def monkeypatch():
"""All the monkeypatching we have to do to get things running"""
global _has_patched
if _has_patched:
return
# Import for side-effect: configures logging handlers
from fjord.settings.log_settings import noop
noop()
# Monkey-patch admin site
from django.contrib import admin
from django.contrib.auth.decorators import login_required
from session_csrf import anonymous_csrf
from adminplus.sites import AdminSitePlus
# Patch the admin
admin.site = AdminSitePlus()
admin.site.login = login_required(anonymous_csrf(admin.site.login))
# Monkey-patch Django's csrf_protect decorator to use
# session-based CSRF tokens
import session_csrf
session_csrf.monkeypatch()
logging.debug("Note: monkeypatches executed in %s" % __file__)
# Prevent it from being run again later
_has_patched = True
def monkeypatch():
"""All the monkeypatching we have to do to get things running"""
global _has_patched
if _has_patched:
return
# Import for side-effect: configures logging handlers
from fjord.settings.log_settings import noop
noop()
# Monkey-patch admin site
from django.contrib import admin
from django.contrib.auth.decorators import login_required
from session_csrf import anonymous_csrf
from adminplus.sites import AdminSitePlus
# Patch the admin
admin.site = AdminSitePlus()
admin.site.login = login_required(anonymous_csrf(admin.site.login))
# Monkey-patch Django's csrf_protect decorator to use
# session-based CSRF tokens
import session_csrf
session_csrf.monkeypatch()
logging.debug('Note: monkeypatches executed in %s' % __file__)
# Prevent it from being run again later
_has_patched = True
def test_anon_token_from_cookie(self):
rf = django.test.RequestFactory()
rf.cookies['anoncsrf'] = self.token
cache.set(PREFIX + self.token, 'woo')
request = rf.get('/')
request.session = {}
r = {
'wsgi.input': django.test.client.FakePayload('')
}
# Hack to set up request middleware.
ClientHandler()(self.rf._base_environ(**r))
auth_mw = AuthenticationMiddleware()
auth_mw.process_request(request)
self.mw.process_view(request, anonymous_csrf(lambda: None), [], {})
self.assertEqual(request.csrf_token, 'woo')
def patch():
global _has_patched
if _has_patched:
return
# Import for side-effect: configures logging handlers.
from fjord.settings.log_settings import noop
noop()
# Monkey-patch admin site.
from django.contrib import admin
from django.contrib.auth.decorators import login_required
from session_csrf import anonymous_csrf
from adminplus.sites import AdminSitePlus
# Patch the admin
admin.site = AdminSitePlus()
admin.site.login = login_required(anonymous_csrf(admin.site.login))
# Monkey-patch django forms to avoid having to use Jinja2's |safe
# everywhere.
import jingo.monkey
jingo.monkey.patch()
# Monkey-patch Django's csrf_protect decorator to use
# session-based CSRF tokens.
import session_csrf
session_csrf.monkeypatch()
from jingo import load_helpers
load_helpers()
logging.debug("Note: monkey patches executed in %s" % __file__)
# Prevent it from being run again later.
_has_patched = True
from django import http
from django.conf.urls.defaults import patterns, url, include
from django.contrib import admin, auth
from django.shortcuts import redirect
from funfactory.urlresolvers import reverse
from session_csrf import anonymous_csrf
from myadmin import views
urlpatterns = patterns('',
# Input stuff.
url('^recluster/?$', views.recluster, name='myadmin.recluster'),
url('^export_tsv/?$', views.export_tsv, name='myadmin.export_tsv'),
url('^settings/?$', views.settings, name='myadmin.settings'),
url('^login$', anonymous_csrf(auth.views.login), name='login'),
# The Django admin.
url('^', include(admin.site.urls)),
)
# Hijack the admin's login to use our pages.
def login(request):
# If someone is already auth'd then they're getting directed to login()
# because they don't have sufficient permissions.
if request.user.is_authenticated():
return http.HttpResponseForbidden()
else:
return redirect('%s?next=%s' % (reverse('login'), request.path))
admin.site.login = login
# django-session-csrf monkeypatcher
import session_csrf
session_csrf.monkeypatch()
def bad(request):
""" Simulates a server error """
1 / 0
urlpatterns = patterns(
'',
(r'', include('{{ project_name }}.base.urls')),
(r'^admin/doc/', include('django.contrib.admindocs.urls')),
(r'^admin/$', anonymous_csrf(admin.site.admin_view(admin.site.index))),
(r'^admin/', include(admin.site.urls)),
#url(r'^', include('debug_toolbar_user_panel.urls')),
(r'^bad/$', bad),
)
