Python get_token Examples

Example #1

File: views.py Project: camd/caseconductor-ui

def runtests(request, testrun_id):
    # force the CSRF cookie to be set
    # @@@ replace with ensure_csrf_cookie decorator in Django 1.4
    get_token(request)

    testrun = TestRunList.get_by_id(testrun_id, auth=request.auth)

    if not testrun.environmentgroups_prefetch.match(request.environments):
        return redirect("runtests_environment", testrun_id=testrun_id)

    cycle = testrun.testCycle
    product = cycle.product

    # for prepopulating finder
    cycles = (
        TestCycleList.ours(auth=request.auth).sort("name", "asc").filter(product=product, status=TestCycleStatus.ACTIVE)
    )
    runs = TestRunList.ours(auth=request.auth).sort("name", "asc").filter(testCycle=cycle, status=TestRunStatus.ACTIVE)

    return TemplateResponse(
        request,
        "runtests/run.html",
        {
            "product": product,
            "cycle": cycle,
            "testrun": testrun,
            "cases": TestRunIncludedTestCaseList.get(auth=request.auth).filter(testRun=testrun),
            "finder": {"cycles": cycles, "runs": runs},
        },
    )

Example #2

File: views.py Project: radicalgraphics/radical_web14

def main(request):
    """Main listing."""

    get_token(request)

    posts = Post.objects.all().order_by("-created")
    paginator = Paginator(posts, 5)
    try: page = int(request.GET.get("page", '1'))
    except ValueError: page = 1

    try:
        posts = paginator.page(page)
    except (InvalidPage, EmptyPage):
        posts = paginator.page(paginator.num_pages)


    if request.user.is_authenticated():
        user = request.user
    else:
        user = User.objects.get(username='******')


    context = { 'posts':posts,
                'user':user,
                'post_list':posts.object_list,
                'months':mkmonth_lst(),
                'STATIC_URL' : settings.STATIC_URL
                }

    context.update(csrf(request))

    return render_to_response('blog/list.html', context)

Example #3

File: views.py Project: albaa/Practica2

def functionRegister(request):

	if request.method == 'POST':
		userform = UserCreationForm(request.POST, prefix='user')
		if userform.is_valid():
			userform.save()
			return HttpResponseRedirect('/')
		else:
			context = {
				'userform' : userform,
				'csrf_token' : csrf.get_token(request)
			}
			response = render_to_string('registration/register.html', context)
			return HttpResponse(response)

	elif request.method == 'GET':
		userform = UserCreationForm(prefix='user')
		context = {
			'userform' : userform,
			'csrf_token' : csrf.get_token(request)
		}
		response = render_to_string('registration/register.html', context)
		return HttpResponse(response)

	else:
		return HttpResponse("Bad request!")

Example #4

File: views.py Project: voidoftime/LogServer

def detail(request, poll_id):
	get_token(request)
	# m=MongoDb()
	# return HttpResponse("You're looking at poll %s." % poll_id)
	# latest_poll_list=m.db.logs.find({})
	# latest_poll_list = LogMsg.objects.all()#.order_by('-deviceId')[:5]
	# l=logs(deviceId='00fe00898989',data='hi at '+str(time.time()))
	# l.save()
	#~ devices_list = logs.objects.values('deviceId')
	
	
	#~ devices_list=devices_list.sort()
	#~ latest_poll_list = logs.objects.all()#.order_by('-deviceId')[:5]
	#~ latest_poll_list = logs.objects(data='myNewMsg')
	#~ devices_list = logs.objects.distinct('deviceId')
	#~ devices_list.sort()
	devices_list = Device.objects.all()

	devices_list=list(devices_list)
	devices_list=[Device(deviceId=AllDevicesId,lastActivityTime=min([x.lastActivityTime for x in devices_list]))]+devices_list

	
	latest_poll_list = logs.objects(deviceId=poll_id).order_by('+time')
	#~ print 'formattedTime',latest_poll_list[-1].formattedTime
	return render_to_response('polls/logList.html', {
		'latest_poll_list': latest_poll_list,
		'devices_list':devices_list,
		'error_message':'',
	})

Example #5

File: csrf.py Project: allieus/askbot3

 def process_response(self, request, response):
     """will set csrf cookie to all responses"""
     # these two calls make the csrf token cookie to be installed
     # properly on the response, see implementation of those calls
     # to see why this works and why get_token is necessary
     get_token(request)
     return super(CsrfViewMiddleware, self).process_response(request, response)

