def masked_csrf_token(request):
pad = random_string(TOKEN_LENGTH)
token = request.csrf_token
# XOR the pad with the token by getting the int value of each char
masked_token = (ord(pad[i]) ^ ord(token[i]) for i in range(TOKEN_LENGTH))
# Encode the XORed ints as 2 * TOKEN_LENGTH hex characters
masked_token = binascii.hexlify(bytes(masked_token))
masked_token = masked_token.decode("ascii")
return "".join((pad, masked_token))
def masked_csrf_token(request):
pad = random_string(TOKEN_LENGTH)
token = request.csrf_token
# XOR the pad with the token by getting the int value of each char
masked_token = (ord(pad[i]) ^ ord(token[i]) for i in range(TOKEN_LENGTH))
# Encode the XORed ints as 2 * TOKEN_LENGTH hex characters
masked_token = binascii.hexlify(bytes(masked_token))
masked_token = masked_token.decode('ascii')
return ''.join((pad, masked_token))
def csrf_token(request):
if KEY not in request.session:
request.session[KEY] = random_string(TOKEN_LENGTH)
request.session.save()
return request.session[KEY]
def csrf_token(request):
token = get_token(request)
if token not in request.session:
request.session[token] = random_string(TOKEN_LENGTH)
request.session.save()
return request.session[token]