## In DEBUG mode, serve media files through Django.
if settings.DEBUG:
# Remove leading and trailing slashes so the regex matches.
media_url = settings.MEDIA_URL.lstrip('/').rstrip('/')
urlpatterns += patterns(
'',
(r'^%s/(?P<path>.*)$' % media_url, 'django.views.static.serve', {
'document_root': settings.MEDIA_ROOT
}),
)
import django
from django.conf import settings
from django.conf.urls.defaults import *
from django.contrib.auth.views import login, logout
from session_csrf import anonymous_csrf
# Uncomment the next two lines to enable the admin:
# from django.contrib import admin
# admin.autodiscover()
urlpatterns = patterns(
"",
# Example:
url(r"login/$", anonymous_csrf(login), {"template_name": "accounts/login.html"}, name="accounts.login"),
url(r"logout/$", logout, {"template_name": "accounts/logout.html"}, name="accounts.logout"),
url(r"register/$", "accounts.views.register", name="accounts.register"),
# Uncomment the admin/doc line below to enable admin documentation:
# (r'^admin/doc/', include('django.contrib.admindocs.urls')),
# Uncomment the next line to enable the admin:
# (r'^admin/', include(admin.site.urls)),
)
from django.core import signals
from django.core.cache import cache
from django.core.handlers.wsgi import WSGIRequest
from django.db import close_connection
from django.template import context
import mock
import session_csrf
from session_csrf import (anonymous_csrf, anonymous_csrf_exempt,
CsrfMiddleware, prep_key)
urlpatterns = patterns(
'',
('^$', lambda r: http.HttpResponse()),
('^anon$', anonymous_csrf(lambda r: http.HttpResponse())),
('^no-anon-csrf$', anonymous_csrf_exempt(lambda r: http.HttpResponse())),
('^logout$', anonymous_csrf(lambda r: logout(r) or http.HttpResponse())),
)
class TestCsrfToken(django.test.TestCase):
def setUp(self):
self.client.handler = ClientHandler()
User.objects.create_user('jbalogh', '*****@*****.**', 'password')
self.save_ANON_ALWAYS = session_csrf.ANON_ALWAYS
session_csrf.ANON_ALWAYS = False
def tearDown(self):
session_csrf.ANON_ALWAYS = self.save_ANON_ALWAYS
from django.core import signals
from django.core.cache import cache
from django.core.handlers.wsgi import WSGIRequest
from django.db import close_connection
from django.template import context
import mock
import session_csrf
from session_csrf import (anonymous_csrf, anonymous_csrf_exempt,
CsrfMiddleware, PREFIX)
urlpatterns = patterns('',
('^$', lambda r: http.HttpResponse()),
('^anon$', anonymous_csrf(lambda r: http.HttpResponse())),
('^no-anon-csrf$', anonymous_csrf_exempt(lambda r: http.HttpResponse())),
('^logout$', anonymous_csrf(lambda r: logout(r) or http.HttpResponse())),
)
class TestCsrfToken(django.test.TestCase):
def setUp(self):
self.client.handler = ClientHandler()
User.objects.create_user('jbalogh', '*****@*****.**', 'password')
self.save_ANON_ALWAYS = session_csrf.ANON_ALWAYS
session_csrf.ANON_ALWAYS = False
def tearDown(self):
session_csrf.ANON_ALWAYS = self.save_ANON_ALWAYS
def get_urls(self):
urlpatterns = super(CSRFAdminSite, self).get_urls()
for pattern in urlpatterns:
if hasattr(pattern, 'name') and pattern.name == 'login':
pattern.callback = anonymous_csrf(pattern.callback)
return urlpatterns
url('^register/edit/$',
views.edit_new_profile,
name='phonebook.edit_new_profile'),
url('^confirm-delete$', views.confirm_delete, name='confirm_delete'),
url('^delete$', views.delete, name='phonebook.delete_profile'),
url('^opensearch.xml$',
views.search_plugin,
name='phonebook.search_plugin'),
url('^search$', views.search, name='phonebook.search'),
url('^vouch$', views.vouch, name='phonebook.vouch'),
url('^invite$', views.invite, name='invite'),
url('^invited/(?P<id>\d+)$', views.invited, name='invited'),
# Static pages
url('^$',
anonymous_csrf(direct_to_template),
{'template': 'phonebook/home.html'},
name='home'),
url('^about$',
direct_to_template, {'template': 'phonebook/about.html'},
name='about'),
url('^confirm-register$',
direct_to_template, {'template': 'phonebook/confirm_register.html'},
name='confirm_register'),
)
