fix: use wuttaweb to get/render csrf token

2024-08-21 09:44:32 -05:00 · 2024-08-21 09:44:32 -05:00 · 1d00fe994a
parent 71abbe06da
commit 1d00fe994a
8 changed files with 24 additions and 27 deletions
--- a/tailbone/helpers.py
+++ b/tailbone/helpers.py
@ -2,7 +2,7 @@
 ################################################################################
 #
 #  Rattail -- Retail Software Framework
-#  Copyright © 2010-2023 Lance Edgar
+#  Copyright © 2010-2024 Lance Edgar
 #
 #  This file is part of Rattail.
 #
@ -24,6 +24,9 @@
 Template Context Helpers
 """

+# start off with all from wuttaweb
+from wuttaweb.helpers import *
+
 import os
 import datetime
 from decimal import Decimal
@ -33,12 +36,7 @@ from rattail.time import localtime, make_utc
 from rattail.util import pretty_quantity, pretty_hours, hours_as_decimal
 from rattail.db.util import maxlen

-from webhelpers2.html import *
-from webhelpers2.html.tags import *
-
-from wuttaweb.util import get_liburl
-from tailbone.util import (csrf_token, get_csrf_token,
-                           pretty_datetime, raw_datetime,
+from tailbone.util import (pretty_datetime, raw_datetime,
                           render_markdown,
                           route_exists)

--- a/tailbone/templates/formposter.mako
+++ b/tailbone/templates/formposter.mako
@ -39,7 +39,7 @@

            simplePOST(action, params, success, failure) {

-                let csrftoken = ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n}
+                let csrftoken = ${json.dumps(h.get_csrf_token(request))|n}

                let headers = {
                    '${csrf_header_name}': csrftoken,
--- a/tailbone/templates/forms/deform.mako
+++ b/tailbone/templates/forms/deform.mako
@ -180,7 +180,7 @@
  let ${form.vue_component}Data = {

      ## TODO: should find a better way to handle CSRF token
-      csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n},
+      csrftoken: ${json.dumps(h.get_csrf_token(request))|n},

      % if can_edit_help:
          fieldLabels: ${json.dumps(field_labels)|n},
--- a/tailbone/templates/ordering/view.mako
+++ b/tailbone/templates/ordering/view.mako
@ -204,7 +204,7 @@
                    saving: false,

                    ## TODO: should find a better way to handle CSRF token
-                    csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n},
+                    csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
                }
            },
            computed: {
--- a/tailbone/templates/ordering/worksheet.mako
+++ b/tailbone/templates/ordering/worksheet.mako
@ -250,7 +250,7 @@
                submitting: false,

                ## TODO: should find a better way to handle CSRF token
-                csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n},
+                csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
            }
        },
        methods: {
--- a/tailbone/templates/page.mako
+++ b/tailbone/templates/page.mako
@ -38,7 +38,7 @@

    const ThisPageData = {
        ## TODO: should find a better way to handle CSRF token
-        csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n},
+        csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
    }

  </script>
--- a/tailbone/templates/themes/waterpark/page.mako
+++ b/tailbone/templates/themes/waterpark/page.mako
@ -38,7 +38,7 @@
  ${parent.modify_vue_vars()}
  <script>

-    ThisPageData.csrftoken = ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n}
+    ThisPageData.csrftoken = ${json.dumps(h.get_csrf_token(request))|n}

    % if can_edit_help:
        ThisPage.props.configureFieldsHelp = Boolean
--- a/tailbone/util.py
+++ b/tailbone/util.py
@ -41,7 +41,9 @@ from webhelpers2.html import HTML, tags

 from wuttaweb.util import (get_form_data as wutta_get_form_data,
                           get_libver as wutta_get_libver,
-                           get_liburl as wutta_get_liburl)
+                           get_liburl as wutta_get_liburl,
+                           get_csrf_token as wutta_get_csrf_token,
+                           render_csrf_token)


 log = logging.getLogger(__name__)
@ -59,22 +61,19 @@ class SortColumn(object):


 def get_csrf_token(request):
-    """
-    Convenience function to retrieve the effective CSRF token for the given
-    request.
-    """
-    token = request.session.get_csrf_token()
-    if token is None:
-        token = request.session.new_csrf_token()
-    return token
+    """ """
+    warnings.warn("tailbone.util.get_csrf_token() is deprecated; "
+                  "please use wuttaweb.util.get_csrf_token() instead",
+                  DeprecationWarning, stacklevel=2)
+    return wutta_get_csrf_token(request)


 def csrf_token(request, name='_csrf'):
-    """
-    Convenience function. Returns CSRF hidden tag inside hidden DIV.
-    """
-    token = get_csrf_token(request)
-    return HTML.tag("div", tags.hidden(name, value=token), style="display:none;")
+    """ """
+    warnings.warn("tailbone.util.csrf_token() is deprecated; "
+                  "please use wuttaweb.util.render_csrf_token() instead",
+                  DeprecationWarning, stacklevel=2)
+    return render_csrf_token(request, name=name)


 def get_form_data(request):