def google_oauth2_csrf(request, value): # type: (HttpRequest, str) -> str # In Django 1.10, get_token returns a salted token which changes # everytime get_token is called. from django.middleware.csrf import _unsalt_cipher_token token = _unsalt_cipher_token(get_token(request)) return hmac.new(token.encode('utf-8'), value.encode("utf-8"), hashlib.sha256).hexdigest()
def renew_csrf(window_info): if not window_info.csrf_cookie: csrf_secret = _get_new_csrf_string() window_info.csrf_cookie = _salt_cipher_secret(csrf_secret) else: csrf_secret = _unsalt_cipher_token(window_info.csrf_cookie) value = _salt_cipher_secret(csrf_secret) scall(window_info, "df.validate.update_csrf", to=[WINDOW], value=value)
def google_oauth2_csrf(request, value): # type: (HttpRequest, str) -> HttpResponse # In Django 1.10, get_token returns a salted token which changes # everytime get_token is called. try: from django.middleware.csrf import _unsalt_cipher_token token = _unsalt_cipher_token(get_token(request)) except ImportError: token = get_token(request) return hmac.new(token.encode('utf-8'), value.encode("utf-8"), hashlib.sha256).hexdigest()
def unsalt_token(token): return _unsalt_cipher_token(token)
def google_oauth2_csrf(request: HttpRequest, value: str) -> str: # In Django 1.10, get_token returns a salted token which changes # every time get_token is called. from django.middleware.csrf import _unsalt_cipher_token token = _unsalt_cipher_token(get_token(request)) return hmac.new(token.encode('utf-8'), value.encode("utf-8"), hashlib.sha256).hexdigest()
def compare_sanitized_tokens(request_csrf_token, csrf_token): return constant_time_compare( _unsalt_cipher_token(request_csrf_token), _unsalt_cipher_token(csrf_token))