def handle_login(request):
csrf_middleware = CsrfViewMiddleware()
response_data = {}
form = None
if request.raw_post_data:
request.POST = json.loads(request.raw_post_data)
csrf_middleware.process_view(request, None, None, None)
if 'data' in request.POST:
form = LoginForm(data=request.POST['data'])
if form.is_valid():
if not request.POST['meta']['validate']:
auth_login(request, form.get_user())
else:
form = LoginForm(request)
response_data['csrfmiddlewaretoken'] = get_token(request)
if form is not None:
remote_form = RemoteForm(form)
response_data.update(remote_form.as_dict())
response = HttpResponse(json.dumps(response_data, cls=LazyEncoder), mimetype="application/json")
csrf_middleware.process_response(request, response)
return response
def test_https_malformed_referer(self):
"""
A POST HTTPS request with a bad referer is rejected.
"""
malformed_referer_msg = 'Referer checking failed - Referer is malformed.'
req = self._get_POST_request_with_token()
req._is_secure_override = True
req.META['HTTP_REFERER'] = 'http://http://www.example.com/'
mw = CsrfViewMiddleware(post_form_view)
response = mw.process_view(req, post_form_view, (), {})
self.assertContains(
response,
'Referer checking failed - Referer is insecure while host is secure.',
status_code=403,
)
# Empty
req.META['HTTP_REFERER'] = ''
response = mw.process_view(req, post_form_view, (), {})
self.assertContains(response, malformed_referer_msg, status_code=403)
# Non-ASCII
req.META['HTTP_REFERER'] = 'ØBöIß'
response = mw.process_view(req, post_form_view, (), {})
self.assertContains(response, malformed_referer_msg, status_code=403)
# missing scheme
# >>> urlparse('//example.com/')
# ParseResult(scheme='', netloc='example.com', path='/', params='', query='', fragment='')
req.META['HTTP_REFERER'] = '//example.com/'
response = mw.process_view(req, post_form_view, (), {})
self.assertContains(response, malformed_referer_msg, status_code=403)
# missing netloc
# >>> urlparse('https://')
# ParseResult(scheme='https', netloc='', path='', params='', query='', fragment='')
req.META['HTTP_REFERER'] = 'https://'
response = mw.process_view(req, post_form_view, (), {})
self.assertContains(response, malformed_referer_msg, status_code=403)
def api_user_login_via_otp_form_email_django_forms_example(request):
csrf_middleware = CsrfViewMiddleware()
response_data = {}
if request.method == 'GET':
# Get form definition
form = UserLoginViaOtpFormEmail(initial={'email': settings.TESTING_EMAIL2})
elif request.method == 'POST':
if request.content_type != 'application/json':
return HttpResponse(json.dumps({"detail": "Unsupported media type \"'%s'\" in request." % request.content_type}), content_type="application/json",status=401);
# Process request for CSRF
csrf_middleware.process_view(request, None, None, None)
form_data = json.loads(request.body)
form = UserLoginViaOtpFormEmail(form_data)
if form.is_valid():
email = form.cleaned_data.get('email')
response = HttpResponse(
{'email': email},
content_type="application/json"
)
remote_form = RemoteForm(form)
# Errors in response_data['non_field_errors'] and response_data['errors']
response_data.update(remote_form.as_dict())
response = HttpResponse(
json.dumps(response_data, cls=DjangoJSONEncoder),
content_type="application/json"
)
# Process response for CSRF
csrf_middleware.process_response(request, response)
return response
def my_ajax_view(request):
csrf_middleware = CsrfViewMiddleware()
response_data = {}
if request.method == 'GET':
# Get form definition
form = IngredientForm10()
elif request.method == 'POST':
#request.POST = json.loads(request.body)
# Process request for CSRF
csrf_middleware.process_view(request, None, None, None)
form_data = json.loads(request.body)
form = IngredientForm10(form_data)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse("ingredients-api:singleform"))
remote_form = RemoteForm(form)
