def test_process_request_session_no_token_exempt_view(self):
"""
Check that if a session is present and no token, but the csrf_exempt
decorator has been applied to the view, the middleware lets it through
"""
req = self._get_POST_session_request()
req2 = CsrfMiddleware().process_view(req, csrf_exempt(self.get_view()), (), {})
self.assertEquals(None, req2)
def test_process_response_exempt_view(self):
"""
Check that no post processing is done for an exempt view
"""
req = self._get_POST_session_request()
resp = csrf_exempt(self.get_view())(req)
resp_content = resp.content
resp2 = CsrfMiddleware().process_response(req, resp)
self.assertEquals(resp_content, resp2.content)
file = request.FILES.get('filename','')
filename=file.name
print settings.MEDIA_ROOT
print filename
print file
fname = os.path.join(settings.MEDIA_ROOT,filename)
print "fname"
print fname
if os.path.exists(fname):
os.remove(fname)
dirs= os.path.dirname(fname)
if not os.path.exists(dirs):
os.makedirs(dirs)
print os.path.isfile(fname)
if True: #.path.isfile(fname):
os.remove(fname)
fp = open(fname, 'wb')
# fp.write(file)
print file.chunks()
print file.size
for content in file.chunks():
print content
fp.write(content)
fp.close()
return HttpResponse('ok')
return render_to_response("upload.html",locals())
upload_file = csrf_exempt(upload_file)
def toggle_favorite(request):
prof = request.user.get_profile()
favs = prof.favorites.all()
dr = DivisionReview.objects.get(id=request.POST.get('stardr'))
if dr in favs:
prof.favorites.remove(dr)
else:
prof.favorites.add(dr)
prof.save()
url = request.META['HTTP_REFERER']
return HttpResponseRedirect(url)
toggle_favorite = csrf_exempt(toggle_favorite)
def account_update(request):
t = loader.get_template('account_info.html')
first_name = request.POST.get('first_name', '')
last_name = request.POST.get('last_name', '')
user = request.user
user.first_name = first_name
user.last_name = last_name
user.save()
c = RequestContext(request)
return HttpResponse(t.render(c))
script_name = request.path.split('/')[-1]
proxied_url = base_url + script_name
data = ''
count = 0
for key, value in request.REQUEST.items():
if count > 0:
data += '&'
data += ("%s=%s" % (key, value))
count += 1
req = urllib2.Request(proxied_url)
cookies = ''
count = 0
for key, value in request.COOKIES.items():
if count > 0:
cookies += '; '
cookies += ("%s=%s" % (key, value))
# if len(cookies) > 0:
# req.addHeader('Cookie', cookies)
response = urllib2.urlopen(req, data)
info = response.info()
retresponse = HttpResponse(response.read())
for key, value in info.items():
if allowed_header(key.lower()):
retresponse[key] = value
return retresponse
sviewer_cgi = csrf_exempt(sviewer_cgi)
filename = file.name
print settings.MEDIA_ROOT
print filename
print file
fname = os.path.join(settings.MEDIA_ROOT, filename)
print "fname"
print fname
if os.path.exists(fname):
os.remove(fname)
dirs = os.path.dirname(fname)
if not os.path.exists(dirs):
os.makedirs(dirs)
print os.path.isfile(fname)
if True: #.path.isfile(fname):
os.remove(fname)
fp = open(fname, 'wb')
# fp.write(file)
print file.chunks()
print file.size
for content in file.chunks():
print content
fp.write(content)
fp.close()
return HttpResponse('ok')
return render_to_response("upload.html", locals())
upload_file = csrf_exempt(upload_file)
import time
def index(request):
from urls import urlpatterns
from conf.g_added_apps import *
installed_apps = INSTALLED_APPS
iap = ()
#List the set of installed apps
for installed_app in installed_apps:
iap += (installed_app.split('.')[-1],) #remove the app package info
#Handle Base Actions
if request.method == 'POST':
"""
We got a post request, now lets start creating our new app
the system should log the event, since its a cli operation.
