def handle_login(request): csrf_middleware = CsrfViewMiddleware() response_data = {} form = None if request.raw_post_data: request.POST = json.loads(request.raw_post_data) csrf_middleware.process_view(request, None, None, None) if 'data' in request.POST: form = LoginForm(data=request.POST['data']) if form.is_valid(): if not request.POST['meta']['validate']: auth_login(request, form.get_user()) else: form = LoginForm(request) response_data['csrfmiddlewaretoken'] = get_token(request) if form is not None: remote_form = RemoteForm(form) response_data.update(remote_form.as_dict()) response = HttpResponse(json.dumps(response_data, cls=LazyEncoder), mimetype="application/json") csrf_middleware.process_response(request, response) return response
def api_user_login_via_otp_form_email_django_forms_example(request): csrf_middleware = CsrfViewMiddleware() response_data = {} if request.method == 'GET': # Get form definition form = UserLoginViaOtpFormEmail(initial={'email': settings.TESTING_EMAIL2}) elif request.method == 'POST': if request.content_type != 'application/json': return HttpResponse(json.dumps({"detail": "Unsupported media type \"'%s'\" in request." % request.content_type}), content_type="application/json",status=401); # Process request for CSRF csrf_middleware.process_view(request, None, None, None) form_data = json.loads(request.body) form = UserLoginViaOtpFormEmail(form_data) if form.is_valid(): email = form.cleaned_data.get('email') response = HttpResponse( {'email': email}, content_type="application/json" ) remote_form = RemoteForm(form) # Errors in response_data['non_field_errors'] and response_data['errors'] response_data.update(remote_form.as_dict()) response = HttpResponse( json.dumps(response_data, cls=DjangoJSONEncoder), content_type="application/json" ) # Process response for CSRF csrf_middleware.process_response(request, response) return response
def handle_login(request): csrf_middleware = CsrfViewMiddleware() response_data = {} form = None if request.raw_post_data: request.POST = json.loads(request.raw_post_data) csrf_middleware.process_view(request, None, None, None) if 'data' in request.POST: form = LoginForm(data=request.POST['data']) if form.is_valid(): if not request.POST['meta']['validate']: auth_login(request, form.get_user()) else: form = LoginForm(request) response_data['csrfmiddlewaretoken'] = get_token(request) if form is not None: remote_form = RemoteForm(form) response_data.update(remote_form.as_dict()) response = HttpResponse(json.dumps(response_data, cls=LazyEncoder), mimetype="application/json") csrf_middleware.process_response(request, response) return response
def my_ajax_view(request): csrf_middleware = CsrfViewMiddleware() response_data = {} if request.method == 'GET': # Get form definition form = IngredientForm10() elif request.method == 'POST': #request.POST = json.loads(request.body) # Process request for CSRF csrf_middleware.process_view(request, None, None, None) form_data = json.loads(request.body) form = IngredientForm10(form_data) if form.is_valid(): form.save() return HttpResponseRedirect(reverse("ingredients-api:singleform")) remote_form = RemoteForm(form) # Errors in response_data['non_field_errors'] and response_data['errors'] response_data.update(remote_form.as_dict()) response = HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder), content_type="application/json") # Process response for CSRF csrf_middleware.process_response(request, response) return response
def my_ajax_view(request): csrf_middleware = CsrfViewMiddleware() response_data = {} if request.method == 'GET': # Get form definition form = ProjectForm() elif request.raw_post_data: request.POST = json.loads(request.raw_post_data) # Process request for CSRF csrf_middleware.process_view(request, None, None, None) form_data = request.POST.get('data', {}) form = ProjectForm(form_data) if form.is_valid(): form.save() field_configuration = { 'include': ['title','duration'], } remote_form = RemoteForm(form, **field_configuration) # Errors in response_data['non_field_errors'] and response_data['errors'] response_data.update(remote_form.as_dict()) response = HttpResponse( json.dumps(response_data, cls=DjangoJSONEncoder), mimetype="application/json" ) # Process response for CSRF csrf_middleware.process_response(request, response) return response
def create_response(self, request, data, response_class=HttpResponse, **response_kwargs): """ Extracts the common "which-format/serialize/return-response" cycle. Also, since we're dealing with forms, process the response for CSRF protection. """ csrf_middleware = CsrfViewMiddleware() response = super(BaseFormResource, self).create_response(request, data, response_class, **response_kwargs) return csrf_middleware.process_response(request, response)
