def after_request(response): # 生成随机的csrf_token值 csrf_token = generate_csrf() # 设置一个cookie response.set_cookie("csrf_token", csrf_token) return response
def get_authorize_url(callback_uri): return 'https://graph.facebook.com/oauth/authorize?' + urlencode({ 'client_id': current_app.config['FACEBOOK_CLIENT_ID'], 'redirect_uri': callback_uri, 'scope': PERMISSION_SCOPES, 'state': generate_csrf(), })
def after_request(response): # 1. 生成csrf_token值 csrf_token = generate_csrf() # 2. 将值传送给前端浏览器.借助response对象设置到cookie中 response.set_cookie("csrf_token", csrf_token) # 3. 返回值 return response
def login(self, form): # CSRF token valid for 5 minutes csrf_token = csrf.generate_csrf(time_limit=300) resp = self.oauth.authorize(callback=url_for('login.auth_method_login', auth_method=self.safe_name, _external=True), state=csrf_token) current_app.logger.debug(u"Redirecting to : {}".format(resp.location)) return resp
def get_authenticate_url(redirect_uri, **kwargs): csrf_token = generate_csrf() return API_AUTH_URL + '?' + urllib.parse.urlencode({ 'response_type': 'code', 'client_id': current_app.config['GOOGLE_CLIENT_ID'], 'redirect_uri': redirect_uri, 'scope': BLOGGER_SCOPE, 'state': csrf_token, })
def authorize(): redirect_uri = url_for('.callback', _external=True) client_id = current_app.config['WORDPRESS_CLIENT_ID'] return redirect(API_AUTHORIZE_URL + '?' + urllib.parse.urlencode({ 'client_id': client_id, 'redirect_uri': redirect_uri, 'response_type': 'code', 'state': generate_csrf() + '|auth', }))
def get_authenticate_url(callback_uri, **kwargs): # wordpress.com only lets us specify one redirect_uri, so we'll ignore # the passed in url and redirect to it later client_id = current_app.config['WORDPRESS_CLIENT_ID'] return API_AUTHENTICATE_URL + '?' + urllib.parse.urlencode({ 'client_id': client_id, 'redirect_uri': url_for('wordpress.callback', _external=True), 'response_type': 'code', 'state': generate_csrf() + '|id', })
def generate_csrf_token(self, csrf_context=None): if not self.csrf_enabled: return None csrf = generate_csrf(self.SECRET_KEY, self.TIME_LIMIT) if g.user: cache_value = g.user.id else: cache_value = 0 cache.set("csrf_%s" % csrf, cache_value, self.TIME_LIMIT) return csrf
def generate_csrf_token(self, csrf_context=None): if not self.csrf_enabled: return None csrf = generate_csrf(self.SECRET_KEY, self.TIME_LIMIT) if g.user: cache_value = g.user.id else: cache_value = 0 cache.set(csrf, cache_value, self.TIME_LIMIT) return csrf
def get_authorize_url(redirect_uri): csrf_token = generate_csrf() return API_AUTH_URL + '?' + urllib.parse.urlencode({ 'response_type': 'code', 'client_id': current_app.config['GOOGLE_CLIENT_ID'], 'redirect_uri': redirect_uri, 'scope': BLOGGER_SCOPE, 'state': csrf_token, 'access_type': 'offline', # necessary to get refresh token 'approval_prompt': 'force', })
def __init__(self): self.request_args = RequestArgs(formdata=request.args) self.request_data = RequestArgs(formdata=MultiDict(request.get_json())) self.response_data = dict() if not self.request_args.validate(): abort(400) if request.method in ['DELETE']: if not validate_csrf(self.request_data.csrfToken.data): abort(400) self.response_data.update(csrfToken=generate_csrf())
def csrf_refresh(subdomain=None): parsed_host = urlparse(request.url_root) origin = parsed_host.scheme + u'://' + parsed_host.netloc if 'Origin' in request.headers: # Origin is present in (a) cross-site requests and (b) same site requests in some browsers. # Therefore, if Origin is present, confirm it matches our domain. if request.headers['Origin'] != origin: abort(403) return {'csrf_token': generate_csrf()}, 200, { 'Access-Control-Allow-Origin': origin, 'Vary': 'Origin', 'Expires': (datetime.utcnow() + timedelta(minutes=10)).strftime('%a, %d %b %Y %H:%M:%S GMT') }
def get_static_html(file_name): """提供静态html文件""" # 提示:如何才能使用file_name找到对应的html文件,路径是什么 if not file_name: file_name = 'index.html' if file_name != 'favicon.ico': # 拼接静态文件路径 file_name = 'html/%s' % file_name # 生成csrf_token csrf_token = generate_csrf() # 将csrf_token设置到cookie中 response = make_response(current_app.send_static_file(file_name)) response.set_cookie("csrf_token", csrf_token) # 去项目路径中查找静态html文件,并响应给浏览器 return response