## In DEBUG mode, serve media files through Django.
if settings.DEBUG:
# Remove leading and trailing slashes so the regex matches.
media_url = settings.MEDIA_URL.lstrip('/').rstrip('/')
urlpatterns += patterns(
url(r'^accounts/', include('accounts.urls')),
url(r'^', include('homepage.urls')),
url(
r'^contribute.json$',
TemplateView.as_view(template_name='contribute.json',
content_type='application/json')),
# dockerflow end points
# https://github.com/mozilla-services/Dockerflow/blob/master/README.md#containerized-app-requirements
url(
r'^__version__$',
TemplateView.as_view(template_name='version.json',
content_type='application/json')),
url(r'^__lbheartbeat__$', lambda request: HttpResponse()),
url(r'^__heartbeat__$', heartbeat),
# end of dockerflow end points
url(r'^login/$',
anonymous_csrf(auth_views.LoginView.as_view()),
name='login'),
url(r'^oidc/', include('mozilla_django_oidc.urls')),
url(r'^logout/$', auth_views.LogoutView.as_view(), name='logout'),
url(r'^admin/', admin_site.urls),
]
handler500 = 'homepage.views.handler500'
if 'debug_toolbar' in settings.INSTALLED_APPS:
import debug_toolbar
urlpatterns = [
url(r'^__debug__/', include(debug_toolbar.urls)),
] + urlpatterns
from shop import urls as shop_urls # <-- Add this at the top
from haystack.views import SearchView
admin.autodiscover()
# django-session-csrf monkeypatcher
import session_csrf
session_csrf.monkeypatch()
def bad(request):
""" Simulates a server error """
1 / 0
urlpatterns = patterns('',
(r'^admin/doc/', include('django.contrib.admindocs.urls')),
(r'^admin/$', anonymous_csrf(admin.site.admin_view(admin.site.index))),
(r'^admin/', include(admin.site.urls)),
#url(r'^', include('debug_toolbar_user_panel.urls')),
(r'^bad/$', bad),
(r'^shop/', include(shop_urls)), # <-- That's the important bit
(r'^rent/', include('indiefilmrentals.products.urls')),
(r'^pages/', include('django.contrib.flatpages.urls')),
url(r'^search/', SearchView(template='base/search.html'), name='haystack_search'),
(r'', include('indiefilmrentals.base.urls')),
)
## In DEBUG mode, serve media files through Django.
if settings.DEBUG:
# Remove leading and trailing slashes so the regex matches.
media_url = settings.MEDIA_URL.lstrip('/').rstrip('/')
urlpatterns += patterns('',
url('^delete_photo/(?P<user_id>\d+)?$',
views.delete_photo,
name='users.delete_photo'),
url('^edit$', views.edit, name='users.edit'),
url('^edit(?:/(?P<user_id>\d+))?$',
views.admin_edit,
name='users.admin_edit'),
url('^login/modal', views.login_modal, name='users.login_modal'),
url('^login', views.login, name='users.login'),
url('^logout', views.logout, name='users.logout'),
url('^register$',
RedirectView.as_view(pattern_name='users.login', permanent=True),
name='users.register'),
url('^migrate', views.migrate, name='users.migrate'),
url(r'^pwreset/?$',
migration_on(anonymous_csrf(auth_views.password_reset)), {
'template_name': 'users/pwreset_request.html',
'email_template_name': 'users/email/pwreset.ltxt',
'password_reset_form': forms.PasswordResetForm
},
name='password_reset_form'),
url(r'^pwresetsent$',
migration_on(auth_views.password_reset_done),
{'template_name': 'users/pwreset_sent.html'},
name="password_reset_done"),
url(
r'^pwreset/(?P<uidb64>[0-9A-Za-z_\-]+)/'