def json_topic_form(request): csrf_middleware = CsrfViewMiddleware() response_data = {} if request.method == 'GET': form = TopicForm() elif request.raw_post_data: request.POST = json.loads(request.raw_post_data) csrf_middleware.process_view(request, None, None, None, None) form_data = request.POST.get('data', {}) form = TopicForm(form_data) if form.is_valid(): form.save() remote_form = RemoteForm(form) response_data.update(remote_form_as_dict()) response = HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder), mimetype='application/json') csrf_middleware.process_response(request, response) return response;
def process_response(self, request, response): # Caching is only applicable for text-based, non-streaming # responses. We also skip it for non-200 statuses during # development, so that stack traces are correctly rendered. is_text = response.get("content-type", "").startswith("text") valid_status = response.status_code == 200 streaming = getattr(response, "streaming", False) if not is_text or streaming or (settings.DEBUG and not valid_status): return response # Cache the response if all the required conditions are met. # Response must be marked for updating by the # ``FetchFromCacheMiddleware`` having a cache get miss, the # user must not be authenticated, the HTTP status must be OK # and the response mustn't include an expiry age, indicating it # shouldn't be cached. marked_for_update = getattr(request, "_update_cache", False) anon = hasattr(request, "user") and not is_authenticated(request.user) timeout = get_max_age(response) if timeout is None: timeout = settings.CACHE_MIDDLEWARE_SECONDS if anon and valid_status and marked_for_update and timeout: cache_key = cache_key_prefix(request) + request.get_full_path() _cache_set = lambda r: cache_set(cache_key, r.content, timeout) if callable(getattr(response, "render", None)): response.add_post_render_callback(_cache_set) else: _cache_set(response) # Second phase rendering for non-cached template code and # content. Split on the delimiter the ``nevercache`` tag # wrapped its contents in, and render only the content # enclosed by it, to avoid possible template code injection. token = nevercache_token() try: token = token.encode('utf-8') except AttributeError: pass parts = response.content.split(token) # Restore csrf token from cookie - check the response # first as it may be being set for the first time. csrf_token = None try: csrf_token = response.cookies[settings.CSRF_COOKIE_NAME].value except KeyError: try: csrf_token = request.COOKIES[settings.CSRF_COOKIE_NAME] except KeyError: pass if csrf_token: request.META["CSRF_COOKIE"] = csrf_token context = RequestContext(request) for i, part in enumerate(parts): if i % 2: part = Template(part).render(context).encode("utf-8") parts[i] = part response.content = b"".join(parts) response["Content-Length"] = len(response.content) if hasattr(request, '_messages'): # Required to clear out user messages. request._messages.update(response) # Response needs to be run-through the CSRF middleware again so # that if there was a {% csrf_token %} inside of the nevercache # the cookie will be correctly set for the the response csrf_mw_name = "django.middleware.csrf.CsrfViewMiddleware" if csrf_mw_name in get_middleware_setting(): response.csrf_processing_done = False csrf_mw = CsrfViewMiddleware() csrf_mw.process_response(request, response) return response
def newmessage(request): from django.middleware.csrf import CsrfViewMiddleware csrf_middleware = CsrfViewMiddleware() response_data = {} if request.method == 'GET': # Get form definition form = BroadcastForm() elif request.method == 'POST': request.POST = json.loads(request.body) # Process request for CSRF csrf_middleware.process_view(request, None, None, None) form_data = request.POST.get('data', {}) form = BroadcastForm(form_data) if form.is_valid(): message = form.cleaned_data["message"] #Send Member if form.cleaned_data["member"]: queryset = _get_queryset(form) if queryset: persons = Person.objects.filter(queryset) else: persons = Person.objects.all() _send_sms(persons, message) _write_log(persons, message) #Send External Receiver if form.cleaned_data["external"]: if form.cleaned_data["extra_phones"]: phones = form.cleaned_data["extra_phones"].split(',') for phone in phones: _send_single_sms(phone, message) _write_single_log(message) #Send Non Member Receiver if form.cleaned_data["nonmembers"]: if form.cleaned_data["non_member"]: phones = form.cleaned_data["non_member"] for phone in phones: person = nonmember.objects.get(id=int(phone.id)) _send_single_sms(phone, message) _write_single_log(message,None,person) #Send Member Ulang Tahun if form.cleaned_data["ultah"]: if form.cleaned_data["ultah_today"]: phones = form.cleaned_data["ultah_today"] for phone in phones: person = Person.objects.get(id=phone.id) _send_single_sms(phone, message) _write_single_log(message,None,person) remote_form = RemoteForm(form) # Errors in response_data['non_field_errors'] and response_data['errors'] response_data.update(remote_form.as_dict()) response = HttpResponse( json.dumps(response_data, cls=DjangoJSONEncoder), content_type="application/json" ) # Process response for CSRF csrf_middleware.process_response(request, response) return response
