def handle_login(request):
csrf_middleware = CsrfViewMiddleware()
response_data = {}
form = None
if request.raw_post_data:
request.POST = json.loads(request.raw_post_data)
csrf_middleware.process_view(request, None, None, None)
if 'data' in request.POST:
form = LoginForm(data=request.POST['data'])
if form.is_valid():
if not request.POST['meta']['validate']:
auth_login(request, form.get_user())
else:
form = LoginForm(request)
response_data['csrfmiddlewaretoken'] = get_token(request)
if form is not None:
remote_form = RemoteForm(form)
response_data.update(remote_form.as_dict())
response = HttpResponse(json.dumps(response_data, cls=LazyEncoder), mimetype="application/json")
csrf_middleware.process_response(request, response)
return response
def api_user_login_via_otp_form_email_django_forms_example(request):
csrf_middleware = CsrfViewMiddleware()
response_data = {}
if request.method == 'GET':
# Get form definition
form = UserLoginViaOtpFormEmail(initial={'email': settings.TESTING_EMAIL2})
elif request.method == 'POST':
if request.content_type != 'application/json':
return HttpResponse(json.dumps({"detail": "Unsupported media type \"'%s'\" in request." % request.content_type}), content_type="application/json",status=401);
# Process request for CSRF
csrf_middleware.process_view(request, None, None, None)
form_data = json.loads(request.body)
form = UserLoginViaOtpFormEmail(form_data)
if form.is_valid():
email = form.cleaned_data.get('email')
response = HttpResponse(
{'email': email},
content_type="application/json"
)
remote_form = RemoteForm(form)
# Errors in response_data['non_field_errors'] and response_data['errors']
response_data.update(remote_form.as_dict())
response = HttpResponse(
json.dumps(response_data, cls=DjangoJSONEncoder),
content_type="application/json"
)
# Process response for CSRF
csrf_middleware.process_response(request, response)
return response
def handle_login(request):
csrf_middleware = CsrfViewMiddleware()
response_data = {}
form = None
if request.raw_post_data:
request.POST = json.loads(request.raw_post_data)
csrf_middleware.process_view(request, None, None, None)
if 'data' in request.POST:
form = LoginForm(data=request.POST['data'])
if form.is_valid():
if not request.POST['meta']['validate']:
auth_login(request, form.get_user())
else:
form = LoginForm(request)
response_data['csrfmiddlewaretoken'] = get_token(request)
if form is not None:
remote_form = RemoteForm(form)
response_data.update(remote_form.as_dict())
response = HttpResponse(json.dumps(response_data, cls=LazyEncoder),
mimetype="application/json")
csrf_middleware.process_response(request, response)
return response
def my_ajax_view(request):
csrf_middleware = CsrfViewMiddleware()
response_data = {}
if request.method == 'GET':
# Get form definition
form = IngredientForm10()
elif request.method == 'POST':
#request.POST = json.loads(request.body)
# Process request for CSRF
csrf_middleware.process_view(request, None, None, None)
form_data = json.loads(request.body)
form = IngredientForm10(form_data)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse("ingredients-api:singleform"))
remote_form = RemoteForm(form)
# Errors in response_data['non_field_errors'] and response_data['errors']
response_data.update(remote_form.as_dict())
response = HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder),
content_type="application/json")
# Process response for CSRF
csrf_middleware.process_response(request, response)
return response
def my_ajax_view(request):
csrf_middleware = CsrfViewMiddleware()
response_data = {}
if request.method == 'GET':
# Get form definition
form = ProjectForm()
elif request.raw_post_data:
request.POST = json.loads(request.raw_post_data)
# Process request for CSRF
csrf_middleware.process_view(request, None, None, None)
form_data = request.POST.get('data', {})
form = ProjectForm(form_data)
if form.is_valid():
form.save()
field_configuration = {
'include': ['title','duration'],
}
remote_form = RemoteForm(form, **field_configuration)
# Errors in response_data['non_field_errors'] and response_data['errors']
response_data.update(remote_form.as_dict())
response = HttpResponse(
json.dumps(response_data, cls=DjangoJSONEncoder),
mimetype="application/json"
)
# Process response for CSRF
csrf_middleware.process_response(request, response)
return response
def create_response(self, request, data, response_class=HttpResponse, **response_kwargs):
"""
Extracts the common "which-format/serialize/return-response" cycle.
Also, since we're dealing with forms, process the response for
CSRF protection.