r'(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})',
views.password_reset_confirm,
name="users.pwreset_confirm"),
url(r'^pwresetcomplete$',
import session_csrf
# As per https://github.com/mozilla/django-session-csrf, make sure the patch
# is applied before views are imported.
session_csrf.monkeypatch()
import auth
from django.conf import settings
from django.conf.urls import include
from django.conf.urls import url
from django.conf.urls.static import static
from django.contrib import admin
from django.contrib.auth import views
from django.views.i18n import javascript_catalog
admin.autodiscover()
admin.site.login = session_csrf.anonymous_csrf(admin.site.login)
views.login = session_csrf.anonymous_csrf(views.login)
# See https://docs.djangoproject.com/en/dev/topics/http/urls/
# and https://docs.djangoproject.com/en/dev/ref/contrib/admin/#adding-a-password-reset-feature
urlpatterns = [
url(r"", include("core.urls")),
url(r"^login/$", "django.contrib.auth.views.login",
{"template_name": "login.html.tmpl"}),
url(r"^logout/$", "django.contrib.auth.views.logout"),
url(r"^password_change/$",
"django.contrib.auth.views.password_change",
{"password_change_form": auth.ValidatingPasswordChangeForm},
name="password_change"),
url(r"^password_change/done/$",
"django.contrib.auth.views.password_change_done",
admin.autodiscover()
from session_csrf import anonymous_csrf
from phonebook import views
urlpatterns = patterns(
"",
url("^user/edit/$", views.edit_profile, name="profile.edit"),
url("^register/edit/$", views.edit_profile, {"new_account": True}, name="profile.new"),
url("^confirm-delete$", views.confirm_delete, name="profile.delete_confirm"),
url("^delete$", views.delete, name="profile.delete"),
url("^opensearch.xml$", views.search_plugin, name="search_plugin"),
url("^search$", views.search, name="search"),
url("^vouch$", views.vouch, name="vouch"),
url("^invite$", views.invite, name="invite"),
url("^invited/(?P<id>\d+)$", views.invited, name="invited"),
# Static pages
# Static pages need csrf for browserID post to work
url("^about$", anonymous_csrf(direct_to_template), {"template": "phonebook/about.html"}, name="about"),
url(
"^confirm-register$",
direct_to_template,
{"template": "phonebook/confirm_register.html"},
name="confirm_register",
),
url("^$", anonymous_csrf(direct_to_template), {"template": "phonebook/home.html"}, name="home"),
url(r"^(?P<username>.+)$", views.profile, name="profile"),
)
url(r'^source/', include('pushes.urls', namespace='pushes')),
url(r'^dashboard/', include('l10nstats.urls')),
url(r'^shipping/', include('shipping.urls')),
url(r'^bugs/', include('bugsy.urls')),
url(r'^accounts/', include('accounts.urls')),
url(r'^', include('homepage.urls')),
url(r'^contribute.json$',
TemplateView.as_view(template_name='contribute.json',
content_type='application/json')),
url(r'^__version__$',
TemplateView.as_view(template_name='version.json',
content_type='application/json')),
url(
r'^login/$',
anonymous_csrf(auth_views.LoginView.as_view()),
name='login'
),
url(r'^logout/$', auth_views.LogoutView.as_view(), name='logout'),
url(r'^admin/', admin_site.urls),
]
handler500 = 'homepage.views.handler500'
if 'debug_toolbar' in settings.INSTALLED_APPS:
import debug_toolbar
urlpatterns = [
url(r'^__debug__/', include(debug_toolbar.urls)),
] + urlpatterns
"moztrap.view.users.views",
# auth -------------------------------------------------------------------
url(r"^login/", "login", name="auth_login"),
url(r"^logout/", "logout", name="auth_logout"),
url(r"^password/change/$", "password_change", name="auth_password_change"),
url(r"^password/reset/$", "password_reset", name="auth_password_reset"),
url(r"^reset/(?P<uidb64>[0-9A-Za-z]{1,13})-(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$",
