Style fixes
This commit is contained in:
Joseph Schorr
parent
21ac1c9210
commit
b598c7ec85
3 changed files with 8 additions and 7 deletions
|
|
@ -2,7 +2,7 @@ import logging
|
||||||
import os
|
import os
|
||||||
import base64
|
import base64
|
||||||
|
|
||||||
from flask import request, make_response, jsonify, abort, url_for, session
|
from flask import request, abort, session
|
||||||
from flask.ext.login import login_user, UserMixin
|
from flask.ext.login import login_user, UserMixin
|
||||||
from flask.ext.principal import identity_changed
|
from flask.ext.principal import identity_changed
|
||||||
|
|
||||||
|
|
@ -55,7 +55,7 @@ def common_login(db_user):
|
||||||
def csrf_protect():
|
def csrf_protect():
|
||||||
if request.method != "GET" and request.method != "HEAD":
|
if request.method != "GET" and request.method != "HEAD":
|
||||||
token = session.get('_csrf_token', None)
|
token = session.get('_csrf_token', None)
|
||||||
found_token = request.args.get('_csrf_token', request.form.get('_csrf_token', None))
|
found_token = request.values.get('_csrf_token', None)
|
||||||
|
|
||||||
# TODO: add if not token here, once we are sure all sessions have a token.
|
# TODO: add if not token here, once we are sure all sessions have a token.
|
||||||
if token != found_token:
|
if token != found_token:
|
||||||
|
|
@ -65,6 +65,7 @@ def csrf_protect():
|
||||||
def generate_csrf_token():
|
def generate_csrf_token():
|
||||||
if '_csrf_token' not in session:
|
if '_csrf_token' not in session:
|
||||||
session['_csrf_token'] = base64.b64encode(os.urandom(48))
|
session['_csrf_token'] = base64.b64encode(os.urandom(48))
|
||||||
|
|
||||||
return session['_csrf_token']
|
return session['_csrf_token']
|
||||||
|
|
||||||
app.jinja_env.globals['csrf_token'] = generate_csrf_token
|
app.jinja_env.globals['csrf_token'] = generate_csrf_token
|
||||||
|
|
|
||||||
Reference in a new issue