diff --git a/passbook/factors/otp/views.py b/passbook/factors/otp/views.py index 1ff3da602..7435d9488 100644 --- a/passbook/factors/otp/views.py +++ b/passbook/factors/otp/views.py @@ -7,8 +7,10 @@ from django.contrib.auth.mixins import LoginRequiredMixin from django.http import Http404, HttpRequest, HttpResponse from django.shortcuts import get_object_or_404, redirect from django.urls import reverse +from django.utils.decorators import method_decorator from django.utils.translation import ugettext as _ from django.views import View +from django.views.decorators.cache import never_cache from django.views.generic import FormView, TemplateView from django_otp.plugins.otp_static.models import StaticDevice, StaticToken from django_otp.plugins.otp_totp.models import TOTPDevice @@ -19,7 +21,6 @@ from structlog import get_logger from passbook.audit.models import Event, EventAction from passbook.factors.otp.forms import OTPSetupForm from passbook.factors.otp.utils import otpauth_url -from passbook.lib.mixins import NeverCacheMixin from passbook.lib.config import CONFIG OTP_SESSION_KEY = "passbook_factors_otp_key" @@ -146,7 +147,8 @@ class EnableView(LoginRequiredMixin, FormView): return redirect("passbook_factors_otp:otp-user-settings") -class QRView(NeverCacheMixin, View): +@method_decorator(never_cache, name="dispatch") +class QRView(View): """View returns an SVG image with the OTP token information""" def get(self, request: HttpRequest) -> HttpResponse: diff --git a/passbook/lib/mixins.py b/passbook/lib/mixins.py deleted file mode 100644 index 4c7a02837..000000000 --- a/passbook/lib/mixins.py +++ /dev/null @@ -1,22 +0,0 @@ -"""passbook util mixins""" -from django.views.decorators.cache import never_cache -from django.utils.decorators import method_decorator -from django.views.decorators.csrf import csrf_exempt - - -class CSRFExemptMixin: - """wrapper to apply @csrf_exempt to CBV""" - - @method_decorator(csrf_exempt) - def dispatch(self, *args, **kwargs): - """wrapper to apply @csrf_exempt to CBV""" - return super().dispatch(*args, **kwargs) - - -class NeverCacheMixin: - """Use never_cache as mixin for CBV""" - - @method_decorator(never_cache) - def dispatch(self, *args, **kwargs): - """Use never_cache as mixin for CBV""" - return super().dispatch(*args, **kwargs) diff --git a/passbook/providers/saml/views.py b/passbook/providers/saml/views.py index 2675dfbeb..d21dbd992 100644 --- a/passbook/providers/saml/views.py +++ b/passbook/providers/saml/views.py @@ -18,7 +18,6 @@ from structlog import get_logger from passbook.audit.models import Event, EventAction from passbook.core.models import Application -from passbook.lib.mixins import CSRFExemptMixin from passbook.lib.utils.template import render_to_string from passbook.lib.views import bad_request_message from passbook.policies.engine import PolicyEngine @@ -180,7 +179,8 @@ class LoginProcessView(AccessRequiredView): return self.handle_redirect(saml_params, True) -class LogoutView(CSRFExemptMixin, AccessRequiredView): +@method_decorator(csrf_exempt, name="dispatch") +class LogoutView(AccessRequiredView): """Allows a non-SAML 2.0 URL to log out the user and returns a standard logged-out page. (SalesForce and others use this method, though it's technically not SAML 2.0).""" @@ -202,7 +202,8 @@ class LogoutView(CSRFExemptMixin, AccessRequiredView): return render(request, "saml/idp/logged_out.html") -class SLOLogout(CSRFExemptMixin, AccessRequiredView): +@method_decorator(csrf_exempt, name="dispatch") +class SLOLogout(AccessRequiredView): """Receives a SAML 2.0 LogoutRequest from a Service Provider, logs out the user and returns a standard logged-out page."""