Example #6

File: views.py Project: Mr1Penguin/pacific-peak-8618

def collection(request):
    ren = None
    if request.method == "POST":
        curr.execute("delete from reader_user_token where token=(%s)", (get_token(request),))
        conn.commit()
        rotate_token(request)
    else:
        if request.method == "GET":
            curr.execute("select user_id from reader_user_token where token=(%s)", (get_token(request),))
            if curr.rowcount == 1:
                curr.execute("update reader_user_token set last_use=(select clock_timestamp()) where token=(%s)", (get_token(request),))
                conn.commit()
                curr.execute("""select user_email from reader_user where id = 
                                (select user_id from reader_user_token where token=(%s))""", (get_token(request),))
                content = {"email" : curr.fetchone()[0]}
                curr.execute("select id, title, url, favicon, is_active from reader_site where user_id = (select user_id from reader_user_token where token=(%s)) order by id", (get_token(request),))
                rows = curr.fetchall()
                rowarray = []
                for row in rows:
                    d = collections.OrderedDict()
                    d['id'] = row[0]
                    if row[1] is None:
                        d['title'] = ""
                    else:
                        d['title'] = row[1]
                    d['url'] = row[2]
                    dd = row[2].split('/')
                    d['favicon'] = row[3] or (('http://' + dd[0] if dd[0] != 'http:' else dd[0] + '//' +  dd[2]) + '/favicon.ico')
                    d['is_active'] = row[4]
                    rowarray.append(d)
                content.update({"sites" : rowarray})
                ren = render(request, 'collection.html', content)
    if ren is None:
        ren = redirect('index')
    return ren

Example #7

File: test_views.py Project: dakusan/django

    def test_login_csrf_rotate(self, password='******'):
        """
        Makes sure that a login rotates the currently-used CSRF token.
        """
        # Do a GET to establish a CSRF token
        # TestClient isn't used here as we're testing middleware, essentially.
        req = HttpRequest()
        CsrfViewMiddleware().process_view(req, login_view, (), {})
        # get_token() triggers CSRF token inclusion in the response
        get_token(req)
        resp = login_view(req)
        resp2 = CsrfViewMiddleware().process_response(req, resp)
        csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, None)
        token1 = csrf_cookie.coded_value

        # Prepare the POST request
        req = HttpRequest()
        req.COOKIES[settings.CSRF_COOKIE_NAME] = token1
        req.method = "POST"
        req.POST = {'username': '******', 'password': password, 'csrfmiddlewaretoken': token1}

        # Use POST request to log in
        SessionMiddleware().process_request(req)
        CsrfViewMiddleware().process_view(req, login_view, (), {})
        req.META["SERVER_NAME"] = "testserver"  # Required to have redirect work in login view
        req.META["SERVER_PORT"] = 80
        resp = login_view(req)
        resp2 = CsrfViewMiddleware().process_response(req, resp)
        csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, None)
        token2 = csrf_cookie.coded_value

        # Check the CSRF token switched
        self.assertNotEqual(token1, token2)

Example #8

File: views.py Project: perrys/WSRC

def auth_view(request):
    if request.method == 'GET': 
      data = {
          "username": request.user and request.user.username or None,

    "csrf_token": get_token(request)
      }
      return HttpResponse(json.dumps(data), content_type="application/json")
    elif request.method == 'POST': 
        from django.contrib.auth import authenticate, login
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(username=username, password=password)
        if user is not None:
            if user.is_active:
                login(request, user)
                data = {
                    "username": request.user and request.user.username or None,
                    "csrf_token": get_token(request)
                }
                json_data = json.dumps(data)
                return HttpResponse(json.dumps(data), content_type="application/json", status=httplib.OK)
            else:
                return HttpResponse("inactive login", content_type="text/plain", status=httplib.FORBIDDEN)
        else:
            return HttpResponse("invalid login", content_type="text/plain", status=httplib.FORBIDDEN)
    elif request.method == 'DELETE': 
        logout(request)
        return HttpResponse(None, content_type="application/json", status=httplib.OK)

Example #9

File: views.py Project: achang28/ucsc-xena-client

def page(request):
    from django.middleware.csrf import get_token
    get_token(request)  # force csrf
    cvars = client_vars(request, drop_last(reverse(page)))
    dirname = os.path.dirname(os.path.realpath(__file__))
    t = Template(open(os.path.join(dirname, 'index.html')).read());
    c = RequestContext(request, cvars)
    return HttpResponse(t.render(c))

Example #10

File: views.py Project: matiboy/vip

 def get(self, request, *args, **kwargs):
     if request.user.is_staff == False:
         return django.shortcuts.redirect(reverse("frontent.index"))
     get_token(request)
     c = {}
     # See if we can find a set of preferences
     c.update({"is_logged":request.user.is_authenticated()})
     return django.shortcuts.render_to_response("cms/home.html",c,context_instance=django.template.RequestContext(request))

Example #11

File: views_class.py Project: yinshunyao/School

def ClassUserHandle(request):
    
    #登录用户才能操作
    #判断用户是否登录,登录用户才具备查询权限，并返回当前登录用户
    result,lUser = LoginStatus(ltoken=get_token(request))    
    if not result:
        #print 'not login',get_token(request),loginUser
        infor = lUser
        return JsonResponse(GlobalVar.RspOffLine,infor)

