def after_request(response):
# 生成随机的csrf_token值
csrf_token = generate_csrf()
# 设置一个cookie
response.set_cookie("csrf_token", csrf_token)
return response
def get_authorize_url(callback_uri):
return 'https://graph.facebook.com/oauth/authorize?' + urlencode({
'client_id': current_app.config['FACEBOOK_CLIENT_ID'],
'redirect_uri': callback_uri,
'scope': PERMISSION_SCOPES,
'state': generate_csrf(),
})
def after_request(response):
# 1. 生成csrf_token值
csrf_token = generate_csrf()
# 2. 将值传送给前端浏览器.借助response对象设置到cookie中
response.set_cookie("csrf_token", csrf_token)
# 3. 返回值
return response
def login(self, form):
# CSRF token valid for 5 minutes
csrf_token = csrf.generate_csrf(time_limit=300)
resp = self.oauth.authorize(callback=url_for('login.auth_method_login',
auth_method=self.safe_name,
_external=True), state=csrf_token)
current_app.logger.debug(u"Redirecting to : {}".format(resp.location))
return resp
def get_authenticate_url(redirect_uri, **kwargs):
csrf_token = generate_csrf()
return API_AUTH_URL + '?' + urllib.parse.urlencode({
'response_type': 'code',
'client_id': current_app.config['GOOGLE_CLIENT_ID'],
'redirect_uri': redirect_uri,
'scope': BLOGGER_SCOPE,
'state': csrf_token,
})
def authorize():
redirect_uri = url_for('.callback', _external=True)
client_id = current_app.config['WORDPRESS_CLIENT_ID']
return redirect(API_AUTHORIZE_URL + '?' + urllib.parse.urlencode({
'client_id': client_id,
'redirect_uri': redirect_uri,
'response_type': 'code',
'state': generate_csrf() + '|auth',
}))
def get_authenticate_url(callback_uri, **kwargs):
# wordpress.com only lets us specify one redirect_uri, so we'll ignore
# the passed in url and redirect to it later
client_id = current_app.config['WORDPRESS_CLIENT_ID']
return API_AUTHENTICATE_URL + '?' + urllib.parse.urlencode({
'client_id': client_id,
'redirect_uri': url_for('wordpress.callback', _external=True),
'response_type': 'code',
'state': generate_csrf() + '|id',
})
def generate_csrf_token(self, csrf_context=None):
if not self.csrf_enabled:
return None
csrf = generate_csrf(self.SECRET_KEY, self.TIME_LIMIT)
if g.user:
cache_value = g.user.id
else:
cache_value = 0
cache.set("csrf_%s" % csrf, cache_value, self.TIME_LIMIT)
return csrf
def generate_csrf_token(self, csrf_context=None):
if not self.csrf_enabled:
return None
csrf = generate_csrf(self.SECRET_KEY, self.TIME_LIMIT)
if g.user:
cache_value = g.user.id
else:
cache_value = 0
cache.set(csrf, cache_value, self.TIME_LIMIT)
return csrf
def get_authorize_url(redirect_uri):
csrf_token = generate_csrf()
return API_AUTH_URL + '?' + urllib.parse.urlencode({
'response_type': 'code',
'client_id': current_app.config['GOOGLE_CLIENT_ID'],
'redirect_uri': redirect_uri,
'scope': BLOGGER_SCOPE,
'state': csrf_token,
'access_type': 'offline', # necessary to get refresh token
'approval_prompt': 'force',
})
def __init__(self):
self.request_args = RequestArgs(formdata=request.args)
self.request_data = RequestArgs(formdata=MultiDict(request.get_json()))
self.response_data = dict()
if not self.request_args.validate():
abort(400)
if request.method in ['DELETE']:
if not validate_csrf(self.request_data.csrfToken.data):
abort(400)
self.response_data.update(csrfToken=generate_csrf())
def csrf_refresh(subdomain=None):
parsed_host = urlparse(request.url_root)
origin = parsed_host.scheme + u'://' + parsed_host.netloc
if 'Origin' in request.headers:
# Origin is present in (a) cross-site requests and (b) same site requests in some browsers.
# Therefore, if Origin is present, confirm it matches our domain.
if request.headers['Origin'] != origin:
abort(403)
return {'csrf_token': generate_csrf()}, 200, {
'Access-Control-Allow-Origin': origin,
'Vary': 'Origin',
'Expires': (datetime.utcnow() + timedelta(minutes=10)).strftime('%a, %d %b %Y %H:%M:%S GMT')
}
def get_static_html(file_name):
"""提供静态html文件"""
# 提示:如何才能使用file_name找到对应的html文件,路径是什么
if not file_name:
file_name = 'index.html'
if file_name != 'favicon.ico':
# 拼接静态文件路径
file_name = 'html/%s' % file_name
# 生成csrf_token
csrf_token = generate_csrf()
# 将csrf_token设置到cookie中
response = make_response(current_app.send_static_file(file_name))
response.set_cookie("csrf_token", csrf_token)
# 去项目路径中查找静态html文件,并响应给浏览器
return response
def get_static_html(file_name):
# 获取静态文件目录下对应的静态文件的内容并返回给浏览器
if file_name == '':
# 说明用户访问的是根路径默认返回index.html
file_name = 'index.html'
if file_name != "favicon.ico":
file_name = "html/" + file_name
# return current_app.send_static_file(file_name)
# return current_app.send_static_file('html/index.html')
response = make_response(current_app.send_static_file(file_name))
# 生成一个csrf_coken cookie
csrf_token = generate_csrf()
response.set_cookie("csrf_token", csrf_token)
return response
def get_html_page(file_name):
"""根据用户请求的静态html文件名file_name,提供静态html文件资源"""
# 判断是否是访问的根路径, 如果是根路径,拼接index.html
if not file_name:
file_name = "index.html"
# 判断不是favicon.ico才进行拼接
if file_name != "favicon.ico":
file_name = "html/" + file_name
response = current_app.send_static_file(file_name)
# 给cookie中设置csrf_token
token = generate_csrf()
response.set_cookie("csrf_token", token)
return response
def get_static_html(file_name):
# 获取静态文件目录下方对应的静态文件的内容并返回给浏览器
# print(file_name)
if file_name == "":
# 说明用户访问的是跟路径,默认返回index.html
file_name = "index.html"
# print(file_name)
if file_name != "favicon.ico":
file_name = "html/" + file_name
# print(file_name)
# return current_app.send_static_file(file_name)
response = make_response(current_app.send_static_file(file_name))
# 生成一个csrf_token cookie
csrf_token = generate_csrf()
response.set_cookie("csrf_token", csrf_token)
return response
def get_static_html(file_name):
# 提示:如何才能使用file_name找到对应的html文件,路径是什么?
# /static/html/register.html
if not file_name:
file_name = "index.html"
if file_name != 'favicon.ico':
# 拼接静态文件路径
file_name = 'html/%s' % file_name
# 创建相应对象
response = make_response(current_app.send_static_file(file_name))
# 生成csrf_tokon generate_csrf方法里有个默认值current_app.secret_key
csrf_token = generate_csrf()
# 将csrf_tokon写入cookie
response.set_cookie("csrf_token", csrf_token)
# 根据file_name拼接的全路径,去项目路径中查找静态html文件,并响应给浏览器
return response
def get_static_html(file_name):
'''获取静态文件'''
# 需求1:http://127.0.0.01:5000/login.html
# 需求2:http://127.0.0.1:5000/默认加载index.html
# 需求3:http://127.0.0.1:5000/favivon.ico 加载title图标
if not file_name:
file_name = 'index.html'
# 拼接file_name所在的路径 '/static/html/login.html'
# 拼接file_name所在的路径 '/static/html/file_name'
if file_name != 'favicon.ico':
file_name = 'html/' + file_name
# 获取response
response = make_response(current_app.send_static_file(file_name))
token = generate_csrf()
# 将csrf_token数据写入到cookie
response.set_cookie('csrf_token', token)
# 默认file_path去查找指定路径下的静态html
return response
def get_authenticate_url(callback_uri, **kwargs):
return 'https://www.facebook.com/dialog/oauth?' + urlencode({
'client_id': current_app.config['FACEBOOK_CLIENT_ID'],
'redirect_uri': callback_uri,
'state': generate_csrf(),
})
def after_request(response):
csrf_token = generate_csrf()
response.set_cookie("csrf_token", csrf_token)
return response
def _set_csrf_token(*args, **kwds):
resp = f(*args, **kwds)
if not isinstance(resp, Response):
resp = make_response(resp)
resp.set_cookie(current_app.config['ANGULARJS_CSRF_COOKIE'], value=generate_csrf())
return resp
def after_request(resp):
value = generate_csrf()
resp.set_cookie("csrf_token", value)
return resp
def after_request(resp):
#由CSRFProtect提供的一个generate_csrf方法生成csrf_token
csrf_token = generate_csrf()
resp.set_cookie("csrf_token", csrf_token)
return resp
def get(self):
"""
Returns a csrf token
"""
return {'csrf': generate_csrf()}
def after_request(response):
# 调用函数生成 csrf_token
csrf_token = generate_csrf()
# 通过cookie将值传递给前端
response.set_cookie("csrf_token", csrf_token)
return response
def after_request(response):
csrf_token = generate_csrf(
) # flask.ext.wtf.csrf中一个模块,用于专门生成csrf_token值
response.set_cookie("csrf_token", csrf_token)
return response
def szscrf(resp):
token = generate_csrf()
# session['field_name']=token
# resp.headers['X-CSRFToken'] = token
resp.set_cookie('X-CSRFToken', token)
return resp
def login(self, form):
# CSRF token valid for 5 minutes
csrf_token = csrf.generate_csrf(time_limit=300)
return self.oauth.authorize(callback=url_for('login.auth_method_login',
auth_method=self.safe_name,
_external=True), state=csrf_token)
def generate_csrf_token(response):
csrf_token = generate_csrf()
response.set_cookie("csrf_token", csrf_token)
return response
def after_request(resp):
csrf_token = generate_csrf() # 生成csrf_token
resp.set_cookie('csrf_token', csrf_token) # 将csrf_token添加到cookie中
return resp
def set_cookie_csrf(response):
# print(response.headers["Content-Type"]) # 检测response什么时候传进来
csrf_token = generate_csrf()
response.set_cookie("csrf_token", csrf_token)
# print(csrf_token)
return response
def get(self):
"""
Returns a csrf token
"""
return {'csrf': generate_csrf()}