def get_static_html(file_name): # 获取静态文件目录下对应的静态文件的内容并返回给浏览器 if file_name == '': # 说明用户访问的是根路径默认返回index.html file_name = 'index.html' if file_name != "favicon.ico": file_name = "html/" + file_name # return current_app.send_static_file(file_name) # return current_app.send_static_file('html/index.html') response = make_response(current_app.send_static_file(file_name)) # 生成一个csrf_coken cookie csrf_token = generate_csrf() response.set_cookie("csrf_token", csrf_token) return response
def get_html_page(file_name): """根据用户请求的静态html文件名file_name,提供静态html文件资源""" # 判断是否是访问的根路径, 如果是根路径,拼接index.html if not file_name: file_name = "index.html" # 判断不是favicon.ico才进行拼接 if file_name != "favicon.ico": file_name = "html/" + file_name response = current_app.send_static_file(file_name) # 给cookie中设置csrf_token token = generate_csrf() response.set_cookie("csrf_token", token) return response
def get_static_html(file_name): # 获取静态文件目录下方对应的静态文件的内容并返回给浏览器 # print(file_name) if file_name == "": # 说明用户访问的是跟路径,默认返回index.html file_name = "index.html" # print(file_name) if file_name != "favicon.ico": file_name = "html/" + file_name # print(file_name) # return current_app.send_static_file(file_name) response = make_response(current_app.send_static_file(file_name)) # 生成一个csrf_token cookie csrf_token = generate_csrf() response.set_cookie("csrf_token", csrf_token) return response
def get_static_html(file_name): # 提示:如何才能使用file_name找到对应的html文件,路径是什么? # /static/html/register.html if not file_name: file_name = "index.html" if file_name != 'favicon.ico': # 拼接静态文件路径 file_name = 'html/%s' % file_name # 创建相应对象 response = make_response(current_app.send_static_file(file_name)) # 生成csrf_tokon generate_csrf方法里有个默认值current_app.secret_key csrf_token = generate_csrf() # 将csrf_tokon写入cookie response.set_cookie("csrf_token", csrf_token) # 根据file_name拼接的全路径,去项目路径中查找静态html文件,并响应给浏览器 return response
def get_static_html(file_name): '''获取静态文件''' # 需求1:http://127.0.0.01:5000/login.html # 需求2:http://127.0.0.1:5000/默认加载index.html # 需求3:http://127.0.0.1:5000/favivon.ico 加载title图标 if not file_name: file_name = 'index.html' # 拼接file_name所在的路径 '/static/html/login.html' # 拼接file_name所在的路径 '/static/html/file_name' if file_name != 'favicon.ico': file_name = 'html/' + file_name # 获取response response = make_response(current_app.send_static_file(file_name)) token = generate_csrf() # 将csrf_token数据写入到cookie response.set_cookie('csrf_token', token) # 默认file_path去查找指定路径下的静态html return response
def get_authenticate_url(callback_uri, **kwargs): return 'https://www.facebook.com/dialog/oauth?' + urlencode({ 'client_id': current_app.config['FACEBOOK_CLIENT_ID'], 'redirect_uri': callback_uri, 'state': generate_csrf(), })
def after_request(response): csrf_token = generate_csrf() response.set_cookie("csrf_token", csrf_token) return response
def _set_csrf_token(*args, **kwds): resp = f(*args, **kwds) if not isinstance(resp, Response): resp = make_response(resp) resp.set_cookie(current_app.config['ANGULARJS_CSRF_COOKIE'], value=generate_csrf()) return resp
def after_request(resp): value = generate_csrf() resp.set_cookie("csrf_token", value) return resp
def after_request(resp): #由CSRFProtect提供的一个generate_csrf方法生成csrf_token csrf_token = generate_csrf() resp.set_cookie("csrf_token", csrf_token) return resp
def get(self): """ Returns a csrf token """ return {'csrf': generate_csrf()}
def after_request(response): # 调用函数生成 csrf_token csrf_token = generate_csrf() # 通过cookie将值传递给前端 response.set_cookie("csrf_token", csrf_token) return response
def after_request(response): csrf_token = generate_csrf( ) # flask.ext.wtf.csrf中一个模块,用于专门生成csrf_token值 response.set_cookie("csrf_token", csrf_token) return response
def szscrf(resp): token = generate_csrf() # session['field_name']=token # resp.headers['X-CSRFToken'] = token resp.set_cookie('X-CSRFToken', token) return resp
def login(self, form): # CSRF token valid for 5 minutes csrf_token = csrf.generate_csrf(time_limit=300) return self.oauth.authorize(callback=url_for('login.auth_method_login', auth_method=self.safe_name, _external=True), state=csrf_token)
def generate_csrf_token(response): csrf_token = generate_csrf() response.set_cookie("csrf_token", csrf_token) return response
def after_request(resp): csrf_token = generate_csrf() # 生成csrf_token resp.set_cookie('csrf_token', csrf_token) # 将csrf_token添加到cookie中 return resp
def set_cookie_csrf(response): # print(response.headers["Content-Type"]) # 检测response什么时候传进来 csrf_token = generate_csrf() response.set_cookie("csrf_token", csrf_token) # print(csrf_token) return response