def handle_login(request): csrf_middleware = CsrfViewMiddleware() response_data = {} form = None if request.raw_post_data: request.POST = json.loads(request.raw_post_data) csrf_middleware.process_view(request, None, None, None) if 'data' in request.POST: form = LoginForm(data=request.POST['data']) if form.is_valid(): if not request.POST['meta']['validate']: auth_login(request, form.get_user()) else: form = LoginForm(request) response_data['csrfmiddlewaretoken'] = get_token(request) if form is not None: remote_form = RemoteForm(form) response_data.update(remote_form.as_dict()) response = HttpResponse(json.dumps(response_data, cls=LazyEncoder), mimetype="application/json") csrf_middleware.process_response(request, response) return response
def test_https_malformed_referer(self): """ A POST HTTPS request with a bad referer is rejected. """ malformed_referer_msg = 'Referer checking failed - Referer is malformed.' req = self._get_POST_request_with_token() req._is_secure_override = True req.META['HTTP_REFERER'] = 'http://http://www.example.com/' mw = CsrfViewMiddleware(post_form_view) response = mw.process_view(req, post_form_view, (), {}) self.assertContains( response, 'Referer checking failed - Referer is insecure while host is secure.', status_code=403, ) # Empty req.META['HTTP_REFERER'] = '' response = mw.process_view(req, post_form_view, (), {}) self.assertContains(response, malformed_referer_msg, status_code=403) # Non-ASCII req.META['HTTP_REFERER'] = 'ØBöIß' response = mw.process_view(req, post_form_view, (), {}) self.assertContains(response, malformed_referer_msg, status_code=403) # missing scheme # >>> urlparse('//example.com/') # ParseResult(scheme='', netloc='example.com', path='/', params='', query='', fragment='') req.META['HTTP_REFERER'] = '//example.com/' response = mw.process_view(req, post_form_view, (), {}) self.assertContains(response, malformed_referer_msg, status_code=403) # missing netloc # >>> urlparse('https://') # ParseResult(scheme='https', netloc='', path='', params='', query='', fragment='') req.META['HTTP_REFERER'] = 'https://' response = mw.process_view(req, post_form_view, (), {}) self.assertContains(response, malformed_referer_msg, status_code=403)
def api_user_login_via_otp_form_email_django_forms_example(request): csrf_middleware = CsrfViewMiddleware() response_data = {} if request.method == 'GET': # Get form definition form = UserLoginViaOtpFormEmail(initial={'email': settings.TESTING_EMAIL2}) elif request.method == 'POST': if request.content_type != 'application/json': return HttpResponse(json.dumps({"detail": "Unsupported media type \"'%s'\" in request." % request.content_type}), content_type="application/json",status=401); # Process request for CSRF csrf_middleware.process_view(request, None, None, None) form_data = json.loads(request.body) form = UserLoginViaOtpFormEmail(form_data) if form.is_valid(): email = form.cleaned_data.get('email') response = HttpResponse( {'email': email}, content_type="application/json" ) remote_form = RemoteForm(form) # Errors in response_data['non_field_errors'] and response_data['errors'] response_data.update(remote_form.as_dict()) response = HttpResponse( json.dumps(response_data, cls=DjangoJSONEncoder), content_type="application/json" ) # Process response for CSRF csrf_middleware.process_response(request, response) return response
def my_ajax_view(request): csrf_middleware = CsrfViewMiddleware() response_data = {} if request.method == 'GET': # Get form definition form = IngredientForm10() elif request.method == 'POST': #request.POST = json.loads(request.body) # Process request for CSRF csrf_middleware.process_view(request, None, None, None) form_data = json.loads(request.body) form = IngredientForm10(form_data) if form.is_valid(): form.save() return HttpResponseRedirect(reverse("ingredients-api:singleform")) remote_form = RemoteForm(form) # Errors in response_data['non_field_errors'] and response_data['errors'] response_data.update(remote_form.as_dict()) response = HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder), content_type="application/json") # Process response for CSRF csrf_middleware.process_response(request, response) return response