def newmessage(request): from django.middleware.csrf import CsrfViewMiddleware csrf_middleware = CsrfViewMiddleware() response_data = {} if request.method == 'GET': # Get form definition form = BroadcastForm() elif request.method == 'POST': request.POST = json.loads(request.body) # Process request for CSRF csrf_middleware.process_view(request, None, None, None) form_data = request.POST.get('data', {}) form = BroadcastForm(form_data) if form.is_valid(): message = form.cleaned_data["message"] #Send Member if form.cleaned_data["member"]: queryset = _get_queryset(form) if queryset: persons = Person.objects.filter(queryset) else: persons = Person.objects.all() _send_sms(persons, message) _write_log(persons, message) #Send External Receiver if form.cleaned_data["external"]: if form.cleaned_data["extra_phones"]: phones = form.cleaned_data["extra_phones"].split(',') for phone in phones: _send_single_sms(phone, message) _write_single_log(message) #Send Non Member Receiver if form.cleaned_data["nonmembers"]: if form.cleaned_data["non_member"]: phones = form.cleaned_data["non_member"] for phone in phones: person = nonmember.objects.get(id=int(phone.id)) _send_single_sms(phone, message) _write_single_log(message, None, person) #Send Member Ulang Tahun if form.cleaned_data["ultah"]: if form.cleaned_data["ultah_today"]: phones = form.cleaned_data["ultah_today"] for phone in phones: person = Person.objects.get(id=phone.id) _send_single_sms(phone, message) _write_single_log(message, None, person) remote_form = RemoteForm(form) # Errors in response_data['non_field_errors'] and response_data['errors'] response_data.update(remote_form.as_dict()) response = HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder), content_type="application/json") # Process response for CSRF csrf_middleware.process_response(request, response) return response
def process_response(self, request, response): # Caching is only applicable for text-based, non-streaming # responses. We also skip it for non-200 statuses during # development, so that stack traces are correctly rendered. is_text = response.get("content-type", "").startswith("text") valid_status = response.status_code == 200 streaming = getattr(response, "streaming", False) if not is_text or streaming or (settings.DEBUG and not valid_status): return response # Cache the response if all the required conditions are met. # Response must be marked for updating by the # ``FetchFromCacheMiddleware`` having a cache get miss, the # user must not be authenticated, the HTTP status must be OK # and the response mustn't include an expiry age, indicating it # shouldn't be cached. marked_for_update = getattr(request, "_update_cache", False) anon = hasattr(request, "user") and not request.user.is_authenticated() timeout = get_max_age(response) if timeout is None: timeout = settings.CACHE_MIDDLEWARE_SECONDS if anon and valid_status and marked_for_update and timeout: cache_key = cache_key_prefix(request) + request.get_full_path() _cache_set = lambda r: cache_set(cache_key, r.content, timeout) if callable(getattr(response, "render", None)): response.add_post_render_callback(_cache_set) else: _cache_set(response) # Second phase rendering for non-cached template code and # content. Split on the delimiter the ``nevercache`` tag # wrapped its contents in, and render only the content # enclosed by it, to avoid possible template code injection. token = nevercache_token() try: token = token.encode('utf-8') except AttributeError: pass parts = response.content.split(token) # Restore csrf token from cookie - check the response # first as it may be being set for the first time. csrf_token = None try: csrf_token = response.cookies[settings.CSRF_COOKIE_NAME].value except KeyError: try: csrf_token = request.COOKIES[settings.CSRF_COOKIE_NAME] except KeyError: pass if csrf_token: request.META["CSRF_COOKIE"] = csrf_token context = RequestContext(request) for i, part in enumerate(parts): if i % 2: part = Template(part).render(context).encode("utf-8") parts[i] = part response.content = b"".join(parts) response["Content-Length"] = len(response.content) if hasattr(request, '_messages'): # Required to clear out user messages. request._messages.update(response) # Response needs to be run-through the CSRF middleware again so # that if there was a {% csrf_token %} inside of the nevercache # the cookie will be correctly set for the the response csrf_mw_name = "django.middleware.csrf.CsrfViewMiddleware" if csrf_mw_name in MIDDLEWARE_SETTING: response.csrf_processing_done = False csrf_mw = CsrfViewMiddleware() csrf_mw.process_response(request, response) return response