    #【1】如果方法是Post，则开启注册，这是和客户端交互的第二步
    if request.method == 'POST':  
        pClassUserList = JsonRequest(request.body)
        ClassUserList = []
        token = get_token(request)    
        #循环生成ClassUser所有记录之后，再一次性保存到数据库
        for pClassUser in pClassUserList[1:]:    
            pidClass = pClassUser['idClass']
            pidUser = pClassUser['idUser']
                    
            curClassUser = ClassUser(
                idClass = Class.objects.get(id=pidClass),
                idUser = User.objects.get(id=pidUser)
                )
            curClassUser.save()
            #ClassUserList.append(curClassUser)
        #ClassUser.objects.bulk_create(ClassUserList,token)  
        
        return JsonResponse(GlobalVar.RspSuccess,u'添加班级成员成功') 
    
    elif request.method == 'GET':
        try:
            #获取学校名字查询关键字
            idClass = request.GET.get('idClass','')
            if idClass == '':
                return JsonResponse(GlobalVar.RspFail,u"需要提供班级信息")  

            pClass = Class.objects.get(id=idClass)
            lUsers = User.objects.filter(fkClassUser2User__idClass = idClass).distinct().values(*GlobalVar.TableFields.Userfields)
            

            for user in lUsers:
                #用户在群里面，返回所有用户信息
                if user['id'] == lUser.id:
                    lUsers = GetCommonDlList(lUsers)
                    #返回查询结果
                    return JsonResponse(lUsers)

            #用户不在群里面，只返回管理员信息
            pManager =  User.objects.filter(id=pClass.Owner.id).values(*GlobalVar.TableFields.Userfields)
            pManager = GetCommonDlList(pManager)
            #返回查询结果
            return JsonResponse(pManager)
        except Class.DoesNotExist:
            return JsonResponse(GlobalVar.RspFail,"班级不存在")  
        #except User.DoesNotExist:
        except Exception,ex:
            return JsonResponse(GlobalVar.RspFail,str(ex))  

Example #12

File: views.py Project: michkol/prx

def admin_pinger(zadanie):
    if not zadanie.session.get('czy_zalogowany'):
        return redirect('/admin/logowanie')

    if zadanie.method != 'POST':
        # strona pokazująca postęp
    
        # obsługa CSRF
        if zadanie.GET.get('token') != get_token(zadanie):
            return odpowiedz_nieprawidlowy_token()
        
        lista = BramkaProxy.objects
        if not zadanie.GET.get('wszystkie'):
            lista = lista.filter(ost_spr_ping__lt=(timezone.now() - datetime.timedelta(days=7)))
        lista = lista.values_list('ip', flat=True).distinct()

        # kontekst, szablon
        kontekst = {
            'tytul': 'Pinger \u2022 Panel administracyjny',
            'token': get_token(zadanie),
            'adres_post': '/admin/pinger',
            'lista': lista,
        }

        return render(zadanie, 'prx_aplikacja/admin_operacje_ajax.html', kontekst)
    else:
        # żądanie AJAX dotyczące pojedynczego IP
        
        # aktualnie wybrany IP z listy w JS
        ip = zadanie.POST.get('wybrany_element', '')
        
        # ustalenie portu jakiejkolwiek bramki z tego IP
        bramki_z_ip = BramkaProxy.objects.filter(ip=ip)
        
        if not bramki_z_ip.exists():
            raise Http404('Nie znaleziono bramek proxy na podanym IP.')

        port = port_z_adresu(bramki_z_ip[0].adres)
        
        # czas odpowiedzi na żądanie TCP
        wartosc_ping = ping(ip, port)
        
        # aktualizacja dla wszystkich bramek z tego IP
        BramkaProxy.objects.filter(ip=ip).update(
            ping=wartosc_ping,
            ost_spr_ping=timezone.now()
        )

        # przygotowanie odpowiedzi do pokazania na stronie
        if wartosc_ping is not None:
            ping_str = floatformat(wartosc_ping, 2)
        else:
            ping_str = 'None'
            
        return odpowiedz_tekstowa(
            'Ping dla ' + ip + ':' + str(port) + ' wynosi ' + ping_str + ' ms.'
        )

Example #13

File: auth.py Project: Jianchun1/zulip

def google_oauth2_csrf(request, value):
    # type: (HttpRequest, str) -> HttpResponse
    # In Django 1.10, get_token returns a salted token which changes
    # everytime get_token is called.
    try:
        from django.middleware.csrf import _unsalt_cipher_token
        token = _unsalt_cipher_token(get_token(request))
    except ImportError:
        token = get_token(request)

    return hmac.new(token.encode('utf-8'), value.encode("utf-8"), hashlib.sha256).hexdigest()

Example #14

File: views.py Project: oddbird/mlt

def home(request):
    # force the CSRF middleware's process_response to set the token cookie
    get_token(request)

    return direct_to_template(
        request,
        template="home.html",
        extra_context={
            "user_trusted": request.user.has_perm("map.mappings_trusted")
            }
        )

