Coverage for /var/srv/projects/api.amasfac.comuna18.com/tmp/venv/lib/python3.9/site-packages/django/views/decorators/csrf.py: 84%

27 statements  

« prev     ^ index     » next       coverage.py v6.4.4, created at 2023-07-17 14:22 -0600

1from functools import wraps 

2 

3from django.middleware.csrf import CsrfViewMiddleware, get_token 

4from django.utils.decorators import decorator_from_middleware 

5 

6csrf_protect = decorator_from_middleware(CsrfViewMiddleware) 

7csrf_protect.__name__ = "csrf_protect" 

8csrf_protect.__doc__ = """ 

9This decorator adds CSRF protection in exactly the same way as 

10CsrfViewMiddleware, but it can be used on a per view basis. Using both, or 

11using the decorator multiple times, is harmless and efficient. 

12""" 

13 

14 

15class _EnsureCsrfToken(CsrfViewMiddleware): 

16 # Behave like CsrfViewMiddleware but don't reject requests or log warnings. 

17 def _reject(self, request, reason): 

18 return None 

19 

20 

21requires_csrf_token = decorator_from_middleware(_EnsureCsrfToken) 

22requires_csrf_token.__name__ = "requires_csrf_token" 

23requires_csrf_token.__doc__ = """ 

24Use this decorator on views that need a correct csrf_token available to 

25RequestContext, but without the CSRF protection that csrf_protect 

26enforces. 

27""" 

28 

29 

30class _EnsureCsrfCookie(CsrfViewMiddleware): 

31 def _reject(self, request, reason): 

32 return None 

33 

34 def process_view(self, request, callback, callback_args, callback_kwargs): 

35 retval = super().process_view(request, callback, callback_args, callback_kwargs) 

36 # Force process_response to send the cookie 

37 get_token(request) 

38 return retval 

39 

40 

41ensure_csrf_cookie = decorator_from_middleware(_EnsureCsrfCookie) 

42ensure_csrf_cookie.__name__ = "ensure_csrf_cookie" 

43ensure_csrf_cookie.__doc__ = """ 

44Use this decorator to ensure that a view sets a CSRF cookie, whether or not it 

45uses the csrf_token template tag, or the CsrfViewMiddleware is used. 

46""" 

47 

48 

49def csrf_exempt(view_func): 

50 """Mark a view function as being exempt from the CSRF view protection.""" 

51 # view_func.csrf_exempt = True would also work, but decorators are nicer 

52 # if they don't have side effects, so return a new function. 

53 def wrapped_view(*args, **kwargs): 

54 return view_func(*args, **kwargs) 

55 

56 wrapped_view.csrf_exempt = True 

57 return wraps(view_func)(wrapped_view)