def test_csrf_cookie_samesite(self): req = self._get_GET_no_csrf_cookie_request() with self.settings(CSRF_COOKIE_NAME='csrfcookie', CSRF_COOKIE_SAMESITE='Strict'): mw = CsrfViewMiddleware(token_view) mw.process_view(req, token_view, (), {}) resp = mw(req) self.assertEqual(resp.cookies['csrfcookie']['samesite'], 'Strict')
def my_ajax_view(request): csrf_middleware = CsrfViewMiddleware() response_data = {} if request.method == 'GET': # Get form definition form = ProjectForm() elif request.raw_post_data: request.POST = json.loads(request.raw_post_data) # Process request for CSRF csrf_middleware.process_view(request, None, None, None) form_data = request.POST.get('data', {}) form = ProjectForm(form_data) if form.is_valid(): form.save() field_configuration = { 'include': ['title','duration'], } remote_form = RemoteForm(form, **field_configuration) # Errors in response_data['non_field_errors'] and response_data['errors'] response_data.update(remote_form.as_dict()) response = HttpResponse( json.dumps(response_data, cls=DjangoJSONEncoder), mimetype="application/json" ) # Process response for CSRF csrf_middleware.process_response(request, response) return response
def process_response(self, request, response): if response.status_code != 404: return response # No need to check for a node for non-404 responses. csrf_middleware = CsrfViewMiddleware() csrf_middleware.process_view(request, node, None, None) try: return node(request) # Return the original response if any errors happened. Because this # is a middleware, we can't assume the errors will be caught elsewhere. except Http404: referrer = request.META.get('HTTP_REFERER') try: if referrer and referrer.endswith(request.path_info): # Seems like the visitor just changed his language. Even if that's not so, there's no point # in viewing the same 404 error page twice, you'll better go see the root :) if '/my/' in request.path: return HttpResponseRedirect("/my/") return HttpResponseRedirect("/") except UnicodeDecodeError: return response return response except: if settings.DEBUG: raise return response
def handle_login(request): csrf_middleware = CsrfViewMiddleware() response_data = {} form = None if request.raw_post_data: request.POST = json.loads(request.raw_post_data) csrf_middleware.process_view(request, None, None, None) if 'data' in request.POST: form = LoginForm(data=request.POST['data']) if form.is_valid(): if not request.POST['meta']['validate']: auth_login(request, form.get_user()) else: form = LoginForm(request) response_data['csrfmiddlewaretoken'] = get_token(request) if form is not None: remote_form = RemoteForm(form) response_data.update(remote_form.as_dict()) response = HttpResponse(json.dumps(response_data, cls=LazyEncoder), mimetype="application/json") csrf_middleware.process_response(request, response) return response
def test_get_token_for_exempt_view(self): """ get_token still works for a view decorated with 'csrf_exempt'. """ req = self._get_GET_csrf_cookie_request() mw = CsrfViewMiddleware(token_view) mw.process_request(req) mw.process_view(req, csrf_exempt(token_view), (), {}) resp = token_view(req) self._check_token_present(resp)
def test_ensures_csrf_cookie_with_middleware(self): """ The ensure_csrf_cookie() decorator works with the CsrfViewMiddleware enabled. """ req = self._get_GET_no_csrf_cookie_request() mw = CsrfViewMiddleware(ensure_csrf_cookie_view) mw.process_view(req, ensure_csrf_cookie_view, (), {}) mw(req) self.assertTrue(req.session.get(CSRF_SESSION_KEY, False))
def test_token_node_with_csrf_cookie(self): """ CsrfTokenNode works when a CSRF cookie is set. """ req = self._get_GET_csrf_cookie_request() mw = CsrfViewMiddleware(token_view) mw.process_request(req) mw.process_view(req, token_view, (), {}) resp = token_view(req) self._check_token_present(resp)
