def checkCSRFExpire(self, token):
csrfCreateAt = session.pop('_csrfTokenAdded', None)
expire = self.app.config['CSRF_EXPIRE']
now = datetime.datetime.now()
currentTime = time.mktime(now.timetuple())
term = currentTime - csrfCreateAt
if term > expire:
return False
return True
def checkCSRFExpire(self, token):
csrfCreateAt = session.pop('_csrfTokenAdded', None)
expire = self.app.config['CSRF_EXPIRE']
now = datetime.datetime.now()
currentTime = time.mktime(now.timetuple())
term = currentTime - csrfCreateAt
if term > expire:
return False
return True
def csrfProtect(self):
if not shared._csrfExempt:
if request.method == 'POST':
token = session.pop('_csrfToken', None)
if not token or token != request.form.get('_csrfToken'):
if self.csrfHandler:
self.csrfHandler(*self.app.matchRequest())
else:
if not self.checkCSRFExpire(token):
abort(400)
def csrfProtect(self):
if not shared._csrfExempt:
if request.method == 'POST':
token = session.pop('_csrfToken', None)
if not token or token != request.form.get('_csrfToken'):
if self.csrfHandler:
self.csrfHandler(*self.app.matchRequest())
else:
if not self.checkCSRFExpire(token):
abort(400)