"password_reset_confirm",
name="auth_password_reset_confirm"),
url(r"^set_name/$", "set_username", name="auth_set_username"),
url(r"^(?P<user_id>\d+)/apikey/$", "create_apikey", name="auth_create_apikey"),
# registration -----------------------------------------------------------
# Activation keys get matched by \w+ instead of the more specific
# [a-fA-F0-9]{40} because a bad activation key should still get to the view;
# that way it can return a sensible "invalid key" message instead of a
# confusing 404.
url(r"^activate/(?P<activation_key>\w+)/$",
anonymous_csrf(views.ActivationView.as_view()),
name="registration_activate"),
url(r"^register/$",
anonymous_csrf(views.RegistrationView.as_view()),
name="registration_register"),
url(r"^register/closed/$",
TemplateView.as_view(template_name="users/registration_closed.html"),
name="registration_disallowed"),
)
users_patterns = patterns(
"",
url("^ajax$", views.ajax, name="users.ajax"),
url("^delete$", views.delete, name="users.delete"),
url("^delete_photo$", views.delete_photo, name="users.delete_photo"),
url("^edit$", views.edit, name="users.edit"),
url("^edit$", views.edit, name="users.edit"),
url("^edit(?:/(?P<user_id>\d+))?$", views.admin_edit, name="users.admin_edit"),
url("^browserid-login", views.browserid_login, name="users.browserid_login"),
url("^login/modal", views.login_modal, name="users.login_modal"),
url("^login", views.login, name="users.login"),
url("^logout", views.logout, name="users.logout"),
url("^register$", views.register, name="users.register"),
url(
r"^pwreset/?$",
anonymous_csrf(auth_views.password_reset),
{
"template_name": "users/pwreset_request.html",
"email_template_name": "users/email/pwreset.ltxt",
"password_reset_form": forms.PasswordResetForm,
},
name="users.pwreset",
),
url(
r"^pwresetsent$",
auth_views.password_reset_done,
{"template_name": "users/pwreset_sent.html"},
name="users.pwreset_sent",
),
url(
r"^pwreset/(?P<uidb36>\w{1,13})/(?P<token>\w{1,13}-\w{1,20})$",
users_patterns = patterns('',
url('^ajax$', views.ajax, name='users.ajax'),
url('^delete$', views.delete, name='users.delete'),
url('^delete_photo$', views.delete_photo, name='users.delete_photo'),
url('^edit$', views.edit, name='users.edit'),
url('^edit$', views.edit, name='users.edit'),
url('^edit(?:/(?P<user_id>\d+))?$', views.admin_edit,
name='users.admin_edit'),
url('^browserid-login', views.browserid_login,
name='users.browserid_login'),
url('^login/modal', modal_view(views.login), name='users.login_modal'),
url('^login', views.login, name='users.login'),
url('^logout', views.logout, name='users.logout'),
url('^register$', views.register, name='users.register'),
url(r'^pwreset/?$', anonymous_csrf(auth_views.password_reset),
{'template_name': 'users/pwreset_request.html',
'email_template_name': 'users/email/pwreset.ltxt',
'password_reset_form': forms.PasswordResetForm,
}, name="users.pwreset"),
url(r'^pwresetsent$', auth_views.password_reset_done,
{'template_name': 'users/pwreset_sent.html'},
name="users.pwreset_sent"),
url(r'^pwreset/(?P<uidb36>\w{1,13})/(?P<token>\w{1,13}-\w{1,20})$',
views.password_reset_confirm,
name="users.pwreset_confirm"),
url(r'^pwresetcomplete$', auth_views.password_reset_complete,
{'template_name': 'users/pwreset_complete.html'},
name="users.pwreset_complete"),
url(r'^unsubscribe/(?P<token>[-\w]+={0,3})/(?P<hash>[\w]+)/'
'(?P<perm_setting>[\w]+)?$', views.unsubscribe,
url('^ajax$', views.ajax, name='users.ajax'),
url('^delete$', views.delete, name='users.delete'),
url('^delete_photo$', views.delete_photo, name='users.delete_photo'),
url('^edit$', views.edit, name='users.edit'),
url('^edit(?:/(?P<user_id>\d+))?$',
views.admin_edit,
name='users.admin_edit'),
url('^browserid-login',
views.browserid_login,
name='users.browserid_login'),
url('^login/modal', views.login_modal, name='users.login_modal'),
url('^login', views.login, name='users.login'),
url('^logout', views.logout, name='users.logout'),
url('^register$', views.register, name='users.register'),
url(r'^pwreset/?$',
anonymous_csrf(auth_views.password_reset), {
'template_name': 'users/pwreset_request.html',
'email_template_name': 'users/email/pwreset.ltxt',
'password_reset_form': forms.PasswordResetForm,
},
name='password_reset_form'),