# Errors in response_data['non_field_errors'] and response_data['errors']
response_data.update(remote_form.as_dict())
response = HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder),
content_type="application/json")
# Process response for CSRF
csrf_middleware.process_response(request, response)
return response
def test_csrf_cookie_samesite(self):
req = self._get_GET_no_csrf_cookie_request()
with self.settings(CSRF_COOKIE_NAME='csrfcookie', CSRF_COOKIE_SAMESITE='Strict'):
mw = CsrfViewMiddleware(token_view)
mw.process_view(req, token_view, (), {})
resp = mw(req)
self.assertEqual(resp.cookies['csrfcookie']['samesite'], 'Strict')
def my_ajax_view(request):
csrf_middleware = CsrfViewMiddleware()
response_data = {}
if request.method == 'GET':
# Get form definition
form = ProjectForm()
elif request.raw_post_data:
request.POST = json.loads(request.raw_post_data)
# Process request for CSRF
csrf_middleware.process_view(request, None, None, None)
form_data = request.POST.get('data', {})
form = ProjectForm(form_data)
if form.is_valid():
form.save()
field_configuration = {
'include': ['title','duration'],
}
remote_form = RemoteForm(form, **field_configuration)
# Errors in response_data['non_field_errors'] and response_data['errors']
response_data.update(remote_form.as_dict())
response = HttpResponse(
json.dumps(response_data, cls=DjangoJSONEncoder),
mimetype="application/json"
)
# Process response for CSRF
csrf_middleware.process_response(request, response)
return response
def process_response(self, request, response):
if response.status_code != 404:
return response # No need to check for a node for non-404 responses.
csrf_middleware = CsrfViewMiddleware()
csrf_middleware.process_view(request, node, None, None)
try:
return node(request)
# Return the original response if any errors happened. Because this
# is a middleware, we can't assume the errors will be caught elsewhere.
except Http404:
referrer = request.META.get('HTTP_REFERER')
try:
if referrer and referrer.endswith(request.path_info):
# Seems like the visitor just changed his language. Even if that's not so, there's no point
# in viewing the same 404 error page twice, you'll better go see the root :)
if '/my/' in request.path:
return HttpResponseRedirect("/my/")
return HttpResponseRedirect("/")
except UnicodeDecodeError:
return response
return response
except:
if settings.DEBUG:
raise
return response
def handle_login(request):
csrf_middleware = CsrfViewMiddleware()
response_data = {}
form = None
if request.raw_post_data:
request.POST = json.loads(request.raw_post_data)
csrf_middleware.process_view(request, None, None, None)
if 'data' in request.POST:
form = LoginForm(data=request.POST['data'])
if form.is_valid():
if not request.POST['meta']['validate']:
auth_login(request, form.get_user())
else:
form = LoginForm(request)
response_data['csrfmiddlewaretoken'] = get_token(request)
if form is not None:
remote_form = RemoteForm(form)
response_data.update(remote_form.as_dict())
response = HttpResponse(json.dumps(response_data, cls=LazyEncoder),
mimetype="application/json")
csrf_middleware.process_response(request, response)
return response
def test_get_token_for_exempt_view(self):
"""
get_token still works for a view decorated with 'csrf_exempt'.
"""
req = self._get_GET_csrf_cookie_request()
mw = CsrfViewMiddleware(token_view)
mw.process_request(req)
mw.process_view(req, csrf_exempt(token_view), (), {})
resp = token_view(req)
self._check_token_present(resp)
def test_ensures_csrf_cookie_with_middleware(self):
"""
The ensure_csrf_cookie() decorator works with the CsrfViewMiddleware
enabled.
"""
req = self._get_GET_no_csrf_cookie_request()
mw = CsrfViewMiddleware(ensure_csrf_cookie_view)
mw.process_view(req, ensure_csrf_cookie_view, (), {})
mw(req)
self.assertTrue(req.session.get(CSRF_SESSION_KEY, False))
def test_token_node_with_csrf_cookie(self):
"""
CsrfTokenNode works when a CSRF cookie is set.
