def wrapper(self, *args, **kwargs):
if not get_xsrf_cookie_value():
xsrf_value = base64.urlsafe_b64encode(os.urandom(30))
# Set an http-only cookie containing the XSRF value.
# A matching header value will be required by validate_xsrf_cookie.
self.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=True)
cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)
return func(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
if not get_xsrf_cookie_value():
xsrf_value = base64.urlsafe_b64encode(os.urandom(30))
# Set an http-only cookie containing the XSRF value.
# A matching header value will be required by validate_xsrf_cookie.
self.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=True)
cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)
return func(self, *args, **kwargs)
def _create_phantom_user_data():
""" Create a phantom user data.
"""
user_id = _create_phantom_user_id()
user_data = user_models.UserData.insert_for(user_id, user_id)
# Make it appear like the cookie was already set
cookie = _get_cookie_from_phantom(user_data)
set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie))
# Bust the cache so later calls to user_models.UserData.current() return
# the phantom user
return user_models.UserData.current(bust_cache=True)
def _create_phantom_user_data():
""" Create a phantom user data.
"""
user_id = _create_phantom_user_id()
user_data = user_models.UserData.insert_for(user_id, user_id)
# Make it appear like the cookie was already set
cookie = _get_cookie_from_phantom(user_data)
set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie))
# Bust the cache so later calls to user_models.UserData.current() return
# the phantom user
return user_models.UserData.current(bust_cache=True)
def wrapper(self, *args, **kwargs):
xsrf_token = get_xsrf_cookie_value()
if not xsrf_token or not is_current_api_version(xsrf_token):
timestamp = int(time.time())
xsrf_value = "%s_%s_%d" % (XSRF_API_VERSION, base64.urlsafe_b64encode(os.urandom(10)), timestamp)
# Set a cookie containing the XSRF value.
# The JavaScript is responsible for returning the cookie in a matching header
# that is validated by validate_xsrf_cookie.
self.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=False)
cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)
return func(self, *args, **kwargs)
def create_xsrf_cookie_if_needed(http_response):
"""http_request is the http response object used to set the cookie on."""
xsrf_token = get_xsrf_cookie_value()
if xsrf_token and is_current_api_version(xsrf_token):
return # not needed -- the cookie already exists
timestamp = int(time.time())
xsrf_value = "%s_%s_%d" % (
XSRF_API_VERSION, base64.urlsafe_b64encode(os.urandom(10)), timestamp)
# Set a cookie containing the XSRF value.
# The JavaScript is responsible for returning the cookie
# in a matching header that is validated by
# validate_xsrf_cookie.
http_response.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=False)
cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)
def wrapper(self, *args, **kwargs):
xsrf_token = get_xsrf_cookie_value()
if not xsrf_token or not is_current_api_version(xsrf_token):
timestamp = int(time.time())
xsrf_value = "%s_%s_%d" % (XSRF_API_VERSION,
base64.urlsafe_b64encode(
os.urandom(10)), timestamp)
# Set a cookie containing the XSRF value.
# The JavaScript is responsible for returning the cookie in a matching header
# that is validated by validate_xsrf_cookie.
self.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=False)
cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)
return func(self, *args, **kwargs)
def create_xsrf_cookie_if_needed(http_response):
"""http_request is the http response object used to set the cookie on."""
xsrf_token = get_xsrf_cookie_value()
if xsrf_token and is_current_api_version(xsrf_token):
return # not needed -- the cookie already exists
timestamp = int(time.time())
xsrf_value = "%s_%s_%d" % (
XSRF_API_VERSION,
base64.urlsafe_b64encode(os.urandom(10)),
timestamp)
# Set a cookie containing the XSRF value.
# The JavaScript is responsible for returning the cookie
# in a matching header that is validated by
# validate_xsrf_cookie.
http_response.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=False)
cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)
def wrapper(*args, **kwargs):
if models.UserData.current():
return method(*args, **kwargs)
else:
# This mirrors create_phantom above, see there for clarification
user_id = _create_phantom_user_id()
user_data = models.UserData.insert_for(user_id, user_id)
cookie = user_data.email.split(PHANTOM_ID_EMAIL_PREFIX)[1]
set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie))
user_data = models.UserData.current(bust_cache=True)
if not user_data:
logging.warning("api_create_phantom failed to create user_data properly")
response = method(*args, **kwargs)
response.set_cookie(PHANTOM_MORSEL_KEY, cookie)
return response
def wrapper(self, *args, **kwargs):
user_data = models.UserData.current()
if not user_data:
user_id = _create_phantom_user_id()
user_data = models.UserData.insert_for(user_id, user_id)
# we set just a 20 digit random string as the cookie,
# not the entire fake email
cookie = user_id.split(PHANTOM_ID_EMAIL_PREFIX)[1]
# set the cookie on the user's computer
self.set_cookie(PHANTOM_MORSEL_KEY, cookie)
# make it appear like the cookie was already set
set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie))
# Bust the cache so later calls to models.UserData.current() return
# the phantom user
models.UserData.current(bust_cache=True)
return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
user_data = models.UserData.current()
if not user_data:
user_id = _create_phantom_user_id()
user_data = models.UserData.insert_for(user_id, user_id)
# we set just a 20 digit random string as the cookie,
# not the entire fake email
cookie = user_id.split(PHANTOM_ID_EMAIL_PREFIX)[1]
# set the cookie on the user's computer
self.set_cookie(PHANTOM_MORSEL_KEY, cookie)
# make it appear like the cookie was already set
set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie))
# Bust the cache so later calls to models.UserData.current() return
# the phantom user
models.UserData.current(bust_cache=True)
return method(self, *args, **kwargs)
def wrapper(*args, **kwargs):
if models.UserData.current():
return method(*args, **kwargs)
else:
# This mirrors create_phantom above, see there for clarification
user_id = _create_phantom_user_id()
user_data = models.UserData.insert_for(user_id, user_id)
cookie = user_data.email.split(PHANTOM_ID_EMAIL_PREFIX)[1]
set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie))
user_data = models.UserData.current(bust_cache=True)
if not user_data:
logging.warning(
"api_create_phantom failed to create user_data properly")
response = method(*args, **kwargs)
response.set_cookie(PHANTOM_MORSEL_KEY, cookie)
return response
def set_auth_cookie(handler, user, auth_token=None):
""" Issues a Set-Cookie directive with the appropriate auth_token for
the user.
This will also set the cookie for the current request, so that subsequent
calls to UserData.current() will point to the specified user.
"""
if auth_token is None:
auth_token = auth.tokens.AuthToken.for_user(user)
else:
# TODO(benkomalo): do we want to validate the auth token if passed?
pass
max_age = auth.tokens.AuthToken.DEFAULT_EXPIRY_SECONDS
handler.set_cookie(AUTH_COOKIE_NAME,
value=auth_token.value,
max_age=max_age,
path='/',
domain=None,
secure=False,
httponly=True)
set_request_cookie(AUTH_COOKIE_NAME, auth_token)