def set_up(self): CSRF_TOKEN_COOKIE = 'XSRF-RANDOM' CSRF_ANGULAR_COOKIE = 'XSRF-TOKEN' CSRF_ANGULAR_AJAX_HEADER = 'X-XSRF-TOKEN' csrf_code = facade.retrive_cookie_data( self.handler.request, CSRF_TOKEN_COOKIE).execute().result if csrf_code: if self.handler.request.method != 'GET': angular_cookie_value = self.handler.request.headers.get( CSRF_ANGULAR_AJAX_HEADER) if csrf_code == angular_cookie_value: return False form_input = self.dependencies.get(CSRF_CODE_KEY) if csrf_code == form_input: return False else: csrf_code = urandom(16).encode('hex') facade.write_cookie(self.handler.response, CSRF_TOKEN_COOKIE, csrf_code).execute() self.handler.response.set_cookie(CSRF_ANGULAR_COOKIE, csrf_code) fcn = self.dependencies['_fcn'] self.dependencies[CSRF_CODE_KEY] = csrf_code is_secure = is_csrf_secure(fcn) if is_secure: self.handler.response.status = '403 forbiden access' self.handler.response.write('Forbiden access') return is_secure
def commit(self): if self._save_google_user_future: google_user_key = self._save_google_user_future.get_result() main_user_key = self._save_main_user.get_result() facade.write_cookie(self.response, self.user_cookie, {'id': self.result.key.id()}).execute() return ExternalToMainUser(origin=google_user_key, destination=main_user_key) if self.result: facade.write_cookie(self.response, self.user_cookie, {'id': self.result.key.id()}).execute()
def test_success(self): resp = Mock() cmd = facade.write_cookie(resp, 'user', 'foo') cmd.execute() self.assertTrue(resp.set_cookie.called) self.assertEqual('user', resp.set_cookie.call_args[0][0]) self.assertTrue(resp.set_cookie.call_args[1]['httponly'])
def set_up(self): CSRF_TOKEN_COOKIE = 'XSRF-RANDOM' CSRF_ANGULAR_COOKIE = 'XSRF-TOKEN' CSRF_ANGULAR_AJAX_HEADER = 'X-XSRF-TOKEN' csrf_code = facade.retrive_cookie_data(self.handler.request, CSRF_TOKEN_COOKIE).execute().result if csrf_code: if self.handler.request.method != 'GET': angular_cookie_value = self.handler.request.headers.get(CSRF_ANGULAR_AJAX_HEADER) if csrf_code == angular_cookie_value: return False form_input = self.dependencies.get(CSRF_CODE_KEY) if csrf_code == form_input: return False else: csrf_code = urandom(16).encode('hex') facade.write_cookie(self.handler.response, CSRF_TOKEN_COOKIE, csrf_code).execute() self.handler.response.set_cookie(CSRF_ANGULAR_COOKIE, csrf_code) fcn = self.dependencies['_fcn'] self.dependencies[CSRF_CODE_KEY] = csrf_code is_secure = is_csrf_secure(fcn) if is_secure: self.handler.response.status = '403 forbiden access' self.handler.response.write('Forbiden access') return is_secure
def log_main_user_in(main_user, response, user_cookie): facade.write_cookie(response, user_cookie, {'id': main_user.key.id()}).execute()
def do_business(self): super(Login, self).do_business() facade.write_cookie(self.response, self.user_cookie_name, {'id': self.result.key.id()}).execute()
def do_business(self): super(Login, self).do_business() facade.write_cookie(self.response, self.user_cookie_name, {'id': self.result.key.id()}).execute()
def log_main_user_in(main_user, response, user_cookie): facade.write_cookie(response, user_cookie, { 'id': main_user.key.id() }).execute()