fix: use wuttaweb to get/render csrf token

This commit is contained in:
Lance Edgar 2024-08-21 09:44:32 -05:00
parent 71abbe06da
commit 1d00fe994a
8 changed files with 24 additions and 27 deletions

View file

@ -2,7 +2,7 @@
################################################################################
#
# Rattail -- Retail Software Framework
# Copyright © 2010-2023 Lance Edgar
# Copyright © 2010-2024 Lance Edgar
#
# This file is part of Rattail.
#
@ -24,6 +24,9 @@
Template Context Helpers
"""
# start off with all from wuttaweb
from wuttaweb.helpers import *
import os
import datetime
from decimal import Decimal
@ -33,12 +36,7 @@ from rattail.time import localtime, make_utc
from rattail.util import pretty_quantity, pretty_hours, hours_as_decimal
from rattail.db.util import maxlen
from webhelpers2.html import *
from webhelpers2.html.tags import *
from wuttaweb.util import get_liburl
from tailbone.util import (csrf_token, get_csrf_token,
pretty_datetime, raw_datetime,
from tailbone.util import (pretty_datetime, raw_datetime,
render_markdown,
route_exists)

View file

@ -39,7 +39,7 @@
simplePOST(action, params, success, failure) {
let csrftoken = ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n}
let csrftoken = ${json.dumps(h.get_csrf_token(request))|n}
let headers = {
'${csrf_header_name}': csrftoken,

View file

@ -180,7 +180,7 @@
let ${form.vue_component}Data = {
## TODO: should find a better way to handle CSRF token
csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n},
csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
% if can_edit_help:
fieldLabels: ${json.dumps(field_labels)|n},

View file

@ -204,7 +204,7 @@
saving: false,
## TODO: should find a better way to handle CSRF token
csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n},
csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
}
},
computed: {

View file

@ -250,7 +250,7 @@
submitting: false,
## TODO: should find a better way to handle CSRF token
csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n},
csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
}
},
methods: {

View file

@ -38,7 +38,7 @@
const ThisPageData = {
## TODO: should find a better way to handle CSRF token
csrftoken: ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n},
csrftoken: ${json.dumps(h.get_csrf_token(request))|n},
}
</script>

View file

@ -38,7 +38,7 @@
${parent.modify_vue_vars()}
<script>
ThisPageData.csrftoken = ${json.dumps(request.session.get_csrf_token() or request.session.new_csrf_token())|n}
ThisPageData.csrftoken = ${json.dumps(h.get_csrf_token(request))|n}
% if can_edit_help:
ThisPage.props.configureFieldsHelp = Boolean

View file

@ -41,7 +41,9 @@ from webhelpers2.html import HTML, tags
from wuttaweb.util import (get_form_data as wutta_get_form_data,
get_libver as wutta_get_libver,
get_liburl as wutta_get_liburl)
get_liburl as wutta_get_liburl,
get_csrf_token as wutta_get_csrf_token,
render_csrf_token)
log = logging.getLogger(__name__)
@ -59,22 +61,19 @@ class SortColumn(object):
def get_csrf_token(request):
"""
Convenience function to retrieve the effective CSRF token for the given
request.
"""
token = request.session.get_csrf_token()
if token is None:
token = request.session.new_csrf_token()
return token
""" """
warnings.warn("tailbone.util.get_csrf_token() is deprecated; "
"please use wuttaweb.util.get_csrf_token() instead",
DeprecationWarning, stacklevel=2)
return wutta_get_csrf_token(request)
def csrf_token(request, name='_csrf'):
"""
Convenience function. Returns CSRF hidden tag inside hidden DIV.
"""
token = get_csrf_token(request)
return HTML.tag("div", tags.hidden(name, value=token), style="display:none;")
""" """
warnings.warn("tailbone.util.csrf_token() is deprecated; "
"please use wuttaweb.util.render_csrf_token() instead",
DeprecationWarning, stacklevel=2)
return render_csrf_token(request, name=name)
def get_form_data(request):