Example #1
0
def generate_csrf_token():
	'''
		Generate a random string as csrf_token
	'''
	if '_csrf_token' not in login_session:
		login_session['_csrf_token'] = utils.random_string()
	return login_session['_csrf_token']
Example #2
0
import requests
import urllib
import traceback
from oauth2client.client import flow_from_clientsecrets
from oauth2client.client import FlowExchangeError

import catalog.utils
from view import view
from test_api import test_api
from oauth_api import oauth_api
from data_api import data_api
from catalog import models
from catalog.models.database_setup import Catalog, Base, Item

app = Flask(__name__)
app.secret_key = utils.random_string()
app.config.from_pyfile("config.py")

# CSRF Protection
@app.before_request
def csrf_protect():
	'''
		Check csrf_token for every coming post request.
		Csrf_token could be in url arguments or inside the post form data.
	'''
	if request.method == "POST":
		token = request.form.get('_csrf_token')
		if token is None:
			token = request.args.get('_csrf_token')
		stored_token = login_session.pop('_csrf_token', None)
		if not stored_token or stored_token != token: