def GET(self):
if api.is_api_user():
raise web.webapi.Forbidden()
if web.input(token="").token != define.get_token()[:8]:
return define.errorpage(self.user_id, errorcode.token)
login.signout(self.user_id)
raise web.seeother("/index")
def GET(self):
if api.is_api_user():
raise web.webapi.Forbidden()
if web.input(token="").token != define.get_token()[:8]:
return define.errorpage(self.user_id, errorcode.token)
login.signout(self.user_id)
raise web.seeother("/index")
def get_token():
from weasyl import api
if api.is_api_user():
return ''
sess = get_current_request().weasyl_session
if sess.csrf_token is None:
sess.csrf_token = security.generate_key(64)
sess.save = True
return sess.csrf_token
def get_token():
from weasyl import api
if api.is_api_user():
return ''
sess = get_current_request().weasyl_session
if sess.csrf_token is None:
sess.csrf_token = security.generate_key(64)
sess.save = True
return sess.csrf_token
def POST(self):
form = web.input(redirect="/index")
if api.is_api_user():
raise web.webapi.Forbidden()
currentstate = web.cookies(sfwmode="nsfw").sfwmode
newstate = "sfw" if currentstate == "nsfw" else "nsfw"
# cookie expires in 1 year
web.setcookie("sfwmode", newstate, 31536000)
# release the index page's cache so it shows the new ratings if they visit it
index.template_fields.invalidate(self.user_id)
raise web.seeother(form.redirect)
def POST(self):
form = web.input(redirect="/index")
if api.is_api_user():
raise web.webapi.Forbidden()
currentstate = web.cookies(sfwmode="nsfw").sfwmode
newstate = "sfw" if currentstate == "nsfw" else "nsfw"
# cookie expires in 1 year
web.setcookie("sfwmode", newstate, 31536000)
# release the index page's cache so it shows the new ratings if they visit it
index.template_fields.invalidate(self.user_id)
raise web.seeother(form.redirect)
def get_token():
from weasyl import api
request = get_current_request()
if api.is_api_user(request):
return ''
# allow error pages with $:{TOKEN()} in the template to be rendered even
# when the error occurred before the session middleware set a session
if not hasattr(request, 'weasyl_session'):
return security.generate_key(20)
sess = request.weasyl_session
if sess.csrf_token is None:
sess.csrf_token = security.generate_key(64)
sess.save = True
return sess.csrf_token
def wrapper(self, *a, **kw):
form = web.input(token="")
if not api.is_api_user() and form.token != d.get_token():
self.user_id = 0
web.header('Content-Type', 'application/json')
try:
return f(self, *a, **kw)
except WeasylError as e:
if web.ctx.status == '200 OK':
web.ctx.status = '403 Forbidden'
e.render_as_json = True
raise
except Exception as e:
# double underscore here to try to not conflict with any attributes
# already set on the exception, since we don't know where it's been.
e.__render_as_json = True
raise