Example #15

File: views.py Project: iggyigner/squiiid

def landing(request):
    if request.user.is_authenticated():
        c = RequestContext(request, {
            'csrf': get_token(request),
        })
        return render_to_response('landing.html', c)
    else:
        c = RequestContext(request, {
            'csrf': get_token(request),
        })
        return render_to_response('landing.html', c)

Example #16

 def post(self, request):
     serializer = AuthRequestSerializer(data=request.DATA)
     if serializer.is_valid():
         user = serializer.object['user']
         if not user.is_active:
             return Response('Account is not active', HTTP_423_LOCKED)
         auth.login(request, user)
         user_serializer = AuthUserSerializer(instance=user)
         csrf.get_token(request)
         return Response(user_serializer.data)
     return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

Example #17

File: views.py Project: abunuwas/sleepgood-pyBackend

def expose(request):
	get_token(request)
	#hFwr0EKBGomGwOesoWhQ9FpiMAvKNA5g
	#csrftoken=hFwr0EKBGomGwOesoWhQ9FpiMAvKNA5g
	#output = ''
	#for key, value in dict(request.META).items():
	#	output += str(key) + ' ========> ' + str(value) + '<br/>'
	data = {}
	for key, value in dict(request.META).items():
		data[str(key)] = str(value)
	return JsonResponse(data)

Example #18

File: views.py Project: MechanisM/mollyproject

 def render_json(self, request, context, template_name):
     context = simplify_value(context)
     resolved = resolve(request.path)
     context['view_name'] = '%s:%s' % (
         self.conf.application_name.split('.')[-1], resolved.url_name)
     
     # Include CSRF token, as templates don't get rendered csrf_token is
     # never called which breaks CSRF for apps written against the JSON API
     get_token(request)
     
     return HttpResponse(simplejson.dumps(context),
                         mimetype="application/json")

Example #19

File: dajaxice_templatetags.py Project: duilio/django-dajaxice

def dajaxice_js_import(context):
    # We must force this request to add the csrftoken cookie.
    request = context.get('request', None)
    if request:
        get_token(request)
    else:
        log.warning("The 'request' object must be accesible within the context. \
                     You must add 'django.contrib.messages.context_processors.request' \
                     to your TEMPLATE_CONTEXT_PROCESSORS and render your views\
                     using a RequestContext.")
        
    return {'core_url': staticfiles_storage.url('dajaxice/dajaxice.core.js')}

Example #20

File: views.py Project: dharmafly/tasket

def home(request, file_name=None):
    get_token(request)
    static_index_paths = getattr(settings, 'INDEX_PATHS', [])
    if file_name and file_name in static_index_paths:
        try:
            f = open("%s/client/%s" % (settings.ROOT_PATH, file_name), "r")
            return HttpResponse(f.read())
        except:
            raise Http404
    index_file = getattr(settings, 'DEFAULT_INDEX_FILE', 'tank.html')
    f = open("%s/client/%s" % (settings.ROOT_PATH, index_file), "r")
    return HttpResponse(f.read())

Example #21

File: middleware.py Project: undoware/neutron-drive

 def process_request (self, request):
   if request.method == 'GET':
     get_token(request)
     
   request.static_url = settings.STATIC_URL
   
   http = 'http://'
   if request.is_secure():
     http = 'https://'
     
   request.redirect_uris = (http + request.get_host() + reverse('edit'))
   

Example #22

File: views.py Project: radicalgraphics/radical_web14

def home(request):

    get_token(request)

    how_we_work = get_object_or_404(HowWeWork)

    page = 1

    context = { 'page': page,
                'how_we_work':how_we_work
                }

    return render(request, 'index.html', context)

Example #23

File: drf.py Project: CenterForOpenScience/osf.io

    def enforce_csrf(self, request):
        """
        Same implementation as django-rest-framework's SessionAuthentication.
        Enforce CSRF validation for session based authentication.
        """
        reason = CSRFCheck().process_view(request, None, (), {})
        if reason:
            # CSRF failed, bail with explicit error message
            raise exceptions.PermissionDenied('CSRF Failed: %s' % reason)

        if not request.COOKIES.get(api_settings.CSRF_COOKIE_NAME):
            # Make sure the CSRF cookie is set for next time
            get_token(request)

Example #24

File: middleware.py Project: 31H0B1eV/mezzanine

 def process_request(self, request):
     if (cache_installed() and request.method == "GET" and
         not request.user.is_authenticated()):
         cache_key = cache_key_prefix(request) + request.get_full_path()
         response = cache_get(cache_key)
         if response is None:
             request._update_cache = True
         else:
             csrf_mw_name = "django.middleware.csrf.CsrfViewMiddleware"
             if csrf_mw_name in settings.MIDDLEWARE_CLASSES:
                 csrf_mw = CsrfViewMiddleware()
                 csrf_mw.process_view(request, lambda x: None, None, None)
                 get_token(request)
             return HttpResponse(response)