"""
req = self._get_GET_csrf_cookie_request()
mw = CsrfViewMiddleware(token_view)
mw.process_request(req)
mw.process_view(req, token_view, (), {})
resp = token_view(req)
self._check_token_present(resp)
def test_post_data_read_failure(self):
"""
OSErrors during POST data reading are caught and treated as if the
POST data wasn't there (#20128).
"""
class CsrfPostRequest(HttpRequest):
"""
HttpRequest that can raise an OSError when accessing POST data
"""
def __init__(self, token, raise_error):
super().__init__()
self.method = 'POST'
self.raise_error = False
self.COOKIES[settings.CSRF_COOKIE_NAME] = token
# Handle both cases here to prevent duplicate code in the
# session tests.
self.session = {}
self.session[CSRF_SESSION_KEY] = token
self.POST['csrfmiddlewaretoken'] = token
self.raise_error = raise_error
def _load_post_and_files(self):
raise OSError('error reading input data')
def _get_post(self):
if self.raise_error:
self._load_post_and_files()
return self._post
def _set_post(self, post):
self._post = post
POST = property(_get_post, _set_post)
token = ('ABC' + self._csrf_id)[:CSRF_TOKEN_LENGTH]
req = CsrfPostRequest(token, raise_error=False)
mw = CsrfViewMiddleware(post_form_view)
mw.process_request(req)
resp = mw.process_view(req, post_form_view, (), {})
self.assertIsNone(resp)
req = CsrfPostRequest(token, raise_error=True)
mw.process_request(req)
with self.assertLogs('django.security.csrf', 'WARNING') as cm:
resp = mw.process_view(req, post_form_view, (), {})
self.assertEqual(resp.status_code, 403)
self.assertEqual(
cm.records[0].getMessage(),
'Forbidden (%s): ' % REASON_CSRF_TOKEN_MISSING,
)
def test_session_modify(self):
"""The session isn't saved if the CSRF cookie is unchanged."""
req = self._get_GET_no_csrf_cookie_request()
mw = CsrfViewMiddleware(ensure_csrf_cookie_view)
mw.process_view(req, ensure_csrf_cookie_view, (), {})
mw(req)
self.assertIsNotNone(req.session.get(CSRF_SESSION_KEY))
req.session.modified = False
mw.process_view(req, ensure_csrf_cookie_view, (), {})
mw(req)
self.assertFalse(req.session.modified)
def test_ensures_csrf_cookie_with_middleware(self):
"""
The ensure_csrf_cookie() decorator works with the CsrfViewMiddleware
enabled.
"""
req = self._get_GET_no_csrf_cookie_request()
mw = CsrfViewMiddleware(ensure_csrf_cookie_view)
mw.process_view(req, ensure_csrf_cookie_view, (), {})
resp = mw(req)
self.assertTrue(resp.cookies.get(settings.CSRF_COOKIE_NAME, False))
self.assertIn('Cookie', resp.get('Vary', ''))
def test_token_node_with_new_csrf_cookie(self):
"""
CsrfTokenNode works when a CSRF cookie is created by the middleware
(when one was not already present).
"""
req = self._get_GET_no_csrf_cookie_request()
mw = CsrfViewMiddleware(token_view)
mw.process_view(req, token_view, (), {})
resp = mw(req)
csrf_cookie = req.session[CSRF_SESSION_KEY]
self._check_token_present(resp, csrf_id=csrf_cookie)
def test_token_node_with_new_csrf_cookie(self):
"""
CsrfTokenNode works when a CSRF cookie is created by
the middleware (when one was not already present)
"""
req = self._get_GET_no_csrf_cookie_request()
mw = CsrfViewMiddleware(token_view)
mw.process_view(req, token_view, (), {})
resp = mw(req)
csrf_cookie = resp.cookies[settings.CSRF_COOKIE_NAME]
self._check_token_present(resp, csrf_id=csrf_cookie.value)
def test_process_view_token_too_long(self):
"""
If the token is longer than expected, it is ignored and a new token is
created.
