def masked_csrf_token(request): pad = random_string(TOKEN_LENGTH) token = request.csrf_token # XOR the pad with the token by getting the int value of each char masked_token = (ord(pad[i]) ^ ord(token[i]) for i in range(TOKEN_LENGTH)) # Encode the XORed ints as 2 * TOKEN_LENGTH hex characters masked_token = binascii.hexlify(bytes(masked_token)) masked_token = masked_token.decode("ascii") return "".join((pad, masked_token))
def masked_csrf_token(request): pad = random_string(TOKEN_LENGTH) token = request.csrf_token # XOR the pad with the token by getting the int value of each char masked_token = (ord(pad[i]) ^ ord(token[i]) for i in range(TOKEN_LENGTH)) # Encode the XORed ints as 2 * TOKEN_LENGTH hex characters masked_token = binascii.hexlify(bytes(masked_token)) masked_token = masked_token.decode('ascii') return ''.join((pad, masked_token))
def csrf_token(request): if KEY not in request.session: request.session[KEY] = random_string(TOKEN_LENGTH) request.session.save() return request.session[KEY]
def csrf_token(request): token = get_token(request) if token not in request.session: request.session[token] = random_string(TOKEN_LENGTH) request.session.save() return request.session[token]