def getXsrfToken(cls,
path=None,
method='POST',
data={},
site=None,
**extra):
"""Returns an XSRF token for request context.
It is signed by Melange XSRF middleware.
Add this token to POST data in order to pass the validation check of
Melange XSRF middleware for HTTP POST.
"""
"""
request = HttpRequest()
request.path = path
request.method = method
"""
# request is currently not used in _getSecretKey
class SiteContainingRequest(object):
def __init__(self, site):
if site:
self.site = site
request = SiteContainingRequest(site)
xsrf = XsrfMiddleware()
key = xsrf._getSecretKey(request)
user_id = xsrfutil._getCurrentUserId()
xsrf_token = xsrfutil._generateToken(key, user_id)
return xsrf_token
def getXsrfToken(cls, path=None, method="POST", data=None, site=None, **extra):
"""Returns an XSRF token for request context.
It is signed by Melange XSRF middleware.
Add this token to POST data in order to pass the validation check of
Melange XSRF middleware for HTTP POST.
"""
# TODO(nathaniel): What? Commented-out code?
"""
request = HttpRequest()
request.path = path
request.method = method
"""
# request is currently not used in _getSecretKey
class SiteContainingRequest(object):
def __init__(self, site):
if site:
self.site = site
request = SiteContainingRequest(site)
# TODO(nathaniel): module API violation.
key = xsrf_middleware._GetSecretKey(request)
user_id = xsrfutil._getCurrentUserId()
xsrf_token = xsrfutil._generateToken(key, user_id)
return xsrf_token
def testValidateToken(self):
"""Test the validate token function."""
# No token.
self.assertRaises(xsrfutil.InvalidTokenException,
xsrfutil._validateToken, self.secret_key, '',
self.user_id)
# Not a base64 decodeable token.
self.assertRaises(xsrfutil.InvalidTokenException,
xsrfutil._validateToken, self.secret_key,
'QNotBase64', self.user_id)
# Not a well-formed token
self.assertRaises(xsrfutil.InvalidTokenException,
xsrfutil._validateToken, self.secret_key, 'a123',
self.user_id)
# An out of date token, generated at epoch
old_token = xsrfutil._generateToken(self.secret_key,
self.user_id,
when=1)
self.assertRaises(xsrfutil.InvalidTokenException,
xsrfutil._validateToken, self.secret_key, old_token,
self.user_id)
# A valid token issued for another user.
self.assertRaises(xsrfutil.InvalidTokenException,
xsrfutil._validateToken, self.secret_key,
self.valid_token, 'SomeOtherUserId')
# A valid token.
xsrfutil._validateToken(self.secret_key, self.valid_token,
self.user_id)
def testValidateToken(self):
"""Test the validate token function."""
# No token.
self.assertRaises(xsrfutil.InvalidTokenException, xsrfutil._validateToken,
self.secret_key, '', self.user_id)
# Not a base64 decodeable token.
self.assertRaises(xsrfutil.InvalidTokenException, xsrfutil._validateToken,
self.secret_key, 'QNotBase64', self.user_id)
# Not a well-formed token
self.assertRaises(xsrfutil.InvalidTokenException, xsrfutil._validateToken,
self.secret_key, 'a123', self.user_id)
# An out of date token, generated at epoch
old_token = xsrfutil._generateToken(self.secret_key, self.user_id, when=1)
self.assertRaises(xsrfutil.InvalidTokenException, xsrfutil._validateToken,
self.secret_key, old_token, self.user_id)
# A valid token issued for another user.
self.assertRaises(xsrfutil.InvalidTokenException, xsrfutil._validateToken,
self.secret_key, self.valid_token, 'SomeOtherUserId')
# A valid token.
xsrfutil._validateToken(self.secret_key, self.valid_token, self.user_id)
def getXsrfToken(self):
"""Returns an XSRF token for POST requests.
"""
request = None
xsrf = XsrfMiddleware()
key = xsrf._getSecretKey(request)
user_id = xsrfutil._getCurrentUserId()
xsrf_token = xsrfutil._generateToken(key, user_id)
return xsrf_token
def getXsrfToken(self): """Returns an XSRF token for POST requests. """ request = None xsrf = XsrfMiddleware() key = xsrf._getSecretKey(request) user_id = xsrfutil._getCurrentUserId() xsrf_token = xsrfutil._generateToken(key, user_id) return xsrf_token
def getXsrfToken(cls, path=None, method='POST', data={}, **extra):
"""Returns an XSRF token for request context.
It is signed by Melange XSRF middleware.
Add this token to POST data in order to pass the validation check of
Melange XSRF middleware for HTTP POST.
"""
"""
request = HttpRequest()
request.path = path
request.method = method
"""
# request is currently not used in _getSecretKey
request = None
xsrf = XsrfMiddleware()
key = xsrf._getSecretKey(request)
user_id = xsrfutil._getCurrentUserId()
xsrf_token = xsrfutil._generateToken(key, user_id)
return xsrf_token
def setUp(self):
self.user_id = '42'
self.secret_key = 'secret_key'
self.valid_token = xsrfutil._generateToken(self.secret_key,
self.user_id,
when=int(time.time()))
def setUp(self):
self.user_id = '42'
self.secret_key = 'secret_key'
self.valid_token = xsrfutil._generateToken(self.secret_key, self.user_id,
when=int(time.time()))