"""
req = self._get_GET_no_csrf_cookie_request()
req.COOKIES[settings.CSRF_COOKIE_NAME] = 'x' * 100000
mw = CsrfViewMiddleware(token_view)
mw.process_view(req, token_view, (), {})
resp = mw(req)
csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, False)
self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
def test_token_node_empty_csrf_cookie(self):
"""
A new token is sent if the csrf_cookie is the empty string.
"""
req = self._get_GET_no_csrf_cookie_request()
req.COOKIES[settings.CSRF_COOKIE_NAME] = ""
mw = CsrfViewMiddleware(token_view)
mw.process_view(req, token_view, (), {})
resp = token_view(req)
token = get_token(req)
self.assertIsNotNone(token)
self._check_token_present(resp, token)
def process_request(self, request):
if (cache_installed() and request.method == "GET" and
not request.user.is_authenticated()):
cache_key = cache_key_prefix(request) + request.get_full_path()
response = cache_get(cache_key)
if response is None:
request._update_cache = True
else:
csrf_mw_name = "django.middleware.csrf.CsrfViewMiddleware"
if csrf_mw_name in settings.MIDDLEWARE_CLASSES:
csrf_mw = CsrfViewMiddleware()
csrf_mw.process_view(request, lambda x: None, None, None)
get_token(request)
return HttpResponse(response)
def process_request(self, request):
if (cache_installed() and request.method == "GET"
and not request.user.is_authenticated()):
cache_key = cache_key_prefix(request) + request.get_full_path()
response = cache_get(cache_key)
if response is None:
request._update_cache = True
else:
csrf_mw_name = "django.middleware.csrf.CsrfViewMiddleware"
if csrf_mw_name in settings.MIDDLEWARE_CLASSES:
csrf_mw = CsrfViewMiddleware()
csrf_mw.process_view(request, lambda x: None, None, None)
get_token(request)
return HttpResponse(response)
def test_process_view_token_invalid_chars(self):
"""
If the token contains non-alphanumeric characters, it is ignored and a
new token is created.
"""
token = ('!@#' + self._csrf_id)[:CSRF_TOKEN_LENGTH]
req = self._get_GET_no_csrf_cookie_request()
req.COOKIES[settings.CSRF_COOKIE_NAME] = token
mw = CsrfViewMiddleware(token_view)
mw.process_view(req, token_view, (), {})
resp = mw(req)
csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, False)
self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
self.assertNotEqual(csrf_cookie.value, token)
def test_cookie_not_reset_on_accepted_request(self):
"""
The csrf token used in posts is changed on every request (although
stays equivalent). The csrf cookie should not change on accepted
requests. If it appears in the response, it should keep its value.
"""
req = self._get_POST_request_with_token()
mw = CsrfViewMiddleware(token_view)
mw.process_request(req)
mw.process_view(req, token_view, (), {})
resp = mw(req)
csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, None)
if csrf_cookie:
self.assertEqual(csrf_cookie.value, self._csrf_id_cookie,
"CSRF cookie was changed on an accepted request")
def process_request(self, request):
if (cache_installed() and request.method == "GET"
and not is_authenticated(request.user)):
cache_key = cache_key_prefix(request) + request.get_full_path()
response = cache_get(cache_key)
# We need to force a csrf token here, as new sessions
# won't receieve one on their first request, with cache
# middleware running.
if csrf_middleware_installed():
csrf_mw = CsrfViewMiddleware()
csrf_mw.process_view(request, lambda x: None, None, None)
get_token(request)
if response is None:
request._update_cache = True
else:
return HttpResponse(response)
def process_request(self, request):
if (cache_installed() and request.method == "GET" and
not is_authenticated(request.user)):
cache_key = cache_key_prefix(request) + request.get_full_path()
response = cache_get(cache_key)
