def set_up(self):
CSRF_TOKEN_COOKIE = 'XSRF-RANDOM'
CSRF_ANGULAR_COOKIE = 'XSRF-TOKEN'
CSRF_ANGULAR_AJAX_HEADER = 'X-XSRF-TOKEN'
csrf_code = facade.retrive_cookie_data(
self.handler.request, CSRF_TOKEN_COOKIE).execute().result
if csrf_code:
if self.handler.request.method != 'GET':
angular_cookie_value = self.handler.request.headers.get(
CSRF_ANGULAR_AJAX_HEADER)
if csrf_code == angular_cookie_value:
return False
form_input = self.dependencies.get(CSRF_CODE_KEY)
if csrf_code == form_input:
return False
else:
csrf_code = urandom(16).encode('hex')
facade.write_cookie(self.handler.response, CSRF_TOKEN_COOKIE,
csrf_code).execute()
self.handler.response.set_cookie(CSRF_ANGULAR_COOKIE, csrf_code)
fcn = self.dependencies['_fcn']
self.dependencies[CSRF_CODE_KEY] = csrf_code
is_secure = is_csrf_secure(fcn)
if is_secure:
self.handler.response.status = '403 forbiden access'
self.handler.response.write('Forbiden access')
return is_secure
def commit(self):
if self._save_google_user_future:
google_user_key = self._save_google_user_future.get_result()
main_user_key = self._save_main_user.get_result()
facade.write_cookie(self.response, self.user_cookie, {'id': self.result.key.id()}).execute()
return ExternalToMainUser(origin=google_user_key, destination=main_user_key)
if self.result:
facade.write_cookie(self.response, self.user_cookie, {'id': self.result.key.id()}).execute()
def test_success(self):
resp = Mock()
cmd = facade.write_cookie(resp, 'user', 'foo')
cmd.execute()
self.assertTrue(resp.set_cookie.called)
self.assertEqual('user', resp.set_cookie.call_args[0][0])
self.assertTrue(resp.set_cookie.call_args[1]['httponly'])
def set_up(self):
CSRF_TOKEN_COOKIE = 'XSRF-RANDOM'
CSRF_ANGULAR_COOKIE = 'XSRF-TOKEN'
CSRF_ANGULAR_AJAX_HEADER = 'X-XSRF-TOKEN'
csrf_code = facade.retrive_cookie_data(self.handler.request, CSRF_TOKEN_COOKIE).execute().result
if csrf_code:
if self.handler.request.method != 'GET':
angular_cookie_value = self.handler.request.headers.get(CSRF_ANGULAR_AJAX_HEADER)
if csrf_code == angular_cookie_value:
return False
form_input = self.dependencies.get(CSRF_CODE_KEY)
if csrf_code == form_input:
return False
else:
csrf_code = urandom(16).encode('hex')
facade.write_cookie(self.handler.response, CSRF_TOKEN_COOKIE, csrf_code).execute()
self.handler.response.set_cookie(CSRF_ANGULAR_COOKIE, csrf_code)
fcn = self.dependencies['_fcn']
self.dependencies[CSRF_CODE_KEY] = csrf_code
is_secure = is_csrf_secure(fcn)
if is_secure:
self.handler.response.status = '403 forbiden access'
self.handler.response.write('Forbiden access')
return is_secure
def log_main_user_in(main_user, response, user_cookie):
facade.write_cookie(response, user_cookie, {'id': main_user.key.id()}).execute()
def do_business(self):
super(Login, self).do_business()
facade.write_cookie(self.response, self.user_cookie_name, {'id': self.result.key.id()}).execute()
def do_business(self):
super(Login, self).do_business()
facade.write_cookie(self.response, self.user_cookie_name, {'id': self.result.key.id()}).execute()
def log_main_user_in(main_user, response, user_cookie):
facade.write_cookie(response, user_cookie, {
'id': main_user.key.id()
}).execute()