def test_post_data_read_failure(self): """ OSErrors during POST data reading are caught and treated as if the POST data wasn't there (#20128). """ class CsrfPostRequest(HttpRequest): """ HttpRequest that can raise an OSError when accessing POST data """ def __init__(self, token, raise_error): super().__init__() self.method = 'POST' self.raise_error = False self.COOKIES[settings.CSRF_COOKIE_NAME] = token # Handle both cases here to prevent duplicate code in the # session tests. self.session = {} self.session[CSRF_SESSION_KEY] = token self.POST['csrfmiddlewaretoken'] = token self.raise_error = raise_error def _load_post_and_files(self): raise OSError('error reading input data') def _get_post(self): if self.raise_error: self._load_post_and_files() return self._post def _set_post(self, post): self._post = post POST = property(_get_post, _set_post) token = ('ABC' + self._csrf_id)[:CSRF_TOKEN_LENGTH] req = CsrfPostRequest(token, raise_error=False) mw = CsrfViewMiddleware(post_form_view) mw.process_request(req) resp = mw.process_view(req, post_form_view, (), {}) self.assertIsNone(resp) req = CsrfPostRequest(token, raise_error=True) mw.process_request(req) with self.assertLogs('django.security.csrf', 'WARNING') as cm: resp = mw.process_view(req, post_form_view, (), {}) self.assertEqual(resp.status_code, 403) self.assertEqual( cm.records[0].getMessage(), 'Forbidden (%s): ' % REASON_CSRF_TOKEN_MISSING, )
def test_session_modify(self): """The session isn't saved if the CSRF cookie is unchanged.""" req = self._get_GET_no_csrf_cookie_request() mw = CsrfViewMiddleware(ensure_csrf_cookie_view) mw.process_view(req, ensure_csrf_cookie_view, (), {}) mw(req) self.assertIsNotNone(req.session.get(CSRF_SESSION_KEY)) req.session.modified = False mw.process_view(req, ensure_csrf_cookie_view, (), {}) mw(req) self.assertFalse(req.session.modified)
def test_ensures_csrf_cookie_with_middleware(self): """ The ensure_csrf_cookie() decorator works with the CsrfViewMiddleware enabled. """ req = self._get_GET_no_csrf_cookie_request() mw = CsrfViewMiddleware(ensure_csrf_cookie_view) mw.process_view(req, ensure_csrf_cookie_view, (), {}) resp = mw(req) self.assertTrue(resp.cookies.get(settings.CSRF_COOKIE_NAME, False)) self.assertIn('Cookie', resp.get('Vary', ''))
def test_token_node_with_new_csrf_cookie(self): """ CsrfTokenNode works when a CSRF cookie is created by the middleware (when one was not already present). """ req = self._get_GET_no_csrf_cookie_request() mw = CsrfViewMiddleware(token_view) mw.process_view(req, token_view, (), {}) resp = mw(req) csrf_cookie = req.session[CSRF_SESSION_KEY] self._check_token_present(resp, csrf_id=csrf_cookie)
def test_token_node_with_new_csrf_cookie(self): """ CsrfTokenNode works when a CSRF cookie is created by the middleware (when one was not already present) """ req = self._get_GET_no_csrf_cookie_request() mw = CsrfViewMiddleware(token_view) mw.process_view(req, token_view, (), {}) resp = mw(req) csrf_cookie = resp.cookies[settings.CSRF_COOKIE_NAME] self._check_token_present(resp, csrf_id=csrf_cookie.value)
def test_process_view_token_too_long(self): """ If the token is longer than expected, it is ignored and a new token is created. """ req = self._get_GET_no_csrf_cookie_request() req.COOKIES[settings.CSRF_COOKIE_NAME] = 'x' * 100000 mw = CsrfViewMiddleware(token_view) mw.process_view(req, token_view, (), {}) resp = mw(req) csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, False) self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
def test_token_node_empty_csrf_cookie(self): """ A new token is sent if the csrf_cookie is the empty string. """ req = self._get_GET_no_csrf_cookie_request() req.COOKIES[settings.CSRF_COOKIE_NAME] = "" mw = CsrfViewMiddleware(token_view) mw.process_view(req, token_view, (), {}) resp = token_view(req) token = get_token(req) self.assertIsNotNone(token) self._check_token_present(resp, token)
def process_request(self, request): if (cache_installed() and request.method == "GET" and not request.user.is_authenticated()): cache_key = cache_key_prefix(request) + request.get_full_path() response = cache_get(cache_key) if response is None: request._update_cache = True else: csrf_mw_name = "django.middleware.csrf.CsrfViewMiddleware" if csrf_mw_name in settings.MIDDLEWARE_CLASSES: csrf_mw = CsrfViewMiddleware() csrf_mw.process_view(request, lambda x: None, None, None) get_token(request) return HttpResponse(response)
def process_request(self, request): if (cache_installed() and request.method == "GET" and not request.user.is_authenticated()): cache_key = cache_key_prefix(request) + request.get_full_path() response = cache_get(cache_key) if response is None: request._update_cache = True else: csrf_mw_name = "django.middleware.csrf.CsrfViewMiddleware" if csrf_mw_name in settings.MIDDLEWARE_CLASSES: csrf_mw = CsrfViewMiddleware() csrf_mw.process_view(request, lambda x: None, None, None) get_token(request) return HttpResponse(response)