"""
csrf_middleware = CsrfViewMiddleware()
response = super(BaseFormResource, self).create_response(request, data, response_class, **response_kwargs)
return csrf_middleware.process_response(request, response)
def json_topic_form(request):
csrf_middleware = CsrfViewMiddleware()
response_data = {}
if request.method == 'GET':
form = TopicForm()
elif request.raw_post_data:
request.POST = json.loads(request.raw_post_data)
csrf_middleware.process_view(request, None, None, None, None)
form_data = request.POST.get('data', {})
form = TopicForm(form_data)
if form.is_valid():
form.save()
remote_form = RemoteForm(form)
response_data.update(remote_form_as_dict())
response = HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder), mimetype='application/json')
csrf_middleware.process_response(request, response)
return response;
def process_response(self, request, response):
# Caching is only applicable for text-based, non-streaming
# responses. We also skip it for non-200 statuses during
# development, so that stack traces are correctly rendered.
is_text = response.get("content-type", "").startswith("text")
valid_status = response.status_code == 200
streaming = getattr(response, "streaming", False)
if not is_text or streaming or (settings.DEBUG and not valid_status):
return response
# Cache the response if all the required conditions are met.
# Response must be marked for updating by the
# ``FetchFromCacheMiddleware`` having a cache get miss, the
# user must not be authenticated, the HTTP status must be OK
# and the response mustn't include an expiry age, indicating it
# shouldn't be cached.
marked_for_update = getattr(request, "_update_cache", False)
anon = hasattr(request, "user") and not is_authenticated(request.user)
timeout = get_max_age(response)
if timeout is None:
timeout = settings.CACHE_MIDDLEWARE_SECONDS
if anon and valid_status and marked_for_update and timeout:
cache_key = cache_key_prefix(request) + request.get_full_path()
_cache_set = lambda r: cache_set(cache_key, r.content, timeout)
if callable(getattr(response, "render", None)):
response.add_post_render_callback(_cache_set)
else:
_cache_set(response)
# Second phase rendering for non-cached template code and
# content. Split on the delimiter the ``nevercache`` tag
# wrapped its contents in, and render only the content
# enclosed by it, to avoid possible template code injection.
token = nevercache_token()
try:
token = token.encode('utf-8')
except AttributeError:
pass
parts = response.content.split(token)
# Restore csrf token from cookie - check the response
# first as it may be being set for the first time.
csrf_token = None
try:
csrf_token = response.cookies[settings.CSRF_COOKIE_NAME].value
except KeyError:
try:
csrf_token = request.COOKIES[settings.CSRF_COOKIE_NAME]
except KeyError:
pass
if csrf_token:
request.META["CSRF_COOKIE"] = csrf_token
context = RequestContext(request)
for i, part in enumerate(parts):
if i % 2:
part = Template(part).render(context).encode("utf-8")
parts[i] = part
response.content = b"".join(parts)
response["Content-Length"] = len(response.content)
if hasattr(request, '_messages'):
# Required to clear out user messages.
request._messages.update(response)
# Response needs to be run-through the CSRF middleware again so
# that if there was a {% csrf_token %} inside of the nevercache
# the cookie will be correctly set for the the response
csrf_mw_name = "django.middleware.csrf.CsrfViewMiddleware"
if csrf_mw_name in get_middleware_setting():
response.csrf_processing_done = False
csrf_mw = CsrfViewMiddleware()
csrf_mw.process_response(request, response)
return response
def newmessage(request):
from django.middleware.csrf import CsrfViewMiddleware
csrf_middleware = CsrfViewMiddleware()
response_data = {}
if request.method == 'GET':
# Get form definition
form = BroadcastForm()
elif request.method == 'POST':
request.POST = json.loads(request.body)
# Process request for CSRF
csrf_middleware.process_view(request, None, None, None)
form_data = request.POST.get('data', {})
form = BroadcastForm(form_data)
if form.is_valid():
message = form.cleaned_data["message"]
#Send Member
if form.cleaned_data["member"]:
queryset = _get_queryset(form)
if queryset:
persons = Person.objects.filter(queryset)
else:
persons = Person.objects.all()
_send_sms(persons, message)
_write_log(persons, message)
#Send External Receiver
if form.cleaned_data["external"]:
if form.cleaned_data["extra_phones"]:
phones = form.cleaned_data["extra_phones"].split(',')
for phone in phones:
_send_single_sms(phone, message)
_write_single_log(message)
#Send Non Member Receiver
if form.cleaned_data["nonmembers"]:
if form.cleaned_data["non_member"]:
phones = form.cleaned_data["non_member"]
for phone in phones:
person = nonmember.objects.get(id=int(phone.id))
_send_single_sms(phone, message)
