def test_scoped_csrf_protect(self):
@pretend.call_recorder
def view(context, request):
pass
context = pretend.stub()
request = pretend.stub()
wrapped = csrf.csrf_protect("my scope")(view)
wrapped(context, request)
assert view.calls == [pretend.call(context, request)]
assert request._process_csrf
assert request._csrf_scope is "my scope"
def test_scoped_csrf_protect(self):
@pretend.call_recorder
def view(context, request):
pass
context = pretend.stub()
request = pretend.stub()
wrapped = csrf.csrf_protect("my scope")(view)
wrapped(context, request)
assert view.calls == [pretend.call(context, request)]
assert request._process_csrf
assert request._csrf_scope is "my scope"
request.db.query(Release)
.options(joinedload(Release.project))
.join(Project)
.distinct(Project.name)
.filter(Project.users.contains(user))
.order_by(Project.name)
.all()
)
return {"user": user, "projects": projects}
@view_config(
route_name="accounts.login",
renderer="accounts/login.html",
decorator=[csrf_protect("accounts.login"), uses_session],
)
def login(request, redirect_field_name=REDIRECT_FIELD_NAME,
_form_class=LoginForm):
# TODO: Logging in should reset request.user
# TODO: Configure the login view as the default view for not having
# permission to view something.
login_service = request.find_service(IUserService, context=None)
redirect_to = request.POST.get(redirect_field_name,
request.GET.get(redirect_field_name))
form = _form_class(request.POST, login_service=login_service)
if request.method == "POST" and form.validate():
),
origin_cache(30 * 24 * 60 * 60), # 30 days
],
)
def profile(user, request):
if user.username != request.matchdict.get("username", user.username):
return HTTPMovedPermanently(
request.current_route_path(username=user.username), )
return {"user": user}
@view_config(
route_name="accounts.login",
renderer="accounts/login.html",
decorator=[csrf_protect("accounts.login"), uses_session],
)
def login(request, _form_class=LoginForm):
# TODO: If already logged in just redirect to ?next=
# TODO: Logging in should reset request.user
# TODO: Configure the login view as the default view for not having
# permission to view something.
login_service = request.find_service(ILoginService, context=None)
form = _form_class(request.POST, login_service=login_service)
if request.method == "POST" and form.validate():
# Get the user id for the given username.
userid = login_service.find_userid(form.username.data)
def test_csrf_protect():
view = lambda app, request: Response()
view = csrf_protect(view)
assert view._csrf
assert "cookie" in view(pretend.stub(), pretend.stub()).vary.as_set()
def test_csrf_protect():
view = lambda app, request: Response()
view = csrf_protect(view)
assert view._csrf
assert "cookie" in view(pretend.stub(), pretend.stub()).vary.as_set()