From 9cc68291df7d693c16458ab11318cbb7624e52c7 Mon Sep 17 00:00:00 2001
From: Tom Hacohen <tom@stosb.com>
Date: Wed, 3 Jun 2020 14:21:52 +0300
Subject: [PATCH] Authentication classes: add permissions to logout.

---
 django_etesync/views.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/django_etesync/views.py b/django_etesync/views.py
index c41d0c7..3233b7b 100644
--- a/django_etesync/views.py
+++ b/django_etesync/views.py
@@ -553,6 +553,7 @@ class InvitationIncomingViewSet(BaseViewSet):
 
 class AuthenticationViewSet(viewsets.ViewSet):
     allowed_methods = ['POST']
+    authentication_classes = BaseViewSet.authentication_classes
 
     def get_encryption_key(self, salt):
         key = nacl.hash.blake2b(settings.SECRET_KEY.encode(), encoder=nacl.encoding.RawEncoder)
@@ -662,7 +663,7 @@ class AuthenticationViewSet(viewsets.ViewSet):
 
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
-    @action_decorator(detail=False, methods=['POST'])
+    @action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes)
     def logout(self, request):
         # FIXME: expire the token - we need better token handling - using knox? Something else?
         return Response({}, status=status.HTTP_200_OK)