_write_single_log(message,None,person)
#Send Member Ulang Tahun
if form.cleaned_data["ultah"]:
if form.cleaned_data["ultah_today"]:
phones = form.cleaned_data["ultah_today"]
for phone in phones:
person = Person.objects.get(id=phone.id)
_send_single_sms(phone, message)
_write_single_log(message,None,person)
remote_form = RemoteForm(form)
# Errors in response_data['non_field_errors'] and response_data['errors']
response_data.update(remote_form.as_dict())
response = HttpResponse(
json.dumps(response_data, cls=DjangoJSONEncoder),
content_type="application/json"
)
# Process response for CSRF
csrf_middleware.process_response(request, response)
return response
def newmessage(request):
from django.middleware.csrf import CsrfViewMiddleware
csrf_middleware = CsrfViewMiddleware()
response_data = {}
if request.method == 'GET':
# Get form definition
form = BroadcastForm()
elif request.method == 'POST':
request.POST = json.loads(request.body)
# Process request for CSRF
csrf_middleware.process_view(request, None, None, None)
form_data = request.POST.get('data', {})
form = BroadcastForm(form_data)
if form.is_valid():
message = form.cleaned_data["message"]
#Send Member
if form.cleaned_data["member"]:
queryset = _get_queryset(form)
if queryset:
persons = Person.objects.filter(queryset)
else:
persons = Person.objects.all()
_send_sms(persons, message)
_write_log(persons, message)
#Send External Receiver
if form.cleaned_data["external"]:
if form.cleaned_data["extra_phones"]:
phones = form.cleaned_data["extra_phones"].split(',')
for phone in phones:
_send_single_sms(phone, message)
_write_single_log(message)
#Send Non Member Receiver
if form.cleaned_data["nonmembers"]:
if form.cleaned_data["non_member"]:
phones = form.cleaned_data["non_member"]
for phone in phones:
person = nonmember.objects.get(id=int(phone.id))
_send_single_sms(phone, message)
_write_single_log(message, None, person)
#Send Member Ulang Tahun
if form.cleaned_data["ultah"]:
if form.cleaned_data["ultah_today"]:
phones = form.cleaned_data["ultah_today"]
for phone in phones:
person = Person.objects.get(id=phone.id)
_send_single_sms(phone, message)
_write_single_log(message, None, person)
remote_form = RemoteForm(form)
# Errors in response_data['non_field_errors'] and response_data['errors']
response_data.update(remote_form.as_dict())
response = HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder),
content_type="application/json")
# Process response for CSRF
csrf_middleware.process_response(request, response)
return response
def process_response(self, request, response):
# Caching is only applicable for text-based, non-streaming
# responses. We also skip it for non-200 statuses during
# development, so that stack traces are correctly rendered.
is_text = response.get("content-type", "").startswith("text")
valid_status = response.status_code == 200
streaming = getattr(response, "streaming", False)
if not is_text or streaming or (settings.DEBUG and not valid_status):
return response
# Cache the response if all the required conditions are met.
# Response must be marked for updating by the
# ``FetchFromCacheMiddleware`` having a cache get miss, the
# user must not be authenticated, the HTTP status must be OK
# and the response mustn't include an expiry age, indicating it
# shouldn't be cached.
marked_for_update = getattr(request, "_update_cache", False)
anon = hasattr(request, "user") and not request.user.is_authenticated()
timeout = get_max_age(response)
if timeout is None:
timeout = settings.CACHE_MIDDLEWARE_SECONDS
if anon and valid_status and marked_for_update and timeout:
cache_key = cache_key_prefix(request) + request.get_full_path()
_cache_set = lambda r: cache_set(cache_key, r.content, timeout)
if callable(getattr(response, "render", None)):
response.add_post_render_callback(_cache_set)
else:
_cache_set(response)
# Second phase rendering for non-cached template code and
# content. Split on the delimiter the ``nevercache`` tag
# wrapped its contents in, and render only the content
# enclosed by it, to avoid possible template code injection.
token = nevercache_token()
try:
token = token.encode('utf-8')
except AttributeError:
pass
parts = response.content.split(token)
# Restore csrf token from cookie - check the response
# first as it may be being set for the first time.
csrf_token = None
try:
csrf_token = response.cookies[settings.CSRF_COOKIE_NAME].value
except KeyError:
try:
csrf_token = request.COOKIES[settings.CSRF_COOKIE_NAME]
except KeyError:
pass
if csrf_token:
request.META["CSRF_COOKIE"] = csrf_token
context = RequestContext(request)
for i, part in enumerate(parts):
if i % 2:
part = Template(part).render(context).encode("utf-8")
parts[i] = part
response.content = b"".join(parts)
response["Content-Length"] = len(response.content)
if hasattr(request, '_messages'):
