def addNewInner(request): if request.method == "GET": csrf_token = generate_csrf_token() request.session['csrf_token'] = csrf_token action_url = request.url form = obj.get_update_form(csrf_token, url=action_url) return form for name in request.post: try: attr = getattr(obj, name) if request.session['csrf_token'] != request.post['csrf_token']: raise InvalidCSRFTokenError("Invalid csrf") try: attr.update(request.post[name]) except AttributeError: attr = request.post[name] except: pass setattr(obj, name, attr) except: pass if not obj.post_init_hook(request):#allow the user to carry out any required post __init__ actions raise PostInitHookFailed("Post init hook did not return True for class " + obj.__class__.__name__ ) if not self.pre_add_hook(collection, obj):#check there will be no conflicts by adding this object raise PreAddHookFailed("Pre add hook did not return True for class " + self.__class__.__name__ ) l = getattr(self, collection) l.append(obj) setattr(self, collection, l) self.commit() #return obj.index(request) return self.index(request)
def login(self, request): """ Handle login request """ if request.method == "GET": csrf_token = generate_csrf_token() request.session['csrf_token'] = csrf_token return self.get_login_form(csrf_token) try: if request.session['csrf_token'] == request.post['csrf_token']: pass else: raise InvalidCSRFTokenError("Invalid CSRF token") except KeyError: raise InvalidCSRFTokenError("Invalid CSRF token") try: given_username = request.post['username'] given_password = request.post['password'] except KeyError, ke: print >> sys.stderr, "Site Login attempt missing required key ", ke raise MissingUpdateAttributeError("Site Login attempt missing required key ", ke)
def update(self, request): """ If request.method == GET Present an update form for managing all object attributes that derrive from Herbie.DataTypes.Datatype Otherwise, update the relevant object attributes, based upon the matching contents of request.post """ if request.method == 'GET': csrf_token = generate_csrf_token() request.session['csrf_token'] = csrf_token return self.get_update_form(csrf_token) try: if request.session['csrf_token'] == request.post['csrf_token']: pass else: raise InvalidCSRFTokenError( "Invalid CSRF token, expected %s, got %s", request.session['csrf_token'], request.post['csrf_token'] ) except KeyError: raise InvalidCSRFTokenError( "Invalid CSRF token, expected %s, got %s", request.session['csrf_token'], request.post['csrf_token'] ) if self.pre_update_hook(request): attrs = dir(self) for item in request.post: if item in attrs: attr = getattr(self, item) attr.update(request.post[item]) setattr(self, item, attr) self._p_changed = 1 transaction.commit() else: transaction.abort() return self.index(request)