Example #25

File: views.py Project: gijs/lizard-screenshotter

def HomeView(request):

    if request.method == 'POST':

        url = str(request.POST.get('url'))
        width = request.POST.get('width')
        height = request.POST.get('height')
        timeout = request.POST.get('timeout')
        element = request.POST.get('element')
        
        o = urlparse(url)

        screenshotname = str(o.netloc) + "-" + str(time.time()) + ".png"

        phantomjs = os.path.join(settings.BUILDOUT_DIR, "bin", "phantomjs")
        capturejs = os.path.join(settings.BUILDOUT_DIR, "capture.js")
        outputfile = os.path.join(
            settings.BUILDOUT_DIR, 
            "var", 
            "media", 
            "captures", 
            screenshotname
        )
        subprocess.call([
            phantomjs, 
            capturejs, 
            url, 
            outputfile, 
            width, 
            height,
            timeout,
            element,
        ])

        screenshot = Screenshot()
        screenshot.identifier = slugify(url)
        screenshot.original_url = url
        screenshot.fullpath = outputfile
        screenshot.screenshotname = screenshotname
        screenshot.save()

        # return serve(request, outputfile, '/')
        return HttpResponse(simplejson.dumps({'screenshot':screenshotname}), mimetype='application/json')
    else:
        get_token(request)
        return render_to_response(
            "lizard_screenshotter/home.html",
            locals(), 
            context_instance=RequestContext(request)
        )

Example #26

File: views.py Project: catherinettt/greengears

def index(request):
    get_token(request) 
    make_list = Make.objects.all()

    if request.method == "POST":
        selected_make = request.POST['makes']
        selected_model = request.POST['models']
        selected_year = 1 
        
        car = Car.objects.get(MAKE=selected_make, MODEL=selected_model)
        
        return http.HttpResponseRedirect('./' + str(car.id) + '/')
        
    return render_to_response('cars/index.html', {'make_list' : make_list}, RequestContext(request))

Example #27

File: views_weixin.py Project: yinshunyao/School

def wxLogin(request):
    #【1】如果方法是Post，提交验证码和电话号码
    if request.method == 'POST': 
        wxLogin = JsonRequest(request.body)
        #pCode = wxLogin.get('code','')        
        pToken = get_token(request)
        pMsg = wxLogin.get('code','')
        #【1】用户存在，绑定微信相关id到用户上，并更新用户信息
        try:
            #【1.1】根据电话号码，验证码进行验证，同时会判断该用户是不是已经绑定微信用户
            #如果已经绑定，暂时不先解绑，直接覆盖绑定
            result1,info1,lUser = loginBest(GlobalVar.LoginWeiXinBond,wxLogin,pToken)
            #身份校验，验证码比对不通过
            if not result1:
                return JsonResponse(GlobalVar.RspFail,info1)
            
            
            debug('wxLogin','Verify Code is OK')
            #【1.2】拉取微信用户信息
            #如果该用户已经绑定到某个用户的电话号码，需要先解绑，根据openid等查找用户是不是已经绑定
            resultBond,inforToken,infoUser = get_weixin_user_first(pMsg)
            if not resultBond:
                debug('wxLogin','get weixin user info error',inforToken)
                return JsonResponse(GlobalVar.RspFail,inforToken)
            
            #【1.3】
            
            
            #【1.4】根据微信用户的信息和数据库中的用户信息进行合并绑定
            #lUser=User.objects.get(PhoneNumber=pPhoneNumber)
            rusult2,infor2 = lUser.wxBond(inforToken,infoUser)
        
            if rusult2:
                #绑定成功，需要上线微信用户
                result,infor = LoginStatus(luser=lUser,ltoken=get_token(request))
                #不判断登录状态，没有登录成功也不需要重复绑定
                """
                if result:
                    return JsonResponse(GlobalVar.RspSuccess,infor2)
                else:
                    return JsonResponse(GlobalVar.RspFail,infor)
                """
                return JsonResponse(GlobalVar.RspSuccess,infor2)    
            else:
                return JsonResponse(GlobalVar.RspFail,infor2)
            
        #【2】用户不存在，直接新注册用户
        except Exception,ex:
            debug('views_weixin->wxLogin->error:',ex)
            return JsonResponse(GlobalVar.RspFail,'绑定过程发生异常')

Example #28

File: dajaxice_templatetags.py Project: EricBui0512/mathsystem

def dajaxice_js_import(context, core_url=None):
    # We must force this request to add the csrftoken cookie.
    request = context.get('request', None)
    if request:
        get_token(request)
    else:
        log.warning("The 'request' object must be accesible within the context. \
                     You must add 'django.contrib.messages.context_processors.request' \
                     to your TEMPLATE_CONTEXT_PROCESSORS and render your views\
                     using a RequestContext.")
    if not core_url or DajaxiceRequest.get_debug():
        core_url = '/%s/dajaxice.core.js' % DajaxiceRequest.get_media_prefix()
    else:
        core_url = '%s%s' % (settings.STATIC_URL or '', core_url,)
    return {'core_url': core_url}

