fix: use wuttaweb to get/render csrf token

This commit is contained in:
Lance Edgar 2024-08-21 09:44:32 -05:00
parent 71abbe06da
commit 1d00fe994a
8 changed files with 24 additions and 27 deletions

View file

@ -2,7 +2,7 @@
################################################################################ ################################################################################
# #
# Rattail -- Retail Software Framework # Rattail -- Retail Software Framework
# Copyright © 2010-2023 Lance Edgar # Copyright © 2010-2024 Lance Edgar
# #
# This file is part of Rattail. # This file is part of Rattail.
# #
@ -24,6 +24,9 @@
Template Context Helpers Template Context Helpers
""" """
# start off with all from wuttaweb
from wuttaweb.helpers import *
import os import os
import datetime import datetime
from decimal import Decimal from decimal import Decimal
@ -33,12 +36,7 @@ from rattail.time import localtime, make_utc
from rattail.util import pretty_quantity, pretty_hours, hours_as_decimal from rattail.util import pretty_quantity, pretty_hours, hours_as_decimal
from rattail.db.util import maxlen from rattail.db.util import maxlen
from webhelpers2.html import * from tailbone.util import (pretty_datetime, raw_datetime,
from webhelpers2.html.tags import *
from wuttaweb.util import get_liburl
from tailbone.util import (csrf_token, get_csrf_token,
pretty_datetime, raw_datetime,
render_markdown, render_markdown,
route_exists) route_exists)

View file

@ -39,7 +39,7 @@
simplePOST(action, params, success, failure) { simplePOST(action, params, success, failure) {
let csrftoken = ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n} let csrftoken = ${json.dumps(h.get_csrf_token(request))|n}
let headers = { let headers = {
'${csrf_header_name}': csrftoken, '${csrf_header_name}': csrftoken,

View file

@ -180,7 +180,7 @@
let ${form.vue_component}Data = { let ${form.vue_component}Data = {
## TODO: should find a better way to handle CSRF token ## TODO: should find a better way to handle CSRF token
csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n}, csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
% if can_edit_help: % if can_edit_help:
fieldLabels: ${json.dumps(field_labels)|n}, fieldLabels: ${json.dumps(field_labels)|n},

View file

@ -204,7 +204,7 @@
saving: false, saving: false,
## TODO: should find a better way to handle CSRF token ## TODO: should find a better way to handle CSRF token
csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n}, csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
} }
}, },
computed: { computed: {

View file

@ -250,7 +250,7 @@
submitting: false, submitting: false,
## TODO: should find a better way to handle CSRF token ## TODO: should find a better way to handle CSRF token
csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n}, csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
} }
}, },
methods: { methods: {

View file

@ -38,7 +38,7 @@
const ThisPageData = { const ThisPageData = {
## TODO: should find a better way to handle CSRF token ## TODO: should find a better way to handle CSRF token
csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n}, csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
} }
</script> </script>

View file

@ -38,7 +38,7 @@
${parent.modify_vue_vars()} ${parent.modify_vue_vars()}
<script> <script>
ThisPageData.csrftoken = ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n} ThisPageData.csrftoken = ${json.dumps(h.get_csrf_token(request))|n}
% if can_edit_help: % if can_edit_help:
ThisPage.props.configureFieldsHelp = Boolean ThisPage.props.configureFieldsHelp = Boolean

View file

@ -41,7 +41,9 @@ from webhelpers2.html import HTML, tags
from wuttaweb.util import (get_form_data as wutta_get_form_data, from wuttaweb.util import (get_form_data as wutta_get_form_data,
get_libver as wutta_get_libver, get_libver as wutta_get_libver,
get_liburl as wutta_get_liburl) get_liburl as wutta_get_liburl,
get_csrf_token as wutta_get_csrf_token,
render_csrf_token)
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
@ -59,22 +61,19 @@ class SortColumn(object):
def get_csrf_token(request): def get_csrf_token(request):
""" """ """
Convenience function to retrieve the effective CSRF token for the given warnings.warn("tailbone.util.get_csrf_token() is deprecated; "
request. "please use wuttaweb.util.get_csrf_token() instead",
""" DeprecationWarning, stacklevel=2)
token = request.session.get_csrf_token() return wutta_get_csrf_token(request)
if token is None:
token = request.session.new_csrf_token()
return token
def csrf_token(request, name='_csrf'): def csrf_token(request, name='_csrf'):
""" """ """
Convenience function. Returns CSRF hidden tag inside hidden DIV. warnings.warn("tailbone.util.csrf_token() is deprecated; "
""" "please use wuttaweb.util.render_csrf_token() instead",
token = get_csrf_token(request) DeprecationWarning, stacklevel=2)
return HTML.tag("div", tags.hidden(name, value=token), style="display:none;") return render_csrf_token(request, name=name)
def get_form_data(request): def get_form_data(request):