2016-12-01 01:33:00 +08:00
|
|
|
from django.http import HttpResponse
|
2021-07-04 14:29:52 +08:00
|
|
|
from django.middleware.csrf import get_token, rotate_token
|
2017-09-18 04:24:05 +08:00
|
|
|
from django.template import Context, RequestContext, Template
|
2016-12-01 01:33:00 +08:00
|
|
|
from django.template.context_processors import csrf
|
2021-07-04 14:29:52 +08:00
|
|
|
from django.utils.decorators import decorator_from_middleware
|
|
|
|
from django.utils.deprecation import MiddlewareMixin
|
|
|
|
from django.views.decorators.csrf import csrf_protect, ensure_csrf_cookie
|
|
|
|
|
|
|
|
|
|
|
|
class TestingHttpResponse(HttpResponse):
|
|
|
|
"""
|
|
|
|
A version of HttpResponse that stores what cookie values are passed to
|
|
|
|
set_cookie() when CSRF_USE_SESSIONS=False.
|
|
|
|
"""
|
|
|
|
def __init__(self, *args, **kwargs):
|
|
|
|
super().__init__(*args, **kwargs)
|
|
|
|
# This is a list of the cookie values passed to set_cookie() over
|
|
|
|
# the course of the request-response.
|
|
|
|
self._cookies_set = []
|
|
|
|
|
|
|
|
def set_cookie(self, key, value, **kwargs):
|
|
|
|
super().set_cookie(key, value, **kwargs)
|
|
|
|
self._cookies_set.append(value)
|
|
|
|
|
|
|
|
|
|
|
|
class _CsrfCookieRotator(MiddlewareMixin):
|
|
|
|
|
|
|
|
def process_response(self, request, response):
|
|
|
|
rotate_token(request)
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
|
|
csrf_rotating_token = decorator_from_middleware(_CsrfCookieRotator)
|
|
|
|
|
|
|
|
|
2021-07-16 22:54:42 +08:00
|
|
|
@csrf_protect
|
|
|
|
def protected_view(request):
|
|
|
|
return HttpResponse('OK')
|
|
|
|
|
|
|
|
|
|
|
|
@csrf_protect
|
|
|
|
@ensure_csrf_cookie
|
|
|
|
def ensured_and_protected_view(request):
|
|
|
|
return TestingHttpResponse('OK')
|
|
|
|
|
|
|
|
|
2021-07-04 14:29:52 +08:00
|
|
|
@csrf_protect
|
|
|
|
@csrf_rotating_token
|
|
|
|
@ensure_csrf_cookie
|
|
|
|
def sandwiched_rotate_token_view(request):
|
|
|
|
"""
|
|
|
|
This is a view that calls rotate_token() in process_response() between two
|
|
|
|
calls to CsrfViewMiddleware.process_response().
|
|
|
|
"""
|
|
|
|
return TestingHttpResponse('OK')
|
2016-12-01 01:33:00 +08:00
|
|
|
|
|
|
|
|
|
|
|
def post_form_view(request):
|
|
|
|
"""Return a POST form (without a token)."""
|
|
|
|
return HttpResponse(content="""
|
2018-01-21 15:09:10 +08:00
|
|
|
<html><body><h1>\u00a1Unicode!<form method="post"><input type="text"></form></body></html>
|
2019-09-22 02:44:55 +08:00
|
|
|
""")
|
2016-12-01 01:33:00 +08:00
|
|
|
|
|
|
|
|
|
|
|
@ensure_csrf_cookie
|
|
|
|
def ensure_csrf_cookie_view(request):
|
|
|
|
# Doesn't insert a token or anything.
|
|
|
|
return HttpResponse()
|
|
|
|
|
|
|
|
|
|
|
|
def token_view(request):
|
|
|
|
context = RequestContext(request, processors=[csrf])
|
|
|
|
template = Template('{% csrf_token %}')
|
|
|
|
return HttpResponse(template.render(context))
|
|
|
|
|
|
|
|
|
|
|
|
def non_token_view_using_request_processor(request):
|
|
|
|
"""Use the csrf view processor instead of the token."""
|
|
|
|
context = RequestContext(request, processors=[csrf])
|
|
|
|
template = Template('')
|
|
|
|
return HttpResponse(template.render(context))
|
2017-09-18 04:24:05 +08:00
|
|
|
|
|
|
|
|
|
|
|
def csrf_token_error_handler(request, **kwargs):
|
|
|
|
"""This error handler accesses the CSRF token."""
|
|
|
|
template = Template(get_token(request))
|
|
|
|
return HttpResponse(template.render(Context()), status=599)
|