def respond(request, reviewer_id, token): reviewer = get_object_or_404(Reviewer, id=reviewer_id) if token != reviewer.response_token: raise PermissionDenied if request.method == 'POST': response = Response(reviewer=reviewer) form = ResponseForm(request.POST, instance=response) if form.is_valid() and reviewer.review.status != 'closed': form.save() response.send_notification_to_submitter() if request.user.has_perm('wagtailadmin.access_admin'): messages.success(request, SUCCESS_RESPONSE_MESSAGE) return redirect(reverse('wagtail_review_admin:dashboard')) return HttpResponse(SUCCESS_RESPONSE_MESSAGE) else: page = reviewer.review.page_revision.as_page_object() dummy_request = page.dummy_request(request) # Fetch the CSRF token so that Django will return a set-cookie header in the case that this is # the user's first request, and ensure that the dummy request (where the submit-review form is # rendered) is using the same token get_csrf_token(request) dummy_request.META["CSRF_COOKIE"] = request.META["CSRF_COOKIE"] dummy_request.wagtailreview_mode = 'respond' dummy_request.wagtailreview_reviewer = reviewer return page.serve_preview(dummy_request, page.default_preview_mode)
def process_view(self, request, view, args, kwargs): """process_view.""" if RUN_MODE == "DEVELOP": request.user.username = "******" request.user.is_superuser = True return None if getattr(view, 'login_exempt', False): return None # 对[公众号]weixin 路径不需要蓝鲸登录 use_weixin = getattr(settings, "USE_WEIXIN", None) weixin_path_prefix = getattr(settings, "WEIXIN_SITE_URL", None) weixin_app_external_host = getattr(settings, "WEIXIN_APP_EXTERNAL_HOST", None) if (use_weixin and weixin_path_prefix and weixin_app_external_host and request.path.startswith(weixin_path_prefix) and request.get_host() == weixin_app_external_host): return None # 对于微信小程序的路径不需要蓝鲸登录 use_miniweixin = getattr(settings, "USE_MINIWEIXIN", None) miniweixin_path_prefix = getattr(settings, "MINIWEIXIN_SITE_URL", None) miniweixin_app_external_host = getattr(settings, "MINIWEIXIN_APP_EXTERNAL_HOST", None) if (use_miniweixin and miniweixin_path_prefix and miniweixin_app_external_host and request.path.startswith(miniweixin_path_prefix) and request.get_host() == miniweixin_app_external_host): return None user = authenticate(request=request) if user: request.user = user get_csrf_token(request) return None account = Account() return account.redirect_login(request)
def handle_react(self, request: Request) -> Response: context = {"CSRF_COOKIE_NAME": settings.CSRF_COOKIE_NAME} # Force a new CSRF token to be generated and set in user's # Cookie. Alternatively, we could use context_processor + # template tag, but in this case, we don't need a form on the # page. So there's no point in rendering a random `<input>` field. get_csrf_token(request) return render_to_response("sentry/bases/react.html", context=context, request=request)
def process_view(self, request, view, args, kwargs): """process_view.""" if getattr(view, 'login_exempt', False): return None user = authenticate(request=request) if user: request.user = user get_csrf_token(request) return None print 'ssssssssssssssssssssss' account = Account() return account.redirect_login(request)
def process_view(self, request, view, args, kwargs): """process_view.""" if getattr(view, 'login_exempt', False): return None user = authenticate(request=request) if user: request.user = user get_csrf_token(request) return None account = Account() return account.redirect_login(request)
def handle_react(self, request): context = Context({'request': request}) # Force a new CSRF token to be generated and set in user's # Cookie. Alternatively, we could use context_processor + # template tag, but in this case, we don't need a form on the # page. So there's no point in rendering a random `<input>` field. get_csrf_token(request) template = loader.render_to_string('sentry/bases/react.html', context) response = HttpResponse(template) response['Content-Type'] = 'text/html' return response
def process_view(self, request, view, args, kwargs): """process_view.""" if RUN_MODE == 'DEVELOP': request.user.username = '******' return None if getattr(view, 'login_exempt', False): return None user = authenticate(request=request) if user: request.user = user get_csrf_token(request) return None account = Account() return account.redirect_login(request)
def process_view(self, request, view, args, kwargs): """process_view.""" # 模拟登录账号 username = '******' user_model = get_user_model() if user_model.objects.filter(username=username).exists(): user = user_model.objects.get(username=username) else: user = user_model.objects.create(username=username, chname=username, is_staff=False, is_superuser=False, is_in_app=True) request.user = user return None if getattr(view, 'login_exempt', False): return None # 对[公众号]weixin 路径不需要蓝鲸登录 use_weixin = getattr(settings, "USE_WEIXIN", None) weixin_path_prefix = getattr(settings, "WEIXIN_SITE_URL", None) weixin_app_external_host = getattr(settings, "WEIXIN_APP_EXTERNAL_HOST", None) if (use_weixin and weixin_path_prefix and weixin_app_external_host and request.path.startswith(weixin_path_prefix) and request.get_host() == weixin_app_external_host): return None # 对于微信小程序的路径不需要蓝鲸登录 use_miniweixin = getattr(settings, "USE_MINIWEIXIN", None) miniweixin_path_prefix = getattr(settings, "MINIWEIXIN_SITE_URL", None) miniweixin_app_external_host = getattr(settings, "MINIWEIXIN_APP_EXTERNAL_HOST", None) if (use_miniweixin and miniweixin_path_prefix and miniweixin_app_external_host and request.path.startswith(miniweixin_path_prefix) and request.get_host() == miniweixin_app_external_host): return None user = authenticate(request=request) if user: request.user = user get_csrf_token(request) return None account = Account() return account.redirect_login(request)
