Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
C
common-web
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Iterations
Merge Requests
0
Merge Requests
0
Requirements
Requirements
List
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Test Cases
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Code Review
Insights
Issue
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
protokollsystem
common-web
Commits
c7eac74c
Commit
c7eac74c
authored
Mar 27, 2018
by
Robin Sonnabend
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add decorators db_lookup and protect_csrf
parent
3dfc2b71
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
63 additions
and
0 deletions
+63
-0
csrf.py
csrf.py
+21
-0
database.py
database.py
+42
-0
No files found.
csrf.py
0 → 100644
View file @
c7eac74c
from
functools
import
wraps
from
hmac
import
compare_digest
from
flask
import
request
,
abort
,
session
def
get_csrf_token
():
if
"_csrf"
not
in
session
:
session
[
"_csrf"
]
=
hashlib
.
sha1
(
os
.
urandom
(
64
)).
hexdigest
()
return
session
[
"_csrf"
]
def
protect_csrf
(
function
):
@
wraps
(
function
)
def
_decorated_function
(
*
args
,
**
kwargs
):
token
=
request
.
args
.
get
(
"csrf_token"
)
true_token
=
get_csrf_token
()
if
token
is
None
or
not
compare_digest
(
token
,
true_token
):
abort
(
400
)
return
function
(
*
args
,
**
kwargs
)
return
_decorated_function
database.py
0 → 100644
View file @
c7eac74c
from
flask
import
flash
from
functools
import
wraps
from
.
import
back
ID_KEY
=
"id"
KEY_NOT_PRESENT_MESSAGE
=
"Missing {}_id."
OBJECT_DOES_NOT_EXIST_MESSAGE
=
"There is no {} with id {}."
def
default_redirect
():
return
back
.
redirect
()
def
login_redirect
():
return
back
.
redirect
(
"login"
)
def
db_lookup
(
*
models
,
check_exists
=
True
):
def
_decorator
(
function
):
@
wraps
(
function
)
def
_decorated_function
(
*
args
,
**
kwargs
):
for
model
in
models
:
key
=
model
.
__model_name__
id_key
=
"{}_{}"
.
format
(
key
,
ID_KEY
)
if
id_key
not
in
kwargs
:
flash
(
KEY_NOT_PRESENT_MESSAGE
.
format
(
key
),
"alert-error"
)
return
default_redirect
()
obj_id
=
kwargs
[
id_key
]
obj
=
model
.
query
.
filter_by
(
id
=
obj_id
).
first
()
if
check_exists
and
obj
is
None
:
model_name
=
model
.
__class__
.
__name__
flash
(
OBJECT_DOES_NOT_EXIST_MESSAGE
.
format
(
model_name
,
obj_id
),
"alert-error"
)
return
default_redirect
()
kwargs
[
key
]
=
obj
kwargs
.
pop
(
id_key
)
return
function
(
*
args
,
**
kwargs
)
return
_decorated_function
return
_decorator
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment