Python checkCSRF Examples

Example #1

File: form.py Project: wichert/checking

    def validate(self, request, failure_callable=None, success_callable=None,
                 skip_read_only_defaults=False, check_form_name=True):
        if not checkCSRF(request):
            raise Forbidden("Invalid CSRF token")

        return super(CSRFForm, self).validate(request, failure_callable,
                                              success_callable,
                                              skip_read_only_defaults,
                                              check_form_name)

Example #2

File: form.py Project: oskarwagner/checking

    def validate(self,
                 request,
                 failure_callable=None,
                 success_callable=None,
                 skip_read_only_defaults=False,
                 check_form_name=True):
        if not checkCSRF(request):
            raise Forbidden("Invalid CSRF token")

        return super(CSRFForm,
                     self).validate(request, failure_callable,
                                    success_callable, skip_read_only_defaults,
                                    check_form_name)

Example #3

def Send(context, request):
    if request.method == "POST":
        if not checkCSRF(request):
            raise Forbidden("Invalid CSRF token")
        if request.POST.get("action", "cancel") == "confirm":
            context.send()
        return HTTPFound(
            location=route_url("invoice_view", request, id=context.id))

    return render("invoice_send.pt",
                  request,
                  context,
                  status_int=202 if request.method == "POST" else 200,
                  section="customers",
                  action_url=route_url("invoice_send", request, id=context.id))

Example #4

File: invoice.py Project: wichert/checking

def Send(context, request):
    if request.method == "POST":
        if not checkCSRF(request):
            raise Forbidden("Invalid CSRF token")
        if request.POST.get("action", "cancel") == "confirm":
            context.send()
        return HTTPFound(location=route_url("invoice_view", request, id=context.id))

    return render(
        "invoice_send.pt",
        request,
        context,
        status_int=202 if request.method == "POST" else 200,
        section="customers",
        action_url=route_url("invoice_send", request, id=context.id),
    )

Example #5

File: invoice.py Project: wichert/checking

def AjaxDelete(context, request):
    if request.method == "POST":
        if not checkCSRF(request):
            raise Forbidden("Invalid CSRF token")
        if request.POST.get("action", "cancel") == "confirm":
            meta.Session.delete(context)
            return dict(action="redirect", location=route_url("customer_view", request, id=context.customer_id))
        return dict(action="close")

    return render(
        "invoice_delete.pt",
        request,
        context,
        status_int=202 if request.method == "POST" else 200,
        section="customers",
        action_url=route_url("invoice_delete", request, id=context.id),
    )

Example #6

def AjaxDelete(context, request):
    if request.method == "POST":
        if not checkCSRF(request):
            raise Forbidden("Invalid CSRF token")
        if request.POST.get("action", "cancel") == "confirm":
            meta.Session.delete(context)
            return dict(action="redirect",
                        location=route_url("customer_view",
                                           request,
                                           id=context.customer_id))
        return dict(action="close")

    return render("invoice_delete.pt",
                  request,
                  context,
                  status_int=202 if request.method == "POST" else 200,
                  section="customers",
                  action_url=route_url("invoice_delete",
                                       request,
                                       id=context.id))