fix: use wuttaweb to get/render csrf token

2024-08-21 09:44:32 -05:00 · 2024-08-21 09:44:32 -05:00 · 1d00fe994a
parent 71abbe06da
commit 1d00fe994a
8 changed files with 24 additions and 27 deletions
--- a/tailbone/helpers.py
+++ b/tailbone/helpers.py
@ -2,7 +2,7 @@
 ################################################################################
 #
 #  Rattail -- Retail Software Framework
-#  Copyright © 2010-2023 Lance Edgar
+#  Copyright © 2010-2024 Lance Edgar
 #
 #  This file is part of Rattail.
 #
@ -24,6 +24,9 @@
 Template Context Helpers
 """
 # start off with all from wuttaweb
 from wuttaweb.helpers import *
 import os
 import datetime
 from decimal import Decimal
@ -33,12 +36,7 @@ from rattail.time import localtime, make_utc
 from rattail.util import pretty_quantity, pretty_hours, hours_as_decimal
 from rattail.db.util import maxlen
-from webhelpers2.html import *
+from tailbone.util import (pretty_datetime, raw_datetime,
 from webhelpers2.html.tags import *
 from wuttaweb.util import get_liburl
 from tailbone.util import (csrf_token, get_csrf_token,
                           pretty_datetime, raw_datetime,
                           render_markdown,
                           route_exists)
--- a/tailbone/templates/formposter.mako
+++ b/tailbone/templates/formposter.mako
@ -39,7 +39,7 @@
            simplePOST(action, params, success, failure) {
-                let csrftoken = ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n}
+                let csrftoken = ${json.dumps(h.get_csrf_token(request))|n}
                let headers = {
                    '${csrf_header_name}': csrftoken,
--- a/tailbone/templates/forms/deform.mako
+++ b/tailbone/templates/forms/deform.mako
@ -180,7 +180,7 @@
  let ${form.vue_component}Data = {
      ## TODO: should find a better way to handle CSRF token
-      csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n},
+      csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
      % if can_edit_help:
          fieldLabels: ${json.dumps(field_labels)|n},
--- a/tailbone/templates/ordering/view.mako
+++ b/tailbone/templates/ordering/view.mako
@ -204,7 +204,7 @@
                    saving: false,
                    ## TODO: should find a better way to handle CSRF token
-                    csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n},
+                    csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
                }
            },
            computed: {
--- a/tailbone/templates/ordering/worksheet.mako
+++ b/tailbone/templates/ordering/worksheet.mako
@ -250,7 +250,7 @@
                submitting: false,
                ## TODO: should find a better way to handle CSRF token
-                csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n},
+                csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
            }
        },
        methods: {
--- a/tailbone/templates/page.mako
+++ b/tailbone/templates/page.mako
@ -38,7 +38,7 @@
    const ThisPageData = {
        ## TODO: should find a better way to handle CSRF token
-        csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n},
+        csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
    }
  </script>
--- a/tailbone/templates/themes/waterpark/page.mako
+++ b/tailbone/templates/themes/waterpark/page.mako
@ -38,7 +38,7 @@
  ${parent.modify_vue_vars()}
  <script>
-    ThisPageData.csrftoken = ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n}
+    ThisPageData.csrftoken = ${json.dumps(h.get_csrf_token(request))|n}
    % if can_edit_help:
        ThisPage.props.configureFieldsHelp = Boolean
--- a/tailbone/util.py
+++ b/tailbone/util.py
@ -41,7 +41,9 @@ from webhelpers2.html import HTML, tags
 from wuttaweb.util import (get_form_data as wutta_get_form_data,
                           get_libver as wutta_get_libver,
-                           get_liburl as wutta_get_liburl)
+                           get_liburl as wutta_get_liburl,
                           get_csrf_token as wutta_get_csrf_token,
                           render_csrf_token)
 log = logging.getLogger(__name__)
@ -59,22 +61,19 @@ class SortColumn(object):
 def get_csrf_token(request):
-    """
+    """ """
-    Convenience function to retrieve the effective CSRF token for the given
+    warnings.warn("tailbone.util.get_csrf_token() is deprecated; "
-    request.
+                  "please use wuttaweb.util.get_csrf_token() instead",
-    """
+                  DeprecationWarning, stacklevel=2)
-    token = request.session.get_csrf_token()
+    return wutta_get_csrf_token(request)
    if token is None:
        token = request.session.new_csrf_token()
    return token
 def csrf_token(request, name='_csrf'):
-    """
+    """ """
-    Convenience function. Returns CSRF hidden tag inside hidden DIV.
+    warnings.warn("tailbone.util.csrf_token() is deprecated; "
-    """
+                  "please use wuttaweb.util.render_csrf_token() instead",
-    token = get_csrf_token(request)
+                  DeprecationWarning, stacklevel=2)
-    return HTML.tag("div", tags.hidden(name, value=token), style="display:none;")
+    return render_csrf_token(request, name=name)
 def get_form_data(request):