コード例 #1
0
ファイル: xsrf.py プロジェクト: rodrigowsa/khan-academy
    def wrapper(self, *args, **kwargs):

        if not get_xsrf_cookie_value():

            xsrf_value = base64.urlsafe_b64encode(os.urandom(30))

            # Set an http-only cookie containing the XSRF value.
            # A matching header value will be required by validate_xsrf_cookie.
            self.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=True)
            cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)

        return func(self, *args, **kwargs)
コード例 #2
0
ファイル: xsrf.py プロジェクト: avh4/khan-academy
    def wrapper(self, *args, **kwargs):

        if not get_xsrf_cookie_value():

            xsrf_value = base64.urlsafe_b64encode(os.urandom(30))

            # Set an http-only cookie containing the XSRF value.
            # A matching header value will be required by validate_xsrf_cookie.
            self.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=True)
            cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)

        return func(self, *args, **kwargs)
コード例 #3
0
def _create_phantom_user_data():
    """ Create a phantom user data.
    """
    user_id = _create_phantom_user_id()
    user_data = user_models.UserData.insert_for(user_id, user_id)

    # Make it appear like the cookie was already set
    cookie = _get_cookie_from_phantom(user_data)
    set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie))

    # Bust the cache so later calls to user_models.UserData.current() return
    # the phantom user
    return user_models.UserData.current(bust_cache=True)
コード例 #4
0
ファイル: phantom_util.py プロジェクト: Hao-Hsuan/KhanLatest
def _create_phantom_user_data():
    """ Create a phantom user data.
    """
    user_id = _create_phantom_user_id()
    user_data = user_models.UserData.insert_for(user_id, user_id)

    # Make it appear like the cookie was already set
    cookie = _get_cookie_from_phantom(user_data)
    set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie))

    # Bust the cache so later calls to user_models.UserData.current() return
    # the phantom user
    return user_models.UserData.current(bust_cache=True)
コード例 #5
0
ファイル: xsrf.py プロジェクト: KhanWorld/KhanAcademy
    def wrapper(self, *args, **kwargs):

        xsrf_token = get_xsrf_cookie_value()
        if not xsrf_token or not is_current_api_version(xsrf_token):
            timestamp = int(time.time())
            xsrf_value = "%s_%s_%d" % (XSRF_API_VERSION, base64.urlsafe_b64encode(os.urandom(10)), timestamp)

            # Set a cookie containing the XSRF value.
            # The JavaScript is responsible for returning the cookie in a matching header
            # that is validated by validate_xsrf_cookie.
            self.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=False)
            cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)

        return func(self, *args, **kwargs)
コード例 #6
0
def create_xsrf_cookie_if_needed(http_response):
    """http_request is the http response object used to set the cookie on."""
    xsrf_token = get_xsrf_cookie_value()
    if xsrf_token and is_current_api_version(xsrf_token):
        return  # not needed -- the cookie already exists
    timestamp = int(time.time())
    xsrf_value = "%s_%s_%d" % (
        XSRF_API_VERSION, base64.urlsafe_b64encode(os.urandom(10)), timestamp)

    # Set a cookie containing the XSRF value.
    # The JavaScript is responsible for returning the cookie
    # in a matching header that is validated by
    # validate_xsrf_cookie.
    http_response.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=False)
    cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)
コード例 #7
0
    def wrapper(self, *args, **kwargs):

        xsrf_token = get_xsrf_cookie_value()
        if not xsrf_token or not is_current_api_version(xsrf_token):
            timestamp = int(time.time())
            xsrf_value = "%s_%s_%d" % (XSRF_API_VERSION,
                                       base64.urlsafe_b64encode(
                                           os.urandom(10)), timestamp)

            # Set a cookie containing the XSRF value.
            # The JavaScript is responsible for returning the cookie in a matching header
            # that is validated by validate_xsrf_cookie.
            self.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=False)
            cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)

        return func(self, *args, **kwargs)
コード例 #8
0
ファイル: xsrf.py プロジェクト: Hao-Hsuan/KhanLatest
def create_xsrf_cookie_if_needed(http_response):
    """http_request is the http response object used to set the cookie on."""
    xsrf_token = get_xsrf_cookie_value()
    if xsrf_token and is_current_api_version(xsrf_token):
        return   # not needed -- the cookie already exists
    timestamp = int(time.time())
    xsrf_value = "%s_%s_%d" % (
        XSRF_API_VERSION,
        base64.urlsafe_b64encode(os.urandom(10)),
        timestamp)

