def wrapper(self, *args, **kwargs): if not get_xsrf_cookie_value(): xsrf_value = base64.urlsafe_b64encode(os.urandom(30)) # Set an http-only cookie containing the XSRF value. # A matching header value will be required by validate_xsrf_cookie. self.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=True) cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value) return func(self, *args, **kwargs)
def _create_phantom_user_data(): """ Create a phantom user data. """ user_id = _create_phantom_user_id() user_data = user_models.UserData.insert_for(user_id, user_id) # Make it appear like the cookie was already set cookie = _get_cookie_from_phantom(user_data) set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie)) # Bust the cache so later calls to user_models.UserData.current() return # the phantom user return user_models.UserData.current(bust_cache=True)
def wrapper(self, *args, **kwargs): xsrf_token = get_xsrf_cookie_value() if not xsrf_token or not is_current_api_version(xsrf_token): timestamp = int(time.time()) xsrf_value = "%s_%s_%d" % (XSRF_API_VERSION, base64.urlsafe_b64encode(os.urandom(10)), timestamp) # Set a cookie containing the XSRF value. # The JavaScript is responsible for returning the cookie in a matching header # that is validated by validate_xsrf_cookie. self.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=False) cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value) return func(self, *args, **kwargs)
def create_xsrf_cookie_if_needed(http_response): """http_request is the http response object used to set the cookie on.""" xsrf_token = get_xsrf_cookie_value() if xsrf_token and is_current_api_version(xsrf_token): return # not needed -- the cookie already exists timestamp = int(time.time()) xsrf_value = "%s_%s_%d" % ( XSRF_API_VERSION, base64.urlsafe_b64encode(os.urandom(10)), timestamp) # Set a cookie containing the XSRF value. # The JavaScript is responsible for returning the cookie # in a matching header that is validated by # validate_xsrf_cookie. http_response.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=False) cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value)
def wrapper(self, *args, **kwargs): xsrf_token = get_xsrf_cookie_value() if not xsrf_token or not is_current_api_version(xsrf_token): timestamp = int(time.time()) xsrf_value = "%s_%s_%d" % (XSRF_API_VERSION, base64.urlsafe_b64encode( os.urandom(10)), timestamp) # Set a cookie containing the XSRF value. # The JavaScript is responsible for returning the cookie in a matching header # that is validated by validate_xsrf_cookie. self.set_cookie(XSRF_COOKIE_KEY, xsrf_value, httponly=False) cookie_util.set_request_cookie(XSRF_COOKIE_KEY, xsrf_value) return func(self, *args, **kwargs)
def wrapper(*args, **kwargs): if models.UserData.current(): return method(*args, **kwargs) else: # This mirrors create_phantom above, see there for clarification user_id = _create_phantom_user_id() user_data = models.UserData.insert_for(user_id, user_id) cookie = user_data.email.split(PHANTOM_ID_EMAIL_PREFIX)[1] set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie)) user_data = models.UserData.current(bust_cache=True) if not user_data: logging.warning("api_create_phantom failed to create user_data properly") response = method(*args, **kwargs) response.set_cookie(PHANTOM_MORSEL_KEY, cookie) return response
def wrapper(self, *args, **kwargs): user_data = models.UserData.current() if not user_data: user_id = _create_phantom_user_id() user_data = models.UserData.insert_for(user_id, user_id) # we set just a 20 digit random string as the cookie, # not the entire fake email cookie = user_id.split(PHANTOM_ID_EMAIL_PREFIX)[1] # set the cookie on the user's computer self.set_cookie(PHANTOM_MORSEL_KEY, cookie) # make it appear like the cookie was already set set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie)) # Bust the cache so later calls to models.UserData.current() return # the phantom user models.UserData.current(bust_cache=True) return method(self, *args, **kwargs)
def wrapper(*args, **kwargs): if models.UserData.current(): return method(*args, **kwargs) else: # This mirrors create_phantom above, see there for clarification user_id = _create_phantom_user_id() user_data = models.UserData.insert_for(user_id, user_id) cookie = user_data.email.split(PHANTOM_ID_EMAIL_PREFIX)[1] set_request_cookie(PHANTOM_MORSEL_KEY, str(cookie)) user_data = models.UserData.current(bust_cache=True) if not user_data: logging.warning( "api_create_phantom failed to create user_data properly") response = method(*args, **kwargs) response.set_cookie(PHANTOM_MORSEL_KEY, cookie) return response
def set_auth_cookie(handler, user, auth_token=None): """ Issues a Set-Cookie directive with the appropriate auth_token for the user. This will also set the cookie for the current request, so that subsequent calls to UserData.current() will point to the specified user. """ if auth_token is None: auth_token = auth.tokens.AuthToken.for_user(user) else: # TODO(benkomalo): do we want to validate the auth token if passed? pass max_age = auth.tokens.AuthToken.DEFAULT_EXPIRY_SECONDS handler.set_cookie(AUTH_COOKIE_NAME, value=auth_token.value, max_age=max_age, path='/', domain=None, secure=False, httponly=True) set_request_cookie(AUTH_COOKIE_NAME, auth_token)