"""
app_name = request.POST['appname']
from django.core.management import call_command
call_command('initapp',app_name)
time.sleep(1.0)
return redirect("/"+app_name.replace(".","/")+"/")
return render_to_response('twango/index.html',{'installed_apps':iap},context_instance=RequestContext(request))
#for now we don't need csrf
from django.contrib.csrf.middleware import csrf_exempt
index = csrf_exempt(index)
if user is None:
return auth_required_response()
profile = user.get_profile()
response['status_code'] = 200
response['response'] = [profile.favorites_to_dict()]
return HttpResponse(simplejson.dumps(response), mimetype='application/json')
def set_device(request):
user = is_auth(request)
if user is None:
return auth_required_response()
response = {}
type = request.GET['type']
device_id = request.GET['did']
registration_id = request.GET['rid']
device = user.get_profile().device
if device is None:
user.get_profile().device = AndroidDevice.objects.create(device_id=device_id, registration_id=registration_id, collapse_key="")
user.get_profile().save()
else:
device.device_id = device_id
device.registration_id = registration_id
device.save()
response['status_code'] = 200
response['response'] = "Device set successful"
return HttpResponse(simplejson.dumps(response), mimetype='application/json')
create_user = csrf_exempt(create_user)
authenticate_user = csrf_exempt(authenticate_user)
remove_user = csrf_exempt(remove_user)
if request.method == "POST":
attachment_form = AttachmentForm(request.POST, request.FILES, user=request.user, \
actived=False)
#TODO improve validate
if attachment_form.is_valid():
attachment = attachment_form.save()
data['valid'] = True
data.pop('errors')
data['attachment'] = {'id': attachment.id, \
'fn': attachment.org_filename, 'url': attachment.file.url, 'descn': ''}
else:
#attachment_form.errors
pass
return json_response(data)
ajax_upload = csrf_exempt(ajax_login_required(__ajax_upload))
uploadify = csrf_exempt(flash_login_required(__ajax_upload))
@csrf_exempt
@ajax_login_required
def ajax_delete(request):
data = {'valid': False, 'errors': ugettext('some errors...')}
attachment_id = request.POST['id']
attachment = Attachment.objects.get(pk=attachment_id)
if (attachment.user != request.user):
data['errors'] = ugettext('no right')
else:
attachment.delete()
data['valid'] = True
data.pop('errors')
return json_response(data)
script_name = request.path.split("/")[-1]
proxied_url = base_url + script_name
data = ""
count = 0
for key, value in request.REQUEST.items():
if count > 0:
data += "&"
data += "%s=%s" % (key, value)
count += 1
req = urllib2.Request(proxied_url)
cookies = ""
count = 0
for key, value in request.COOKIES.items():
if count > 0:
cookies += "; "
cookies += "%s=%s" % (key, value)
# if len(cookies) > 0:
# req.addHeader('Cookie', cookies)
response = urllib2.urlopen(req, data)
info = response.info()
retresponse = HttpResponse(response.read())
for key, value in info.items():
if allowed_header(key.lower()):
retresponse[key] = value
return retresponse
sviewer_cgi = csrf_exempt(sviewer_cgi)
f = UserProfileForm()
return render_to_response("account_info.html", {"form": f},context_instance=RequestContext(request))
def toggle_favorite(request):
prof = request.user.get_profile()
favs = prof.favorites.all()
dr = DivisionReview.objects.get(id=request.POST.get('stardr'))
if dr in favs:
prof.favorites.remove(dr)
else:
prof.favorites.add(dr)
prof.save()
url = request.META['HTTP_REFERER']
return HttpResponseRedirect(url)
toggle_favorite = csrf_exempt(toggle_favorite)
def account_update(request):
t = loader.get_template('account_info.html')
first_name = request.POST.get('first_name', '')
last_name = request.POST.get('last_name', '')
user = request.user
user.first_name = first_name
user.last_name = last_name
user.save()
c = RequestContext(request)
return HttpResponse(t.render(c))