# Required to clear out user messages.
request._messages.update(response)
# Response needs to be run-through the CSRF middleware again so
# that if there was a {% csrf_token %} inside of the nevercache
# the cookie will be correctly set for the the response
csrf_mw_name = "django.middleware.csrf.CsrfViewMiddleware"
if csrf_mw_name in MIDDLEWARE_SETTING:
response.csrf_processing_done = False
csrf_mw = CsrfViewMiddleware()
csrf_mw.process_response(request, response)
return response
def handle_instance_form(request, app_label, model_name, instance_id=None):
if not request.user.is_authenticated():
return HttpResponse('Unauthorized', status=401)
csrf_middleware = CsrfViewMiddleware()
response_data = {
'meta': {
'app_label': app_label,
'model_name': model_name
},
'admin': {}
}
instance = None
for model, model_admin in site._registry.items():
if app_label != model._meta.app_label or model_name != model._meta.module_name:
continue
field_configuration = {
'include': model_admin.fields or [],
'exclude': model_admin.exclude or [],
'ordering': model_admin.fields or [],
'fieldsets': model_admin.fieldsets or {},
'readonly': model_admin.readonly_fields or []
}
if instance_id is not None:
response_data[instance_id] = instance_id
try:
instance = model.objects.get(pk=instance_id)
except model.DoesNotExist:
raise Http404('Invalid instance ID')
current_model = model
CurrentModelForm = ADMIN_FORM_OVERRIDES.get(model_name, None)
if CurrentModelForm is None:
class CurrentModelForm(ModelForm):
class Meta:
model = current_model
if request.method == 'GET':
# Return instance form for given model name
# Return initial values if instance ID is supplied, otherwise return empty form
if instance is None:
form = CurrentModelForm()
else:
form = CurrentModelForm(instance=instance)
for field_name, initial_value in form.initial.items():
if initial_value is not None and field_name in form.fields:
form.fields[field_name].initial = initial_value
response_data['csrfmiddlewaretoken'] = get_token(request)
remote_form = RemoteForm(form, **field_configuration)
response_data.update(remote_form.as_dict())
elif request.raw_post_data:
request.POST = json.loads(request.raw_post_data)
csrf_middleware.process_view(request, None, None, None)
if 'data' in request.POST:
if instance_id is None:
form = CurrentModelForm(request.POST['data'])
else:
form = CurrentModelForm(request.POST['data'],
instance=instance)
if form.is_valid():
if not request.POST['meta']['validate']:
form.save()
remote_form = RemoteForm(form, **field_configuration)
response_data.update(remote_form.as_dict())
response = HttpResponse(json.dumps(response_data, cls=LazyEncoder),
mimetype="application/json")
csrf_middleware.process_response(request, response)
return response
def handle_instance_form(request, app_label, model_name, instance_id=None):
if not request.user.is_authenticated():
return HttpResponse('Unauthorized', status=401)
csrf_middleware = CsrfViewMiddleware()
response_data = {
'meta': {
'app_label': app_label,
'model_name': model_name
},
'admin': {}
}
instance = None
for model, model_admin in site._registry.items():
if app_label != model._meta.app_label or model_name != model._meta.module_name:
continue
field_configuration = {
'include': model_admin.fields or [],
'exclude': model_admin.exclude or [],
'ordering': model_admin.fields or [],
'fieldsets': model_admin.fieldsets or {},
'readonly': model_admin.readonly_fields or []
}
if instance_id is not None:
response_data[instance_id] = instance_id
try:
instance = model.objects.get(pk=instance_id)
except model.DoesNotExist:
raise Http404('Invalid instance ID')
current_model = model
CurrentModelForm = ADMIN_FORM_OVERRIDES.get(model_name, None)
if CurrentModelForm is None:
class CurrentModelForm(ModelForm):
class Meta:
model = current_model
if request.method == 'GET':
# Return instance form for given model name
# Return initial values if instance ID is supplied, otherwise return empty form
if instance is None:
form = CurrentModelForm()
else:
form = CurrentModelForm(instance=instance)
for field_name, initial_value in form.initial.items():
if initial_value is not None and field_name in form.fields:
form.fields[field_name].initial = initial_value
response_data['csrfmiddlewaretoken'] = get_token(request)
remote_form = RemoteForm(form, **field_configuration)
response_data.update(remote_form.as_dict())
elif request.raw_post_data:
request.POST = json.loads(request.raw_post_data)
csrf_middleware.process_view(request, None, None, None)
if 'data' in request.POST:
if instance_id is None:
form = CurrentModelForm(request.POST['data'])
else:
form = CurrentModelForm(request.POST['data'], instance=instance)
if form.is_valid():
if not request.POST['meta']['validate']:
form.save()
remote_form = RemoteForm(form, **field_configuration)
response_data.update(remote_form.as_dict())
response = HttpResponse(json.dumps(response_data, cls=LazyEncoder), mimetype="application/json")
csrf_middleware.process_response(request, response)
return response