def test_process_view_token_invalid_chars(self): """ If the token contains non-alphanumeric characters, it is ignored and a new token is created. """ token = ('!@#' + self._csrf_id)[:CSRF_TOKEN_LENGTH] req = self._get_GET_no_csrf_cookie_request() req.COOKIES[settings.CSRF_COOKIE_NAME] = token mw = CsrfViewMiddleware(token_view) mw.process_view(req, token_view, (), {}) resp = mw(req) csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, False) self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH) self.assertNotEqual(csrf_cookie.value, token)
def test_cookie_not_reset_on_accepted_request(self): """ The csrf token used in posts is changed on every request (although stays equivalent). The csrf cookie should not change on accepted requests. If it appears in the response, it should keep its value. """ req = self._get_POST_request_with_token() mw = CsrfViewMiddleware(token_view) mw.process_request(req) mw.process_view(req, token_view, (), {}) resp = mw(req) csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, None) if csrf_cookie: self.assertEqual(csrf_cookie.value, self._csrf_id_cookie, "CSRF cookie was changed on an accepted request")
def process_request(self, request): if (cache_installed() and request.method == "GET" and not is_authenticated(request.user)): cache_key = cache_key_prefix(request) + request.get_full_path() response = cache_get(cache_key) # We need to force a csrf token here, as new sessions # won't receieve one on their first request, with cache # middleware running. if csrf_middleware_installed(): csrf_mw = CsrfViewMiddleware() csrf_mw.process_view(request, lambda x: None, None, None) get_token(request) if response is None: request._update_cache = True else: return HttpResponse(response)
def process_request(self, request): if (cache_installed() and request.method == "GET" and not is_authenticated(request.user)): cache_key = cache_key_prefix(request) + request.get_full_path() response = cache_get(cache_key) # We need to force a csrf token here, as new sessions # won't receieve one on their first request, with cache # middleware running. if csrf_middleware_installed(): csrf_mw = CsrfViewMiddleware() csrf_mw.process_view(request, lambda x: None, None, None) get_token(request) if response is None: request._update_cache = True else: return HttpResponse(response)
def post(self, request, *args, **kwargs): # Check CSRF manually *after* initializing the file upload handlers. csrf_checker = CsrfViewMiddleware() csrf_error = csrf_checker.process_view(request, None, None, None) if csrf_error is not None: return csrf_error # csrf_error is the regular CSRF error View form = self.form_class(request.POST, request.FILES) if form.is_valid(): #form.save() self.filename=request.FILES['csv_file'].temporary_file_path() logger.info("Starting catalogue import") importer = TernovoPriceImporter(logger, delimiter=";") logger.info(" - Importing records from '%s'" % self.filename) try: stats=importer.handle(self.filename) except CatalogueImportError as e: raise CommandError(str(e)) #return redirect(reverse_lazy('dashboard:import-success', kwargs = {'filename': self.filename})) return render(request,self.template_name, {'form': form, 'filename': request.FILES['csv_file'].name, 'stats': stats}) else: return render(request, self.template_name, {'form': form})
def check_csrf(self, request): csrf_middleware = CsrfViewMiddleware() response = csrf_middleware.process_view(request, self.deserialize, [], {}) if response is not None: assert False, 'csrf failed' #TODO APIException(response) or SuspiciousOperation .... raise response
def check_csrf(request: HttpRequest, callback: Callable) -> Optional[HttpResponseForbidden]: mware = CsrfViewMiddleware( lambda x: HttpResponseForbidden()) # pragma: no cover request.csrf_processing_done = False # type: ignore mware.process_request(request) return mware.process_view(request, callback, (), {})
def test_origin_malformed_host(self): req = self._get_POST_no_csrf_cookie_request() req._is_secure_override = True req.META['HTTP_HOST'] = '@malformed' req.META['HTTP_ORIGIN'] = 'https://www.evil.org' mw = CsrfViewMiddleware(token_view) response = mw.process_view(req, token_view, (), {}) self.assertEqual(response.status_code, 403)
