1. from django.http import HttpResponse

  2. from django.middleware.csrf import get_token, rotate_token

  3. from django.template import Context, RequestContext, Template

  4. from django.template.context_processors import csrf

  5. from django.utils.decorators import decorator_from_middleware

  6. from django.utils.deprecation import MiddlewareMixin

  7. from django.views.decorators.csrf import csrf_protect, ensure_csrf_cookie

  8. 

  9. 

  10. class TestingHttpResponse(HttpResponse):

  11.     """

  12.     A version of HttpResponse that stores what cookie values are passed to

  13.     set_cookie() when CSRF_USE_SESSIONS=False.

  14.     """

  15. 

  16.     def __init__(self, *args, **kwargs):

  17.         super().__init__(*args, **kwargs)

  18.         # This is a list of the cookie values passed to set_cookie() over

  19.         # the course of the request-response.

  20.         self._cookies_set = []

  21. 

  22.     def set_cookie(self, key, value, **kwargs):

  23.         super().set_cookie(key, value, **kwargs)

  24.         self._cookies_set.append(value)

  25. 

  26. 

  27. class _CsrfCookieRotator(MiddlewareMixin):

  28.     def process_response(self, request, response):

  29.         rotate_token(request)

  30.         return response

  31. 

  32. 

  33. csrf_rotating_token = decorator_from_middleware(_CsrfCookieRotator)

  34. 

  35. 

  36. @csrf_protect

  37. def protected_view(request):

  38.     return HttpResponse("OK")

  39. 

  40. 

  41. @ensure_csrf_cookie

  42. def ensure_csrf_cookie_view(request):

  43.     return HttpResponse("OK")

  44. 

  45. 

  46. @csrf_protect

  47. @ensure_csrf_cookie

  48. def ensured_and_protected_view(request):

  49.     return TestingHttpResponse("OK")

  50. 

  51. 

  52. @csrf_protect

  53. @csrf_rotating_token

  54. @ensure_csrf_cookie

  55. def sandwiched_rotate_token_view(request):

  56.     """

  57.     This is a view that calls rotate_token() in process_response() between two

  58.     calls to CsrfViewMiddleware.process_response().

  59.     """

  60.     return TestingHttpResponse("OK")

  61. 

  62. 

  63. def post_form_view(request):

  64.     """Return a POST form (without a token)."""

  65.     return HttpResponse(

  66.         content="""

  67. <html>

  68. <body><h1>\u00a1Unicode!<form method="post"><input type="text"></form></body>

  69. </html>

  70. """

  71.     )

  72. 

  73. 

  74. def token_view(request):

  75.     context = RequestContext(request, processors=[csrf])

  76.     template = Template("{% csrf_token %}")

  77.     return HttpResponse(template.render(context))

  78. 

  79. 

  80. def non_token_view_using_request_processor(request):

  81.     """Use the csrf view processor instead of the token."""

  82.     context = RequestContext(request, processors=[csrf])

  83.     template = Template("")

  84.     return HttpResponse(template.render(context))

  85. 

  86. 

  87. def csrf_token_error_handler(request, **kwargs):

  88.     """This error handler accesses the CSRF token."""

  89.     template = Template(get_token(request))

  90.     return HttpResponse(template.render(Context()), status=599)
About Sign Up Leave Feedback Contact