def check_request_data(self, request):
"""
Inspect session data and warn if it was tampered with.
"""
data = self._get_session()
stash = data.get(DATA_PREFIX, None)
if stash is None and (self.modified
or settings.SESSION_SAVE_EVERY_REQUEST):
# If a subclass overrides save(), this should catch it.
# We only check this when we know save() was called.
# During automated testing, save() is not typically called.
raise ValueError('Cannot check data because it was not stashed. '
'This typically happens in save()')
if not stash:
stash = {}
for k in META_KEYS:
saved = stash.get('meta:%s' % k, '')
current = request.META.get(k, '')
if saved and saved != current:
values = [saved, current]
msg = (u'%s: %s' % (trans[SESSION_CHANGED], values))
warning.send(sender=self,
flag=SESSION_CHANGED,
message=msg,
values=values)
def detect_low(self, data):
if not isinstance(data, basestring):
return
if low_chars.search(data):
warning.send(sender=self.__class__,
flag=UNEXPECTED_CHARACTER,
message='Unexpected characters')
def inner(request, *args, **kwargs):
if request.method not in request_method_list:
# Raise our warning.
warning.send(sender=require_http_methods, flag=WRONG_METHOD,
message=u'%s not allowed' % request.method,
values=[request_method_list])
logger.warning('Method Not Allowed (%s): %s',
request.method, request.path,
extra={
'status_code': 405,
'request': request
})
return HttpResponseNotAllowed(request_method_list)
return func(request, *args, **kwargs)
def check_request_data(self, request):
"""
Inspect session data and warn if it was tampered with.
"""
data = self._get_session()
stash = data.get(DATA_PREFIX, None)
if stash is None and (self.modified or settings.SESSION_SAVE_EVERY_REQUEST):
# If a subclass overrides save(), this should catch it.
# We only check this when we know save() was called.
# During automated testing, save() is not typically called.
raise ValueError("Cannot check data because it was not stashed. " "This typically happens in save()")
if not stash:
stash = {}
for k in META_KEYS:
saved = stash.get("meta:%s" % k, "")
current = request.META.get(k, "")
if saved and saved != current:
values = [saved, current]
msg = u"%s: %s" % (trans[SESSION_CHANGED], values)
warning.send(sender=self, flag=SESSION_CHANGED, message=msg, values=values)
def warn(self, flag, data):
klass = self.__class__
msg = (u'%s: %s in %s' % (trans[flag], data, klass.__name__))
warning.send(sender=klass, flag=flag, message=msg, values=data)