url(r'^pwresetsent$',
auth_views.password_reset_done,
{'template_name': 'users/pwreset_sent.html'},
name="password_reset_done"),
url(r'^pwreset/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})',
views.password_reset_confirm,
name="users.pwreset_confirm"),
url(r'^pwresetcomplete$',
auth_views.password_reset_complete,
{'template_name': 'users/pwreset_complete.html'},
url('^ajax$', views.ajax, name='users.ajax'),
url('^delete$', views.delete, name='users.delete'),
url('^delete_photo/(?P<user_id>\d+)?$', views.delete_photo,
name='users.delete_photo'),
url('^edit$', views.edit, name='users.edit'),
url('^edit(?:/(?P<user_id>\d+))?$', views.admin_edit,
name='users.admin_edit'),
url('^login/modal', views.login_modal, name='users.login_modal'),
url('^login', views.login, name='users.login'),
url('^logout', views.logout, name='users.logout'),
url('^register$',
RedirectView.as_view(pattern_name='users.login', permanent=True),
name='users.register'),
url('^migrate', views.migrate, name='users.migrate'),
url(r'^pwreset/?$',
migration_on(anonymous_csrf(auth_views.password_reset)),
{'template_name': 'users/pwreset_request.html',
'email_template_name': 'users/email/pwreset.ltxt',
'password_reset_form': forms.PasswordResetForm},
name='password_reset_form'),
url(r'^pwresetsent$',
migration_on(auth_views.password_reset_done),
{'template_name': 'users/pwreset_sent.html'},
name="password_reset_done"),
url(r'^pwreset/(?P<uidb64>[0-9A-Za-z_\-]+)/'
r'(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})',
views.password_reset_confirm,
name="users.pwreset_confirm"),
url(r'^pwresetcomplete$',
migration_on(auth_views.password_reset_complete),
{'template_name': 'users/pwreset_complete.html'},
from django.conf.urls.defaults import patterns, url
from django.contrib.auth import views as auth_views
from jinjautils import jinja_for_django
from session_csrf import anonymous_csrf
from users import forms
from . import views
# So we can use the contrib logic for password resets, etc.
auth_views.render_to_response = jinja_for_django
urlpatterns = patterns('',
url(r'^login', anonymous_csrf(auth_views.login),
dict(authentication_form=forms.AuthenticationForm), name='login'),
url(r'^logout', auth_views.logout, dict(redirect_field_name='next'),
name='logout'),
url(r'^register', views.register, name='register'),
url(r'^confirm', views.confirm, name='confirm'),
url(r'^send_confirmation', views.send_confirmation,
name='send_confirmation'),
url(r'^password_change', views.password_change,
name='password_change'),
url(r'^password_change_done', auth_views.password_change_done,
name='password_change_done'),
url(r'^password_reset$', views.password_reset,
import session_csrf
# As per https://github.com/mozilla/django-session-csrf, make sure the patch
# is applied before views are imported.
session_csrf.monkeypatch()
import auth
from django.conf import settings
from django.conf.urls import include
from django.conf.urls import url
from django.conf.urls.static import static
from django.contrib import admin
from django.contrib.auth import views
from django.views.i18n import javascript_catalog
admin.autodiscover()
admin.site.login = session_csrf.anonymous_csrf(admin.site.login)
views.login = session_csrf.anonymous_csrf(views.login)
# See https://docs.djangoproject.com/en/dev/topics/http/urls/
# and https://docs.djangoproject.com/en/dev/ref/contrib/admin/#adding-a-password-reset-feature
urlpatterns = [
url(r"", include("core.urls")),
url(r"^login/$", "django.contrib.auth.views.login",
{"template_name": "login.html.tmpl"}),
url(r"^logout/$", "django.contrib.auth.views.logout"),
url(r"^password_change/$", "django.contrib.auth.views.password_change",
{"password_change_form": auth.ValidatingPasswordChangeForm},
name="password_change"),
url(r"^password_change/done/$",
"django.contrib.auth.views.password_change_done",
name="password_change_done"),
url('^confirm/resend$', views.confirm_resend, name='users.confirm.resend'),
url('^confirm/(?P<token>[-\w]+)$', views.confirm, name='users.confirm'),
url(r'^emailchange/(?P<token>[-\w]+={0,3})/(?P<hash>[\w]+)$',
views.emailchange, name="users.emailchange"),
url('^abuse', views.report_abuse, name='users.abuse'),
)
users_patterns = patterns('',
