classes = (LigoAuthentication,)
+    authentication_classes = (LigoAuthentication,)
     parser_classes = (parsers.MultiPartParser,)
 
     def get(self, request):
@@ -133,6 +133,7 @@ class EventList(APIView):
         return Response(rv, status=status.HTTP_201_CREATED)
 
 class EventDetail(APIView):
+    authentication_classes = (LigoAuthentication,)
     parser_classes = (parsers.MultiPartParser,)
     form = CreateEventForm
 
@@ -164,6 +165,8 @@ def eventLogToDict(log, n=None, request=None):
             }]
 
 class EventLogList(APIView):
+    authentication_classes = (LigoAuthentication,)
+
     def get(self, request, graceid):
         try:
             event = Event.getByGraceid(graceid)
@@ -178,6 +181,9 @@ class EventLogList(APIView):
 
 class EventLogDetail(APIView):
     """docstring for EventLogDetail"""
+
+    authentication_classes = (LigoAuthentication,)
+
     def get(self, request, graceid, n):
         try:
             event = Event.getByGraceid(graceid)
@@ -189,6 +195,7 @@ class EventLogDetail(APIView):
 
 class GracedbRoot(APIView):
     """Root of the Gracedb REST API"""
+    authentication_classes = (LigoAuthentication,)
     parser_classes = ()
     def get(self, request):
         # XXX scummy way to get a URI template.  Is there better?
@@ -295,6 +302,7 @@ def download(request, graceid, filename=""):
 class Files(APIView):
     """Files Resource"""
 
+    authentication_classes = (LigoAuthentication,)
     def get(self, request, graceid, filename=""):
         # Do not filename to be None.  That messes up later os.path.join
         filename = filename or ""
@@ -362,4 +370,5 @@ class Files(APIView):
 
 class FileMeta(APIView):
     """File Metadata Resource"""
+    authentication_classes = (LigoAuthentication,)
     pass
-- 
GitLab