def handle_instance_form(request, app_label, model_name, instance_id=None): if not request.user.is_authenticated(): return HttpResponse('Unauthorized', status=401) csrf_middleware = CsrfViewMiddleware() response_data = { 'meta': { 'app_label': app_label, 'model_name': model_name }, 'admin': {} } instance = None for model, model_admin in site._registry.items(): if app_label != model._meta.app_label or model_name != model._meta.module_name: continue field_configuration = { 'include': model_admin.fields or [], 'exclude': model_admin.exclude or [], 'ordering': model_admin.fields or [], 'fieldsets': model_admin.fieldsets or {}, 'readonly': model_admin.readonly_fields or [] } if instance_id is not None: response_data[instance_id] = instance_id try: instance = model.objects.get(pk=instance_id) except model.DoesNotExist: raise Http404('Invalid instance ID') current_model = model CurrentModelForm = ADMIN_FORM_OVERRIDES.get(model_name, None) if CurrentModelForm is None: class CurrentModelForm(ModelForm): class Meta: model = current_model if request.method == 'GET': # Return instance form for given model name # Return initial values if instance ID is supplied, otherwise return empty form if instance is None: form = CurrentModelForm() else: form = CurrentModelForm(instance=instance) for field_name, initial_value in form.initial.items(): if initial_value is not None and field_name in form.fields: form.fields[field_name].initial = initial_value response_data['csrfmiddlewaretoken'] = get_token(request) remote_form = RemoteForm(form, **field_configuration) response_data.update(remote_form.as_dict()) elif request.raw_post_data: request.POST = json.loads(request.raw_post_data) csrf_middleware.process_view(request, None, None, None) if 'data' in request.POST: if instance_id is None: form = CurrentModelForm(request.POST['data']) else: form = CurrentModelForm(request.POST['data'], instance=instance) if form.is_valid(): if not request.POST['meta']['validate']: form.save() remote_form = RemoteForm(form, **field_configuration) response_data.update(remote_form.as_dict()) response = HttpResponse(json.dumps(response_data, cls=LazyEncoder), mimetype="application/json") csrf_middleware.process_response(request, response) return response
def handle_instance_form(request, app_label, model_name, instance_id=None): if not request.user.is_authenticated(): return HttpResponse('Unauthorized', status=401) csrf_middleware = CsrfViewMiddleware() response_data = { 'meta': { 'app_label': app_label, 'model_name': model_name }, 'admin': {} } instance = None for model, model_admin in site._registry.items(): if app_label != model._meta.app_label or model_name != model._meta.module_name: continue field_configuration = { 'include': model_admin.fields or [], 'exclude': model_admin.exclude or [], 'ordering': model_admin.fields or [], 'fieldsets': model_admin.fieldsets or {}, 'readonly': model_admin.readonly_fields or [] } if instance_id is not None: response_data[instance_id] = instance_id try: instance = model.objects.get(pk=instance_id) except model.DoesNotExist: raise Http404('Invalid instance ID') current_model = model CurrentModelForm = ADMIN_FORM_OVERRIDES.get(model_name, None) if CurrentModelForm is None: class CurrentModelForm(ModelForm): class Meta: model = current_model if request.method == 'GET': # Return instance form for given model name # Return initial values if instance ID is supplied, otherwise return empty form if instance is None: form = CurrentModelForm() else: form = CurrentModelForm(instance=instance) for field_name, initial_value in form.initial.items(): if initial_value is not None and field_name in form.fields: form.fields[field_name].initial = initial_value response_data['csrfmiddlewaretoken'] = get_token(request) remote_form = RemoteForm(form, **field_configuration) response_data.update(remote_form.as_dict()) elif request.raw_post_data: request.POST = json.loads(request.raw_post_data) csrf_middleware.process_view(request, None, None, None) if 'data' in request.POST: if instance_id is None: form = CurrentModelForm(request.POST['data']) else: form = CurrentModelForm(request.POST['data'], instance=instance) if form.is_valid(): if not request.POST['meta']['validate']: form.save() remote_form = RemoteForm(form, **field_configuration) response_data.update(remote_form.as_dict()) response = HttpResponse(json.dumps(response_data, cls=LazyEncoder), mimetype="application/json") csrf_middleware.process_response(request, response) return response