url('^ajax$', views.ajax, name='users.ajax'),
url('^delete$', views.delete, name='users.delete'),
url('^delete_photo$', views.delete_photo, name='users.delete_photo'),
url('^edit$', views.edit, name='users.edit'),
url('^login', views.login, name='users.login'),
url('^logout', views.logout, name='users.logout'),
url('^register$', views.register, name='users.register'),
url(r'^pwreset/?$', anonymous_csrf(auth_views.password_reset),
{'template_name': 'users/pwreset_request.html',
'email_template_name': 'users/email/pwreset.ltxt',
'password_reset_form': forms.PasswordResetForm,
}, name="users.pwreset"),
url(r'^pwresetsent$', auth_views.password_reset_done,
{'template_name': 'users/pwreset_sent.html'},
name="users.pwreset_sent"),
url(r'^pwreset/(?P<uidb36>\w{1,13})/(?P<token>\w{1,13}-\w{1,20})$',
views.password_reset_confirm,
name="users.pwreset_confirm"),
url(r'^pwresetcomplete$', auth_views.password_reset_complete,
{'template_name': 'users/pwreset_complete.html'},
name="users.pwreset_complete"),
)
# auth -------------------------------------------------------------------
url(r"^login/", "login", name="auth_login"),
url(r"^logout/", "logout", name="auth_logout"),
url(r"^password/change/$", "password_change", name="auth_password_change"),
url(r"^password/reset/$", "password_reset", name="auth_password_reset"),
url(r"^reset/(?P<uidb64>[0-9A-Za-z]{1,13})-(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$",
"password_reset_confirm",
name="auth_password_reset_confirm"),
url(r"^set_name/$", "set_username", name="auth_set_username"),
url(r"^(?P<user_id>\d+)/apikey/$",
"create_apikey",
name="auth_create_apikey"),
# registration -----------------------------------------------------------
# Activation keys get matched by \w+ instead of the more specific
# [a-fA-F0-9]{40} because a bad activation key should still get to the view;
# that way it can return a sensible "invalid key" message instead of a
# confusing 404.
url(r"^activate/(?P<activation_key>\w+)/$",
anonymous_csrf(views.ActivationView.as_view()),
name="registration_activate"),
url(r"^register/$",
anonymous_csrf(views.RegistrationView.as_view()),
name="registration_register"),
url(r"^register/closed/$",
TemplateView.as_view(template_name="users/registration_closed.html"),
name="registration_disallowed"),
)
from session_csrf import anonymous_csrf
from phonebook import views
urlpatterns = patterns('',
url('^user/edit/$', views.edit_profile,
name='profile.edit'),
url('^register/edit/$', views.edit_profile, {'new_account': True},
name='profile.new'),
url('^confirm-delete$', views.confirm_delete,
name='profile.delete_confirm'),
url('^delete$', views.delete, name='profile.delete'),
url('^opensearch.xml$', views.search_plugin, name='search_plugin'),
url('^search$', views.search, name='search'),
url('^vouch$', views.vouch, name='vouch'),
url('^invite$', views.invite, name='invite'),
url('^invited/(?P<id>\d+)$', views.invited, name='invited'),
# Static pages
# Static pages need csrf for browserID post to work
url('^about$', anonymous_csrf(direct_to_template), {'template': 'phonebook/about.html'},
name='about'),
url('^confirm-register$', direct_to_template,
{'template': 'phonebook/confirm_register.html'},
name='confirm_register'),
url('^$', anonymous_csrf(direct_to_template),
{'template': 'phonebook/home.html'}, name='home'),
url(r'^(?P<username>(u\/)?[\w.@+-]{1,30})$', views.profile, name='profile'),
)
from django.contrib.sessions.models import Session
from django.core import signals
from django.core.cache import cache
from django.core.handlers.wsgi import WSGIRequest
from django.db import close_connection
from django.template import context
import mock
from session_csrf import CsrfMiddleware, anonymous_csrf
urlpatterns = patterns(
"",
("^$", lambda r: http.HttpResponse()),
("^anon$", anonymous_csrf(lambda r: http.HttpResponse())),
("^logout$", anonymous_csrf(lambda r: logout(r) or http.HttpResponse())),
)
class TestCsrfToken(django.test.TestCase):
urls = "session_csrf.tests"
def setUp(self):
self.client.handler = ClientHandler()
User.objects.create_user("jbalogh", "*****@*****.**", "password")
def login(self):
assert self.client.login(username="******", password="******")
def test_csrftoken_unauthenticated(self):