def test_put_and_delete_allowed(self): """ HTTP PUT and DELETE can get through with X-CSRFToken and a cookie. """ req = self._get_GET_csrf_cookie_request() req.method = 'PUT' req.META['HTTP_X_CSRFTOKEN'] = self._csrf_id mw = CsrfViewMiddleware(post_form_view) mw.process_request(req) resp = mw.process_view(req, post_form_view, (), {}) self.assertIsNone(resp) req = self._get_GET_csrf_cookie_request() req.method = 'DELETE' req.META['HTTP_X_CSRFTOKEN'] = self._csrf_id mw.process_request(req) resp = mw.process_view(req, post_form_view, (), {}) self.assertIsNone(resp)
def test_process_request_csrf_cookie_and_token(self): """ If both a cookie and a token is present, the middleware lets it through. """ req = self._get_POST_request_with_token() mw = CsrfViewMiddleware(post_form_view) mw.process_request(req) resp = mw.process_view(req, post_form_view, (), {}) self.assertIsNone(resp)
def _test_https_good_referer_matches_cookie_domain(self): req = self._get_POST_request_with_token() req._is_secure_override = True req.META['HTTP_REFERER'] = 'https://foo.example.com/' req.META['SERVER_PORT'] = '443' mw = CsrfViewMiddleware(post_form_view) mw.process_request(req) response = mw.process_view(req, post_form_view, (), {}) self.assertIsNone(response)
def test_good_origin_insecure(self): """A POST HTTP request with a good origin is accepted.""" req = self._get_POST_request_with_token() req.META['HTTP_HOST'] = 'www.example.com' req.META['HTTP_ORIGIN'] = 'http://www.example.com' mw = CsrfViewMiddleware(post_form_view) self.assertIs(mw._origin_verified(req), True) response = mw.process_view(req, post_form_view, (), {}) self.assertIsNone(response)
def test_put_and_delete_rejected(self): """ HTTP PUT and DELETE methods have protection """ req = TestingHttpRequest() req.method = 'PUT' mw = CsrfViewMiddleware(post_form_view) with self.assertLogs('django.security.csrf', 'WARNING') as cm: resp = mw.process_view(req, post_form_view, (), {}) self.assertEqual(403, resp.status_code) self.assertEqual(cm.records[0].getMessage(), 'Forbidden (%s): ' % REASON_NO_CSRF_COOKIE) req = TestingHttpRequest() req.method = 'DELETE' with self.assertLogs('django.security.csrf', 'WARNING') as cm: resp = mw.process_view(req, post_form_view, (), {}) self.assertEqual(403, resp.status_code) self.assertEqual(cm.records[0].getMessage(), 'Forbidden (%s): ' % REASON_NO_CSRF_COOKIE)
def test_csrf_token_in_header_with_customized_name(self): """ settings.CSRF_HEADER_NAME can be used to customize the CSRF header name """ req = self._get_POST_csrf_cookie_request() req.META['HTTP_X_CSRFTOKEN_CUSTOMIZED'] = self._csrf_id mw = CsrfViewMiddleware(post_form_view) mw.process_request(req) resp = mw.process_view(req, post_form_view, (), {}) self.assertIsNone(resp)
def test_csrf_cookie_age(self): """ CSRF cookie age can be set using settings.CSRF_COOKIE_AGE. """ req = self._get_GET_no_csrf_cookie_request() MAX_AGE = 123 with self.settings(CSRF_COOKIE_NAME='csrfcookie', CSRF_COOKIE_DOMAIN='.example.com', CSRF_COOKIE_AGE=MAX_AGE, CSRF_COOKIE_PATH='/test/', CSRF_COOKIE_SECURE=True, CSRF_COOKIE_HTTPONLY=True): # token_view calls get_token() indirectly mw = CsrfViewMiddleware(token_view) mw.process_view(req, token_view, (), {}) resp = mw(req) max_age = resp.cookies.get('csrfcookie').get('max-age') self.assertEqual(max_age, MAX_AGE)
def json_topic_form(request): csrf_middleware = CsrfViewMiddleware() response_data = {} if request.method == 'GET': form = TopicForm() elif request.raw_post_data: request.POST = json.loads(request.raw_post_data) csrf_middleware.process_view(request, None, None, None, None) form_data = request.POST.get('data', {}) form = TopicForm(form_data) if form.is_valid(): form.save() remote_form = RemoteForm(form) response_data.update(remote_form_as_dict()) response = HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder), mimetype='application/json') csrf_middleware.process_response(request, response) return response;
def check_csrf(self, request): csrf_middleware = CsrfViewMiddleware() response = csrf_middleware.process_view(request, self.deserialize, self.view.args, self.view.kwargs) if response is not None: assert False, 'csrf failed' #TODO APIException(response) or SuspiciousOperation .... raise response
