Python flask_wtf.csrf.generate_csrf() Examples
The following are 6
code examples of flask_wtf.csrf.generate_csrf().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
flask_wtf.csrf
, or try the search function
.
.
Example #1
| Source File: flask_csrf_test_client.py From realms-wiki with GNU General Public License v2.0 | 6 votes |
|
def csrf_token(self):
# First, we'll wrap our request shim around the test client, so that
# it will work correctly when Flask asks it to set a cookie.
request = RequestShim(self)
# Next, we need to look up any cookies that might already exist on
# this test client, such as the secure cookie that powers `flask.session`,
# and make a test request context that has those cookies in it.
environ_overrides = {}
self.cookie_jar.inject_wsgi(environ_overrides)
with flask.current_app.test_request_context(
"/login", environ_overrides=environ_overrides,
):
# Now, we call Flask-WTF's method of generating a CSRF token...
csrf_token = generate_csrf()
# ...which also sets a value in `flask.session`, so we need to
# ask Flask to save that value to the cookie jar in the test
# client. This is where we actually use that request shim we made!
flask.current_app.save_session(flask.session, request)
# And finally, return that CSRF token we got from Flask-WTF.
return csrf_token
Example #2
| Source File: utils.py From flask-security with MIT License | 5 votes |
|
def base_render_json(
form,
include_user=True,
include_auth_token=False,
additional=None,
error_status_code=400,
):
has_errors = len(form.errors) > 0
user = form.user if hasattr(form, "user") else None
if has_errors:
code = error_status_code
payload = json_error_response(errors=form.errors)
else:
code = 200
payload = dict()
if user:
# This allows anonymous GETs via JSON
if include_user:
payload["user"] = user.get_security_payload()
if include_auth_token:
# view wants to return auth_token - check behavior config
if (
config_value("BACKWARDS_COMPAT_AUTH_TOKEN")
or "include_auth_token" in request.args
):
token = user.get_auth_token()
payload["user"]["authentication_token"] = token
# Return csrf_token on each JSON response - just as every form
# has it rendered.
payload["csrf_token"] = csrf.generate_csrf()
if additional:
payload.update(additional)
return _security._render_json(payload, code, headers=None, user=user)
Example #3
| Source File: main.py From FlowKit with Mozilla Public License 2.0 | 5 votes |
|
def set_xsrf_cookie(response):
"""
Sets the csrf token used by csrf protect as a cookie to allow usage with
react.
"""
response.set_cookie("X-CSRF", generate_csrf())
return response
Example #4
| Source File: app.py From flask-react-spa with MIT License | 5 votes |
|
def configure_app(app, config_object):
"""General application configuration:
- register the app's config
- register Jinja extensions
- register functions to run on before/after request
"""
# automatically configure a migrations folder for each bundle
config_object.ALEMBIC['version_locations'] = [
(bundle._name, os.path.join(PROJECT_ROOT,
bundle.module_name.replace('.', os.sep),
'migrations'))
for bundle in app.bundles if bundle.has_models
]
app.config.from_object(config_object)
app.jinja_env.add_extension('jinja2_time.TimeExtension')
@app.before_request
def enable_session_timeout():
session.permanent = True # set session to use PERMANENT_SESSION_LIFETIME
session.modified = True # reset the session timer on every request
@app.after_request
def set_csrf_cookie(response):
if response:
response.set_cookie('csrf_token', generate_csrf())
return response
Example #5
| Source File: main.py From expfactory with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def inject_csrf_token(response):
response.headers.set("X-CSRF-Token", generate_csrf())
return response
# EXPERIMENT PORTAL ############################################################
Example #6
| Source File: csrf.py From FF.PyAdmin with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def init_app(self, app):
app.extensions['csrf'] = self
app.config.setdefault('WTF_CSRF_ENABLED', True)
app.config.setdefault('WTF_CSRF_CHECK_DEFAULT', True)
app.config['WTF_CSRF_METHODS'] = set(app.config.get(
'WTF_CSRF_METHODS', ['POST', 'PUT', 'PATCH', 'DELETE']
))
app.config.setdefault('WTF_CSRF_FIELD_NAME', 'csrf_token')
app.config.setdefault(
'WTF_CSRF_HEADERS', ['X-CSRFToken', 'X-CSRF-Token']
)
app.config.setdefault('WTF_CSRF_TIME_LIMIT', 3600)
app.config.setdefault('WTF_CSRF_SSL_STRICT', True)
app.jinja_env.globals['csrf_token'] = generate_csrf
app.context_processor(lambda: {'csrf_token': generate_csrf})
def _set_csrf_valid_true():
"""设置验证通过, 满足 _FlaskFormCSRF.validate_csrf_token 内判断"""
g.csrf_valid = True
return
@app.before_request
def csrf_protect():
if not app.config['WTF_CSRF_ENABLED']:
return _set_csrf_valid_true()
if not app.config['WTF_CSRF_CHECK_DEFAULT']:
return _set_csrf_valid_true()
if request.method not in app.config['WTF_CSRF_METHODS']:
return _set_csrf_valid_true()
if not request.endpoint:
return _set_csrf_valid_true()
view = app.view_functions.get(request.endpoint)
if not view:
return _set_csrf_valid_true()
if request.blueprint in self._exempt_blueprints:
return _set_csrf_valid_true()
dest = '%s.%s' % (view.__module__, view.__name__)
if dest in self._exempt_views:
return _set_csrf_valid_true()
self.protect()