Example #29

File: views.py Project: 0xMF/alpha

    def __init__(self, request, *view_args, **view_kwargs):
        self.request = request
        self.view_args = view_args
        self.view_kwargs = view_kwargs
        self.GET = request.GET
        self.POST = request.POST
        self.META = request.META
        self.method = self.request.method.lower()

        if self.method in ('get', 'head', 'options'):
            self.DATA = self.GET
        elif self.method in ('post', 'put', 'patch', 'delete'):
            self.DATA = self.POST

        get_token(self.request)

Example #30

File: middleware.py Project: kippt/django-api-boilerplate

    def process_view(self, request, view_func, view_args, view_kwargs):
        """
        Django session auth

        Authenticates logged in users. Handy for quick debugging or extensions.

        Note: Only allows CSRF safe methods. See Django's CSRF AJAX documentation for including tokens to requests:

            https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax

        """
        if request.user.is_authenticated():
            # Always set CSRF token (not set by default unless templatetag or ensure_csrf_cookie decorator is used)
            get_token(request)
            return None

Example #31

File: auth.py Project: roginthomas/angular2-django-movies

def send_csrf(request):
    # just by doing this it will send csrf token back as Set-Cookie header
    csrf_token = get_token(request)
    return JsonResponse({'status': 'success', 'data': csrf_token})

Example #32

File: middlewares.py Project: said1296/bulb_iot

 def __call__(self, request):
     if 'x-csrftoken' not in request.headers and request.method=='GET':
         get_token(request)
     response = self.get_response(request)
     return response

Example #33

def home(request):
    token = get_token(request)
    return render(request, 'base_page.html', context={"csrf_token": token})

Example #34

 def csrf_token(self):
     token = get_token(self.request)
     return token

Example #35

def delete_p(request):
	posts = Post.objects.all().order_by('id')
	return render_to_response('delete_post.html', {'posts': posts, 'cs': get_token(request)})

Example #36

def put_post(request):
	posts=Post.objects.all().order_by('id')
	return render_to_response('post_update.html', {'posts':posts,'cs':get_token(request)})

Example #37

def agregarLaguna_asJson(request):
    if request.method == 'GET':
        html = ''
        html += '''
		<h1>Registrar Laguna</h1>
		<form id="formNuevo" action="/compania/agregarLaguna/" class="row" method="POST" >
				<input type="hidden" name="csrfmiddlewaretoken" value="{}">
				<div class="col-md-6 input-group mb-3 mt-2">
					<div class="input-group-prepend">
                            <span class="input-group-text" id="basic-addon1">Código de Laguna:</span>
                        </div>
					 <label class="text-center"></label>
					 <input type="text" name="codLaguna" maxlength="10" class="form-control" required="" id="id_codLaguna">
				</div>
				<div class="col-md-6">
					<label class="text-center">Finca:</label>
					<select name="finca" class="selectpicker form-control show-tick"   required="" id="id_finca" >
					'''.format(csrf.get_token(request))

        finca = Finca.objects.get(pk=request.GET['finca'])

        html += '<option value="{}" selected>{}</option>'.format(
            finca.pk, finca)
        html += '''
					</select>
				</div>
				<div class="col-md-8">
					<label class="text-center">Ubicación:</label>
					<input type="text" name="ubicacion" maxlength="200" class="form-control" id="id_ubicacion">
				</div>
				<div class="col-md-4">
					<label class="text-center">Tamaño:</label>
					<input type="number" name="tamano" class="form-control" id="id_tamano">
				</div>
				<div class="col-md-12">
						<label class="text-center">Descripción:</label>
						<input type="text" name="descripcion" maxlength="100" class="form-control" id="id_descripcion">
				</div>
			</form>
		'''
        return JsonResponse({'html': html})

    elif request.method == 'POST':
        laguna_form = LagunaForm(request.POST)
        if laguna_form.is_valid():
            laguna = laguna_form.save()
            lagunas = Laguna.objects.filter(finca=laguna.finca)
            html = ''
            for c in lagunas:
                activo = ''
                if c.pk == laguna.pk:
                    activo = 'selected'
                html += '<option value="{}" {}>{}</option>'.format(
                    c.pk, activo, c)
            return JsonResponse({'html': html})
        else:
            response = JsonResponse(
                {'error': "información brindada incompleta."})
            response.status_code = 403
            return response
    else:
        return render(request, '404.html')

Example #38

File: views.py Project: slavas62/registrator-api

 def dispatch(self, request, *args, **kwargs):
     return HttpResponse(get_token(request))

Example #39

File: views.py Project: alfredocova/comesano

def home(req):
    csrf_token = csrf.get_token(req)
    context_dict = {'STATIC_URL': settings.STATIC_URL, 'token': csrf_token}

    return render(req, 'vegapp/main.html', context_dict)

