CityApper
/
django
Mirror von https://github.com/django/django


			
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
							from django.http import HttpResponse
from django.middleware.csrf import get_token, rotate_token
from django.template import Context, RequestContext, Template
from django.template.context_processors import csrf
from django.utils.decorators import decorator_from_middleware
from django.utils.deprecation import MiddlewareMixin
from django.views.decorators.csrf import csrf_protect, ensure_csrf_cookie


class TestingHttpResponse(HttpResponse):
    """
    A version of HttpResponse that stores what cookie values are passed to
    set_cookie() when CSRF_USE_SESSIONS=False.
    """
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        # This is a list of the cookie values passed to set_cookie() over
        # the course of the request-response.
        self._cookies_set = []

    def set_cookie(self, key, value, **kwargs):
        super().set_cookie(key, value, **kwargs)
        self._cookies_set.append(value)


class _CsrfCookieRotator(MiddlewareMixin):

    def process_response(self, request, response):
        rotate_token(request)
        return response


csrf_rotating_token = decorator_from_middleware(_CsrfCookieRotator)


@csrf_protect
def protected_view(request):
    return HttpResponse('OK')


@ensure_csrf_cookie
def ensure_csrf_cookie_view(request):
    return HttpResponse('OK')


@csrf_protect
@ensure_csrf_cookie
def ensured_and_protected_view(request):
    return TestingHttpResponse('OK')


@csrf_protect
@csrf_rotating_token
@ensure_csrf_cookie
def sandwiched_rotate_token_view(request):
    """
    This is a view that calls rotate_token() in process_response() between two
    calls to CsrfViewMiddleware.process_response().
    """
    return TestingHttpResponse('OK')


def post_form_view(request):
    """Return a POST form (without a token)."""
    return HttpResponse(content="""
<html><body><h1>\u00a1Unicode!<form method="post"><input type="text"></form></body></html>
""")


def token_view(request):
    context = RequestContext(request, processors=[csrf])
    template = Template('{% csrf_token %}')
    return HttpResponse(template.render(context))


def non_token_view_using_request_processor(request):
    """Use the csrf view processor instead of the token."""
    context = RequestContext(request, processors=[csrf])
    template = Template('')
    return HttpResponse(template.render(context))


def csrf_token_error_handler(request, **kwargs):
    """This error handler accesses the CSRF token."""
    template = Template(get_token(request))
    return HttpResponse(template.render(Context()), status=599)