feat: Suite de la gestion des sessions

2026-01-29 07:53:23 +00:00 · 2025-02-17 16:11:15 +01:00
parent 65d5b8c424
commit 8ea68bbad0
18 changed files with 113 additions and 180 deletions
--- a/Back-End/Auth/views.py
+++ b/Back-End/Auth/views.py
@ -148,8 +148,7 @@ class ProfileSimpleView(APIView):
    def delete(self, request, id):
        return bdd.delete_object(Profile, id)

-@method_decorator(csrf_protect, name='dispatch')
-@method_decorator(ensure_csrf_cookie, name='dispatch')
+@method_decorator(csrf_exempt, name='dispatch')
 class LoginView(APIView):
    @swagger_auto_schema(
        operation_description="Connexion utilisateur",
@ -168,13 +167,14 @@ class LoginView(APIView):
                    'errorFields': openapi.Schema(type=openapi.TYPE_OBJECT),
                    'errorMessage': openapi.Schema(type=openapi.TYPE_STRING),
                    'profil': openapi.Schema(type=openapi.TYPE_INTEGER),
-                    'droit': openapi.Schema(type=openapi.TYPE_INTEGER)
+                    'droit': openapi.Schema(type=openapi.TYPE_INTEGER),
+                    'id': openapi.Schema(type=openapi.TYPE_INTEGER),
                }
            ))
        }
    )
    def post(self, request):
-        data=JSONParser().parse(request)
+        data = JSONParser().parse(request)
        validatorAuthentication = validator.ValidatorAuthentication(data=data)
        retour = error.returnMessage[error.WRONG_ID]
        validationOk, errorFields = validatorAuthentication.validate()
@ -196,13 +196,12 @@ class LoginView(APIView):
            else:
                retour = error.returnMessage[error.WRONG_ID]

-
        return JsonResponse({
-            'errorFields':errorFields,
-            'errorMessage':retour,
-            'profil':user.id if user else -1,
-            'droit':user.droit if user else -1,
-            #'jwtToken':jwt_token if profil != -1 else ''
+            'errorFields': errorFields,
+            'errorMessage': retour,
+            'profil': user.id if user else -1,
+            'droit': user.droit if user else -1,
+            'id': user.id if user else -1,
        }, safe=False)

@method_decorator(csrf_protect, name='dispatch')
--- a/Back-End/N3wtSchool/settings.py
+++ b/Back-End/N3wtSchool/settings.py
@ -252,19 +252,10 @@ CORS_ALLOW_ALL_HEADERS = True
 CORS_ALLOW_CREDENTIALS = True

 CORS_ALLOWED_ORIGINS = [
-    'http://localhost:3000'
+    os.getenv('CORS_ALLOWED_ORIGINS', 'http://localhost:3000')
 ]

-CSRF_TRUSTED_ORIGINS = [
-    'http://localhost:3000',
-    'http://localhost:8080'
-]
-
-# CORS_ALLOWED_ORIGINS = [
-#     os.getenv('CORS_ALLOWED_ORIGINS', 'http://localhost:3000')
-# ]
-
-# CSRF_TRUSTED_ORIGINS = os.getenv('CSRF_TRUSTED_ORIGINS', 'http://localhost:3000,http://localhost:8080').split(',')
+CSRF_TRUSTED_ORIGINS = os.getenv('CSRF_TRUSTED_ORIGINS', 'http://localhost:3000,http://localhost:8080').split(',')

 CSRF_COOKIE_HTTPONLY = False
 CSRF_COOKIE_SECURE = False