def test_get_token_for_exempt_view(self):
"""
Check that get_token still works for a view decorated with 'csrf_view_exempt'.
"""
req = self._get_GET_csrf_cookie_request()
CsrfViewMiddleware().process_view(req, csrf_view_exempt(token_view), (), {})
resp = token_view(req)
self._check_token_present(resp)
def test_get_token_for_exempt_view(self):
"""
Check that get_token still works for a view decorated with 'csrf_view_exempt'.
"""
req = self._get_GET_csrf_cookie_request()
CsrfViewMiddleware().process_view(req, csrf_view_exempt(token_view), (), {})
resp = token_view(req)
self._check_token_present(resp)
def test_process_response_for_exempt_view(self):
"""
Check that a view decorated with 'csrf_view_exempt' is still
post-processed to add the CSRF token.
"""
req = self._get_GET_no_csrf_cookie_request()
CsrfMiddleware().process_view(req, csrf_view_exempt(post_form_view), (), {})
resp = post_form_response()
resp_content = resp.content # needed because process_response modifies resp
resp2 = CsrfMiddleware().process_response(req, resp)
csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, False)
self.assertNotEqual(csrf_cookie, False)
self.assertNotEqual(resp_content, resp2.content)
self._check_token_present(resp2, csrf_cookie.value)
def test_process_response_for_exempt_view(self):
"""
Check that a view decorated with 'csrf_view_exempt' is still
post-processed to add the CSRF token.
"""
req = self._get_GET_no_csrf_cookie_request()
CsrfMiddleware().process_view(req, csrf_view_exempt(post_form_view), (), {})
resp = post_form_response()
resp_content = resp.content # needed because process_response modifies resp
resp2 = CsrfMiddleware().process_response(req, resp)
csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, False)
self.assertNotEqual(csrf_cookie, False)
self.assertNotEqual(resp_content, resp2.content)
self._check_token_present(resp2, csrf_cookie.value)
def api(func):
def inner(*a, **b):
raw = False
method, get, post, user = None, None, None, None
if len(a) > 0 and isinstance(a[0], HttpRequest):
req = a[0]
method = req.method
get = req.GET
user = req.user
# api 的 basic 认证
if 'HTTP_AUTHORIZATION' in req.META and req.META['HTTP_AUTHORIZATION'].startswith('Basic '):
try:
username, password = req.META['HTTP_AUTHORIZATION'][6:].decode('base64').split(':', 1)
except:
return json_return(status=400)
user = authenticate(username=username, password=password)
if not user:
return json_return(status=401)
elif not req.user.is_authenticated():
return json_return(status=401)
if not method in ('GET', 'POST', 'PUT', 'DELETE'):
return json_return(status=501)
if 'CONTENT_TYPE' in req.META and 'application/json' in req.META['CONTENT_TYPE']:
try:
post = json_decode(req.raw_post_data)
except:
return json_return(status=400)
else:
raw = True
try:
method, get, post, user = b.pop('method', None), b.pop('get', {}), b.pop('post', {}), b.pop('user')
except:
return -1
try:
ret = func(method, get, post, user, **b)
return ret if raw else json_return(ret)
except:
return -1 if raw else json_return(status=500)
return csrf_view_exempt(inner)