Example #40

File: middleware.py Project: aropan/clist

 def middleware(request):
     if not request.COOKIES.get(settings.CSRF_COOKIE_NAME):
         csrf.get_token(request)
     response = get_response(request)
     return response

Example #41

File: views.py Project: q-verse/ecommerce

 def get(self, request):
     csrf_token = csrf.get_token(request)
     data = {'csrf_token': csrf_token}
     return Response(data)

Example #42

def delete(request):
	users = Users.objects.all().order_by('id')
	return render_to_response('delete_user.html', {'users': users, 'cs': get_token(request)})

Example #43

def put(request):
	users=Users.objects.all()
	return render_to_response('update user.html', {'users':users,'cs':get_token(request)})

Example #44

 def process_view(self, request, callback, callback_args, callback_kwargs):
     retval = super(_EnsureCsrfCookie, self).process_view(request, callback, callback_args, callback_kwargs)
     # Forces process_response to send the cookie
     get_token(request)
     return retval

Example #45

File: views.py Project: bmanandhar/storyteller

def specific_story(request,pk):
    cursor = connection.cursor()
    cursor.execute('SELECT s.id,s.title,s.body,s.date,s.user_id,u.profile_pic,a.first_name FROM story_story s INNER JOIN user_userprofile u ON u.user_id= s.user_id INNER JOIN auth_user a ON u.user_id = a.id AND s.id ='+str(pk))
    story = cursor.fetchall()  
    
    if len(story) > 0 :
        data = {
            'id'    : story[0][0],
            'title' :story[0][1],
            'body'  :story[0][2],          
            'date'  :datetime.datetime.fromtimestamp(int(story[0][3])).strftime('%B-%d-%Y'),
            'user_id':story[0][4],
            'pic'   :story[0][5],
            'name'  :story[0][6]   
        }     
        #adding like dislike 
        cursor.execute("SELECT COUNT(*), types FROM comments_like WHERE story_id = "+str(pk)+" GROUP BY types")
        result = cursor.fetchall()  
        likeData = {'like':0,'dislike':0}
        if len(result) >0 :
            for r in result :
                likeData[r[1]] = r[0]

        data['likes'] = likeData
        #adding comments
        cursor.execute("SELECT c.id,c.body,c.date,u.first_name,p.profile_pic FROM comments_comment c INNER JOIN auth_user u ON u.id = c.user_id INNER JOIN user_userprofile p ON p.user_id = c.user_id WHERE story_id = "+str(pk) + ' ORDER BY c.date DESC ')
        comments = cursor.fetchall()  
        commentData = []
        
        if len(comments) >0 :
            for c in comments :
                commentData.append({
                    'id'    :c[0],
                    'body'  : c[1],
                    'date'  : datetime.datetime.fromtimestamp(int(c[2])).strftime('%B-%d-%Y %H:%M:%S'),
                    'name'  : c[3],
                    'pic'   : c[4],
                    'edit'  : data['user_id'] == request.user.id and 'edit' or 'noedit'
                })

        data['comments'] = commentData
       
        return render(request,'story/specific_story.html',{'baseurl':request.get_host(),'data':data,'csrf':get_token(request) })
    else :
        return HttpResponse(status=403)

Example #46

 def _get_val():
     token = get_token(request)
     if token is None:
         return 'NOTPROVIDED'
     else:
         return smart_text(token)

Example #47

def agregarFinca_asJson(request):
    if request.method == 'GET':
        html = ''
        html += '''
		<h1>Registrar Finca</h1>
		<form id='formNuevo' action="/compania/agregarFinca/" class=" form-row" method="POST">
				<input type="hidden" name="csrfmiddlewaretoken" value="{}">
				<div class="col-md-12 input-group mb-3 mt-2">
					<div class="input-group-prepend">
						<span class="input-group-text" id="basic-addon1">Código de Finca</span>
					</div>
					<input type="text" name="codFinca" maxlength="10" class="form-control" required="" id="id_codFinca">
				</div>
				<div class="col-md-12 input-group mb-3 mt-2">
					<div class="input-group-prepend">
						<span class="input-group-text" id="basic-addon1">Nombre</span>
					</div>
					<input type="text" name="nombre" maxlength="50" class="form-control" required="" id="id_nombre">
				</div>
				<div class="col-md-12 input-group mb-3 mt-2">
					<div class="input-group-prepend">
						<span class="input-group-text" id="basic-addon1">Abreviatura</span>
					</div>
					<input type="text" name="abreviatura" maxlength="10" class="form-control" id="id_abreviatura">
				</div>
				<div class="col-md-12 input-group mb-3 mt-2">
					<div class="input-group-prepend">
						<span class="input-group-text" id="basic-addon1">Dirección</span>
					</div>
					<input type="text" name="direccion" maxlength="200" class="form-control" required="" id="id_direccion">
				</div>
				<div class="col-md-12 input-group mb-3 mt-2">
					<div class="input-group-prepend">
						<span class="input-group-text" id="basic-addon1">Empresa</span>
					</div>
					<select name="compania" class="selectpicker form-control" data-live-search="true" required="" id="id_compania" >
				

