def test_get_token_for_exempt_view(self): """ Check that get_token still works for a view decorated with 'csrf_view_exempt'. """ req = self._get_GET_csrf_cookie_request() CsrfViewMiddleware().process_view(req, csrf_view_exempt(token_view), (), {}) resp = token_view(req) self._check_token_present(resp)
def test_process_response_for_exempt_view(self): """ Check that a view decorated with 'csrf_view_exempt' is still post-processed to add the CSRF token. """ req = self._get_GET_no_csrf_cookie_request() CsrfMiddleware().process_view(req, csrf_view_exempt(post_form_view), (), {}) resp = post_form_response() resp_content = resp.content # needed because process_response modifies resp resp2 = CsrfMiddleware().process_response(req, resp) csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, False) self.assertNotEqual(csrf_cookie, False) self.assertNotEqual(resp_content, resp2.content) self._check_token_present(resp2, csrf_cookie.value)
def api(func): def inner(*a, **b): raw = False method, get, post, user = None, None, None, None if len(a) > 0 and isinstance(a[0], HttpRequest): req = a[0] method = req.method get = req.GET user = req.user # api 的 basic 认证 if 'HTTP_AUTHORIZATION' in req.META and req.META['HTTP_AUTHORIZATION'].startswith('Basic '): try: username, password = req.META['HTTP_AUTHORIZATION'][6:].decode('base64').split(':', 1) except: return json_return(status=400) user = authenticate(username=username, password=password) if not user: return json_return(status=401) elif not req.user.is_authenticated(): return json_return(status=401) if not method in ('GET', 'POST', 'PUT', 'DELETE'): return json_return(status=501) if 'CONTENT_TYPE' in req.META and 'application/json' in req.META['CONTENT_TYPE']: try: post = json_decode(req.raw_post_data) except: return json_return(status=400) else: raw = True try: method, get, post, user = b.pop('method', None), b.pop('get', {}), b.pop('post', {}), b.pop('user') except: return -1 try: ret = func(method, get, post, user, **b) return ret if raw else json_return(ret) except: return -1 if raw else json_return(status=500) return csrf_view_exempt(inner)