def process_view(self, request, view, args, kwargs): """process_view.""" # if DEBUG: # request.user.chname = "admin" # request.user.username = "******" # request.user.is_super_user = False # return None if getattr(view, 'login_exempt', False): return None user = authenticate(request=request) if user: request.user = user get_csrf_token(request) return None account = Account() return account.redirect_login(request)
def process_view(self, request, view, args, kwargs): # 静态资源不做登录态验证 full_path = request.get_full_path() if full_path.startswith( settings.STATIC_URL) or full_path == '/robots.txt': return None if getattr(view, 'login_exempt', False): return None user = authenticate(request=request) if user: request.user = user get_csrf_token(request) return None return redirect_login(request)
def i_render_import(request): """ Will render the import page for TQs by inclusion. """ valid_user = token_checker.token_is_valid(request) if valid_user: dic = {"csrf_token": get_csrf_token(request)} return dashboard_includer.get_as_json("tq_file/_import.html", template_context=dic)
def edit_gprot(request, gprot_pk): gprot = get_object_or_404(GProt, pk=gprot_pk) if gprot.author != request.user: raise PermissionDenied('You are not the owner') error = '' if request.method == 'POST': if gprot.is_pdf: if 'file' in request.FILES: upload = request.FILES['file'] if upload.size > settings.GPROT_PDF_MAX_SIZE * 1000000: error = _('Only files up to {0} MB are allowed.').format( settings.GPROT_PDF_MAX_SIZE) if magic.from_buffer(upload.read(1024), mime=True) \ != 'application/pdf': error = _('Only PDF files are allowed.') else: error = _('Please select a file to upload.') if not error: if gprot.content_pdf: gprot.content_pdf.delete() gprot.content_pdf = upload gprot.save() _clean_pdf_metadata(gprot) else: content = request.POST.get('content', '') gprot.content = clean_html(content) gprot.save() if not error: if 'publish' in request.POST: return redirect('gprot_publish', gprot.pk) else: return redirect('gprot_view', gprot.pk) return render( request, 'gprot/edit.html', { 'gprot': gprot, 'error': error, 'attachment_csrf_token': get_csrf_token(request) })
def edit_gprot(request, gprot_pk): gprot = get_object_or_404(GProt, pk=gprot_pk) if gprot.author != request.user: raise PermissionDenied('You are not the owner') error = '' if request.method == 'POST': if gprot.is_pdf: if 'file' in request.FILES: upload = request.FILES['file'] if upload.size > settings.GPROT_PDF_MAX_SIZE * 1000000: error = _('Only files up to {0} MB are allowed.').format( settings.GPROT_PDF_MAX_SIZE) if magic.from_buffer(upload.read(1024), mime=True) \ != 'application/pdf': error = _('Only PDF files are allowed.') else: error = _('Please select a file to upload.') if not error: if gprot.content_pdf: gprot.content_pdf.delete() gprot.content_pdf = upload gprot.save() _clean_pdf_metadata(gprot) else: content = request.POST.get('content', '') gprot.content = clean_html(content) gprot.save() if not error: if 'publish' in request.POST: return redirect('gprot_publish', gprot.pk) else: return redirect('gprot_view', gprot.pk) return render(request, 'gprot/edit.html', { 'gprot': gprot, 'error': error, 'attachment_csrf_token': get_csrf_token(request) })
def get_buttons_context(self, rec): buttons = self.buttons if isinstance(buttons,str): buttons = map(str.strip,buttons.split(',')) buttons_context = [] for b in buttons: try: meth_name = f'get_button_{b}_context' context_method = getattr(self, meth_name) except AttributeError: self.get_button_context(b,rec) context = context_method(b, rec) context.update( self.buttons_description[b], name=b, name_css_class=b.replace('_','-'), ) buttons_context.append(context) return dict( buttons=buttons_context, rec=rec, action_col=self.name, csrf_token=get_csrf_token(self.listing.request), )
def obtain_csrf_token(request): token = get_csrf_token(request) return Response({"csrfToken": token})
logging.exception(e) except Exception, e: name = "" logging.exception(e) else: name = "" return render_to_response( template, { "show": show, "cast": cast, "genre": genre, "loves": loves, "is_loved": is_loved, "rating": rating, "csrf": get_csrf_token(request), "name": name, "title": show.get("title"), "genre_complete": ", ".join(eval(show.get("genre"))), "description": description, }, context_instance=RequestContext(request), ) def love(request): """ This view handles creating relationships between the user and the TV show """ if request.method == "POST": u = User.objects.get(id=request.user.id)
def list(self, request): return Response({'csrftoken': get_csrf_token(request)})
def global_context_init(self): self.global_context.update(app_settings.context) if self.request and ( self.can_edit or self.has_upload ): self.global_context['csrf_token'] = get_csrf_token(self.request)