def http_handler(self, request: Request, exc: Exception) -> Response:
"""For HTTP errors we display a simple text message
and set a correct HTTP response status."""
assert isinstance(exc, exceptions.HTTPException)
if exc.status_code in {204, 304}:
return Response(b"", status_code=exc.status_code)
return TextResponse(exc.detail, exc.status_code)
async def __call__(
self,
scope: Scope,
receive: Receive,
send: Send,
) -> None:
if scope["type"] != "http":
await self.app(scope, receive, send)
return
if "session" not in scope:
raise CsrfError("CsrfMiddleware requires SessionMiddleware.")
await scope["session"].load()
request = scope["request"]
if CSRF_SESSION_KEY not in request.session:
token = get_generate_random()
csrf_token = generate_token(self._secret_key, token)
request.session[CSRF_SESSION_KEY] = csrf_token
serializer = URLSafeTimedSerializer(self._secret_key, self._salt)
timed_token = serializer.dumps(
request.session[CSRF_SESSION_KEY],
self._salt,
)
request.state.csrf_token = request.session[CSRF_SESSION_KEY]
request.state.csrf_timed_token = timed_token
_this_request_token.set(timed_token)
if self.should_check_token(request):
try:
validate_csrf_token(
session_token=request.session[CSRF_SESSION_KEY],
timed_token=await self.get_csrf_token(request),
secret_key=self._secret_key,
salt=self._salt,
max_age=self._max_age,
)
except CsrfError:
response = TextResponse("CSRF token is invalid.", 403)
await response(scope, receive, send)
return
await self.app(scope, receive, send)
def view(request: Request) -> t.Any:
return TextResponse("ok")
def error_handler(request, error):
return TextResponse("ok")
def view(request):
return TextResponse(request.state.csrf_timed_token)
def view(request):
nonlocal token_from_request, token_from_helper
token_from_request = request.state.csrf_timed_token
token_from_helper = csrf_token_helper()
return TextResponse("ok")