def test_csrf(self, request): middleware = CsrfViewMiddleware() return middleware.process_view(request, self.dispatch, [request], {})
def handle_instance_form(request, app_label, model_name, instance_id=None): if not request.user.is_authenticated(): return HttpResponse('Unauthorized', status=401) csrf_middleware = CsrfViewMiddleware() response_data = { 'meta': { 'app_label': app_label, 'model_name': model_name }, 'admin': {} } instance = None for model, model_admin in site._registry.items(): if app_label != model._meta.app_label or model_name != model._meta.module_name: continue field_configuration = { 'include': model_admin.fields or [], 'exclude': model_admin.exclude or [], 'ordering': model_admin.fields or [], 'fieldsets': model_admin.fieldsets or {}, 'readonly': model_admin.readonly_fields or [] } if instance_id is not None: response_data[instance_id] = instance_id try: instance = model.objects.get(pk=instance_id) except model.DoesNotExist: raise Http404('Invalid instance ID') current_model = model CurrentModelForm = ADMIN_FORM_OVERRIDES.get(model_name, None) if CurrentModelForm is None: class CurrentModelForm(ModelForm): class Meta: model = current_model if request.method == 'GET': # Return instance form for given model name # Return initial values if instance ID is supplied, otherwise return empty form if instance is None: form = CurrentModelForm() else: form = CurrentModelForm(instance=instance) for field_name, initial_value in form.initial.items(): if initial_value is not None and field_name in form.fields: form.fields[field_name].initial = initial_value response_data['csrfmiddlewaretoken'] = get_token(request) remote_form = RemoteForm(form, **field_configuration) response_data.update(remote_form.as_dict()) elif request.raw_post_data: request.POST = json.loads(request.raw_post_data) csrf_middleware.process_view(request, None, None, None) if 'data' in request.POST: if instance_id is None: form = CurrentModelForm(request.POST['data']) else: form = CurrentModelForm(request.POST['data'], instance=instance) if form.is_valid(): if not request.POST['meta']['validate']: form.save() remote_form = RemoteForm(form, **field_configuration) response_data.update(remote_form.as_dict()) response = HttpResponse(json.dumps(response_data, cls=LazyEncoder), mimetype="application/json") csrf_middleware.process_response(request, response) return response
def newmessage(request): from django.middleware.csrf import CsrfViewMiddleware csrf_middleware = CsrfViewMiddleware() response_data = {} if request.method == 'GET': # Get form definition form = BroadcastForm() elif request.method == 'POST': request.POST = json.loads(request.body) # Process request for CSRF csrf_middleware.process_view(request, None, None, None) form_data = request.POST.get('data', {}) form = BroadcastForm(form_data) if form.is_valid(): message = form.cleaned_data["message"] #Send Member if form.cleaned_data["member"]: queryset = _get_queryset(form) if queryset: persons = Person.objects.filter(queryset) else: persons = Person.objects.all() _send_sms(persons, message) _write_log(persons, message) #Send External Receiver if form.cleaned_data["external"]: if form.cleaned_data["extra_phones"]: phones = form.cleaned_data["extra_phones"].split(',') for phone in phones: _send_single_sms(phone, message) _write_single_log(message) #Send Non Member Receiver if form.cleaned_data["nonmembers"]: if form.cleaned_data["non_member"]: phones = form.cleaned_data["non_member"] for phone in phones: person = nonmember.objects.get(id=int(phone.id)) _send_single_sms(phone, message) _write_single_log(message,None,person) #Send Member Ulang Tahun if form.cleaned_data["ultah"]: if form.cleaned_data["ultah_today"]: phones = form.cleaned_data["ultah_today"] for phone in phones: person = Person.objects.get(id=phone.id) _send_single_sms(phone, message) _write_single_log(message,None,person) remote_form = RemoteForm(form) # Errors in response_data['non_field_errors'] and response_data['errors'] response_data.update(remote_form.as_dict()) response = HttpResponse( json.dumps(response_data, cls=DjangoJSONEncoder), content_type="application/json" ) # Process response for CSRF csrf_middleware.process_response(request, response) return response