async def index(request):
kwargs = dict(secret_key='yyy', field_name='csrf_token')
# verify that state is empty
assert hasattr(request.state, 'csrf_token') == False
# generate token
signed_token = generate_csrf(request, **kwargs)
assert signed_token != None
# verify idempotence within a request
assert signed_token == generate_csrf(request, **kwargs)
return PlainTextResponse()
async def index(request):
# seed with bad data
request.session['y'] = 1
# run generate method
signed_token = generate_csrf(request, secret_key='x', field_name='y')
return PlainTextResponse()
async def index(request):
kwargs = {'secret_key': Secret('yyy'), 'field_name': 'csrf_token'}
# generate token
signed_token = generate_csrf(request, **kwargs)
# test valid data
validate_csrf(request, signed_token, **kwargs)
return PlainTextResponse()
def csrf_token(request):
"""Return CSRF token
Args:
request (:class:`starlette.requests.Request`): The request instance.
Returns:
str: The signed token
"""
csrf_config = request.state.csrf_config
return generate_csrf(request,
secret_key=csrf_config['csrf_secret'],
field_name=csrf_config['csrf_field_name'])
async def index(request):
kwargs = {'secret_key': 'yyy', 'field_name': 'csrf_token'}
# generate token
signed_token = generate_csrf(request, **kwargs)
# test valid data
validate_csrf(request, signed_token, **kwargs)
# test expired data
with pytest.raises(ValidationError) as excinfo:
validate_csrf(request, signed_token, time_limit=-1, **kwargs)
assert str(excinfo.value) == 'The CSRF token has expired.'
return PlainTextResponse()
def generate_csrf_token(self, csrf_token_field):
meta = self.form_meta
return generate_csrf(
request=meta.csrf_context,
secret_key=meta.csrf_secret,
field_name=meta.csrf_field_name)
async def generate(request):
signed_token = generate_csrf(request, **kwargs)
return PlainTextResponse(signed_token)