# We need to force a csrf token here, as new sessions
# won't receieve one on their first request, with cache
# middleware running.
if csrf_middleware_installed():
csrf_mw = CsrfViewMiddleware()
csrf_mw.process_view(request, lambda x: None, None, None)
get_token(request)
if response is None:
request._update_cache = True
else:
return HttpResponse(response)
def post(self, request, *args, **kwargs):
# Check CSRF manually *after* initializing the file upload handlers.
csrf_checker = CsrfViewMiddleware()
csrf_error = csrf_checker.process_view(request, None, None, None)
if csrf_error is not None:
return csrf_error # csrf_error is the regular CSRF error View
form = self.form_class(request.POST, request.FILES)
if form.is_valid():
#form.save()
self.filename=request.FILES['csv_file'].temporary_file_path()
logger.info("Starting catalogue import")
importer = TernovoPriceImporter(logger, delimiter=";")
logger.info(" - Importing records from '%s'" % self.filename)
try:
stats=importer.handle(self.filename)
except CatalogueImportError as e:
raise CommandError(str(e))
#return redirect(reverse_lazy('dashboard:import-success', kwargs = {'filename': self.filename}))
return render(request,self.template_name, {'form': form, 'filename': request.FILES['csv_file'].name, 'stats': stats})
else:
return render(request, self.template_name, {'form': form})
def check_csrf(self, request):
csrf_middleware = CsrfViewMiddleware()
response = csrf_middleware.process_view(request, self.deserialize, [],
{})
if response is not None:
assert False, 'csrf failed' #TODO APIException(response) or SuspiciousOperation ....
raise response
def check_csrf(request: HttpRequest,
callback: Callable) -> Optional[HttpResponseForbidden]:
mware = CsrfViewMiddleware(
lambda x: HttpResponseForbidden()) # pragma: no cover
request.csrf_processing_done = False # type: ignore
mware.process_request(request)
return mware.process_view(request, callback, (), {})
def test_origin_malformed_host(self):
req = self._get_POST_no_csrf_cookie_request()
req._is_secure_override = True
req.META['HTTP_HOST'] = '@malformed'
req.META['HTTP_ORIGIN'] = 'https://www.evil.org'
mw = CsrfViewMiddleware(token_view)
response = mw.process_view(req, token_view, (), {})
self.assertEqual(response.status_code, 403)
def test_put_and_delete_allowed(self):
"""
HTTP PUT and DELETE can get through with X-CSRFToken and a cookie.
"""
req = self._get_GET_csrf_cookie_request()
req.method = 'PUT'
req.META['HTTP_X_CSRFTOKEN'] = self._csrf_id
mw = CsrfViewMiddleware(post_form_view)
mw.process_request(req)
resp = mw.process_view(req, post_form_view, (), {})
self.assertIsNone(resp)
req = self._get_GET_csrf_cookie_request()
req.method = 'DELETE'
req.META['HTTP_X_CSRFTOKEN'] = self._csrf_id
mw.process_request(req)
resp = mw.process_view(req, post_form_view, (), {})
self.assertIsNone(resp)
def test_process_request_csrf_cookie_and_token(self):
"""
If both a cookie and a token is present, the middleware lets it through.
"""
req = self._get_POST_request_with_token()
mw = CsrfViewMiddleware(post_form_view)
mw.process_request(req)
resp = mw.process_view(req, post_form_view, (), {})
self.assertIsNone(resp)
def _test_https_good_referer_matches_cookie_domain(self):
req = self._get_POST_request_with_token()
req._is_secure_override = True
req.META['HTTP_REFERER'] = 'https://foo.example.com/'
req.META['SERVER_PORT'] = '443'
mw = CsrfViewMiddleware(post_form_view)
mw.process_request(req)
response = mw.process_view(req, post_form_view, (), {})
self.assertIsNone(response)
def test_good_origin_insecure(self):
"""A POST HTTP request with a good origin is accepted."""