					'''.format(csrf.get_token(request))
        companias = Compania.objects.filter(estado=True, tipoCompania=1)

        for c in companias:
            html += '''	<option value="{}">{}</option>'''.format(c.pk, c)

        html += '''</select>
				</div>
			</form>
		'''
        return JsonResponse({'html': html})

    elif request.method == 'POST':
        finca_form = FincaForm(request.POST)
        if finca_form.is_valid():
            finca = finca_form.save()
            fincas = ''
            if request.POST['todo'] == 'si':
                fincas = Finca.objects.all()
            else:
                fincas = Finca.objects.filter(compania=finca.compania)
            html = ''
            print("finca num: ", finca.pk)
            for c in fincas:
                activo = ''
                if c.pk == finca.pk:
                    activo = 'selected'
                html += '<option value="{}" {}>{}</option>'.format(
                    c.pk, activo, c)
            return JsonResponse({'html': html})
        else:
            response = JsonResponse(
                {'error': "información brindada incompleta."})
            response.status_code = 403
            return response
    else:
        return render(request, '404.html')

Example #48

def post_(request):
	users=Users.objects.all()
	return render_to_response('form_post.html', {'users':users,'cs':get_token(request)})

Example #49

def agregarEmpresa_asJson(request):
    if request.method == 'GET':
        html = ''
        html += '''
		<h1>Registrar Empresa</h1>
		<form id="formNuevo" class="row" method="POST" action="/compania/agregarEmpresa/">
				<input type="hidden" name="csrfmiddlewaretoken" value="{}">
				<input type="hidden" name="uso" id='uso' value="{}">
				<div class="col-md-12 input-group mb-3 mt-2">
					<div class="input-group-prepend">
                        <span class="input-group-text" id="basic-addon1">Nombre:</span>
                    </div>
					 <input type="text" name="nombre" maxlength="50" class="form-control" required="" id="id_nombre">
				</div>
				<div class="col-md-12 input-group mb-3 mt-2">
					<div class="input-group-prepend">
                        <span class="input-group-text" id="basic-addon1">Dirección:</span>
                    </div>
					 <input type="text" name="direccion" maxlength="200" class="form-control" required="" id="id_direccion">
				</div>
				<div class="col-md-12 input-group mb-3 mt-2">
					<div class="input-group-prepend">
                        <span class="input-group-text" id="basic-addon1">Abreviatura:</span>
                    </div>
					 <input type="text" name="abreviatura" maxlength="10" class="form-control" id="id_abreviatura">
					</div>
				<div class="col-md-12 input-group mb-3 mt-2">
					<div class="input-group-prepend">
                        <span class="input-group-text" id="basic-addon1">Tipo:</span>
                    </div>
					 <label class="text-center"></label>
					 <select name="tipoCompania" class="form-control" required="" id="id_tipoCompania">
	
					'''.format(csrf.get_token(request), request.GET['uso'])

        tipoEmpresa = TipoCompania.objects.all()
        for te in tipoEmpresa:
            html += '''
  			<option value="{}">{}</option>
			'''.format(te.pk, te)

        html += '''

				</select>
			</div>
				<input hidden type="checkbox" name="estado" class="form-control" id="id_estado" checked>	
				
			</form>
		'''

        return JsonResponse({'html': html})

    elif request.method == 'POST':
        form = CompaniaForm(request.POST)
        user = request.user
        if form.is_valid():
            if user.has_perm('compania.add_compania'):
                compania = form.save()
                html = ''
                companias = ''
                if int(request.POST['uso']) == 1:
                    companias = Compania.objects.filter(
                        tipoCompania=TipoCompania.objects.get(pk=1))
                elif int(request.POST['uso']) == 2:
                    companias = Compania.objects.filter(
                        tipoCompania=TipoCompania.objects.get(pk=2))
                for var in companias:
                    activo = ''
                    if var.pk == compania.pk:
                        activo = 'selected'
                    html += '''
					<option value="{}" {}>{}</option>
					'''.format(var.pk, activo, var)
            # elif user.has_perm('compania.change_compania'):
            # 	form = CompaniaForm(data = request.POST, instance = Compania.objects.get(pk = int(request.POST['id_o'])))
            # 	compania = form.save(commit = False)
            # 	compania.save()
            return JsonResponse({'html': html})
        else:
            response = JsonResponse(
                {'error': "información brindada incompleta."})
            response.status_code = 403
            return response
    else:
        return render(request, '404.html')

Example #50

File: views.py Project: wurka/ofty

def get_csrf_token(request):
    token = get_token(request)
    return HttpResponse(token)