def set_up(self):
CSRF_TOKEN_COOKIE = 'XSRF-RANDOM'
CSRF_ANGULAR_COOKIE = 'XSRF-TOKEN'
CSRF_ANGULAR_AJAX_HEADER = 'X-XSRF-TOKEN'
csrf_code = facade.retrive_cookie_data(
self.handler.request, CSRF_TOKEN_COOKIE).execute().result
if csrf_code:
if self.handler.request.method != 'GET':
angular_cookie_value = self.handler.request.headers.get(
CSRF_ANGULAR_AJAX_HEADER)
if csrf_code == angular_cookie_value:
return False
form_input = self.dependencies.get(CSRF_CODE_KEY)
if csrf_code == form_input:
return False
else:
csrf_code = urandom(16).encode('hex')
facade.write_cookie(self.handler.response, CSRF_TOKEN_COOKIE,
csrf_code).execute()
self.handler.response.set_cookie(CSRF_ANGULAR_COOKIE, csrf_code)
fcn = self.dependencies['_fcn']
self.dependencies[CSRF_CODE_KEY] = csrf_code
is_secure = is_csrf_secure(fcn)
if is_secure:
self.handler.response.status = '403 forbiden access'
self.handler.response.write('Forbiden access')
return is_secure
def logged_user(request):
"""
Returns a command that retrieves the current logged user based on secure cookie
If there is no logged user, the result from command is None
"""
dct = cookie_facade.retrive_cookie_data(request, USER_COOKIE_NAME).execute().result
if dct is None:
return Command()
return NodeSearch(dct['id'])
def logged_user(request):
"""
Returns a command that retrieves the current logged user based on secure cookie
If there is no logged user, the result from command is None
"""
dct = cookie_facade.retrive_cookie_data(request,
USER_COOKIE_NAME).execute().result
if dct is None:
return Command()
return NodeSearch(dct['id'])
def set_up(self):
CSRF_TOKEN_COOKIE = 'XSRF-RANDOM'
CSRF_ANGULAR_COOKIE = 'XSRF-TOKEN'
CSRF_ANGULAR_AJAX_HEADER = 'X-XSRF-TOKEN'
csrf_code = facade.retrive_cookie_data(self.handler.request, CSRF_TOKEN_COOKIE).execute().result
if csrf_code:
if self.handler.request.method != 'GET':
angular_cookie_value = self.handler.request.headers.get(CSRF_ANGULAR_AJAX_HEADER)
if csrf_code == angular_cookie_value:
return False
form_input = self.dependencies.get(CSRF_CODE_KEY)
if csrf_code == form_input:
return False
else:
csrf_code = urandom(16).encode('hex')
facade.write_cookie(self.handler.response, CSRF_TOKEN_COOKIE, csrf_code).execute()
self.handler.response.set_cookie(CSRF_ANGULAR_COOKIE, csrf_code)
fcn = self.dependencies['_fcn']
self.dependencies[CSRF_CODE_KEY] = csrf_code
is_secure = is_csrf_secure(fcn)
if is_secure:
self.handler.response.status = '403 forbiden access'
self.handler.response.write('Forbiden access')
return is_secure