req = self._get_POST_request_with_token()
req.META['HTTP_HOST'] = 'www.example.com'
req.META['HTTP_ORIGIN'] = 'http://www.example.com'
mw = CsrfViewMiddleware(post_form_view)
self.assertIs(mw._origin_verified(req), True)
response = mw.process_view(req, post_form_view, (), {})
self.assertIsNone(response)
def test_put_and_delete_rejected(self):
"""
HTTP PUT and DELETE methods have protection
"""
req = TestingHttpRequest()
req.method = 'PUT'
mw = CsrfViewMiddleware(post_form_view)
with self.assertLogs('django.security.csrf', 'WARNING') as cm:
resp = mw.process_view(req, post_form_view, (), {})
self.assertEqual(403, resp.status_code)
self.assertEqual(cm.records[0].getMessage(), 'Forbidden (%s): ' % REASON_NO_CSRF_COOKIE)
req = TestingHttpRequest()
req.method = 'DELETE'
with self.assertLogs('django.security.csrf', 'WARNING') as cm:
resp = mw.process_view(req, post_form_view, (), {})
self.assertEqual(403, resp.status_code)
self.assertEqual(cm.records[0].getMessage(), 'Forbidden (%s): ' % REASON_NO_CSRF_COOKIE)
def test_csrf_token_in_header_with_customized_name(self):
"""
settings.CSRF_HEADER_NAME can be used to customize the CSRF header name
"""
req = self._get_POST_csrf_cookie_request()
req.META['HTTP_X_CSRFTOKEN_CUSTOMIZED'] = self._csrf_id
mw = CsrfViewMiddleware(post_form_view)
mw.process_request(req)
resp = mw.process_view(req, post_form_view, (), {})
self.assertIsNone(resp)
def test_csrf_cookie_age(self):
"""
CSRF cookie age can be set using settings.CSRF_COOKIE_AGE.
"""
req = self._get_GET_no_csrf_cookie_request()
MAX_AGE = 123
with self.settings(CSRF_COOKIE_NAME='csrfcookie',
CSRF_COOKIE_DOMAIN='.example.com',
CSRF_COOKIE_AGE=MAX_AGE,
CSRF_COOKIE_PATH='/test/',
CSRF_COOKIE_SECURE=True,
CSRF_COOKIE_HTTPONLY=True):
# token_view calls get_token() indirectly
mw = CsrfViewMiddleware(token_view)
mw.process_view(req, token_view, (), {})
resp = mw(req)
max_age = resp.cookies.get('csrfcookie').get('max-age')
self.assertEqual(max_age, MAX_AGE)
def json_topic_form(request):
csrf_middleware = CsrfViewMiddleware()
response_data = {}
if request.method == 'GET':
form = TopicForm()
elif request.raw_post_data:
request.POST = json.loads(request.raw_post_data)
csrf_middleware.process_view(request, None, None, None, None)
form_data = request.POST.get('data', {})
form = TopicForm(form_data)
if form.is_valid():
form.save()
remote_form = RemoteForm(form)
response_data.update(remote_form_as_dict())
response = HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder), mimetype='application/json')
csrf_middleware.process_response(request, response)
return response;
def check_csrf(self, request):
csrf_middleware = CsrfViewMiddleware()
response = csrf_middleware.process_view(request, self.deserialize, self.view.args, self.view.kwargs)
if response is not None:
assert False, 'csrf failed' #TODO APIException(response) or SuspiciousOperation ....
