From c14ecd294803e03c3a2126fbb9fa552d3cd0a064 Mon Sep 17 00:00:00 2001 From: Lance Edgar Date: Tue, 24 Mar 2020 18:19:05 -0500 Subject: [PATCH] Add helper function, `get_csrf_token()` --- tailbone/helpers.py | 2 +- tailbone/util.py | 15 ++++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/tailbone/helpers.py b/tailbone/helpers.py index 6ede14a4..3a3d8365 100644 --- a/tailbone/helpers.py +++ b/tailbone/helpers.py @@ -36,7 +36,7 @@ from rattail.util import (pretty_quantity, pretty_hours, hours_as_decimal, from webhelpers2.html import * from webhelpers2.html.tags import * -from tailbone.util import csrf_token, pretty_datetime, raw_datetime +from tailbone.util import csrf_token, get_csrf_token, pretty_datetime, raw_datetime def pretty_date(date): diff --git a/tailbone/util.py b/tailbone/util.py index 85918330..08ffd4cd 100644 --- a/tailbone/util.py +++ b/tailbone/util.py @@ -2,7 +2,7 @@ ################################################################################ # # Rattail -- Retail Software Framework -# Copyright © 2010-2019 Lance Edgar +# Copyright © 2010-2020 Lance Edgar # # This file is part of Rattail. # @@ -40,13 +40,22 @@ from pyramid.renderers import get_renderer from webhelpers2.html import HTML, tags -def csrf_token(request, name='_csrf'): +def get_csrf_token(request): """ - Convenience function. Returns CSRF hidden tag inside hidden DIV. + Convenience function to retrieve the effective CSRF token for the given + request. """ token = request.session.get_csrf_token() if token is None: token = request.session.new_csrf_token() + return token + + +def csrf_token(request, name='_csrf'): + """ + Convenience function. Returns CSRF hidden tag inside hidden DIV. + """ + token = get_csrf_token(request) return HTML.tag("div", tags.hidden(name, value=token), style="display:none;")