    # Set a cookie containing the XSRF value.
    # The JavaScript is responsible for returning the cookie
    # in a matching header that is validated by
    # validate_xsrf_cookie.
    http_response.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=False)
    cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)
コード例 #9
0
ファイル: phantom_util.py プロジェクト: avh4/khan-academy
    def wrapper(*args, **kwargs):
        if models.UserData.current():
            return method(*args, **kwargs)
        else:
            # This mirrors create_phantom above, see there for clarification
            user_id = _create_phantom_user_id()
            user_data = models.UserData.insert_for(user_id, user_id)

            cookie = user_data.email.split(PHANTOM_ID_EMAIL_PREFIX)[1]
            set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie))

            user_data = models.UserData.current(bust_cache=True)

            if not user_data:
                logging.warning("api_create_phantom failed to create user_data properly")

            response = method(*args, **kwargs)

            response.set_cookie(PHANTOM_MORSEL_KEY, cookie)
            return response
コード例 #10
0
ファイル: phantom_util.py プロジェクト: avh4/khan-academy
    def wrapper(self, *args, **kwargs):
        user_data = models.UserData.current()

        if not user_data:
            user_id = _create_phantom_user_id()
            user_data = models.UserData.insert_for(user_id, user_id)

            # we set just a 20 digit random string as the cookie,
            # not the entire fake email
            cookie = user_id.split(PHANTOM_ID_EMAIL_PREFIX)[1]
            # set the cookie on the user's computer
            self.set_cookie(PHANTOM_MORSEL_KEY, cookie)
            # make it appear like the cookie was already set
            set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie))

            # Bust the cache so later calls to models.UserData.current() return
            # the phantom user
            models.UserData.current(bust_cache=True)

        return method(self, *args, **kwargs)
コード例 #11
0
    def wrapper(self, *args, **kwargs):
        user_data = models.UserData.current()

        if not user_data:
            user_id = _create_phantom_user_id()
            user_data = models.UserData.insert_for(user_id, user_id)

            # we set just a 20 digit random string as the cookie,
            # not the entire fake email
            cookie = user_id.split(PHANTOM_ID_EMAIL_PREFIX)[1]
            # set the cookie on the user's computer
            self.set_cookie(PHANTOM_MORSEL_KEY, cookie)
            # make it appear like the cookie was already set
            set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie))

            # Bust the cache so later calls to models.UserData.current() return
            # the phantom user
            models.UserData.current(bust_cache=True)

        return method(self, *args, **kwargs)
コード例 #12
0
    def wrapper(*args, **kwargs):
        if models.UserData.current():
            return method(*args, **kwargs)
        else:
            # This mirrors create_phantom above, see there for clarification
            user_id = _create_phantom_user_id()
            user_data = models.UserData.insert_for(user_id, user_id)

            cookie = user_data.email.split(PHANTOM_ID_EMAIL_PREFIX)[1]
            set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie))

            user_data = models.UserData.current(bust_cache=True)

            if not user_data:
                logging.warning(
                    "api_create_phantom failed to create user_data properly")

            response = method(*args, **kwargs)

            response.set_cookie(PHANTOM_MORSEL_KEY, cookie)
            return response
コード例 #13
0
def set_auth_cookie(handler, user, auth_token=None):
    """ Issues a Set-Cookie directive with the appropriate auth_token for
    the user.

    This will also set the cookie for the current request, so that subsequent
    calls to UserData.current() will point to the specified user.

    """

    if auth_token is None:
        auth_token = auth.tokens.AuthToken.for_user(user)
    else:
        # TODO(benkomalo): do we want to validate the auth token if passed?
        pass
    max_age = auth.tokens.AuthToken.DEFAULT_EXPIRY_SECONDS

    handler.set_cookie(AUTH_COOKIE_NAME,
                       value=auth_token.value,
                       max_age=max_age,
                       path='/',
                       domain=None,
                       secure=False,
                       httponly=True)
    set_request_cookie(AUTH_COOKIE_NAME, auth_token)