raise response
def test_csrf(self, request):
middleware = CsrfViewMiddleware()
return middleware.process_view(request, self.dispatch, [request], {})
def handle_instance_form(request, app_label, model_name, instance_id=None):
if not request.user.is_authenticated():
return HttpResponse('Unauthorized', status=401)
csrf_middleware = CsrfViewMiddleware()
response_data = {
'meta': {
'app_label': app_label,
'model_name': model_name
},
'admin': {}
}
instance = None
for model, model_admin in site._registry.items():
if app_label != model._meta.app_label or model_name != model._meta.module_name:
continue
field_configuration = {
'include': model_admin.fields or [],
'exclude': model_admin.exclude or [],
'ordering': model_admin.fields or [],
'fieldsets': model_admin.fieldsets or {},
'readonly': model_admin.readonly_fields or []
}
if instance_id is not None:
response_data[instance_id] = instance_id
try:
instance = model.objects.get(pk=instance_id)
except model.DoesNotExist:
raise Http404('Invalid instance ID')
current_model = model
CurrentModelForm = ADMIN_FORM_OVERRIDES.get(model_name, None)
if CurrentModelForm is None:
class CurrentModelForm(ModelForm):
class Meta:
model = current_model
if request.method == 'GET':
# Return instance form for given model name
# Return initial values if instance ID is supplied, otherwise return empty form
if instance is None:
form = CurrentModelForm()
else:
form = CurrentModelForm(instance=instance)
for field_name, initial_value in form.initial.items():
if initial_value is not None and field_name in form.fields:
form.fields[field_name].initial = initial_value
response_data['csrfmiddlewaretoken'] = get_token(request)
remote_form = RemoteForm(form, **field_configuration)
response_data.update(remote_form.as_dict())
elif request.raw_post_data:
request.POST = json.loads(request.raw_post_data)
csrf_middleware.process_view(request, None, None, None)
if 'data' in request.POST:
if instance_id is None:
form = CurrentModelForm(request.POST['data'])
else:
form = CurrentModelForm(request.POST['data'], instance=instance)
if form.is_valid():
if not request.POST['meta']['validate']:
form.save()
remote_form = RemoteForm(form, **field_configuration)
response_data.update(remote_form.as_dict())
response = HttpResponse(json.dumps(response_data, cls=LazyEncoder), mimetype="application/json")
csrf_middleware.process_response(request, response)
return response
def newmessage(request):
from django.middleware.csrf import CsrfViewMiddleware
csrf_middleware = CsrfViewMiddleware()
response_data = {}
if request.method == 'GET':
# Get form definition
form = BroadcastForm()
elif request.method == 'POST':
request.POST = json.loads(request.body)
# Process request for CSRF
csrf_middleware.process_view(request, None, None, None)
form_data = request.POST.get('data', {})
form = BroadcastForm(form_data)
if form.is_valid():
message = form.cleaned_data["message"]
#Send Member
if form.cleaned_data["member"]:
queryset = _get_queryset(form)
if queryset:
persons = Person.objects.filter(queryset)
else:
persons = Person.objects.all()
_send_sms(persons, message)
_write_log(persons, message)
#Send External Receiver
if form.cleaned_data["external"]:
if form.cleaned_data["extra_phones"]:
phones = form.cleaned_data["extra_phones"].split(',')
for phone in phones:
_send_single_sms(phone, message)
_write_single_log(message)
#Send Non Member Receiver
if form.cleaned_data["nonmembers"]:
if form.cleaned_data["non_member"]:
phones = form.cleaned_data["non_member"]
for phone in phones:
person = nonmember.objects.get(id=int(phone.id))
_send_single_sms(phone, message)
_write_single_log(message,None,person)
#Send Member Ulang Tahun
if form.cleaned_data["ultah"]:
if form.cleaned_data["ultah_today"]:
phones = form.cleaned_data["ultah_today"]
for phone in phones:
person = Person.objects.get(id=phone.id)
_send_single_sms(phone, message)
_write_single_log(message,None,person)
remote_form = RemoteForm(form)
# Errors in response_data['non_field_errors'] and response_data['errors']
response_data.update(remote_form.as_dict())
response = HttpResponse(
json.dumps(response_data, cls=DjangoJSONEncoder),
content_type="application/json"
)
# Process response for CSRF
csrf_middleware.process_response(request, response)
return response
